Human Factors in Security and Privacy



Time and place:

  • Wed 12:15-13:45, Room K1-119 Brose-Saal

Fields of study

  • WPF MT-MA-BDV from SEM 1
  • WPF INF-BA-V-SEC from SEM 5
  • WF INF-MA from SEM 1
  • WPF ME-MA-MG6 from SEM 1
  • WPF MT-BA-BV from SEM 5

Prerequisites / Organizational information

Die Modulsprache ist Deutsch, Folien sind auf Englisch. Übungen sind auf Deutsch formuliert, und können in Englisch beantwortet werden.
Klausuraufgaben werden auf Deutsch gestellt. Klausuraufgaben können sowohl auf Deutsch als auch auf Englisch beantwortet werden.
This module will be held in German, slides are in English. Assignments will be formulated in German, and can be answered in German or English. Written exams will be formulated in German and can be answered in German or English.

REQUIRED: basic knowledge in the area of IT security and privacy, such as security goals (CIA), basic protection mechanisms (symmetric and asymmetric cryptography principles), cryptographic hash functions, digital certificates, PKI, basics of SSL/TLS. This knowledge can be acquired through the attendance of the module "Applied IT Security” or similar modules.


Das Modul findet online statt, solange die Corona-Maßnahmen bestehen. Vorlesungen und Übungen werden aufgezeichnet und ins StudOn gestellt. Links zu entsprechenden virtuellen Räumen werden im StudoOn bekannt gegeben.

This course provides insight into the ways in which people interact with IT security. Special attention will be paid to complex environments such as companies, governmental organizations or hospitals. A number of guest talks from practitioners and researchers highlight some of the issues in greater depth.

The course covers the following topics:

  • Terminology of security and privacy, technical and non-technical protection measures

  • Development and testing of usable security mechanisms (encryption and authentication tools, security policies, security warnings)

  • Risk perception and decision making in security and privacy context (usage of security software, reaction to security warnings, divulging information in social media)

  • Economics approach to security and privacy decision making (traditional and behavioral economics)

  • Trade-offs between the national security and surveillance (psychology behind the EU data retention directive and NSA programs)

  • Psychological principles of cyber fraud (scams, phishing, social engineering)

  • Security awareness and user education

  • Interplay of safety and security in complex systems

  • Research methods in human factors (qualitative vs. quantitative research, usability testing, experimental design, survey design, interviews)

Additional information

Expected participants: 60