Organisational Security: the challenges of managing intentional and accidental threat Factors MGT5425
- Academic Session: 2023-24
- School: Adam Smith Business School
- Credits: 10
- Level: Level 5 (SCQF level 11)
- Typically Offered: Semester 2
- Available to Visiting Students: No
This course will examine the role played by human factors in the management of security within socio-technical systems. In particular, it will deal with the issues of both accidental and intentional threat actors through a consideration of human error (slips, lapses, mistakes) and violations (accidental and intentional). It will then frame those issues within the context of systems failure and the provision of security within safety critical organisations.
The course is delivered over 3 full days. As part of the learning design for this course, it was structured for a blended (student-centred) form of delivery and has been redeveloped for online delivery (asynchronous) but with some online, face-to-face sessions.
There will be team-based essay/report of 4,500 words (Max) which will allow for an assessment of ILOs 1-5. During the course, the teams take the role of being security/human factors specialists who are attempting to explain the vulnerabilities within an organisation's mission critical systems to a senior manager/board who is resistant to accepting those assessments. They will work in those teams throughout the course.
The assessment will be presented in the form of a report written by students working in their teams and will have two components.
Â· The main body of the report will be allocated 70% of the overall grade. This report will be submitted to the school office and then sent to a peer group from the course for critique.
Â· Each group will have their draft essay/report reviewed by another team to provide a structured, formative peer critique. This critique is a compulsory (but unmarked) requirement of the assessment.
Â· The peer review comments will be sent back to the authoring group who will respond to those comments in a reflexive response. This response will account for the remaining 30% of the potential marks to be awarded. The response to the critique will be a maximum of 1500 words. This response (along with the peer critique) will then be formally submitted for assessment.
Are reassessment opportunities available for all summative assessments? No
Reassessments are normally available for all courses, except those which contribute to the Honours classification.
For non-Honours courses, students are offered reassessment in all or any of the components of assessment if the satisfactory (threshold) grade for the overall course is not achieved at the first attempt. This is normally grade D3 for undergraduate students and grade C3 for postgraduate students. Exceptionally it may not be possible to offer reassessment of some coursework items, in which case the mark achieved at the first attempt will be counted towards the final course grade.
The course will offer an overview of the processes around the provision of safety and security and do so from a human factors (Ergonomics) perspective. The course considers the role played by intentional and accidental threat actors in the generation of security failures and it will have a particular focus on the role that systems complexity can play in generating emergent conditions which can exceed the abilities of human actors to manage them. The course aims to highlight the role that human agency can play in the embedding of error and violation potential within organisational systems, that can create the conditions in which staff are caught in error and violation traps. These will ultimately erode the security controls that are put in place to prevent systems failure. Participants will be introduced to a range of tools, techniques and practices which are commonly used within organisations to address the issues of security and safety in socio-technical systems.
Intended Learning Outcomes of Course
By the end of this course students will be able to:
1. Identify, contextualise and critique the processes that lead to the development of error and violation potential within organisational processes from both latent and active conditions and be able to research and develop a threat matrix for an organisation that they are familiar with, showing how vulnerabilities in both operational processes and security systems can be embedded and exposed. This will require the analysis and critique of an organisation's current security and human factors strategies using a range of appropriate tools and techniques around the identification of vulnerabilities.
2. Develop and evaluate a range of design options around the introduction of a security system for an organisation and highlight the potential for errors and violations within that design.
3. Evaluate and discuss the potential for threat actors to cause harm within organisations either through acts of commission or omission and proposed reasoned and robust defences to deal with those threats.
4. Show an understanding of the challenges of working within multi-disciplinary teams to address security vulnerabilities and develop coping strategies to deal with those challenges in a practical context
5. Present the findings of their analysis in both written and presentational forms.
Minimum Requirement for Award of Credits
Students must submit at least 75% by weight of the components (including examinations) of the course's summative assessment.