Introductory description

This module focuses on human factors (HFs) in cyber security by investigating a range of factors (individual, organisational, societal, and technological) to show how HFs vulnerabilities may impact on cyber security risks.

Adopting a technology-centric viewpoint in which users’ cognitive characteristics, needs and motivations are ignored has proved times and again to be insufficient. Moreover, cyber security culture does not always translate to rules compliance behaviour. Conflicts among cyber security rules and procedures may also trigger human vulnerabilities. An inclusive, multidisciplinary, and holistic approach is needed instead to address these vulnerabilities and the reason behind incorrect security actions, including both errors and violations, to support organisations in becoming more effective against cyber-attacks and threats.

In this module you will learn about a range of human characteristics (physical, cognitive, social and emotional) as they relate to the strengths and limitations of humans, and how these can introduce errors into cyber security resulting in a successful cyber attack or data breach; aspects of the broader context in which interaction with security takes place, including organisational and societal perspectives on security, will be also covered. Moreover, as the interaction between the human and the system influences human performance relevant to cyber security, you will also learn to evaluate the principal features of HFs in current and planned online secure systems to design security that is usable and acceptable to a range of human actors (e.g., end-users, administrators, and developers) by engaging stakeholders and negotiating security solutions that meet their needs.

As a result, you will acquire knowledge and skills increasingly desirable in industry to address HFs in cyber security by adopting a user-centred perspective for incorporating non-technical countermeasures (such as user awareness) to manage and support cyber security in organisations.

Module aims

Outline syllabus

This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.

The syllabus will include (but is not limited to):

• Cognitive ergonomics.
• Usable security.
• Cognitive hacking.
• Persuasion and social influence.
• Behaviour change.

Learning outcomes

By the end of the module, students should be able to:

• Critically understand key aspects of HFs and demonstrate critical awareness of HFs research and theory in cyber security, including current problems and psychological perspective.
• Implement, evaluate, and critique methodologies appropriate for solving complex problems in HFs, demonstrating self-direction and originality.
• Critically debate, discuss and report the outcomes of investigations, followed by proposing new avenues for research.
• Research and analyse real-world situations that relate to HFs in cyber security, making informed inferences to relevant theory.
• Provide advice and recommendations about how to tackle HFs issues in cyber security, making theory useful for implementing evidence based practice.

Indicative reading list

Rogers et al. (2007). Interaction Design: Beyond Human-Computer Interaction. Forth Edition. John Wiley and Sons.
Corradini (2020). Building a cybersecurity culture in organizations. How to Bridge the Gap Between People and Digital Technology (Vol. 284). Berlin/Heidelberg, Germany: Springer International Publishing.
Thaler and Sunstein (2009). Nudge: Improving decisions about health, wealth, and happiness. Penguin Books Ltd.

View reading list on Talis Aspire

Research element

• Redesigning a system for better usability.
• Evaluating usability of a system for minimising human error.
• Evaluating principles of persuasion in social engineering for stronger cognitive resilience.
• Designing behaviour change intervention for stronger cyber security.

Interdisciplinary

The module uses insights from Psychology, Sociology and Criminology to understand usability issues, human behaviour, adversarial behaviour, requirements gathering and innovation processes relevant for cyber security.

Subject specific skills

Designing and evaluating usable systems as they pertain to cyber security.
Applying different disciplinary perspectives to solve design and deployment challenges, and to plan for HFs in organisations, including behaviour change interventions.
Locating, summarising and critically evaluating examples of recent controversy and progress in HFs.

Transferable skills

Researching literature.
Communication, critical thinking, and problem solving.
Time management.
Teamwork.
Competence in multi-disciplinary research.
Presenting to peers a critical evaluation of own research work.
Defending own work to an audience of peers.