University of Sydney · FACULTY OF COMPUTER SCIENCE

INFO2222 · Computing 2 Usability and Security

- one subject, every graph, every model, every mark
50% final exam14 Chapters8-page Bible
Our own words - no uploaded lecturer files
Updated for this semester
Chapter 1 of 12 · INFO2222

Usability and Security: The Two Pillars

Week 1 frames the whole unit: professional computing systems must be both usable and secure, and the two goals can pull against each other. This foundation — the six usability goals, the CIA triad, and the idea of a system model and a threat model — is sampled directly in the early in-class quizzes and reappears as recall-and-apply items in the 50% final exam, which weights the usability and security halves roughly equally.

In this chapter

What this chapter covers

  • 01User interface, usability (Nielsen) and HCI as the field; why a bad UI is costly (Three Mile Island indicator lesson)
  • 02Good vs poor design and affordances — the 'Norman Door' as a canonical bad-signifier example
  • 03The six usability goals: effectiveness, efficiency, safety, utility, learnability, memorability — and that they trade off
  • 04User experience (UX) as the felt quality of use, distinct from (but overlapping) usability
  • 05User-Centred Design at a glance: Requirements → Design → Prototyping → Evaluation, iterating with the user central
  • 06The CIA triad — confidentiality, integrity, availability — as the core security properties
  • 07Threat-identification and risk models by name: STRIDE (spoofing/tampering/repudiation/info-disclosure/DoS/elevation) and DREAD
  • 08Usability and security together: systems must stay secure even when a UI misleads a stressed or careless user (Bybit case)
Worked example · free

Classify design and security requirements for a banking app

Q [4 marks]. A team writing requirements for a mobile banking app lists four statements. Classify each as a specific usability goal or a specific CIA security property, and name which one: (1) 'A first-time user can complete a transfer without a manual.' (2) 'An account balance must never change from $100 to $1,000,000 without an authorised transaction.' (3) 'The app must confirm before permanently deleting a saved payee.' (4) 'Only the account holder can view their transaction history.' (4 marks)
  • +1(1) 'Complete a transfer without a manual' is about how easily a new user picks the system up on first use — this is the usability goal of learnability. (Do not confuse it with memorability, which is about remembering the system after a break.)
  • +1(2) 'The balance must not change without an authorised transaction' means data cannot be altered undetectably or without authority — this is the integrity property of the CIA triad, not confidentiality.
  • +1(3) 'Confirm before permanently deleting' protects the user from a damaging, irreversible action — this is the usability goal of safety (guarding against dangerous or unwanted states).
  • +1(4) 'Only the account holder can view their history' restricts access to data to authorised parties — this is the confidentiality property of the CIA triad.
(1) learnability (usability goal); (2) integrity (CIA); (3) safety (usability goal); (4) confidentiality (CIA). The point is that a real system carries usability goals and security properties side by side, and the unit trains you to name each precisely rather than lumping them as 'good design'.
Sia tip — Watch the near-neighbours the exam exploits: learnability (first use) vs memorability (return use), and integrity (unaltered) vs confidentiality (unseen). If a statement is about a feeling or emotion rather than a measurable quality, it is a UX goal, not a usability goal.
Glossary

Key terms

Usability
A quality attribute measuring how easy a user interface is to use (Nielsen); also the set of methods for improving ease of use during design. Studied within the wider field of Human-Computer Interaction (HCI).
Affordance / signifier
An affordance is a possible action an object suggests; a signifier is the cue that reveals it. A 'Norman Door' gives the wrong signifier (a pull-handle on a push door), a classic poor-design example from Norman's Design of Everyday Things.
The six usability goals
Effectiveness, efficiency, safety, utility, learnability and memorability — the measurable qualities of a good interface. They cannot all be maximised together, so designers prioritise and trade off.
User experience (UX)
The subjective, felt quality of using a product — whether it is satisfying, engaging, fun or, negatively, frustrating or patronising. Distinct from usability: usability is about effectiveness and efficiency, UX about how the whole experience feels.
CIA triad
The three fundamental security properties: Confidentiality (data seen only by authorised parties), Integrity (data not altered undetectably), Availability (system remains usable by legitimate users).
STRIDE / DREAD
Named security models. STRIDE identifies threat types — Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege. DREAD scores threat risk — Damage, Reproducibility, Exploitability, Affected users, Discoverability.
FAQ

Usability and Security: The Two Pillars FAQ

Why does INFO2222 teach usability and security together?

Because real systems must be both, and the goals often conflict — a heavily locked-down interface can become unusable, while a friendly one can invite mistakes. The unit's running example is that a secure system must not let a misleading UI cause a person to authorise something harmful (the Bybit incident, where approvers trusted a UI display instead of verifying what they were signing). Learning both halves lets you reason about the trade-off rather than optimising one pillar and breaking the other.

What is the difference between a usability goal and a UX goal?

Usability goals are measurable qualities of the interface — effectiveness, efficiency, safety, utility, learnability, memorability. UX goals describe how using the product feels — engaging, satisfying, fun, or on the bad side boring or frustrating. 'Easy to learn' is learnability (a usability goal); 'enjoyable to use' is a UX goal. The exam likes to test this boundary and the learnability-vs-memorability pair.

Do I need to memorise STRIDE and DREAD in detail?

You should recognise them and know what each is for — STRIDE is a threat-identification model, DREAD a risk-assessment model — and be able to expand the acronyms. The unit's emphasis is on reasoning about a system model and a threat model case by case rather than reciting a checklist, so understand why you would use each rather than drilling their letters in isolation. Confirm the examinable depth in the Week 12 revision material on Canvas.

Can AI help me learn the Week 1 foundations for INFO2222?

Yes, as a study aid. Sia can quiz you on the six usability goals, drill the usability-vs-UX and confidentiality-vs-integrity distinctions, and explain why an interface failure (like a status light showing the commanded rather than the actual state) is a design problem. Use it to rehearse and check your reasoning; it does not complete graded quizzes or project work for you, and the University of Sydney academic-integrity policy applies.

Study strategy

Exam move

Week 1 is vocabulary that everything else reuses, so lock it down early. Make a flashcard for each of the six usability goals with a one-line example, and a second set for the CIA triad, so you can classify a statement instantly under exam time pressure. Practise the boundaries the exam exploits: learnability vs memorability, usability goal vs UX goal, integrity vs confidentiality. Learn the two motivating failures as one-line lessons — indicators must reflect true system state (Three Mile Island); a secure system must not let a misleading UI trigger a harmful authorisation (Bybit). Because this content seeds the early in-class quizzes and returns as easy recall marks on the final exam, a little steady revision here is high-value. Confirm the exam's scope on Canvas.

Working through Usability and Security: The Two Pillars in INFO2222? Sia is AskSia’s AI Computer Science tutor — ask any INFO2222 Usability and Security: The Two Pillars question and get a clear, step-by-step explanation grounded in how INFO2222 is taught and assessed. Read this chapter free, then take your hardest questions to Sia.

A+Everything unlocked
Unlocks this Bible + all 38 of your University of Sydney subjects - and 1,000+ Bibles across every Australian university.
Sia - your INFO2222 tutor, unlimited, worked the way the exam marks it
The full 8-page Bible + practice bank with worked solutions
Chrome extension - sync your LMS so Sia knows your deadlines
Bilingual EN / Chinese on every Bible and every Sia answer
$25/ month
30-day money-back · cancel in one tap · how it works
Unlock the full INFO2222 Bible + 38 University of Sydney subjects解锁完整 INFO2222 Bible + University of Sydney 38 门科目
$25/mo