Created by
Alexander Gregory
TOPIC: Cyber Patriot and Cybersecurity
GRADE LEVELS: 9-12 Grade
LESSON DURATION: 90 minutes
SOFT SKILLS: critical thinking, collaboration, communications
Learning Outcome: Students will understand basic cybersecurity principles through the use of a common analogy.
Standards of Learning:
Verso 6302 – 34: Describe cybersecurity
Verso 6302 – 37: Explain cybersecurity services as they relate to intrusion prevention capabilities that protect systems against unauthorized access, exploitation, and data exfiltration.
Verso 6302 – 38: Define risk
Materials: Computers, markers, large paper, PBS Game, PowerPoint
Activities: Students will complete the following:
- Class discussion on the importance of cybersecurity
- Introduce analogy
- John’s bike= asset
- theft=cyber threat
- Potential thief=threat agent
- Unlocked garage and sketchy neighborhood=vulnerability
- PowerPoint for visuals to aid analogy (Analogy for Cybersecurity Slides)
- Discuss each part of the analogy with students coming up with examples for asset, cyber threat, threat agent, and vulnerability
- Introduce analogy
- In small groups, create an analogy similar to the one discussed in class.
- Draw out analogy on large paper
- On back or below, have students describe ways they would prevent the risk.
- Avoidance, acceptance, mitigation, deterrence, transference.
- Students share their analogies and their risk prevention ideas.
- http://www.pbs.org/wgbh/nova/labs/lab/cyber/
- Complete the first three challenges in the game (coding, password, social engineering)
- Are there jobs out there for cybersecurity? How does someone learn these skills?
- Cyber Patriot Presentation
- Discuss different aspects of the program and what are the rewards of the the program.
- Exit ticket: How could you be more aware of your online behaviors?
Enrichment/Follow-up: After introducing cybersecurity, the students will move to ethics. Remind the students this class is not hacker training.
Assignment Rubric:
| CATEGORY | 4 | 3 | 2 | 1 |
| Focus on Analogy | There is one clear, well- focused analogy. Main idea stands out and is supported by detailed information. | The analogy is clear but the supporting information is general. | The analogy is somewhat clear but there is a need for more supporting information. | The analogy is not clear. There is a seemingly random collection of information. |
| Support for Analogy | Relevant, telling, quality details give the reader important information that goes beyond the obvious or predictable. | Supporting details and information are relevant, but one key issue or portion of the analogy is unsupported. | Supporting details and information are relevant, but several key issues or portions of the analogy are unsupported. | Supporting details and information are typically unclear or not related to the analogy. |
| Creativity | contains many creative details and/or descriptions that contribute to the reader’s enjoyment. The author has really used imagination. | The project contains a few creative details and/or descriptions that contribute to the reader’s enjoyment. The author has used imagination. | The project contains a few creative details and/or descriptions, but they distract from the analogy. The author has tried to use imagination. | There is little evidence of creativity in the project. The author does not seem to have used much imagination. |
| Grammar & Spelling | Writer makes no errors in grammar, mechanics, or spelling that distract the reader from the content. | Writer makes 1- 2 errors in grammar, mechanics, or spelling that distract the reader from the content. | Writer makes 3- 4 errors in grammar, mechanics, or spelling that distract the reader from the content. | Writer makes more than 4 errors in grammar, mechanics, or spelling that distract the reader from the content. |
Sample of Completed Assignment (indicating mastery)
John wants to buy a new bike. John has had the same old bike for ten years and really thinks he deserves an upgrade, especially since he bikes to and from school every day-rain or shine. However, John lives in a big city, in a busy neighborhood, doesn’t know his neighbors, and worries about theft. His neighborhood is unprotected and unmonitored most days. The garage where John would keep his bike does not lock. He doesn’t have room in his mom’s apartment so at least the garage would keep John’s bike safe from the weather.
John must determine the risk in buying a new bike. There are several approaches he can take.
Avoidance: Because John is afraid of someone stealing the bike, John decides not to purchase one.
Avoiding online behavior
Acceptance: John knows there is a chance the bike may be stolen, but plays the odds.
Use public WiFi or join social media without caution
Mitigation: Although the garage does not lock, John could buy a lock for the bike to make it more challenging to steal.
Installing Anti-virus software
Deterrence: John could start a neighborhood watch group to make bike thiefs less attracted to the neighborhood.
Hacking back to take property back (illegal)
Transference: John could make sure his mom’s renter’s insurance covers the bike.
*italicised is the cyber equivalent
Teacher Notes
Cybersecurity: Why It Matters
A discussion regarding online safety
Introduction:
Oftentimes while discussing cybersecurity, one might be hit with the comment, “Who cares, I have nothing of value anyway…” This discussion based lesson explains cyber in a common sense analogy that anyone who once longed for a bicycle (or a car, or anything of value) can understand.
This lesson was greatly enhanced by information available in Dr. Mark Ciampa’s CompTIA Security+ Guide to Network Security Fundamentals, 5th edition.; 2015; Cengage Learning; 978-1-305-09391-1
Presentation to accompany discussion
Basics of Information Security/Cybersecurity
A Scenario to Understand terminology and threats
(Teacher note: This scenario can be changed, as needed. If students in the school don’t value bikes, then change to something that most would value)
John wants to buy a new bike. John has had the same old bike for ten years and really thinks he deserves an upgrade, especially since he bikes to and from school every day-rain or shine. However, John lives in a big city, in a busy neighborhood, doesn’t know his neighbors, and worries about theft. His neighborhood is unprotected and unmonitored most days. The garage where John would keep his bike does not lock. He doesn’t have room in his mom’s apartment so at least the garage would keep John’s bike safe from the weather.
So let’s consider John’s scenario and apply some common cybersecurity terms (in red and listed second).
John’s bike= asset (anything of value)
What are some examples of online assets? (personal information, credit card numbers, banking info, email, social media names, etc)
theft=cyber threat (any action that could cause harm)
Online threats? Strangers, malware, viruses, social engineers, fake news, fake websites, scams, etc.
Potential thief=threat agent (person or device attempting to cause harm)
Online threat agents? Cybercriminals, social engineers, sex predators, etc
Unlocked garage and sketchy neighborhood=vulnerability (flaw or weakness)
Cyber vulnerability?? Dumb users, old software, no antivirus updates, not running software/operating system updates or patches, exposing personal information, etc.
Stealing bike from the garage; garage=threat vector (area in which an attack could occur; how an attack can occur)
Online threat vectors? Public wifi, social engineering attempts, malware, dark web, fake websites, etc.
John has to consider all of this before buying a bike….do you consider all of this before going online? All John had to lose was a bike…your information is much more valuable than a bike.
John must determine the risk in buying the bike of his dreams. Therefore he has several approaches he can take…
Avoidance: Based on the fact that the bike might get stolen; John decides not to buy the bike.
In cyber: this would mean avoiding certain online behaviors (i.e. social media) or in an extreme case, “going off the grid.”
Acceptance: John buys the bike, knowing that there is a chance it could get stolen.
In cyber: this is done by all the people who understand the basic threats but decide to shop online, jump on public WiFi, use the internet without thought, engage in social media with no precaution, etc because it’s what they want to do.
Mitigation: attempt to make the risk less serious. In this case, John could buy a padlock for the garage door.
In cyber, this is done by doing small steps to help make us safer ( avoiding public wifi, using VPNs, updating/patching software, running antivirus, etc)
Deterrence: understanding that there are bike thiefs and taking action to dissuade them from stealing the bike
In cyber, an extreme example would be “hacking back” (which is illegal in most cases).
Transference: transferring the risk to others. John could make sure that his bike is covered under his homeowner’s/renter’s insurance policy.
In cyber, this is hard to do but it could be done if one can prove that a data breach caused harm or that some company’s negligence caused you to be a victim of a cyber attack.
(The terms used above are good terms/actions for students to understand as they are used in a wide array of careers and fields of study.)
© 2018 Teach Cyber
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
