IFN694 Human Factors in Cyber Security


To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.


Unit Outline: Semester 1 2026, Gardens Point, Internal

Unit code:IFN694
Credit points:12
Coordinator:Ignatius Chukwudi | ignatius.chukwudi@qut.edu.au
Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

This unit provides knowledge and skills essential for understanding Cyber Security (CS) from the perspective of human behaviour, which is critical for CS consultants, analysts, and programmers. Human-centric CS focuses on individuals' actions, decisions, interpretations, and psychological factors, complementary to the technological aspects of CS. You will be exposed to the psychological, social, and organizational aspects that shape cyber security. To support this, you will learn how to identify, design and analyse: human-centric cyber threats and security measures; security awareness and incident response; psychology of cyber criminals; cybercrime business models; and organizational impact on cyber security practices. In addition, you will learn advanced topics including user-centric privacy and data protection, AI and ML for human-centric security. This will be applied through a set of comprehensive cyber security frameworks and practices applied to real-world organizations.

Learning Outcomes

On successful completion of this unit you will be able to:

  1. Explain the concepts and theories related to human factors in cyber security, including psychological, sociological, and behavioral aspects.
  2. Analyse the strategic importance of considering human factors in cyber security within the context of modern organizations.
  3. Apply advanced techniques in cyberpsychology, user-centric security design, and cognitive biases to analyze and assess cyber threats.
  4. Evaluate the impact of human behavior on security incidents and the effectiveness of security awareness programs
  5. Propose innovative approaches to integrate human factors into security policies, organizational culture, and leadership practices
  6. Collaborate professionally in a multidisciplinary team environment to deliver an industry-standard written report to a client.

Content

The first module introduces you to the human aspects in cybersecurity. You will learn about cyber threats and psychology, sociology and human behaviours for cyber security in organisational context. You will also learn about user-cantered design principles, human-related vulnerabilities, social engineering, security awareness and training, Incident Responses and risk mitigation techniques for human centric threats and vulnerabilities. Real-world case studies, cyber security platforms, and techniques will be explored to apply user-centric security design in enterprise business scenarios.

The second module introduces you to the socio-economic impacts of human factors in cyber security in business organizations. You will learn about cybercrime business models, and organizational impact on cyber security practices, organizational ethical and social responsibilities, and effective risk management in organizational context. You will also learn about integrating human factors into security policies and procedures, policy enforcement and compliance.

The third module introduces you to the advanced concepts of human aspects in cyber security. You will learn the advanced topics of Human Factors in IoT Security, User-Centric Privacy and Data Protection, and AI and Machine Learning for Human-Centric Security.

Learning Approaches

You can expect to spend 10-15 hours per week involved in preparing for and attending scheduled classes, preparing, and completing assessment tasks as well as independent study and consolidation of your learning. The unit uses pre-recorded lectures, case studies, and practical exercises to develop your understanding of the theory and practice of human factors in cyber security.

The pre-recorded lectures and online activities will provide you with the knowledge and skills for learning and applying human factors in cyber security including cyber threats and psychology, user-centric security design, Incident Responses, and risk mitigation in business organizations. They will also cover the socio-economic impacts of human factors in cyber security, as well as a range of advanced topics, including AI and ML applied to human factors in cyber security.

Tutorials will be conducted in face-to-face computer labs on-campus or online. They will be activity-based involving real-world case studies and cyber security training platforms. The tutorials build directly on the material presented in the pre-recorded lectures and will involve detailed instruction sheets for undertaking the required tasks. They are designed to support class instruction, group work, and class reflection.

QUT Canvas site will be used for lecture notes, tutorial materials, reading resources, and online class discussions.

This unit emphasizes practical skills and artifact-driven learning. Students actively engage in hands-on exercises, supplemented by readings and discussions from the development community, to gain real-world experience and prepare for future challenges. The students will be exposed to cutting-edge industry tools and techniques where they get practical exposure to real-world projects. Students will also engage in hands-on projects and case studies that mirror the challenges and situations they will face in their professional lives.

Feedback on Learning and Assessment

Students can obtain feedback on their progress throughout the unit through the following mechanisms:

  • Class and group-based feedback on workshop exercises
  • Written feedback on the formative phase of assessment tasks
  • Written feedback on summative phases of assessment tasks including a rubric
  • General verbal feedback will be provided to the entire class on assessment tasks
  • You will receive feedback and results on each assessment task prior to the submission of the next assessment task

Assessment

Overview

The assessments in this unit have been designed so that you may develop knowledge and skills for understanding, applying, and evaluating human factors in cyber security for business organizations. Students will develop the skills in understanding, applying, modelling, developing, reporting, and evaluating security solutions involving human factors.

