學生對 马里兰大学帕克分校 提供的 实用安全 的評價和反饋

Bad sound quality

This was an extremely elementary and thus disappointing course. While the importance of "Usability" was rightly emphasized, the representation in terms of examples, case studies, etc. was simplistic. I appreciated having my attention drawn to the pitfalls of HCI design and the consequent failure of the corresponding systems. However, the solutions were presented as if: 1.) there are always "correct" interface/usability choices; 2.) the "correct" choice is all that's needed for the system to be optimally functional; and 3.) there is never a tension between usability and effective functioning of a system (that can't be resolved with correcting the usability).

It is irresponsible to suggest, for example, that a user selected memorable password is generally adequately secure without also covering ways that an interface can guide/nudge the user to create a secure password. Wide recognition of the importance of this may be more recent than the studies covered in the course. There is nothing wrong with studying old, seminal research, even in this age of "Internet time," but I wish I wasn't left wondering what, if any, developments had occurred in the decade or so since that research took place.

As for tension between usability and security, it absolutely exists. For instance, PGP encryption is a reliable way to secure information, yet making it usable remains a challenge. This is not even mentioned in the entire course. In fact, this course would leave an otherwise uninformed student believing that there are usability solutions waiting to be applied to every cause of info insecurity if the techies would just look. I wish the course had at least acknowledged that there are cases where a slight compromise on usability might be necessary for the sake of appropriate security.

Lastly, for those designing an HCI for security, it is important to understand threat models. This concept is also missing from the course.

===

I reviewed this course (above) immediately after I finished it. I am now in the 3rd week of Software Security, the 2nd course in the Cybersecurity specialization, and am realizing that 2 stars was a generous assessment. Based on the prerequisites of the Software Security course, the Usable Security course, in its current form, is too elementary to be appropriate for people who have the experience/knowledge required for the rest of the courses in this specialization. As I explained above, the course relies heavily on decade-old research but does not cover any developments since. For instance, the usability issues covered in the studies are for ancient versions of browsers with no discussion of how the browsers and our infosec vulnerabilities have changed since those studies were published. Another example is the instructor's eschewing of password managers while many knowledgeable folks in the infosec community today recommend their use. The usability challenges of password managers and a discussion of how they might be mitigated would have been more appropriate.

Honestly i only finished week 1. I was sorely disappointed that the quizzes were locked. I wasn't aware that if you audit the course you were not allowed to complete the quizzes as other courses offer this option. From what I gather from week 1 the course topics seems really good. I think it would be great if you consider letting persons who audit take the quizzes otherwise what's the use - I mean i could always go on youtube and watch videos on the same topics, the difference with coursera courses is that you get the opportunity to test the knowledge gained by doing quizzes and assignment. I hope you will consider allowing everyone to take the quiz. My issue above is the reason why I gave the course a 1 out of 5.

This is the first course that will only let you grade the quiz if you purchase the course. Highly disappointed...

The entirety of this course can be taught in a few sentences. If there is too great a sacrifice to productivity for the sake of security, then people will find a way around any security mechanisms in place. If something is difficult to use, then people will likely not use it.

This course is horribly, sloppily put together. The videos have inconsistent volume (sometimes they're loud, sometimes they're quiet) and they look like they were edited by a college student (don't you just LOVE that default Final Cut Pro font?)

On top of that, though this might be Coursera's fault, every video would get near the end and then immediately restart from the beginning, without actually reaching the end of the video. I found that incredibly annoying.

Not very useful, mostly common sense

This is a course for students with little or no work experience. I've been in the industry for twenty years and found some good information, but the quizes aren't designed for experienced adult learners. Not being able to discuss with the professor why an answer is incorrect or even knowing exactly what about an answer makes it incorrect further distances the students from learning. Given that one essentially spends an extra work day each week on the course, I expected more value for my precious time. This week I decided the value isn't there. I might recommend the course for undergrad students but not for working adults.

A shame it is part of the cybersecurity specialization. It is boring and full of obvious-psicology things like "passwords need to be secure but easy to remember". The instructor, at least, seems to have zero knowledge about software development. Everything we did in seven weeks could have been taught in one or two.

I am having a very difficult time finishing this course. I find the topic dull and the content uninteresting. It is the first course of the CyberSecurity Specialization .. I hope the other courses are not like this.

I rated it one star for a couple of reasons.

1- I have been in software for many years and I know about software design. I would NOT have expected to have a weeks long course on software design and usability when my desire is to learn about software security. I understand its importance, but this course should be part of a UI design course, NOT in a technical CyberSecurity specialization IMO.

2 - the course is all about theory, not about practical matters. Let's admit it - today's security software is not for the uninformed/experienced. Given this, again, I feel this course would be better served in another specialization about UI Design or for software design best-practices.

That is my .02. I am moving onto other courses before finishing the Usability Security..... I am aware that I will have to complete this course to get my certification. This alone will discourage me from purchasing a specialization in the future.

This course have very little to do with actual security. Most of the time you will hear about how to design applications, and what is a good design policy.

Too much attention is paid to Usability, there is no attention to the technical side of the question.

Its all gas. Instructor should mention this that its for kids, full time waste

it's not so good for introducing cyber security course