程序代写代做代考 Introduction2

Introduction2

HUMAN-CENTRED SECURITY

Why Lecture?

What about teaching skills?

You can�t learn skills from
watching someone!

Traditionally

1. Lecturer creates slides from textbook
2. Lecturer presents materials to class
3. Students are given problem solving activities

where they need to apply the knowledge
4. Students get stuck!
5. Lecturer does problem solving in lecture

while students watch

Traditional Lecturing

1. A particular person possesses the
knowledge

2. He/She obtained the knowledge from a
scarce resource

3. He/She needs to impart it to a number of
people

4. The most efficient way to do this is to get
this person to speak to a number of people
at a time – in a lecture

What are the principles here?

• The printing press
• The Web
• Amazon.co.uk
• You no longer have to trust the monk!
• You can read the book, watch a video, ask

your friends on Facebook, Google
• Or you can come to the lecture and listen to

the lecturer explain the content of the book
• BUT – little opportunity for feedback!

What�s happened since the monk?

1. Students prepare by reading
the easy material

2. During lectures we discuss,
reflect, problem solve

3. Work in groups with your fellow students
4. At the end of the course

– Students are able to problem solve

We might well have this the wrong
way around!

Morning
Discussion

Afternoon
Discussion

Prep WeekTask

Quiz

• No employer will lecture you for 50 minutes
• Then test you a week later
• You will be required to participate in group

discussions
• Make presentations
• Work with others to arrive at a solution
• Debate, advance theories, cooperate,

innovate

Mimics On-the-job learning

• Assigned class teams
– Class teams for discussion and activity
– 3 colours

• Red, Green and Blue
– 12 teams, 4 shades in each

• Red (Auburn, Burgundy, Raspberry and Ruby)
• Green (Avocado, Lime, Mint and Pistachio)
• Blue (Azure, Denim, Sapphire and Periwinkle)

Course structure

Intended Learning Outcomes (1)

• examine a given context and design an
appropriate security solution and be able to
justify your choices.

• identify usability, privacy or security issues
in a given security solution, and make
recommendations about how to improve it.

• formulate a strategy for communicating risk
to end-users.

Intended Learning Outcomes (2)

• demonstrate an understanding of the
insider threat, and be able to critique and
design solutions to mitigate against it.

• demonstrate an understanding of social
engineering and the significance in
campaigns (e.g. advanced persistent
threats).

• Weekend – prep max 1 hour
• Morning – quiz & discussion
• Task Sheet for Afternoon prep

– You spend some time investigating on your own
max 1 hour

• Some afternoon sessions might start with
quiz

Prep and Activities

• Afternoon
– Various Activities
– It might be a good idea to bring one laptop per

group

• Read academic papers
• Find published research yourself
• Understand latest thinking in an area
• Explore new ideas in a research area
• Sometimes watch YouTube videos to prepare

for a discussion
• May be asked to take a Moodle Quiz before a

lecture

Masters Course

• Sign next to your name on the form so I can
assign you to groups
– Add your name if it is not there

• Sign up for the CRYPTOGRAM newsletter
(www.schneier.com)

• Commit to doing the preparation work for
this course

What you need to do

http://www.schneier.com/

• Slide Summaries will be made available after
the lectures on Moodle

• The only handouts will be those you need to
support classroom activities

• Why? I want you to participate, not try to
memorise. Gain understanding, do not gather
facts

Lecture Notes

This Course

• Quizzes – 10%
• Essay – 15%
• Team Assessed Exercise – 25%
• Exam – 50%

CONTINUOUS ASSESSMENT

Continuous Assessment

• 10% of the individual final grade will be gained
from continuous assessment.

• will typically take the form of a weekly quiz that
probes research paper(s) reading.

• research paper(s) will be issued via Moodle and
students are expected to prepare for a quiz the
following week.

• research paper(s) may also prove a valuable
resource for answering exam questions.

YACRS

• need to have a WiFi enabled device and connect
to eduroam.

• individuals can also use their own data
connection.

• instructions about how to connect your device to
eduroam can be found online at
http://www.gla.ac.uk/services/it/eduroam/

• graded quiz will be next week at the morning
session on Friday the 19th of January.

YACRS

• classroom response system, developed at
Glasgow, affording individuals the ability to
respond to questions in lectures using their wifi
enabled device.

• individuals access platform via
http://classresponse.gla.ac.uk and join a
specific session.

• individuals are not allowed to access material or
discuss questions during quizzes, unless
otherwise stated.

http://learn.gla.ac.uk/yacrs/

Quiz result

• individual performance will also be published
through YACRS.

• not all quizzes contribute to your final grade, but
it is still important to check and verify your
responses.

• if you spot any errors in your responses, please
contact and inform me.

• answers to quizzes will typically be published a
few days after individual performance.

INDIVIDUAL ASSIGNMENT

Individual Assignment

• research essay, 1500 words (10% rule).
• submit via Moodle by 4.30pm on the 2nd of

March 2018.
• essay should identify some of the causative

effects of human behaviours in a given security
and privacy scenario and argue how they may be
influenced.

• list of six topics, 15 slots in each, have until
Friday the 19th of January to confirm choice.

• Assessed exercise specification now on Moodle.

TEAM ASSIGNMENT

Team Assignment

• research team exercise, non-programming
and programming routes.

• submit body of work and presentation via
Moodle by 4.30pm on the 12th of March
2018.

• proactive password checker for minors.
• exercise must be completed in self-

organising teams of no-more than three
members.

Team Assignment

• teams complete a workload record and
personal assessment of contribution.

• individual grade is determined from the
team grade and influenced by the workload
record and assessment of personal
assessment of contribution.

• teams must be confirmed via Moodle by
Friday 19th of January 2018.

Assessment week

• the week prior to the submission of the
team assessed exercise the class will not
meet.

• teams can use the time to finish work on
the assessed exercise.

• no session, quiz or activity on Friday 9th of
March 2018.

EXAM

Exam

• 50% of grade will be gained from individual
performance on summer exam.

• individuals must attempt at least 80% of
course to obtain final grade.

• past exam papers available via the
University of Glasgow Library

• typically the final week of the course is the
revision and reflection session.

M I N I M U M R E Q U I R E M E N T F O R T H E
A W A R D O F C O U R S E C R E D I T

Exam
70%

Non-exam
30%

W H E R E D O E S T H E S U B J E C T F I T W I T H I N
T H E S E C U R I T Y O P T I O N S ?

C Y B E R S Y S T E M
F O R E N S I C S

E N T E R P R I S E
C Y B E R S E C U R I T Y

H U M A N
C E N T R E D
S E C U R I T Y

C Y B E R
S E C U R I T Y

F U N D A M E N TA L S

S A F E T Y
C R I T I C A L
S Y S T E M

C R Y P T O G R A P H Y
A N D S E C U R E

D E V E L O P M E N T

Rules of this Class

• This course is all about discussion
• You need to participate!
• There is no such thing as a stupid question or

comment
• Respect other students’ right to question

your opinions and views
• Be willing to have your assumptions

challenged

Afternoon session

• check for class team in Moodle
• each team will consider a

product/interface/task from usable security
perspective.

• member of team will then present work.
• consider common themes and problems.

“The mind is not a
vessel to be filled, but
a fire to be kindled.”

Plutarch