Syllabus for CS/IS 698 (Spring 2024)
Table of contents
This is the official course syllabus. You can find its latest version as well as most of the same information in a more accessible format elsewhere on the course website.
Course information
Course number
IS/CS 698
The CRN for the IS section of this course is 15977; for CS it’s 15978.
Course title
Human Factors in Security & Privacy
Detailed description
When real-world cybersecurity incidents occur, the root cause is often not the technology on its own but the way people interact with it. Understanding and accounting for these human factors is crucial if we want to achieve meaningful security and privacy. This course will cover a range of user-interface and human-computer interaction problems experienced by real users. It will teach a variety of empirical research methods for evaluating the usable security properties of systems, as well as techniques for designing systems to avoid usability issues. In addition to learning from the latest research in the field of human-centered security, students will have many opportunities to gain hands-on experience applying methods from the literature, culminating in a major research and development project that students can add to their portfolios.
Prerequisites
Required
The following knowledge and skills are required for success in this course.
Computer and network security
Concepts
Students should have a strong understanding of computer and network security concepts including:
- Network security
- Example: How does the TLS protocol work?
- Encryption
- Example: How do different block cipher modes of operation work?
- Memory safety
- Example: How does a buffer overflow happen and what protections exist against it and similar attacks?
- Web security
- Example: How does FIDO U2F protect against phishing?
Suggested courses
Any of the following courses will likely provide the necessary background:
- IT 230. Computer and Network Security
- CS 351. Introduction to Cybersecurity
- CS 608. Cryptography and Security
- CS 645. Security and Privacy in Computer Systems
- Equivalent courses at other institutions
- Equivalent computer security experience
Programming and software development experience
Concepts
- Students should be comfortable completing programming tasks using unfamiliar programming languages and APIs
- Example: use the Web Permissions API to request access to a certain resource
- A large component of the course is a semester-long project that is likely to feature significant programming components. Students should be prepared to undertake these tasks.
- Examples:
- Create a mobile app
- Implement a prototype of an interface
- Perform data analysis and compute statistics
- Examples:
Suggested courses
- IS 513. Programming Foundations for IS
- Undergrad major in computer science
- Equivalent computer programming experience
Recommended
The following experiences and background are not required, but students who have them may get more out of the course.
User experience research or design
Concepts
- Experience designing and/or evaluating user interfaces
Suggested courses
- IS 661. User Experience Design
Statistics
Concepts
- Experience selecting and calculating statistics
- Examples:
- t-tests
- ANOVA
- Regressions
- Bootstrapping
- Examples:
Suggested courses
- IS 333. Probability and Statistics
Learning outcomes
Students completing this course will:
- Learn concrete instances of security and privacy failures in common technologies
- Be able to explain how human factors contributed to these issues
- Read and understand current research in usable privacy and security
- Learn and practice methodologies for evaluating the usability of systems
- Be able to practice human-centered design for security and privacy systems
Meeting-by-meeting outline
Please keep in mind that the schedule may change as the course progresses, so please regularly check the course website for any changes.
Grading
Grade weights
Current events assignment | 5% | |
Reading responses | 5% | |
In-class presentations | 10% | |
Project | 45% | |
P1: ideas | 1% | |
P2: group | 1% | |
P3: proposal | 5% | |
P4: methods | 5% | |
P5: progress report | 3% | |
P6: related work | 5% | |
P7: presentation | 5% | |
P8: report | 10% | |
overall project quality and participation | 10% | |
Homework | 30% | |
H1: ethics | 5% | |
H2: cognitive walkthrough | 5% | |
H3: user study | 5% | |
H4: interview | 5% | |
H5: survey | 5% | |
H6: design | 5% | |
Participation | 5% |
Late policies
Each assignment will specify its own late policy.
Grading scale
The course will be graded using the standard absolute scale, converting numerical scores to letter grades; i.e., this course is not curved.
Instructor information
Office hours
There will be two types of office hours in this course. Both will be held in GITC 3803.
Open office hours
These will be Thursdays, 2–3 PM.
- These are unscheduled, so please come without any prior notice.
- If multiple people show up, I will try to accommodate everyone, for example by answering questions in a group or focusing on topics that the plurality of those in attendance are interested in.
- If you have a question about course topics or assignments or anything else you think might be of interest to others, please try to come to these office hours.
Individual office hours
These will be Mondays, 2–3 PM, in 15-minute slots.
To reserve a slot, follow this link.
