Module Database Search



MODULE DESCRIPTOR
Module Title
Human Factors in Security
Reference CMM542 Version 2
Created February 2024 SCQF Level SCQF 11
Approved January 2023 SCQF Points 15
Amended April 2024 ECTS Points 7.5

Aims of Module
To enable students to critically appraise the role of human factors in cyber security; particularly when designing secure and usable systems, considering key aspects including security, privacy, usability, technology acceptance, and the socio-technical context.

Learning Outcomes for Module
On completion of this module, students are expected to be able to:
1 Evaluate the role of human behaviour in security.
2 Appraise the usability criteria of security mechanisms.
3 Synthesise techniques from interaction design, software engineering, and security engineering to design secure systems.
4 Appraise measures that an organisation requires to ensure long-term, productive security.

Indicative Module Content
The role of human factors and Positive Security; Behavioural Aspects and Acceptance for Designing Secure and Usable Systems; Human error; Security and Privacy Requirements Engineering; Usable, Security Design Techniques and Processes; Requirements and Threats/Attacks Modelling; and Security architecture; Usable Authentication; Usable Authorization; Security awareness, education, and training; Security economics and entrepreneurship.

Module Delivery
Key concepts are introduced and illustrated through lectures and directed reading. The understanding of students is tested and further enhanced through lab and tutorial sessions.

Indicative Student Workload Full Time Part Time
Contact Hours 30 40
Non-Contact Hours 120 110
Placement/Work-Based Learning Experience [Notional] Hours N/A N/A
TOTAL 150 150
Actual Placement hours for professional, statutory or regulatory body    

ASSESSMENT PLAN
If a major/minor model is used and box is ticked, % weightings below are indicative only.
Component 1
Type: Coursework Weighting: 100% Outcomes Assessed: 1, 2, 3, 4
Description: This is a coursework where students will appraise all the relevant human factors in designing usable security for a given scenario.

MODULE PERFORMANCE DESCRIPTOR
Explanatory Text
The calculation of the overall grade for this module is based on 100% weighting of C1. An overall minimum grade D is required to pass the module.
Module Grade Minimum Requirements to achieve Module Grade:
A The student needs to achieve an A in Component 1.
B The student needs to achieve a B in Component 1.
C The student needs to achieve a C in Component 1.
D The student needs to achieve a D in Component 1.
E The student needs to achieve an E in Component 1.
F The student needs to achieve an F in Component 1.
NS Non-submission of work by published deadline or non-attendance for examination

Module Requirements
Prerequisites for Module None.
Corequisites for module None.
Precluded Modules None.

INDICATIVE BIBLIOGRAPHY
1 FAILY, S. 2018. Designing Usable and Secure Software with IRIS and CAIRIS. Springer.
2 FERNANDEZ, E. B. 2013. Security Patterns in Practice: Designing Secure Architectures Using Security Patterns. Wiley.
3 CRANOR, L. F. and GARINKEL, S. 2005. Security and Usability: Designing Secure Systems that People Can Use. O’Reilly.
4 Symposia on Usable Privacy and Security. 2015-2021. https://www.usenix.org/conferences/byname/884
5 GARFINKEL, S., and LIPFORD, H. R. 2014. Usable Security: History, Themes, and Challenges. Synthesis Lectures on Information Security, Privacy, and Trust. Morgan & Claypool.
6 ROPER, C. A., GRAU, J. J., and FISCHER, L. F. 2006. Security education, awareness, and training: from theory to practice. Elsevier Butterworth-Heinemann.
7 BREAUX., T., ed., 2020. An Introduction to Privacy for Technology Professionals. 2020. IAPP Publication.
8 ANDERSON, R., 2020. Security Engineering. Wiley

Robert Gordon University, Garthdee House, Aberdeen, AB10 7QB, Scotland, UK: a Scottish charity, registration No. SC013781