Admission requirements
- Only students of the MSc Crisis and Security Management, enrolled in the specialisation ‘Cybersecurity Governance’, can take this course.
Description
In cyber security, end-users are often blamed for data leaks, successful attacks and other incidents. This approach of humans as the ‘weakest link’ suggests that cyber threats can be mitigated by focusing on the behaviour of end-users rather than the way information systems are designed. While basic solutions are easily available in the field, their effectiveness is usually not tested. The importance of collecting meaningful data on the effectiveness of cyber security solutions is felt, but the field lacks experts who are able to provide this much sought-after data. In this course, we will focus on the research skill of how to collect meaningful data that provides insights in the effectiveness of behavioural cyber security solutions, to prepare students for the labour market.
This skill of collecting meaningful data will be embedded in the broader angle of solving cyber security issues that relate to human behaviour. We will draw on theories from various behavioural change fields, including social influence, behavioural economics and nudge theory. Broadly speaking, three themes will be covered:
1. behavioural change techniques; how can we influence people to change their behaviour in both conscious and unconscious ways?
2. assessing cyber security threats from a behavioural change perspective; where can we intervene to reduce the risk and/or possible consequences of a cyber security threat?
3. intervention design for behavioural change solutions regarding cyber security issues; What is the process by which we can determine the best
course of action, and how do we measure the effectiveness of any behavioural change intervention in cyber security?
Course Objectives
After finalising this course, students will be able to:
- Based on advanced knowledge and understanding of the principles of academic research, collect meaningful data using common methodologies to measure the effectiveness of cyber security solutions.
- Understand, based on advanced knowledge, behavioural change theories from various subfields (e.g. social influence, nudging, behavioural economics).
- Identify and apply relevant theoretical frameworks and methodologies, in order to systematically work towards behavioural solutions for cyber security problems using the latest scientific insights.
- Devise methods that assess the effectiveness of behavioural change interventions in the cyber security domain.
- Provide strategic analysis and advice to decision-makers by making (policy) recommendations based on meaningful collected data on cyber security solutions.
- Self-evaluate and reflect after interactive in-class work and individual assignments.
Timetable
On the right side of the programme front page of the studyguide you will find links to the website and timetables, uSis and Brightspace.
Mode of Instruction
The mode of instruction comprises of a series of interactive sessions (two sessions per week). In these sessions, students will learn the key principles of research, and the relevant concepts and methodologies, as can be applied to the field of behavioural change approaches to cybersecurity. Furthermore, students will practise research design and methods by applying the concepts, testing theories, and analysing empirical material.
Attendance is not mandatory, but highly recommended in order to pass the course. Active participation during the sessions benefits the students in preparing for assessments.
Study load:
42 contact hours (lectures and SPOC) and 238 hours of self-study and preparation of assessments.
In this 10 ects course, 4 ects is specifically reserved for the assignment that is going to be part of the portfolio of students, including working on their interim reflection paper as preparation for the final reflection paper. Specific information on the portfolio assignment and the intended learning outcomes that are being acquired will be published in the syllabus of this course.
Assessment method
Assessment for this course is based on three assignments:
Group paper
30% of final grade
Resit not possible
Grade must be compensated in case of a fail (grade < 5.50)
Individual paper
30% of final grade
Resit not possible
Grade must be compensated in case of a fail (grade < 5.50)
Final assignment (exam)
40% of final grade
Grade must be 5.50 or higher to pass the course
Resit possible
Resit will take the same form
The calculated overall course grade must be at least 5.50 in order to pass the course. If the calculated overall course grade is lower than 5.50, students are also permitted to resit the 40% final assignment.
In the case of written assessment methods, the examiner can always initiate a follow-up conversation with the student to establish whether the learning objectives have been met.
Transitional Arrangement
Passed partial grades obtained in year 2022-2023 remain valid during year 2023-2024.
Reading list
A selection of books and articles, to be announced on Brightspace.
Registration
Register yourself via MyStudymap for each course, workgroup and exam (not all courses have workgroups and/or exams).
Do so on time, before the start of the course; some courses and workgroups have limited spaces. You can view your personal schedule in MyTimetable after logging in.
Registration for this course is possible from Wednesday 12 July 13.00h
Leiden University uses Brightspace as its online learning management system. After enrolment for the course in MyStudymap you will be automatically enrolled in the Brightspace environment of this course.
After registration for an exam you still need to confirm your attendance via MyStudymap. If you do not confirm, you will ultimately be de-registered and you will not be allowed to take the exam.
More information on registration via MyStudymap can be found on this page.
Contact
Dr. Tommy van Steen t.van.steen@fgga.leidenuniv.nl
Julia Prümmer j.prummer@fgga.leidenuniv.nl