Lesson 6: Security Risks Part 1
Overview
Students investigate three different common security risks (phishing, keylogging, malware) in a jigsaw activity. In groups, students create Public Service Announcement slides warning of the dangers of their assigned security risk. Then students are grouped with students who investigated other security risks and are instructed to share their slide and give a voice over. The activity ends with the class coming together to discuss the security risks as a whole.
Purpose
In this lesson students are exposed to common security risks. The purpose of this lesson is to dive into the facts and learn how people are targeted. In a future lesson students will explore how they can protect themselves from these security risks.
Agenda
Lesson Modifications
Warm Up (5 mins)
Activity (35 mins)
Wrap Up (5 mins)
View on Code Studio
Objectives
Students will be able to:
- Identify commons security risks: phishing, keylogging, malware, rouge access points
- Explain how these common security risks target people
- Discuss the warning signals for these common security risks
Preparation
- Read through the levels on Code Studio to familiarize yourself with the topics.
- Think through the logistics of running the jigsaw activity.
Links
Heads Up! Please make a copy of any documents you plan to share with students.
For the Teachers
- CSP Unit 10 - Cybersecurity and Global Impacts - Presentation
Teaching Guide
Lesson Modifications
Attention, teachers! If you are teaching virtually or in a socially-distanced classroom, please read the full lesson plan below, then click here to access the modifications.
Warm Up (5 mins)
Discussion Goal
Goal In this discussion, we are previewing malicious links and common phishing attempts. If students do not have any of their own examples to offer up, try to be prepared with one of your own where you received an email that was clearly not wise to open.
Things that might make you suspicious:
- Mispellings of the person's name, email, or company
- Something that seems to good to be true ("Free Vacations for a year!")
- Asking for personal information
- A flashy link they want you to click on
Prompt: Have you ever received an email or a text message that looked suspicious? Have you ever been unsure if you should open the message or click on a link? What are the things that made you suspicious?
Activity (35 mins)
Security Risks Jigsaw
Remarks
There are many different ways that data can be stolen. Let's examine a few.
Group: Divide students into groups of two. Evenly divide the three topics among the groups:
- Keylogging
- Phishing
- Malware
Do This (20 mins): Students navigate to their assigned levels on Code Studio and examine their topic. After they have a good understanding of the content, students make a PSA (Public Service Announcement) slide covering the following things:
- What is the security risk?
- How are people targeted?
- What are the warnings?
Group (10 mins): After students finish their slides, rearrange the class so there is a representative covering each topic in each group. Students share their slides with each other and give a voice over of the security risks.
Teaching Tip
It's ok if the student who presents information has some innacuracies in their reporting. Use this opportunity to correct misunderstandings and get everyone on the same page.
One thing that can come out of the discussion is the realization that Keylogging is a form of Malware. Malware is as broad category of malicious software that can collect information or exploit a system in many different ways.
Discuss (5 mins): Bring the class back together and ask for a volunteer from each of the topics to share their slide with the class and give a one minute overview.
Remarks
Another security risk that you may have heard about is a Rogue Access Point. How this works can get pretty complicated, but it's enough to know that a rogue access point is a wireless access point that gives unauthorized access to secure networks. This can be a physical device that is attached to a router - sometimes hidden from site! It can be detected in various ways, including looking for strange wireless signals.
Wrap Up (5 mins)
Remarks
There are many different ways that you may be targeted to reveal sensitive information. We generally think of emails as being a safe way to communicated, but unsolicted emails, attachments, links and forms can all be used to compromise the safety and security of a computing system. These could come from people you don't know, or from your friends and family who's security has been compromised.
It can be alarming to realize that there are many ways you are being targeted to reveal sensitive information. However, knowledge of the facts can help us be wiser consumers of technology. Later on in this unit we will explore further how to protect ourselves from these security risks.
Journal: Record in your journal the following vocaublary words: Phishing, Keylogging, Malware, Rogue Access Point.
Assessment: Check For Understanding
Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.
Question: How would you explain these three security risks (phishing, keylogging, malware) to a family member? What would you say to help them understand the dangers?
Standards Alignment
View full course alignment
CSTA K-12 Computer Science Standards (2017)
NI - Networks & the Internet
- 3A-NI-05 - Give examples to illustrate how sensitive data can be affected by malware and other attacks.
CSP2021
IOC-2 - The use of computing innovations may involve risks to your personal safety and identity
IOC-2.B - Explain how computing resources can be protected and can be misused.
- IOC-2.B.9 - Malware is software intended to damage a computing system or to take partial control over its operation.
IOC-2.C - Explain how unauthorized access to computing resources is gained.
- IOC-2.C.1 - Phishing is a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails.
- IOC-2.C.2 - Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information.
- IOC-2.C.3 - Data sent over public networks can be intercepted, analyzed, and modified. One way that this can happen is through a rogue access point.
- IOC-2.C.4 - A rogue access point is a wireless access point that gives unauthorized access to secure networks.
- IOC-2.C.7 - Untrustworthy (often free) downloads from freeware or shareware sites can contain malware.