Usable Privacy and Security
2023/2024
Content, progress and pedagogy of the module
Technology in itself cannot secure that enterprises, organisations and systems are secure. Humans are essentially responsible for the majority of privacy and security breaches, and therefore they play an important role in understanding how levels of privacy and security can be improved. This course focuses on understanding the interplay between humans and enterprise systems, as well as identifying ways to improve this for the greater sense of the enterprise security and privacy.
Learning objectives
Knowledge
- Must have knowledge about user security and how it links to how users behave
- Must have knowledge about the term “social engineering”
- Must have knowledge about data flow diagrams to understand data spreading
- Must have knowledge about theories for how users interact with systems and what impact that can have on security and privacy
- Must have knowledge about methods for understanding how users interact with enterprise systems
- Must have knowledge about different strategies for how to impact on user behaviour in order to increase privacy and security
Skills
- Must have the ability to use theories that are reflecting how users behave with enterprise systems
- Must have the ability to work with users in order to understand what and how privacy and security elements in an enterprise system are perceived and handled
- Must have the ability to identify discrepancies in systems interface design with respect to privacy and security
- Must have the ability to link the user security and privacy to system set-ups and how interfaces are built
- Must have the ability to use “social engineering” on existing organisational/business enterprise web-sites to understand the risks of privacy and security
Competences
- Must have competencies in using theories of user interaction and user behaviour on selected enterprice systems
- Must have competencies in designing solutions which can address security and privacy discrepancies in systems interface design and user behaviour
- Must have competencies in redesigning unfortunate interfaces which are connected with a security or privacy risk.
Type of instruction
Types of instruction are listed at the start of §17; Structure and contents of the programme.
Exam
Exams
| Name of exam | Usable Privacy and Security |
| Type of exam | Written or oral exam |
| ECTS | 5 |
| Assessment | 7-point grading scale |
| Type of grading | Internal examination |
| Criteria of assessment | The criteria of assessment are stated in the Examination Policies and Procedures |
Facts about the module
| Danish title | Usable privacy og sikkerhed |
| Module code | ESNMCSPM3K1 |
| Module type | Course |
| Duration | 1 semester |
| Semester | Autumn
|
| ECTS | 5 |
| Language of instruction | English |
| Empty-place Scheme | Yes |
| Location of the lecture | Campus Copenhagen |
| Responsible for the module |
Organisation
| Education owner | Master of Cyber Security and Privacy |
| Study Board | Study Board of Electronics and IT |
| Department | Department of Electronic Systems |
| Faculty | The Technical Faculty of IT and Design |
