CIS 7000: Empirical Security and Privacy, for Humans

Date	Topic / Speaker	Readings & handouts
Aug 26	Introduction and syllabus	S. Keshav. How to Read a Paper. ACM SIGCOMM Computer Communication Review, Volume 37, Number 3, July 2007. Lecture slides
Aug 28	Economic view of cybersecurity - Alex Gantman, VP Security Engineering, Qualcomm	Ross Anderson. Why information security is hard - an economic perspective. Seventeenth annual computer security applications conference (ACSAC). IEEE, 2001. Ian Griggs, The Market for Silver Bullets, 2008. Lecture slides
Sep 2	End users and cybersecurity	Ho, Grant, et al. Understanding the efficacy of phishing training in practice. 2025 IEEE Symposium on Security and Privacy (SP). IEEE, 2025. Lorrie Faith Cranor. A Framework for Reasoning About the Human in the Loop. In Proceedings of UPSEC 2008.
Sep 4	Cybersecurity as a scientific pursuit - Cormac Herley, Principal Researcher, Microsoft	Cormac Herley and P.C. van Oorschot. SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit, IEEE S&P 2017.
Sep 9	Cybersecurity and risk assessment	Andrew Simpson. Into the unknown: The need to reframe risk analysis. Journal of Cybersecurity, Volume 10, Issue 1, 2024. John Downer. The Aviation Paradox: Why We Can 'Know' Jetliners But Not Reactors. Minerva 55.2 (2017): 229-248.
Sep 11	Passwords	Blase Ur, Jonathan Bees, Sean M. Segreti, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor. Do Users' Perceptions of Password Security Match Reality? In Proceedings of CHI 2016. Optional: Nisenoff, Alexandra, Maximilian Golla, Miranda Wei, Juliette Hainline, Hayley Szymanek, Annika Braun, Annika Hildebrandt, Blair Christensen, David Langenberg, and Blase Ur. A Two-Decade Retrospective Analysis of a University's Vulnerability to Attacks Exploiting Reused Passwords. In USENIX Security 2023.

Empirical Security & Privacy, for Humans

SCHEDULE