6.9. Cybersecurity

This lesson introduces concepts and terminology involved with computer security - how computer systems and data are kept safe. Multi-factor authentication is introduced and explained.

CSP Framework
Big Idea 5: Impact of Computing (IOC)
Enduring Understanding IOC-2: The use of computing innovations may involve risks to your personal safety and identity.
Learning Objective IOC-2.B: Explain how computing resources can be protected and can be misused.
Skill 5.E IOC-2.B.1 IOC-2.B.2 IOC-2.B.3 IOC-2.B.4 IOC-2.B.7 IOC-2.B.8 IOC-2.B.9 IOC-2.B.10 Essential Knowledge IOC-2.B.1: Authentication measures protect devices and information from unauthorized access. Examples of authentication measures include strong passwords and multifactor authentication. Essential Knowledge IOC-2.B.2: A strong password is something that is easy for a user to remember but would be difficult for someone else to guess based on knowledge of that user. Essential Knowledge IOC-2.B.3: Multifactor authentication is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism, typically in at least two of the following categories: knowledge (something they know); possession (something they have), and inherence (something they are). Essential Knowledge IOC-2.B.4: Multifactor authentication requires at least two steps to unlock protected information; each step adds a new layer of security that must be broken to gain unauthorized access. Essential Knowledge IOC-2.B.7: Computer virus and malware scanning software can help protect a computing system against infection. Essential Knowledge IOC-2.B.8: A computer virus is a malicious program that can copy itself and gain access to a computer in an unauthorized way. Computer viruses often attach themselves to legitimate programs and start running independently on a computer. Essential Knowledge IOC-2.B.9: Malware is software intended to damage a computing system or to take partial control over its operation. Essential Knowledge IOC-2.B.10: All real-world systems have errors or design flaws that can be exploited to compromise them. Regular software updates help fix errors that could compromise a computing system.
Learning Objective IOC-2.C: Explain how unauthorized access to computing resources is gained.
Skill 5.E IOC-2.C.1 IOC-2.C.2 IOC-2.C.3 IOC-2.C.4 IOC-2.C.5 IOC-2.C.6 IOC-2.C.7 Essential Knowledge IOC-2.C.1: Phishing is a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails. Essential Knowledge IOC-2.C.2: Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information. Essential Knowledge IOC-2.C.3: Data sent over public networks can be intercepted, analyzed, and modified. One way that this can happen is through a rogue access point. Essential Knowledge IOC-2.C.4: A rogue access point is a wireless access point that gives unauthorized access to secure networks. Essential Knowledge IOC-2.C.5: A malicious link can be disguised on a web page or in an email message. Essential Knowledge IOC-2.C.6: Unsolicited emails, attachments, links, and forms in emails can be used to compromise the security of a computing system. These can come from unknown senders or from known senders whose security has been compromised. Essential Knowledge IOC-2.C.7: Untrustworthy (often free) downloads from freeware or shareware sites can contain malware.

Professional Development

The Student Lesson: Complete the activities for Mobile CSP Unit 6: Lesson 6.9 Cybersecurity

Materials

• Text version of the student lesson - This document is long and should be broken into several parts and interspersed with activities, as described below.
• Slides
  
• There are four short video clips in this lesson:
  Video 1: What is Two-Factor Authentication (2FA) (1:59)
  Video 2: Killing the Need for Passwords With Biometrics (2:24)
  Video 3: Symantec Guide to Scary Internet Stuff - Pests on Your PC - Viruses, Trojans & Worms (2:36)
  Video 4: Phishing Symantec (2:31)
• Computer lab with projection system

6.9.1. Learning Activities

Estimated Length: 45 minutes

• Hook/Motivation (5 minutes): Recall that in Unit 5, we saw that it is very difficult to guess a long complex password. Open howsecureismypassword.net in a browser. Try entering the following potential passwords and record the results. Then discuss the students’ findings as a class as well as ask: What would you do if your password is stolen? How might certain apps/websites try to prevent other people from logging into your account using your password?
  • abc123
  • ComputerScience123
  • ComputerSciencer0ck$
• Experiences and Explorations (35 minutes):
  • Part 1: Authentication - Using Video 1 (1:59), discuss two-factor and multi-factor authentication. Describe in general how multi-factor authentication works and the types of evidence used (e.g. Something you know, something you have, something you are). Using Video 2 (2:24), further explain biometric authentication. After watching the video, take 2-3 minutes to ask students to share what types of biometric authentication they have seen in real life or in movies.
  • Part 2: Malware - Explain that although multi-factor authentication and complex passwords can be used to try to prevent unauthorized account access, another computer security issue to be aware of is malware. Using Video 3 (2:26) discuss malware and the steps you can take to prevent malware and computer viruses.
    
  • Part 3: Unauthorized Access - Using Video 4 (2:31), discuss how phishing, keylogging, and rogue access points can be used to gain unauthorized access to an individual’s personal information. Explain the importance of firewalls
  • Activity: Select one or more of the following activities for students complete after watching and discussing the videos. Students should document their findings in their portfolio reflection before the end of class.
    1. Can you spot when you’re being phished? Do the Phishing Quiz working in pairs or POGIL groups: https://phishingquiz.withgoogle.com. See how many you get right.
    2. In pairs or POGIL groups, investigate this map http://cybermap.kaspersky.com/ (click on a country and more details or statistics) and http://securelist.com/statistics/  which shows the current week’s infections and attacks. What are the top 3 attacked countries? What country has the highest rate of infections? What is the top infection (virus) currently?
    3. Investigate a famous or recent malware, hacking, or security breach incident. Write down who, what, when, where, how, and the consequences of the incident.
• (Optional) Activity (30 minutes): Divide students into groups of 2-4. First, they should discuss and write down their responses to the questions designated before the video. Then, show the video. After watching the PBS video, they should discuss and write down their responses to the questions designated after the video. Facilitate groups sharing their answers to both sets of questions.
• Rethink, Reflect and/or Revise (5 minutes): In the time that remains, have students complete the self-check questions and their portfolio reflections.

AP Classroom

The College Board's AP Classroom provides a question bank and Topic Questions. You may create a formative assessment quiz in AP Classroom, assign the quiz (a set of questions), and then review the results in class to identify and address any student misunderstandings.The following are suggested topic questions that you could assign once students have completed this lesson.

Suggested Topic Questions:

• Topic 5.6 Safe Computing

Assessment Opportunities and Solutions

Solutions Note: Solutions are only available to verified educators who have joined the Teaching Mobile CSP Google group/forum in Unit 1.

• Quizly Solutions
• Portfolio Reflection Questions Solutions

Assessment Opportunities

Differentiation: More Practice

Background Knowledge: More on Programming and Abstraction

6.9.2. Professional Development Reflection