This module engages with the psychological, perceptional, cultural, societal, political, and ethical implications of information security and privacy.
Information is a vital element of modern society. Every day, individuals and organisations generate an increasing amount of information that is automatically processed and stored. In most cases, these processes require some human intervention.
In fact, as stated by the ‘2015 Information Security Breaches Survey’ commissioned by the UK Government, 50 per cent of the worst breaches suffered by UK companies were caused by inadvertent human error.
In this module we will seek to move away from the technical aspects of the field and instead tackle the issues directly.
If you complete the module successfully, you should be able to:
- understand how people fulfil information security goals.
- explain the need of privacy in a computerised world.
- identify biases that may affect an individual when making security or privacy decisions.
- detect human vulnerabilities that may be present on a computer system.
- understand the ‘art and science’ behind social engineering and develop social engineering penetration tests.
- analyse cultures of risk within and beyond organisational settings to better understand how these cultures influence policy development and implementation.
- examine the different biases and heuristics that affect risk perception and, therefore, security and privacy related decisions.
- identity personality traits that affects individual security behaviours.
- carry out privacy impact assessments, develop privacy policies and implement the appropriate privacy preserving controls.
- develop, implement security awareness programmes.
This module is assessed by a two-hour unseen written examination.