Skip to main content Skip to navigation

Module Catalogue

WM281-15 Behavioural Cyber Security

Department
WMG
Level
Undergraduate Level 2
Module leader
Elzbieta Titis
Credit value
15
Module duration
30 weeks
Assessment
100% coursework
Study location
University of Warwick main campus, Coventry

Download as PDF

Introductory description

Human-computer interaction (HCI) is concerned with designing interactions between human activities and the computational systems that support them, and with constructing interfaces to afford those interactions. Interaction between users and computational artefacts occurs at an interface that includes both software and hardware. Human behaviour should influence interface design and implementation of core functionality. For end-users, the interface is the system, meaning design in this domain must be interaction-focused and human-centred. It is therefore imperative that during the design phase of this human-computer interface cyber security component of human behaviour is addressed. One of the most significant challenges in the cyber domain is the transfer of meaning between the fully human agent, and the fully digital sub-system. Failure to correctly align human behaviour with computing sub-system behaviour has contributed to numerous, historic cyber security problems.

In addition, psychological traits and individual differences among computer system users can further explain vulnerabilities to cyber security attacks and crimes, as cognitive biases can make individuals more susceptible to exploitation by cyber criminals. Cyber security procedures and policies are prevalent countermeasures for protecting organisations from cybercrimes and security incidents, however, without considering human behaviours, implementing these countermeasures will remain to no effect or even become counterproductive.

Consequently, this module places the person at the centre of the cyber domain by addressing issues of usability and human factors. As such, the focus is on trade-offs between usability and security on the one hand, and human psychology and human error on the other hand. Human vulnerabilities will be addressed in detail to build greater cyber resilience, and narrative around security awareness/training programmes and security culture will be also introduced for understanding broader, non-technical influences on security through minimising human related risks.

Module aims

  1. To provide students with high levels of skills, knowledge, and competency around human factors (HFs) and human-computer interaction (HCI) research.
  2. To provide students with the opportunity to contextualise and apply learning in the field of HCI by undertaking an independent usability assessment of an online system to address trade-offs with security using appropriate methodological and analytical techniques.
  3. To provide students with in-depth knowledge of human psychology and human error to understand human traits and behaviours commonly exploited by malevolent actors.

Outline syllabus

This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.

The content of this module will be taught from a cyber security perspective, and will include:

  • Background: development and scope of human factors; practical goals.
  • User-centred design and testing.
  • Usable security incl. trade-offs.
  • Human factors and security.

Specifically, the module will cover:

  • Cognitive hacking, incl. psychological levers used by cyber criminals.
  • Human error and insider threat.
  • Approaches and frameworks for changing behaviour.
  • Nudging and persuasion towards better cyber security.
  • Human capabilities and limitations.
  • Cyber security culture and hygiene.

Learning outcomes

By the end of the module, students should be able to:

  • Select and critically evaluate the usability criteria that security mechanisms must meet to be usable in their contexts of use.
  • Apply techniques from interaction design and security engineering to design and evaluate secure systems.
  • Analyse a range of factors (individual, organisational, societal, and technological) to critically evaluate how HFs vulnerabilities may impact on cyber security risks.
  • Analyse the relationship between user behaviour in digital space and cyber security consequences, including psychological traits and individual differences among computer system users that are commonly exploited by malevolent actors.

Indicative reading list

Rogers et al. (2007). Interaction Design: Beyond Human-Computer Interaction. Forth Edition. John Wiley and Sons.
Corradini (2020). Building a cybersecurity culture in organizations. How to Bridge the Gap Between People and Digital Technology (Vol. 284). Berlin/Heidelberg, Germany: Springer International Publishing.
Thaler and Sunstein (2009). Nudge: Improving decisions about health, wealth, and happiness. Penguin Books Ltd.

View reading list on Talis Aspire

Interdisciplinary

The module uses insights from Psychology and Sociology to understand usability issues, human behaviour, requirements gathering and innovation processes relevant for cyber security.

Subject specific skills

Designing and evaluating usable systems as they pertain to cyber security.
Applying different disciplinary perspectives to solve design and deployment challenges, and to plan for HFs in organisations.
Locating and summarising examples of recent controversy and progress in HFs, including initiating critical analysis.

Transferable skills

Researching literature.
Communication, critical thinking, and problem solving.
Time management.
Teamwork.
Competence in multi-disciplinary research.
Presenting to peers a critical evaluation of own research work.
Defending their own work to an audience of peers.

Study time

Type Required
Lectures 18 sessions of 1 hour (12%)
Supervised practical classes 18 sessions of 1 hour (12%)
Private study 54 hours (36%)
Assessment 60 hours (40%)
Total 150 hours

Private study description

Independent activity between workshops, following up on activities initiated in previous workshops or preparing for upcoming workshops.

Costs

No further costs have been identified for this module.

You must pass all assessment components to pass the module.

Assessment group A
Weighting Study time Eligible for self-certification
Assessment component
Security and usability trade-offs 40% 20 hours Yes (extension)

Students will be asked to analyse the security and usability of a system focusing on trade-offs.
Reassessment component is the same
Assessment component
A critical essay on a given topic 60% 40 hours Yes (extension)

Students will be asked to produce a portfolio of six research papers discussed in the class and write a critical essay on one topic from the portfolio. Therefore, the focus is on reading research papers and thinking widely about issues posed there to build wider inter-disciplinary perspectives, fuel scientific curiosity, and develop communication and critical thinking skills.
Reassessment component is the same
Feedback on assessment

Written feedback for each assignment.
Verbal feedback during tutorial sessions.
Summative feedback on assignments.

Courses

This module is Core for:

  • UWMA-H651 Undergraduate Cyber Security
    • Year 2 of H651 Cyber Security
    • Year 2 of H651 Cyber Security
    • Year 2 of H651 Cyber Security