Human Centered Security

Important Information

This course was planned to be offered for the winter semester 2012/2013. However, for organizational reasons it will be offered for summer semster 2013. The course, starts already on 25.03.2013, and registrations in TUCaN are possible, from 01.03.2013.

General information

Type of lecture:Integrated Lecture / Block Lecture / 4CP / 3SWS
Lecturer:Prof. Dr. Karen Renaud (Glasgow University), funded by KIVA
Place / Time: please see section time schedule, below
Begin / End:25.03.2013 - 03.05.2013
Requirements:An interest in the area of usable security, in designing such systems for the human, and not for the expert
Exam:Registration in TuCaN until 29.4, Form: (oral, English)
Frequency:only this semester
For any question please contact Prof. Renaud:karen.renaud at

Time schedule

  • March 25th, 10AM-12PM, S2|02, E302
  • March 28th, 10AM-12PM, S2|02, E302
  • April 2nd, 10AM-12PM, S2|02, A213
  • April 5th, 10AM-12PM, S2|02, A126
  • April 8th, 9AM-11AM, S2|02, E202
  • April 10th, 9:30AM-11:30AM, S2|02, A313
  • April 12th, 10AM-12PM, S2|02, A213
  • April 16th, 10AM-12PM, S2|02, A213
  • April 19th, 10AM-12PM, S2|02, A213
  • April 23rd, 10AM-12PM, S2|02, A313
  • April 25th, 10AM-12PM, S2|02, E302
  • April 29th, 10AM-12PM, S2|02, A213
  • May 6th, Oral Exam, S2|02, A213 (all day)


The focus of this course is on making information security usable and sensitive to the human in everyday life. Security products are generally not usable for our society, and often only accessibly to the people who understand the theoretical aspects of security. This is a poor strategy because every computer user these days has to be able to use security products and they have to be designed with the non-expert in mind.

  1. The User is not the Enemy
    a.      Introduction to Usable Security
    b.      Myths about insecure behaviour
    c.      Psychological Principles behind insecure behaviour
    d.      Interface Design for Secure Systems
    e.      Myths about common remediation techniques
    f.       Studying a range of current news reports and analysing the reasons for insecurity

  2. Authentication
    a.      Types of authentication, advantages and disadvantages of each
    b.      Biometrics, spoofing possibilities, and acceptability and privacy issues
    c.      Alternative knowledge-based authentication techniques
    d.      Metrics for judging authentication techniques
    e.      Metrics for considering which biometric to use
    f.       Secondary authentication

  3. Social Engineering
    a.      Social Engineering Techniques
    b.      History of scamming
    c.      What social engineers exploit (human nature)
    d.      Models of communication and phishing
    e.      Stages of social engineering attacks
    f.       Drawing an attack tree
    g.      Mitigation & Social Engineering Resistance

  4. Privacy
    a.      Exploring privacy and the differences between privacy and confidentiality
    b.      Privacy fallacies
    c.      Threats to Privacy
    d.      Modern Technology & Privacy
    e.      Privacy & Reputation
    f.       Privacy vs Security
  5. Insider Threats
    a.      Understanding insider threats, and the activities of malicious insiders
    b.      Why do people decide to become malicious?
    c.      Malicious Insider Motivations
    d.      Techniques Used by Insiders
    e.      Modeling the threat
    f.       Understanding the use of soft tools and software tools to mitigate
  6. Security Policies
    a.      Compliance, control and influence
    b.      How to write policies
    c.      Understanding the user and what motivates him/her
    d.      Using psychology & influencing techniques
    e.      Differentiating between necessary and sufficient
    f.       Fostering a security culture
    g.      Theory of reasoned action & Behavioural Intention Model

This course will be taught as follows:

  1. Each topic above will have 4 hours of contact time
  2. Students will be randomly assigned to 3-person classroom groups
  3. Students will be given reading to do to prepare for the first hour
  4. The first hour will start with a quiz to test understanding of the topic
  5. During class core concepts will be taught and explored
  6. Students will discuss topics in the class, come up with solutions, and present these to the other students
  7. Between the first and second lectures students will sometimes be required to work in their groups to come up with a proposal or to find some material on the web for discussion in class.
  8. Students will learn to debate, to argue, to present their opinions, to listen to others and to critique other solutions.
  9. This course is facilitated by the lecturer but every student is an active participant in the learning journey – no one can have an expectation of being a passive receiver.


We aspect you to be interestes in interdiciplinary topics. A background in computing is not essential as the lecture is also offered to students of other departments. However, an ability to write a research report in English is required. Students should also be competent web searchers and be able to read research papers and answer questions about them.

Internal area for literature

The password-protected area can be reached here. Access credentials will be announced at the first lecture.

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang