University of London

Small Navigation Menu

Primary Menu

Human aspects of information security and privacy

IYM017

Every day, individuals and organisations generate an increasing amount of information that is automatically processed and stored. These processes usually require some human intervention. This module moves away from the technical aspects of the field and instead explores the issues related to the human element.

Topics covered

This module engages with the psychological, perceptional, cultural, societal, political, and ethical implications of information security and privacy.

Information is a vital element of modern society. Every day, individuals and organisations generate an increasing amount of information that is automatically processed and stored. In most cases, these processes require some human intervention.

Actions such as accepting an unfair privacy policy or opening a malicious email attachment cannot always be controlled by technical means, although they have a direct impact on the security and privacy of individuals and organisations.

In fact, as stated by the ‘2015 Information Security Breaches Survey’ commissioned by the UK Government, 50 per cent of the worst breaches suffered by UK companies were caused by inadvertent human error.

In this module we will seek to move away from the technical aspects of the field and instead tackle the issues directly.

Learning outcomes

If you complete the course successfully, you should be able to:

  • Understand how people fulfil information security goals.
  • Explain the need of privacy in a computerised world.
  • Identify biases that may affect an individual when making security or privacy decisions.
  • Detect human vulnerabilities that may be present on a computer system.
  • Understand the ‘art and science’ behind social engineering and develop social engineering penetration tests.
  • Analyse cultures of risk within and beyond organisational settings to better understand how these cultures influence policy development and implementation.
  • Examine the different biases and heuristics that affect risk perception and, therefore, security and privacy related decisions.
  • Identity personality traits that affects individual security behaviours. 
  • Carry out privacy impact assessments, develop privacy policies and implement the appropriate privacy preserving controls.
  • Develop, implement security awareness programs

Assessment

This module is assessed by a two hour unseen written examination.