NJIT IS/CS 485 - Usable Security & Privacy - Fall 2024

This course covers how security and privacy decisions are made in the real world, why mistakes and failures happen so often, and what we can do about it.
Course Description
Cybersecurity and privacy incidents are often blamed on people’s choices, but what led to these decisions? If we understand the reasons for these failures and how the systems themselves contributed to them, we can create better technologies that help improve people’s security and privacy. In this course, we will study how security and privacy decisions are made in the real world, how incomplete or faulty assumptions may cause mistakes to be made, and what it takes to design and develop systems that overcome these issues. The course will synthesize and present important research in security, privacy, and human-computer interaction. In addition, students will learn and practice techniques, which are commonly used by user experience researchers, that will help them independently evaluate the usability of systems.


This course is scheduled to meet at Mechanical and Industrial Engineering Center (ME) 221 on Tuesdays and Thursdays, 4:00 PM – 5:20 PM.

The CRN for the IS section of this course is 95790; for CS it’s 95792.


Enrolling students are expected to have passed one of the following courses:

  • IT 230. Computer and Network Security
  • CS 351. Introduction to Cybersecurity
  • CS 608. Cryptography and Security
  • CS 645. Security and Privacy in Computer Systems

Additionally, the following courses are recommended:

  • IS 247 - Designing the user experience
  • IS 375 - Discovering user needs for UX
  • IS 448 - Usability & measuring UX
  • IT 331 - Privacy & information technology

If you have a strong interest in the topic but lack the formal prerequisites, please contact me in advance.

Topic overview

The course will cover the following topics:


  • Passwords and potential alternatives
  • Multi-factor authentication
  • Warnings and phishing
  • Mobile permissions
  • Authentication
  • Access control


  • Social media privacy
  • Online tracking
  • Privacy policies
  • AR/VR privacy
  • Smart home privacy
  • Deceptive design patterns

Special populations

  • At-risk users
  • Software developers and system administrators
  • Children
  • Accessibility in security
  • Anonymity needs and tools

Learning outcomes

Students completing this course will:

  • Discuss concrete instances of security and privacy failures in common technologies
  • Be able to explain how human factors contributed to these issues
  • Learn about research findings in a variety of domains in usable privacy and security
  • Practice methodologies for evaluating the usability of systems
  • Understand how to apply human-centered design for security and privacy systems
How this course differs from IS/CS 698

IS/CS 698, Human Factors in Security and Privacy, is a graduate, research-oriented seminar course, enrolling a mix of masters and PhD students. Its goal is to help students understand, evaluate, and contribute to cutting-edge research. To that end, a major focus of that course is reading, discussing, and analyzing research papers; students also work on a semester-long research project. In IS/CS 485, the focus will be on learning the lessons from the research field’s findings and how to apply them. The course will be primarily centered around lectures (though with significant active learning components), which will synthesize takeaways from state of the art research. However, students will still gain practical experience with research methods used in the human-computer interaction field through several hands-on projects.

Peer courses

This course is inspired by: