851-0390-00L Human-Centered IT Security and Privacy
| Semester | Spring Semester 2023 |
| Lecturers | V. Zimmermann |
| Periodicity | yearly recurring course |
| Language of instruction | English |
Courses
| Number | Title | Hours | Lecturers | ||||
|---|---|---|---|---|---|---|---|
| 851-0390-00 G | Human-Centered IT Security and Privacy | 2 hrs |
| V. Zimmermann |
Catalogue data
| Abstract | Students will gain an overview of the role of the human in security and privacy, learn about the relevance of human-centered design and important psychological aspects. Selected security- and privacy-related application scenarios will be presented and discussed. Furthermore, practical exercises and group work activities are used to showcase human-related aspects and foster reflection. | |||||||||||||||||||||||||||
| Learning objective | Students will know about the historical development of human-centered security, relevant psychological aspects and selected practical applications. The course will enable students to critically reflect on human aspects of existing security and privacy technologies and to include a human-centered perspective in the design of new solutions, e.g. by using suitable design and evaluation tools. | |||||||||||||||||||||||||||
| Content | First, the course will describe the historical development of usable and human-centered security and privacy, respectively. Using exemplary application scenarios, the relevance of the human in security and privacy will be highlighted and the current role of the human will be reflected on. Second, the human factor will be focused on. The course will address the basic psychological aspects that are relevant for human-centered design including insights from human perceptions, cognition and behavior. Afterwards, the human-centered design process and relevant concepts such as usability and user experience will be introduced. Finally, exemplary methods for the human-centered design and evaluation of will be presented and discussed. Third, practical scenarios across the range of security- and privacy-related topics will be used to illustrate human-centered design processes, evaluation tools and outcomes, e.g., human-centered security technologies or interfaces. Furthermore, these solutions will be discussed within a larger societal context, e.g., with regards to accessibility, ethical considerations, or legal aspects. An external guest lecture will complement the lecture by providing insights from ongoing research in the area of human-centered IT security and privacy. Across all three parts of the course, practical exercises, the exemplary application of methods or tools, and structured discussions involving different perspectives will be used to make the human factor graspable, to enable a change in perspective and to foster reflection. | |||||||||||||||||||||||||||
| Literature | Adams, A., & Sasse, M. A. (1999). Users are not the enemy. Communications of the ACM, 42(12), 40-46. Cranor, L. F., & Garfinkel, S. (2005). Security and usability: designing secure systems that people can use. " O'Reilly Media, Inc.". Reuter, C. (2018). Sicherheitskritische Mensch-Computer-Interaktion. Wiesbaden: Springer Fachmedien Wiesbaden. | |||||||||||||||||||||||||||
| Prerequisites / Notice | The course is particularly suitable for all students with an engineering or computer science-related background. However, students from all disciplines are welcome. No prior knowledge in computer science or psychology is required. | |||||||||||||||||||||||||||
Competencies |
|
Performance assessment
| Performance assessment information (valid until the course unit is held again) | |
Performance assessment as a semester course | |
| ECTS credits | 3 credits |
| Examiners | V. Zimmermann |
| Type | graded semester performance |
| Language of examination | English |
| Repetition | Repetition only possible after re-enrolling for the course unit. |
| Admission requirement | The students need to provide a documentation of the results of the exercises conducted throughout the course. The documentation is supposed to capture the students' active engagement with the course topic and the reflection on the human aspect in security- and privacy-related research. This documentation is not graded but a requirement for taking part in the graded examination. |
| Additional information on mode of examination | The examination will consist of two parts: 1) The students need to provide a documentation of the results of the exercises conducted in the course. This is the requirement for taking part in part 2. 2) The students will prepare a poster for an interactive poster session in which they present a current article from the area of human-centered IT security and privacy. The grade for the course will be formed based on the poster and the related presentation. |
Learning materials
| No public learning materials available. | |
| Only public learning materials are listed. |
Groups
| No information on groups available. |
Restrictions
| Places | 50 at the most |
| Waiting list | until 05.03.2023 |