[an error occurred while processing this directive]
<meta NAME="ROBOTS" CONTENT="index,follow">
<meta NAME="keywords" CONTENT=" participant, developers, computer, context, department, course, compliance, people, user, develop, security, practice, regulation, principles, human, risk, decision, understand, systems, attacks, making, university, measures, remaining, specify, authentication, science, usability, oxford, places, able, identity, held, administrators, interaction, perspective, accompanying, organisation, frequently, legitimate, understanding, objectives, appropriate, successful, information, incidents, requirements, monitoring, technical, credentials, frequency, perception, incentives, strategies, mechanism, examples, evaluation, breaking, implement, different, normally, criteria, workable, attribute, weakest, policies, training, ensuring, involve, economics, explore, contents, personas, politics, called, phishing, patterns, warnings, unable, comply, policy, related, better, provided, against, exploit, secure, justice, groups, ensure, impact, chain, duped, socio, order, dates, equity, budget">
<meta name="DESCRIPTION" content="People and Security course People are frequently called the "weakest link in the security chain" Many examples of security incidents involve legitimate users, administrators and developers being unable to comply with, or otherwise duped into breaking the security policy This course will explore security from a socio technical and human computer interaction perspective The aim is to better understand people and their contexts, in order to develop systems which are more secure in practice Frequency This course normally runs twice a year ">


<meta name="Edited" content="Fri, 04 Jul 2025 12:45:02 GMT">
<meta name="Published" content="Fri, 04 Jul 2025 12:45:05 GMT">

<title>Software Engineering at Oxford | People and Security ( PAS )</title>

<!-- icon -->
<link rel="shortcut icon" type="image/ico" href="../favicon.ico">

<script src="https://ssl.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">_uacct = "UA-1306673-1";urchinTracker();/*UA-579489-1*/</script>
<META name="verify-v1" content="CwYQSB0rDIbG5v7tQy+2xKxvNEoOxCNSFYYF7mSW7bo=" />
[an error occurred while processing this directive]

<div id="breadcrumb">
   
   <ul class="mainnav">
      <li>
         <a href="/">Computer Science</a></li><li><a href="/softeng/security/">Systems Security</a>
      </li>
      <li>
         <a href="/softeng/courses/">Courses</a>
      </li>
      <li>
         <a href="/softeng/courses/subjects.html">Subjects</a>
      </li>
      <li>
         <span class="youarehere">People and Security ( PAS )</span>
      </li>
   </ul>
</div>


<!--
<span id="headerItem">
  <a href="../programme/contact.html" title="Contacts">Contact</a> | 
  <a href="../search/search.jsp" title="Search">Search</a> |
  <a href="../sitemap.html" title="Sitemap">Site map</a> | 
  <a href="https://www.softeng.ox.ac.uk/signin/" title="Sign in">Sign
  in</a>
</span>
-->

<div id="content">

<h1 style="vertical-align:middle"><img align="middle" valign="middle" style="vertical-align:middle" border="0" src="../images/PAS.jpg"> People and Security</h1>
      <div>
	
