Usable Privacy and Security


Content, progress and pedagogy of the module

Technology in itself cannot secure that enterprises, organisations and systems are secure. Humans are essentially responsible for the majority of privacy and security breaches, and therefore they play an important role in understanding how levels of privacy and security can be improved. This course focuses on understanding the interplay between humans and enterprise systems, as well as identifying ways to improve this for the greater sense of the enterprise security and privacy.  

Learning objectives


  • Must have knowledge about user security and how it links to how users behave
  • Must have knowledge about the term “social engineering”
  • Must have knowledge about data flow diagrams to understand data spreading
  • Must have knowledge about theories for how users interact with systems and what impact that can have on security and privacy
  • Must have knowledge about methods for understanding how users interact with enterprise systems
  • Must have knowledge about different strategies for how to impact on user behaviour in order to increase privacy and security


  • Must have the ability to use theories that are reflecting how users behave with enterprise systems
  • Must have the ability to work with users in order to understand what and how privacy and security elements in an enterprise system are perceived and handled
  • Must have the ability to identify discrepancies in systems interface design with respect to privacy and security
  • Must have the ability to link the user security and privacy to system set-ups and how interfaces are built
  • Must have the ability to use “social engineering” on existing organisational/business enterprise web-sites to understand the risks of privacy and security


  • Must have competencies in using theories of user interaction and user behaviour on selected enterprice systems
  • Must have competencies in designing solutions which can address security and privacy discrepancies in systems interface design and user behaviour
  • Must have competencies in redesigning unfortunate interfaces which are connected with a security or privacy risk.

Type of instruction

Types of instruction are listed at the start of §17; Structure and contents of the programme.



Name of examUsable Privacy and Security
Type of exam
Written or oral exam
Assessment7-point grading scale
Type of gradingInternal examination
Criteria of assessmentThe criteria of assessment are stated in the Examination Policies and Procedures

Facts about the module

Danish titleUsable privacy og sikkerhed
Module codeESNMCSPM3K1
Module typeCourse
Duration1 semester
Language of instructionEnglish
Empty-place SchemeYes
Location of the lectureCampus Copenhagen
Responsible for the module


Education ownerMaster of Cyber Security and Privacy
Study BoardStudy Board of Electronics and IT
DepartmentDepartment of Electronic Systems
FacultyThe Technical Faculty of IT and Design