Unit information: Security Behaviours (Teaching Unit) in 2020/21

Unit name	Security Behaviours (Teaching Unit)
Unit code	COMS30038
Credit points	0
Level of study	H/6
Teaching block(s)	Teaching Block 1 (weeks 1 - 12)
Unit director	Dr. Edwards
Open unit status	Not open
Pre-requisites	Ability to write basic scripts in a commonly-used programming language, e.g. Python.
Co-requisites	EITHER Assessment Units COMS30036 Security Behaviours (Exam assessment, 10 credits). OR COMS30037 Security Behaviours (Coursework assessment, 20 credits). Please note: COMS30038 is the Teaching Unit for the Security Behaviours option. Single Honours Computer Science students can choose to be assessed by either examination (10 credits, COMS30036) or coursework (20 credits, COMS30037) by selecting the appropriate co-requisite assessment unit. Any other students that are permitted to take the Security Beahaviours option are assessed by examination (10 credits) and should be enrolled on the co-requisite exam assessment unit (COMS30036).
School/department	School of Computer Science
Faculty	Faculty of Engineering

Description including Unit Aims

The security of complex socio-technical systems relies on the behaviour of human agents as much as it relies on the correctness of technical controls. Poor choices made in the design, development and deployment of security controls can provoke legitimate users into errors, creating or exacerbating vulnerabilities in a system. Similarly, security controls cannot be effectively designed without an understanding of the adversary being defended against - their capabilities, motivations and typical behaviours.

This unit explores the human factors underlying cybersecurity from two complementary perspectives. Firstly, we will study the role of human behaviours in creating and undermining security, covering:

• The myth of the 'weakest link', and how humans can be a security asset
• Human cognitive biases, and how these relate to security
• How human error appears in practice
• How security information should be transmitted
• How security should and should not be designed

Secondly, we will study the behaviour of adversarial actors, and how we can translate our understanding of these attackers into defences, including:

• How we model and detect cyber attacks and 'get into the mind' of our adversaries in order to analyse our own security
• How social engineering works, and what can be done about it
• How cybercriminals operate, the relevant criminological theories and examples for explaining group and individual behaviour.
• The economics of cybercrime, and how economics can be deployed to disrupt it.

Intended Learning Outcomes

On successful completion of this unit, students will be able to:

1. Recognise cognitive biases and their implications for security
2. Explain the methods by which social engineering attackers operate
3. Judge where culpabilitylies in a security incident
4. Discuss the relevance of criminological and economic theory to cybercrime
5. Synthesise evidence about a cyberattack to describe the adversary
6. Identify at a high level the appropriate countermeasures for a given threat

In addition, students assessed by coursework will be able to:

1. Analyse a security incident and argue for root causes based on your assessment of the evidence

Teaching Information

Teaching will be delivered through a combination of synchronous and asynchronous sessions, including lectures, practical activities supported by drop-in sessions, problem sheets and self-directed exercises.

Teaching will take place over Weeks 1-7, with coursework support in weeks 8-10 and for students assessed by examination, consolidation and revision sessions in Weeks 11 and 12.

Assessment Information

Examination details:

January timed assessment (100%, 10 credits)

OR

Coursework details:

Coursework, to be completed over weeks 8-10. (100%, 20 credits)

Reading and References

TBC