	<p><p>People are frequently called the "weakest link in the security chain". Many examples of security incidents involve legitimate users, administrators and developers being unable to comply with, or otherwise duped into breaking the security policy. This course will explore security from a socio-technical and human-computer interaction perspective. The aim is to better understand people and their contexts, in order to develop systems which are more secure in practice.</p>
<h4>Frequency</h4>
<p>This course normally runs twice a year.</p></p>
<h4>Course dates</h4>
<center>
<table style="margin-left: 20px" width="95%">
<tr><td width="22%" valign="top">15th September 2025</td><td valign="top">Oxford University Department of Computer Science - Held in the Department</td><td valign="top" width="33%">15 places remaining.</td></tr>
<tr><td width="22%" valign="top">23rd March 2026</td><td valign="top">Oxford University Department of Computer Science - Held in the Department</td><td valign="top" width="33%">17 places remaining.</td></tr>
</table>
</center>
<h4>Objectives</h4>
<p><p>The successful participant will:</p>
<ul>
<li>be able to specify usability criteria that a security mechanism has to meet to be workable for end-user groups and work contexts;</li>
<li>be able to specify accompanying measures (policies, training, monitoring and ensuring compliance) that an organisation needs to implement to ensure long-term security in practice;</li>
<li>understand the impact of security measures on different kinds of users and contexts;</li>
<li>understand the role of risk perception, incentives, and regulation in security-related decision-making;</li>
<li>be able to develop appropriate strategies against attacks on information systems which exploit human error.</li>
</ul></p>
<h4>Contents</h4>
<p><dl>
<dt><span>Usability and HCI</span></dt>
<dd>HCI principles; Systems, people, tasks and context; usability evaluation</dd>
<dt><span>Authentication and Identity</span></dt>
<dd>Types of authentication and trade-offs; Identity and attribute-based credentials</dd>
<dt><span>Security in context</span></dt>
<dd>Personas; Equity and justice; Developers as users</dd>
<dt><span>Economics and Politics of Security</span></dt>
<dd>Decision-making, risks and costs; Compliance budget; Regulation</dd>
<dt><span>Attacks and Nudges</span></dt>
<dd>Phishing; Scams; Dark patterns; Warnings; Advice</dd>
</dl></p>
<h4>Requirements</h4>
<p>Participants should have a basic understanding of computer security to the level provided by the Security Principles course.</p>

	
      </div>

<br>

    
[an error occurred while processing this directive]

<!--  mainnav div starts -->
<div id="nav">     
 <h2 id="mainsections">Main sections</h2>
 
 <h2 id="inthissection">Programme</h2>
 <ul class="mainnav" >
  <li>
   <a href="../" title="Return to the Home page" class="menu" >Home</a>
  </li>
  <li>
   <a href="../programme/index.html" title="About the programme" class="menu">About</a>
  </li>
  <li>
   <a href="../programme/history.html" title="The history of the Programme"  class="menu">History</a>
  </li>
  <li>
   <a href="../programme/people.html" title="The people involved" class="menu">People</a>
  </li>
  <li>
   <a href="http://www.cs.ox.ac.uk" title="Department of Computer Science" class="menu">Department</a>
  </li>
  <li>
   <a href="../programme/contact.html" title="Getting in touch" class="menu">Contact us</a>
  </li>
  </ul>
  
  
  <h2 id="inthissection">Courses</h2>
  <ul class="mainnav">
  <li>
   <a href="../courses/" title="About the courses" class="menu">About</a>
  </li>
  <li>
   <a href="../courses/subjects.html" title="Subjects offered" class="currentsection">Subjects</a>
  </li>
  <li>
   <a href="../courses/calendar.html" title="Course dates" class="menu">Calendar</a>
  </li>
  <li>
   <a href="../courses/booking.html" title="How to book a place on a course" class="menu">Booking</a>
  </li>
  </ul>
  
  
  <h2 id="inthissection">Study</h2>
  <ul class="mainnav">
  <li>
   <a href="../study/" title="Flexible, postgraduate study" class="menu">About</a>
  </li>
  <li>
   <a href="../study/awards.html" title="Academic awards" class="menu">Awards</a>
  </li>
  <li>
   <a href="../study/fees.html" title="University fees" class="menu">Fees</a>
  </li>
  <li>
   <a href="../study/apply.html" title="How to apply" class="menu">Applications</a>
  </li>
  <li>
   <a href="../study/collegiate.html" title="Collegiate University" class="menu">Colleges</a>
  </li>
  </ul>
  
  
  <h2 id="inthissection">Resources</h2>
  <ul class="mainnav">
  <li>
   <a href="../handbook/" title="Handbook" class="menu">Handbook</a>
  </li>
  <li>
   <a href="../brochures/" title="Brochures" class="menu">Brochures</a>
  </li>
 </ul>



[an error occurred while processing this directive]