Content, progress and pedagogy of the
module
Technology in itself cannot secure that enterprises,
organisations and systems are secure. Humans are essentially
responsible for the majority of privacy and security breaches, and
therefore they play an important role in understanding how levels
of privacy and security can be improved. This course focuses on
understanding the interplay between humans and enterprise systems,
as well as identifying ways to improve this for the greater sense
of the enterprise security and privacy.
Learning objectives
Knowledge
- Must have knowledge about user security and how it links to how
users behave
- Must have knowledge about the term “social engineering”
- Must have knowledge about data flow diagrams to understand data
spreading
- Must have knowledge about theories for how users interact with
systems and what impact that can have on security and privacy
- Must have knowledge about methods for understanding how users
interact with enterprise systems
- Must have knowledge about different strategies for how to
impact on user behaviour in order to increase privacy and
security
Skills
- Must have the ability to use theories that are reflecting how
users behave with enterprise systems
- Must have the ability to work with users in order to understand
what and how privacy and security elements in an enterprise system
are perceived and handled
- Must have the ability to identify discrepancies in systems
interface design with respect to privacy and security
- Must have the ability to link the user security and privacy to
system set-ups and how interfaces are built
- Must have the ability to use “social engineering” on existing
organisational/business enterprise web-sites to understand the
risks of privacy and security
Competences
- Must have competencies in using theories of user interaction
and user behaviour on selected enterprice systems
- Must have competencies in designing solutions which can address
security and privacy discrepancies in systems interface design and
user behaviour
- Must have competencies in redesigning unfortunate interfaces
which are connected with a security or privacy risk.
Type of instruction
Types of instruction are listed at the start of §17; Structure
and contents of the programme.
Exam
Exams
Name of exam | Usable Privacy and Security |
Type of exam | Written or oral exam |
ECTS | 5 |
Assessment | 7-point grading scale |
Type of grading | Internal examination |
Criteria of assessment | The criteria of assessment are stated in the Examination
Policies and Procedures |