COMPSCI 725 : Usable Security and Privacy Engineering


2024 Semester Two (1245) (15 POINTS)

Course Prescription

The human aspect of cyber security and privacy engineering is relevant to commercial solution development and cyber security and privacy research. Sample topics: secure systems design; usable security systems evaluation; privacy-preserving software systems; threat modelling; economics of usable security and privacy; OWASP Top 10 vulnerabilities. Recommended preparation: 30 points from COMPSCI 313, 314, 320, 335, 340, 351, 702, 734, 742

Course Overview

Computer security is increasingly important, now that e-commerce has become commonplace, most workplaces are heavily computerised, and many e-government services are available to residents and citizens. Computer systems are susceptible to a wide range of attacks including denial of service, unauthorised modifications, and unauthorised use. In this course, we briefly survey the field of computer security from a real-world perspective -- where we never expect "perfect security", but instead aspire to have systems that are affordable, usable, and trustworthy. We then study some technical articles from the recent literature, on specific topics in computer security. Topics in recent offerings of this course have included forensic computing, tradeoffs in secure systems design, mis-identification threats and defences, ethical security, human factors in security, software security techniques and vulnerabilities, and hardware security techniques and vulnerabilities.

Course Requirements

No pre-requisites or restrictions

Capabilities Developed in this Course

Capability 1: People and Place
Capability 2: Sustainability
Capability 3: Knowledge and Practice
Capability 4: Critical Thinking
Capability 5: Solution Seeking
Capability 6: Communication
Capability 7: Collaboration
Capability 8: Ethics and Professionalism

Learning Outcomes

By the end of this course, students will be able to:
  1. Give basic advice on system security by using standard terminology (Capability 1, 2, 3, 4, 5, 6, 7 and 8)
  2. Read and demonstrate critical and appreciative comprehension of technical literature on system security (Capability 1, 2, 3, 4, 5, 6, 7 and 8)
  3. Give an informative oral presentation on, and write knowledgeably about, an advanced topic in system security (Capability 1, 2, 3, 4, 5, 6, 7 and 8)


Assessment Type Percentage Classification
Presentation 15% Individual Coursework
Reports 25% Individual Coursework
Final Exam 60% Individual Examination
Assessment Type Learning Outcome Addressed
1 2 3
Final Exam


Tuākana Science is a multi-faceted programme for Māori and Pacific students providing topic specific tutorials, one-on-one sessions, test and exam preparation and more. Explore your options at

Key Topics

The topical focus of each offering of this course is variable -- depending on the expertise and current interests of the current instructor(s); but the first four weeks of lectures always provide a general introduction to computer system security.   In 2019, the focus was on digital forensics.  In 2018,  the focus was on multimedia forensics and IoT forensics.

Special Requirements

Students are awarded a mark for delivering a "practice oral presentation" during a tutorial session in the week before they are scheduled to make their oral presentation during a lecture period.

Workload Expectations

This course is a standard 15 point course and students are expected to spend 10 hours per week involved in each 15 point course that they are enrolled in.

For this course, you can expect 3 hours of lectures per week, a 1 hour tutorial in the week prior to your scheduled oral presentation (i.e. approx 0.1 hours per week, on average), 2 hours per week of reading and thinking about the content and 3.9 hours of work per week on assignments and/or test preparation.

Delivery Mode

Learning Resources

Course materials are made available in a learning and collaboration tool called Canvas which also includes reading lists and lecture recordings (where available).

Please remember that the recording of any class on a personal device requires the permission of the instructor.

In the first week of lectures, students are provided with a list of articles that had been selected by the instructor(s) as being representative of the current practice and theory in the focus area(s) of system security to be covered in this offering.   Students provide a rank-ordered list of their preferred articles; and the instructors  develop the required reading list from these preferences -- with up to three students individually developing an oral presentation on some important aspect of each article on the required reading list. 

Student Feedback

During the course Class Representatives in each class can take feedback to the staff responsible for the course and staff-student consultative committees.

At the end of the course students will be invited to give feedback on the course and teaching through a tool called SET or Qualtrics. The lecturers and course co-ordinators will consider all feedback.

Your feedback helps to improve the course and its delivery for all students.

No changes 

Academic Integrity

The University of Auckland will not tolerate cheating, or assisting others to cheat, and views cheating in coursework as a serious academic offence. The work that a student submits for grading must be the student's own work, reflecting their learning. Where work from other sources is used, it must be properly acknowledged and referenced. This requirement also applies to sources on the internet. A student's assessed work may be reviewed for potential plagiarism or other forms of academic misconduct, using computerised detection mechanisms.

Class Representatives

Class representatives are students tasked with representing student issues to departments, faculties, and the wider university. If you have a complaint about this course, please contact your class rep who will know how to raise it in the right channels. See your departmental noticeboard for contact details for your class reps.


The content and delivery of content in this course are protected by copyright. Material belonging to others may have been used in this course and copied by and solely for the educational purposes of the University under license.

You may copy the course content for the purposes of private study or research, but you may not upload onto any third party site, make a further copy or sell, alter or further reproduce or distribute any part of the course content to another person.

Inclusive Learning

All students are asked to discuss any impairment related requirements privately, face to face and/or in written form with the course coordinator, lecturer or tutor.

Student Disability Services also provides support for students with a wide range of impairments, both visible and invisible, to succeed and excel at the University. For more information and contact details, please visit the Student Disability Services’ website

Special Circumstances

If your ability to complete assessed coursework is affected by illness or other personal circumstances outside of your control, contact a member of teaching staff as soon as possible before the assessment is due.

If your personal circumstances significantly affect your performance, or preparation, for an exam or eligible written test, refer to the University’s aegrotat or compassionate consideration page

This should be done as soon as possible and no later than seven days after the affected test or exam date.

Learning Continuity

In the event of an unexpected disruption, we undertake to maintain the continuity and standard of teaching and learning in all your courses throughout the year. If there are unexpected disruptions the University has contingency plans to ensure that access to your course continues and course assessment continues to meet the principles of the University’s assessment policy. Some adjustments may need to be made in emergencies. You will be kept fully informed by your course co-ordinator/director, and if disruption occurs you should refer to the university website for information about how to proceed.

The delivery mode may change depending on COVID restrictions. Any changes will be communicated through Canvas.

Student Charter and Responsibilities

The Student Charter assumes and acknowledges that students are active participants in the learning process and that they have responsibilities to the institution and the international community of scholars. The University expects that students will act at all times in a way that demonstrates respect for the rights of other students and staff so that the learning environment is both safe and productive. For further information visit Student Charter

In this course, we will discuss vulnerabilities in widely-deployed computer systems. This is not an invitation for you to exploit these vulnerabilities!  You are expected to behave responsibly; and you are subject to disciplinary action if you violate the laws of New Zealand or the regulations of our University.  We will discuss professional codes of ethics, and legal codes, in classroom lectures.


Elements of this outline may be subject to change. The latest information about the course will be available for enrolled students in Canvas.

In this course students may be asked to submit coursework assessments digitally. The University reserves the right to conduct scheduled tests and examinations for this course online or through the use of computers or other electronic devices. Where tests or examinations are conducted online remote invigilation arrangements may be used. In exceptional circumstances changes to elements of this course may be necessary at short notice. Students enrolled in this course will be informed of any such changes and the reasons for them, as soon as possible, through Canvas.

Published on 31/10/2023 10:51 a.m.