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Vulnerability Analysis and Mitigation Strategy

For this assignment, students will select a real-world organisation and conduct a vulnerability analysis focusing on human-centric cyber threats. They will identify areas where human factors significantly contribute to cybersecurity risks. It will assess the following criteria.

  • An analysis detailing vulnerabilities related to human behaviour, cognitive biases, or social engineering 
  • Design and develop a mitigation strategy that incorporates user-centric security measures and organisational awareness programs 
  • Justification and recommendations.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 30
Length: 5-6 page report (including front page)— not more than 3000 words long
Individual/Group: Individual
Due (indicative): Week 6
Related Unit learning outcomes: 1, 2, 3

Assessment: Design of a Security Awareness Program

For this assignment, students will choose an industry sector (e.g., finance, education) and a virtual organisation to design a security awareness program by addressing specific human-centric cybersecurity challenges, organisational requirements, cybercrime business models, and organisational impact on cybersecurity practices, organisational ethics, and social responsibilities. It will assess the following criteria 

  • Identifying human-centric cybersecurity challenges, organisational requirements, and cybercrime business models 
  • Develop a detailed security awareness program
  • Evaluate the expected impact on the organisation's security, financial, and cultural aspects.

The use of generative artificial intelligence (GenAI) tools is prohibited during this assessment.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 30
Length: 8-12 page report (including front page) — not more than 6000 words long. (Additional content may be added as an appendix.)
Individual/Group: Individual and group
Due (indicative): Week 10
Related Unit learning outcomes: 1, 3, 4, 5, 6

Assessment: Incident Response Simulation

Students will conduct a simulated cybersecurity incident involving human factors within a cybersecurity simulation platform or a controlled environment. The activity is designed to evaluate both technical and reflective skills related to offensive security and incident response, particularly involving human elements in cyber incidents.

The assessment will assess the following criteria  

  • Setting up the environment: This will involve a virtual lab or simulated platform. 
  • Perform reconnaissance, exploitation, and post-exploitation tasks on designated systems in the simulation environment
  • Respond to a simulated cybersecurity incident involving human factors (e.g., phishing, social engineering, or insider threats).
  • Submit a written reflection detailing lessons learned, challenges faced, and improvements for future practice.

You will be expected to give a live demonstration of the project. This will require students to walk through their environment, demonstrate key aspects of their simulation, and explain their decisions in a brief oral presentation, which will include a Q&A session.

The ethical and responsible use of generative artificial intelligence (GenAI) tools is authorised in this assessment. See the relevant assessment details in Canvas for specific guidelines.

Weight: 40
Length: 20 minutes presentation + 10 minute Q&A
Individual/Group: Individual and group
Due (indicative): Week 13
Related Unit learning outcomes: 2, 3, 4, 5, 6

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Resources

There is no required textbook for this unit. However, this unit may where appropriate, make use of the selected chapters from textbooks, journals, and magazines. Students are encouraged to obtain a copy of these materials from the library. Where possible, materials will be made available online through QUT Readings.

Risk Assessment Statement

There are no out-of-the-ordinary risks associated with studying this unit

Course Learning Outcomes

This unit is designed to support your development of the following course/study area learning outcomes.

IN20 Master of Information Technology

  1. Demonstrate advanced specialist IT knowledge in at least one information technology discipline.
    Relates to: ULO1, Vulnerability Analysis and Mitigation Strategy , Design of a Security Awareness Program
  2. Critically analyse complex IT problems and opportunities and use creativity and problem-solving skills to generate innovative and novel solutions that are convincingly justified.
    Relates to: ULO2, ULO4, ULO5, Vulnerability Analysis and Mitigation Strategy , Design of a Security Awareness Program, Incident Response Simulation
  3. Integrate advanced, industry-best practice, IT methods, tools and techniques to develop and implement complex IT systems, processes and/or software.
    Relates to: ULO3, Vulnerability Analysis and Mitigation Strategy , Design of a Security Awareness Program, Incident Response Simulation
  4. Employ leadership and initiative in both self-directed and collaborative contexts to create value for others.
    Relates to: ULO6, Design of a Security Awareness Program, Incident Response Simulation
  5. Communicate effectively in IT professional and scholarly contexts to specialist and non-specialist audiences using written, visual and oral formats.
    Relates to: ULO6, Design of a Security Awareness Program, Incident Response Simulation
  6. Demonstrate business acumen and well-developed values, attitudes, behaviours and judgement in professional contexts.
    Relates to: ULO5, Design of a Security Awareness Program, Incident Response Simulation
  7. Create positive change through critically reflecting upon and actioning responses to the social, cultural, ethical, sustainability, legal and accessibility issues in the IT field, including how they relate to First Nations Australians and diverse populations.
    Relates to: ULO1, Vulnerability Analysis and Mitigation Strategy , Design of a Security Awareness Program