| Unit name | Security Behaviours (Teaching Unit) |
|---|---|
| Unit code | COMS30038 |
| Credit points | 0 |
| Level of study | H/6 |
| Teaching block(s) |
Teaching Block 1 (weeks 1 - 12) |
| Unit director | Dr. Edwards |
| Open unit status | Not open |
| Units you must take before you take this one (pre-requisite units) |
None |
| Units you must take alongside this one (co-requisite units) |
EITHER COMS30081 Topics in Computer Science (Exam assessment, 20 credits). OR COMS30088 Security Behaviours (20 credits). Please note: COMS30038 is the Teaching Unit for the Security Behaviours option. Students taking this unit choose to be assessed by EITHER the 20 credit “Coursework + Mid-term" unit (COMS30088) OR as part of the Topics in Computer Science 20 credit examination unit. Students select the form of assessment to be taken by enrolling on the appropriate co-requisite assessment unit. |
| Units you may not take alongside this one |
None. |
| School/department | School of Computer Science |
| Faculty | Faculty of Engineering |
Why is this unit important?
The security of complex socio-technical systems relies on the behaviour of human agents as much as it relies on the correctness of technical controls. Poor choices made in the design, development and deployment of security controls can provoke legitimate users into errors, creating or exacerbating vulnerabilities in a system. Similarly, security controls cannot be effectively designed without an understanding of the adversary being defended against - their capabilities, motivations and typical behaviours.
How does this unit fit into your programme of study
This is an optional unit that can be taken in Year 3.
An overview of content
This unit explores the human factors underlying cybersecurity from two complementary perspectives. Firstly, we will study the role of human behaviours in creating and undermining security, covering:
The myth of the 'weakest link', and how humans can be a security asset;
Human cognitive biases, and how these relate to security;
How human error appears in practice;
How security information should be transmitted;
How security should and should not be designed.
Secondly, we will study the behaviour of adversarial actors, and how we can translate our understanding of these attackers into defences, including:
How we model and detect cyber-attacks and 'get into the mind' of our adversaries in order to analyse our own security;
How social engineering works, and what can be done about it;
How cybercriminals operate, the relevant criminological theories and examples for explaining group and individual behaviour;
The economics of cybercrime, and how economics can be deployed to disrupt it.
How will students, personally, be different as a result of the unit
As well as having engaged with academic material relating aspects of human behaviour to cybersecurity, students will have gained hands-on experience in planning and carrying out attacks, using tools and techniques commonly adopted by cyber-attackers. This will enable a deeper understanding of attack methods, translating into insights for protecting systems. Students will also have experience in researching and debating cybersecurity topics, exposing them to a variety of opinion on modern socio-technical challenges as well as preparing them for independent research.
Learning Outcomes
On successful completion of this unit, ALL students (both MAJOR and MINOR) will be able to:
1. Discuss the relevance of criminological and economic theory to cybercrime
2. Synthesise evidence about a cyberattack to describe the adversary
3. Explain the methods by which attackers operate and identify at a high level countermeasures for given threats
4. Use tools commonly deployed by attackers to compromise systems.
When the unit is taken as the MAJOR 20 credit version, students will also be able to:
4. Engage deeply and independently with academic and other literature in producing an original, critical essay on a cybersecurity topic of their choice.
Teaching will take place over 7 weeks and will be delivered through a combination of synchronous lectures, asynchronous teaching materials (including reading materials, written notes, slides, and videos) and in-person practical labs. This unit is unlike some other COMS units in that many of the concepts you need to grasp are not strictly computational or mathematical in nature. We support this with an emphasis on discussion, both in parts of the lab exercises and in the weekly review lectures. The weekly reading and video lectures allow you to come prepared for these discussions, but taking part in the conversation is valuable beyond just reviewing the week’s material – it sharpens your understanding and your ability to query, argue about and explain the core concepts from the unit. If taken as a MAJOR, the unit also provides weekly coursework support sessions.
Tasks which help you learn and prepare you for summative tasks (formative):
Teaching will take place over Weeks 1-7, with coursework support in weeks 9-11 and for students assessed by examination, consolidation and revision sessions in Weeks 12.
Students will be given reading exercises, video lectures, in-person review lectures and substantial lab exercises each week, with support from lecturers and teaching assistants. To support students preparing for essay-based assessments, formative assessments will be made available that closely reflect the summative assessments, with detailed feedback opportunities.
Tasks which count towards your unit mark (summative):
For students taking this unit as a MINOR variant, there will be a contribution of 10 credit points (equivalent to 1 hour of exam time) of questions to the “Topics in Computer Science” exam that will be sat during the winter examination period. This closed-book exam will assess students’ understanding of the main taught topics and will cover learning outcomes 1-4.
For students taking this unit as a MAJOR variant, there will be two elements of assessment:
When assessment does not go to plan
Students will retake relevant assessments in a like-for-like fashion in accordance with the University rules and regulations.
If this unit has a Resource List, you will normally find a link to it in the Blackboard area for the unit. Sometimes there will be a separate link for each weekly topic.
If you are unable to access a list through Blackboard, you can also find it via the Resource Lists homepage. Search for the list by the unit name or code (e.g. COMS30038).
How much time the unit requires
Each credit equates to 10 hours of total student input. For example a 20 credit unit will take you 200 hours
of study to complete. Your total learning time is made up of contact time, directed learning tasks,
independent learning and assessment activity.
See the University Workload statement relating to this unit for more information.
Assessment
The Board of Examiners will consider all cases where students have failed or not completed the assessments required for credit.
The Board considers each student's outcomes across all the units which contribute to each year's programme of study. For appropriate assessments, if you have self-certificated your absence, you will normally be required to complete it the next time it runs (for assessments at the end of TB1 and TB2 this is usually in the next re-assessment period).
The Board of Examiners will take into account any exceptional circumstances and operates
within the Regulations and Code of Practice for Taught Programmes.
