Overview

There is growing recognition that technology alone will not provide all of the solutions to security and privacy problems. Human factors play an essential role in these areas, and it is important for security and privacy experts to have an understanding of how people will interact with the systems they develop. This course is designed to introduce students to a variety of usability and user-interface problems related to privacy and security and to give them experience in understanding, critiquing, and designing studies aimed at evaluating usability issues in security and privacy systems.

Sample instructor(s)

Lorrie CranorLujo Bauer, Nicolas Christin

Duration

3, 6, 9, or 12 hours

Customizable?

Yes, this course can be tailored towards professionals with more of a technology background, or more of a policy background. In addition, the emphasis can be more on security, more on privacy, or balanced. The 3-hour version of the course will provide a high-level overview and focus on a subset of course topics, while the 12-hour version will cover all listed topics and include interactive activities for hands-on learning.

In-person or remote

Remote, in-person, and pre-recorded sections, hybrid, etc.

Intended audience

This course is appropriate for professionals working in either technology or policy.

Takeaways

  • Gain an appreciation for the importance of usability within security and privacy
  • Learn about current research and best practices in usable privacy and security
  • Understand approaches used to effectively evaluate usability in security and privacy systems
  • Learn how to critically examine usable privacy and security studies 

Course topics

  • Reasoning about the human in the loop in security and privacy
  • Usability and design
  • Designing usable privacy and security experiments, accounting for risk
  • Overview of user study methods
  • Passwords and authentication
  • Security warnings
  • Privacy notice and choice
  • Privacy and anonymity tools
  • Security awareness training and phishing

Prerequisites

A basic understanding of IT or CS is preferred, but not required. 

Materials

Copies of presentations and relevant papers will be provided to participants.

Contact us

To learn about our custom programs and any upcoming open enrollments, reach out to Michael Lisanti.