- These office hours are for questions you’re more comfortable discussing one-on-one, such as grading issues, career advice, etc.
- I’ll prioritize anyone who has a reservation, but if a slot is unscheduled, I’ll treat it like the open office hours above (so come on by!).
Course materials
Required
No required textbooks. All required readings will be linked from the course website.
Optional
Any optional readings will be linked from the course website.
Examination details
This course will not have midterms or a final exam.
Make-up exam policies
N/A
Course, department, and university policies
Collaboration policy
Except where otherwise noted, submitted assignments must be completed individually. You may discuss the topics and materials with other students, but any write-up you submit must be fully and completely your own work.
If you’re not sure whether something would be considered acceptable collaboration, please proactively contact the course staff.
Course policy on the use of artificial intelligence
AI tools can be very helpful, but they come with many flaws and limitations. In the context of this course, I believe that the use of AI tools will hurt rather than help the educational objectives, and therefore the use of AI tools is discouraged.
If you choose to use an AI tool, you must clearly specify which one, how it was used, and specifically identify its outputs and other contributions in any work you submit. You are responsible for the correctness of your work and are therefore expected to take steps to verify that you are not including or citing any hallucinated information. Failure to follow this policy will be treated as a violation of academic integrity.
Because programming and algorithms are not the focus of this course, there are no restrictions on the use of AI tools for software development (for example if you develop a prototype for your final project).
If you’re not sure whether something would be considered acceptable use, please proactively contact the course staff.
If you’re sick
If you’re not feeling well, please stay home. You’re likely to feel better more quickly, and you’ll be protecting everyone from getting infected. Please reach out to your peers for class notes or, if those are not available, contact me. If you do choose to come to class while not feeling 100%, then please wear a well-fitting N95 or KN95 mask. Please keep in mind that everyone responds to illness differently, and what for some can be a simple cold can manifest in others as serious medical issues. Thank you for protecting your peers and me!
Mental health and wellness
The academic environment can be stressful. Your well-being should always come first. NJIT’s Center for Counseling and Psychological Services offers a variety of resources. Please reach out to them if you need to, and I will do my best to support you with appropriate accommodations.
Academic integrity
“Academic Integrity is the cornerstone of higher education and is central to the ideals of this course and the university. Cheating is strictly prohibited and devalues the degree that you are working on. As a member of the NJIT community, it is your responsibility to protect your educational investment by knowing and following the academic code of integrity policy that is found at: NJIT Academic Integrity Code.
Please note that it is my professional obligation and responsibility to report any academic misconduct to the Dean of Students Office. Any student found in violation of the code by cheating, plagiarizing or using any online software inappropriately will result in disciplinary action. This may include a failing grade of F, and/or suspension or dismissal from the university. If you have any questions about the code of Academic Integrity, please contact the Dean of Students Office at dos@njit.edu”
Class recordings
“Class sessions may be recorded by the instructor. These recordings shall only be used as an educational resource and are not to be distributed or used outside of this class. Information on how to access recorded lectures will be made available by your instructor. Any recordings that contain identifiable information about students will not be used beyond this semester.
Students are expected to respect their fellow students’ privacy and freedom to learn without disruption. Students are not allowed to capture or reproduce anyone’s name, image, or voice without permission. They must be polite and respectful in the online chat. Informal chat is okay, but typing is restricted to things that one would say out loud in front of the entire class. Students must always conduct themselves on their webcam video as they would in person in a classroom.”
Extenuating circumstance & other situations
“When a student invokes extenuating circumstances for any reason (late withdrawal from a course, request for a make-up exam, request for an Incomplete grade, request for accommodation due to illness) the student should be referred to the Dean of Students Office. The Dean of Students will make the determination of whether extenuating circumstances exist and will notify the instructor accordingly. Instructors should never request or accept medical or other documents from students; all documents should be submitted by the student to the Dean of Students Office. Except for cases determined by law, an instructor is not required to accommodate student requests even when extenuating circumstances are certified by the Dean of Students; however, all efforts should be made to ensure a student-friendly environment.”
Sexual discrimination or harassment
According to federal and university Title IX policy, all instructional staff are “required to report any Prohibited Conduct involving students to the Title IX Coordinator that they witness or become aware of.”
“Any observed, experienced or known discrimination on the basis of sex, gender identity, or sexual orientation, including the following forms of sexual harassment: sexual violence, dating violence, domestic violence and stalking involving any member of our university community, must be reported.”