Behavioural Change Approaches to Cybersecurity (8921CS001)
Institution
Universiteit Leiden (UL)
Book
Applying Social Psychology
Summary consisting of all the lecture notes and lecture slides of the course Behavioural Change Approaches to Cybersecurity (BCACS), part of the MSc Cybersecurity Governance track of Crisis and Security Management. The summary is extensive, clear and will surely help you pass the course.
Behavioural Change Approaches to Cybersecurity (8921CS001)
All documents for this subject (3)
2
reviews
By: tony_nieuwenhuijs • 8 months ago
By: jobstuart • 1 year ago
Seller
Follow
summaries4u
Reviews received
Content preview
Lecture 1: Introduction to behavioural
change and cybersecurity
All lectures discussed, paraphrased and cited in this document are presented by Dr. Tommy
van Steen during the course Behavioural Change Approaches to Cybersecurity at Leiden
Universiteit (2020).
Introduction to cybersecurity
● Discussion board on Brightspace → for general questions.
● 4 10 ECTS courses in cybersecurity governance → focussed on governance
● 2 SPOCS → spoc = private online course. These give you technical background in
cyberspace and cybersecurity. Separate, but embedded in courses in block 1 and 3.
Embedded in this course and in Digital Justice. They are not part of the course, but are
part of the course as something separate. So you have the regular courses and in 2 of
them you have the SPOCS as well.
● SPOCS → 1 credit-ish. 6 videos per SPOC (5-10 minutes per video), additional
readings as well. You have to pass the SPOC to pass the course, but it does not up or
down your grade. It’s a fail or pass. Lecturer suggests: watch all the videos, do all the
readings, watch the videos again, then do the assignment. Quiz will be put online.
● Learning goal in this course: learn to collect meaningful data → measure the
effectiveness of behaviour change / cybersecurity solutions
● Weekly topics:
- Week 1: introduction + path model = method of designing interventions that are
likely to succeed
- Week 2: behavioural side of cybersecurity problems
- Week 3: behavioural change models and literature
- Week 4: intervention design and effectiveness testing
- Week 5: designing surveys and statistics
- Week 6: other forms of data collection
- Week 7: reporting and ethics
- Literature: Buunk & Van Vught + articles, see syllabus.
● 14 sessions in 7 weeks
● Some sessions will be more interactive, others will be lectures. Schedule is not always
right
● Week 3 and week 6 → some of us on campus. Afternoon is on campus, in the morning
it will be online. Have to sign up for campus sessions if you want to join.
● Examination!!
- Group paper (max 5000 words), 30% of final grade → will be explained next
Thursday. Deadline is 16 October. Everyone gets the same grade in the group.
1
, - Individual paper (max 1500 words), 30%
- Take home exam, 40% 20 October between 12.00 and 16.00
- SPOC: fail/pass, multiple choice quiz
- Powerpoint will be uploaded to Brightspace :-)
- Groups should be formed ourselves. Will be given some guidance in the second
session. Form groups based on what cybersecurity problems you would like to
solve.
● Course is mostly about methods. (zin in!!!!!!!!!!!!!!!!!11!!)
What is cyberspace?
“Cyberspace is composed of all the computerized networks in the world, as well as all
computerized end points, including telecommunications n
etworks, special purpose networks,
the internet, computer systems, and computer-based systems. The concept also includes the
information stored, processed, and transmitted on the devices and between these networks.”
- Ben-Israel & Tabanksy (2011).
Why care about cyberspace?
- Protection of Critical National Infrastructure → water supply, electricity etc. could be
hacked
- Financial reasons → example: ransomware attack on Maastricht University. Being more
cyber-secure in advance saves you money.
- Privacy and sensitive data
Protection of Data: CIA-triad
→ Triad of information security
- Confidentiality → who has access to this data? Breaching confidentiality by hacking
emails for example.
- Integrity → trustworthiness of data. Example: someone gets access to the Brightspace
account of the teacher, someone could alter grades, this makes the grades
untrustworthy. This is not very subject to cyber attacks.
- Availability → whether the people who should have access can access the data.
Maastricht attack: availability went down, restricted by an outside party.
- Any cyber security attack can be identified as one or multiple of the CIA-triad.
2
,Cyber security background
Model:
3
, - We will mostly look at the social-technical layer in this course
- You can have all the best data security software, but human errors would still happen.
Complex systems do not protect human errors.
People are the weakest link
- Schneier: “Only amateurs attack machines, professionals target people”
- Cranor: “It is becoming increasingly apparent that humans are a major cause of
computer security failures.”
- Cyber security issues cannot be solved by just clever programming → human error
A CEO of a UK company ran phishing tests, to see if employees would click the links that were
sent. They wanted to fire everyone who clicked the link. Assumption that end-users are at fault,
but the board and the CEO were not part of the test. But.. the CEO actually forwarded a
phishing link to one of his employees (so he was in the wrong). He would not acknowledge his
fault in thinking the email was real. Cybersecurity is not on the forefront of anyone’s mind.
Interventions should always be aimed at individuals getting better at something.
Introduction to behavioural change
How can you change behaviour?
Video: human behaviour experiment lift antics
- https://www.youtube.com/watch?v=XZDLbbfT9_Q
- 3 people standing in an elevator, all facing the wall, 4th person joins. Eventually, the 4th
person also turns around to face the wall.
- The experiment is done with other things as well, liking taking off your hat. The person
that does not know he is being filmed follows what the others are doing.
Video: the Asch Experiment
- https://www.youtube.com/watch?v=qA-gbpt7Ts8
- Experiment about group conformity.
4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller summaries4u. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.60. You're not tied to anything after your purchase.
