Skip to main content

Unit information: Security Behaviours (Teaching Unit) in 2021/22

Unit name Security Behaviours (Teaching Unit)
Unit code COMS30038
Credit points 0
Level of study H/6
Teaching block(s) Teaching Block 1 (weeks 1 - 12)
Unit director Dr. Edwards
Open unit status Not open

Ability to write basic scripts in a commonly-used programming language, e.g. Python.


EITHER Assessment Units COMS30036 Security Behaviours (Exam assessment, 10 credits).

OR COMS30070 Security Behaviours (Coursework assessment, 15 credits).

Please note:

COMS30038 is the Teaching Unit for the Security Behaviours option.

Single Honours Computer Science and Mathematics and Computer Science students can choose to be assessed by either examination (10 credits, COMS30036) or coursework (15 credits, COMS30070) by selecting the appropriate co-requisite assessment unit.

Any other students that are permitted to take the Security Beahaviours option are assessed by examination (10 credits) and should be enrolled on the co-requisite exam assessment unit (COMS30036).

School/department Department of Computer Science
Faculty Faculty of Engineering

Description including Unit Aims

The security of complex socio-technical systems relies on the behaviour of human agents as much as it relies on the correctness of technical controls. Poor choices made in the design, development and deployment of security controls can provoke legitimate users into errors, creating or exacerbating vulnerabilities in a system. Similarly, security controls cannot be effectively designed without an understanding of the adversary being defended against - their capabilities, motivations and typical behaviours.

This unit explores the human factors underlying cybersecurity from two complementary perspectives. Firstly, we will study the role of human behaviours in creating and undermining security, covering:

  • The myth of the 'weakest link', and how humans can be a security asset
  • Human cognitive biases, and how these relate to security
  • How human error appears in practice
  • How security information should be transmitted
  • How security should and should not be designed

Secondly, we will study the behaviour of adversarial actors, and how we can translate our understanding of these attackers into defences, including:

  • How we model and detect cyber attacks and 'get into the mind' of our adversaries in order to analyse our own security
  • How social engineering works, and what can be done about it
  • How cybercriminals operate, the relevant criminological theories and examples for explaining group and individual behaviour.
  • The economics of cybercrime, and how economics can be deployed to disrupt it.

Intended Learning Outcomes

On successful completion of this unit, students will be able to:

  1. Recognise cognitive biases and their implications for security
  2. Explain the methods by which social engineering attackers operate
  3. Judge where culpabilitylies in a security incident
  4. Discuss the relevance of criminological and economic theory to cybercrime
  5. Synthesise evidence about a cyberattack to describe the adversary
  6. Identify at a high level the appropriate countermeasures for a given threat

In addition, students assessed by coursework will be able to:

  1. Analyse a security incident and argue for root causes based on your assessment of the evidence

Teaching Information

Teaching will be delivered through a combination of synchronous and asynchronous sessions, including lectures, practical activities supported by drop-in sessions, problem sheets and self-directed exercises.

Teaching will take place over Weeks 1-7, with coursework support in weeks 9-11 and for students assessed by examination, consolidation and revision sessions in Weeks 12.

Assessment Information

Examination details:

2 hour exam (100%, 10 credits)


Coursework details:

Coursework (100%, 15 credits) - to be completed during a specific period.


If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.

If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMS30038).

How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours of study to complete. Your total learning time is made up of contact time, directed learning tasks, independent learning and assessment activity.

See the Faculty workload statement relating to this unit for more information.

The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit. The Board considers each student's outcomes across all the units which contribute to each year's programme of study. If you have self-certificated your absence from an assessment, you will normally be required to complete it the next time it runs (this is usually in the next assessment period).
The Board of Examiners will take into account any extenuating circumstances and operates within the Regulations and Code of Practice for Taught Programmes.