Module 6: The Human Factor

A 6-Unit Module that Started on January 2023 and was Covered in 6 Weeks by Samuel Danso

Summary

In this Module, we examined Human Factors in the realm of Cybersecurity, emphasizing on the crucial role of understanding human behavior when professionals design computing systems in organizations.

Skills Acquired during this Module

Ability to understand the security issues and risks associated with how people interact with computing systems.

Ability to effectively plan a usable security design solution and also develop the ability to evaluate a usable design solution.

Gained knowledge on the usable security issues in current and emergent technologies

Gained Knowledge of the techniques and technologies for a given design solution.

Developed the awareness of how human behaviour impacts on security as well as the capacity to evaluate methods to understanding human behaviour..

Ability to apply and evaluate mental models for risk communication, as well as application of behavioural analysis models and frameworks to develop positive culture.

Awareness of the the impacts of human factors and activities on security of computing systems in an organisation.

Awareness of organisational culture and its impact on security.

Developed the ability to identify and effectively apply mental models for effective communication.

References Used

Below is a list of all the Sources (articles, books, reports, whitepapers, websites, etc) that I used through out this module (Using Harvard Referencing style).

Anon, 2017. OWASP Top 10 - 2017. [Online] Available at: https://owasp.org/www-pdf-archive/OWASP_Top_10-2017_%28en%29.pdf.pdf [Accessed 28 November 2022].

Fredj, O. B., Cheikhrouhou, O. & Krichen, M., 2021. An OWASP Top Ten Driven Survey on Web Application Protection Methods. s.l., Springer, Cham, pp. 235-252.

Dauzon, S., Bendoraitis, A. & Ravindran, A., 2016. Django: Web Development with Python. Mumbai: Packt Publishing Ltd.

Lenka, C., 2020. Python program check validity Password. [Online] Available at: https://www.geeksforgeeks.org/python-program-check-validity-password/ [Accessed 28 May 2022].

Melé, A., 2020. Django 3 by example. 3rd ed. UK: Packt Publishing Ltd.

Oliphant, T. E., 2007. Python for Scientific Computing. Computing in Science and Engineering, 9(3), pp.10-20.

Beek, van H.M.A., Eijk, van E.J., Baar, van R.B., Ugen, M., Bodde, J.N.C. (2015). Digital Forensics as a Service: Game on. Digital Investigation.

Seyyar, Bas M., Geradts, Z.J.M.H. (2020). Privacy impact in large scale digital forensic investigations. Forensic Science International.

Microsoft. (2003) Improving Web Application Security Threats and Countermeasures. 1st ed.

OWASP (2022). OWASP Top Ten. Available from:https://owasp.org/www-project-top-ten/ [Accessed 15th November 2022]

Pillai, A. (2017) Software Architecture with Python. 1st ed. Birmingham: Packt Publishing Ltd.

Dermott, Mac AM., Baker, T., Buck, P., Iqbal, F., Shi, Q. (2019). The internet of things: challenges and considerations for cybercrime investigations and digital forensics. International Journal of Digital Crime and Forensics.

CWE Content Team, 2021. CWE VIEW: Weaknesses in OWASP Top Ten (2021). [Online] Available at: https://cwe.mitre.org/data/definitions/1344.html [Accessed 15 December 2022].

Django, 2015. Documentation. [Online] Available at: https://docs.djangoproject.com/en/4.1/ [Accessed 15 December 2022].

Government of the Netherlands, N.D.. Fighting cybercrime in the Netherlands. [Online] Available at: https://www.government.nl/topics/cybercrime/fighting-cybercrime-in-the-netherlands [Accessed 15 December 2022].

Saabith, A. S., Fareez, M. & Vinothraj, T., 2019. PYTHON CURRENT TREND APPLICATIONS- AN OVERVIEW.International Journal of Advance Engineering and Research Development, 6(10), pp. 6-12.

T, N., 2013. Lock out users after too many failed login attempts. [Online] Available at: https://stackoverflow.com/questions/9033287/lock-out-users-after-too-many-failed-loginattempts [Accessed 12 December 2022].

W3Schools, N.D.. CSS Tutorial. [Online] Available at: https://www.w3schools.com/css/default.asp [Accessed 12 December 2022].

Django, N.D.. Django 1.7.11 documentation. [Online] Available at: https://django.readthedocs.io/en/1.7.x/index.html [Accessed 12 December 2022].

Tasks and Assignments Done throughout this Module

Below is a breakdown of the activities done weekly during the 6-Unit Module.

Week 1: Unit 1 - Human Factors and Cyber Security

After going through a Lecture cast, books and a having a lesson with the Lecturer, I gained knowledge on human behaviour and its implications in designing computing systems within the context of cyber security.

We also got to discuss human capabilities and limitations and their impact on usable security.

Additionally, we discussed the concept of insider threat and accidental insider and their effect on security

Below is my lay summary review on the article by Zhang et al. (2017)

Download PDF

Week 2: Unit 2 - Human Behaviour and Security Implications

This unit focused on analysis of human factors, human behaviour and human capabilities and limitations.

We got to apply the knowledge gained in the first unit to identify methods of understanding human behaviour design solutions, based on factors relating to security and its implications.

Week 3: Unit 3 - Mental Models and Privacy by Design and by Default Principles for Usable Security Design

We had a Lecture cast and book reading that introduced mental models, privacy by design principles and contextual design approaches to designing usable security solutions.

The unit further discussed how users' and designers' mental models can be combined to achieve optimal design solution though the lens of Human Computer Interaction.

We had an Assessment Individual Essay that focused on fully outlining my viewpoint on the human factors and socio-technical problems in Queens Medical Centre is a community clinic scenario. Below is the essay that I handed out.

Download PDF

Week 4: Unit 4 - Usable Security Design by Default

With the use of books, practical examples and reading activities, we explored the various techniques to consider when planning a usable design solution by default.

We learned the pros and cons of logging and the impact of log4j.

We also discussed the strengths and weakness of the techniques and their application contexts and also applied the privacy by design principles and contextual design approach to a case study.

The lecturer tasked each of us with reviewing and responding to two Individual Essays from my peers. Here is my feedback.

Download PDF

Week 5: Unit 5 - Achieving Optimal Cyber Security: The Ethics and Organisational Issues

With the use of a Lecture cast, books and a lecture, we looked at the cultural, organisational issues and their impact on security, as well as the frameworks to develop a positive, organisational security culture.

We also discussed the legal and ethical requirements and implication when developing usable security and reflected on the current and future research in the various areas of usable security, and human factors in cyber security.

Week 6: Unit 6 - Behaviour Analysis for Positive Security and Risk Communication

It focused on employing mental models as an approach to developing a Cyber Security risk communication strategy.

We got to apply the knowledge you have gained in Unit 5 to identify appropriate mental models and employ these models to develop a robust communication plan, as a method to address the human factors issue in an organisation.

We were each tasked with presenting solutions to the issues identified in the first assessment (Unit 3), including social and ethical considerations. Below is my presentation in pdf and its transcript respectively.

Individual Presentation in pdf

Download PDF

Transcript of the Individual Presentation

Download PDF

E-Portfolio: Beatrice MUTEGI-ROYER