Section 3.3

Learning Goals

• • IOC-2.A: Students will describe the risks to privacy from collecting and storing personal data on a computer system.

  • IOC-2.B: Students will explain how computing resources can be protected and can be misused.

  • IOC-2.C: Students will explain how unauthorized access to computing resources is gained. 

  • IOC-2.C.1: Phishing is a technique that attempts to trick a user into providing personal information. That personal information can then be used to access sensitive online resources, such as bank accounts and emails.

  • IOC-2.C.2: Keylogging is the use of a program to record every keystroke made by a computer user in order to gain fraudulent access to passwords and other confidential information.

  • IOC-2.C.4: A rogue access point is a wireless access point that gives unauthorized access to secure networks.

  • IOC-2.C.5: A malicious link can be disguised on a web page or in an email message. 

  • IOC-2.C.6: Unsolicited emails, attachments, links, and forms in emails can be used to compromise the security of a computing system. These can come from unknown senders or from known senders whose security has been compromised. 

  • CRD-1.C: Demonstrate effective interpersonal skills during collaboration. 

  • CRD-2.E.4: Students will actively engage in a  development process that is incremental by breaking down the problem into smaller pieces.

  • Programming plug in:

    • • AAP-3.A: Students will write statements to call procedures.

      • AAP-3.A: Students will determine the result or effect of a procedure call.

      • AAP-3.D: Students will select appropriate libraries or existing code segments to use in creating new programs. 

      • Students will determine and design an appropriate method or approach to achieve the purpose. (P1.B)

Objectives and General Description

Responsible creators of a computing innovation pay close attention to the data that is collected from the innovation and the protection of that data from cybersecurity threats.  A data breach is an attack on a secure database that results in unauthorized access to financial, personal and other private data.  The average cost of a data breach in the US is $7.35 million and the global average cost is $3.62 million.  The main costs of a data breach include loss of customers, business disruption, legal costs, breached client records, regulatory fines and direct financial loss.    Furthermore, 1 out of 4 organizations experience a data breach in the US.   Diligent monitoring and a comprehensive response plan is an essential requirement for companies to protect their customers.  

“2018 Cost of Data Breach vs Cybersecurity Response Plans and Solutions”.  November 27, 2018.  Secureworks.com

The objectives for this lesson are to have the students read a detailed project description and analyze the requirements need to successfully complete the project.  In addition, students will be critically evaluating what they know how to do for the project and what they need to learn how to do.  For ARC Challenge #3, student teams will investigate and analyze the security of the innovation as it relates to privacy, legal & ethical issues. The challenge consists of three components:

1.  Innovation Risk Assessment:  Each student will analyze the selected innovation for cybersecurity vulnerabilities.  Describe the vulnerability, the type of data that is involved and how this vulnerability would affect privacy, security or storage of the collected data.   Then each student will evaluate the risk to personal privacy for a user of the innovation and make a recommendation of use.  After feedback from the teacher, the team will revise and select one analysis to put on the website along with designing a rating graphic to be placed on the website.

2. Applicable Laws:  Research and select a law or act (Digital Millennium Copyright Act, COPPA, cyberbullying laws, etc) that is relevant to cybersecurity vulnerability of their innovation.  They should describe the law & its relevance and the describe history of law.  Does the law benefit all groups equally or equitably? How could it be changed to benefit all groups equally or equitably?  Teams will create a presentation of their findings.

3. PSA:  Teams create a digital public service announcement to educate the general public about the law .  This artifact will be added to the website.

Optional Programming PlugIn: 

Option A:  Thunkable: Modify app from Design Challenge #1.   Home screen would give user two choices --- take a quiz or play a game.  Student groups add a topic based game with a scoring component.  Could also use EarSketch to create a sound file used in the game (when sprite clicked, score reached, etc.)

Option B:  Students write an encryption program (example:  Caesar Cipher) in a language of their choice.

For this ARC challenge, the projects are divided.  

• Sprint 1 will focus on the Innovation Risk Assessment

• Sprints 2 & 3 will focus on the Applicable Laws , PSA and Programming Plugin (optional).

Student teams will use the AGILE approach again to complete this challenge.  Students will be given the specs for the project components and will be asked to analyze what they know how to do, what they need to learn how to do and where to find the skills/knowledge that they need.  They will do this individually and then coordinate as a team to complete an overall project requirements analysis.  This will lead to the first Sprint assignment.  There will be three sprints for this project.  A reminder that students will often want to rush through the planning process.  The planning process is an industry skill and is vitally important to a successful, collaborative project.  Students are also utilizing computational thinking skills and practices by designing a collaborative solution.

 Unit 3 ARC Challenge Materials

*Note:  There are items in the project descriptions that the students don't know yet.  For example...what is a risk assessment?  How do you evaluate personal data privacy?  What is a PSA?  What are encryption techniques?  How do you code an encryption technique?  Students will probably experience some nervousness when they see the project descriptions.  This is part of a growth mindset.  Reassure them that the projects are manageable and you will help them learn the content/skills to create a successful project.  The CAPACiTY approach involves giving them a project before they have all the skills.  They learn to identify what they need to know or learn and then also learn how to find this information or learn the skill.  This approach facilitates independent learning and builds confidence.  Many students may not have experience this previously and will need more support from the teacher.  Other students will be ready to take the challenge and run with it.  Teachers should be prepared to offer the level of support that the students need. 

Activities

Some teachers may want to print all the challenge documents and create binders for each team.  Here is a link to all documents with a table of contents for this ARC challenge.

Activity 3.3.1 (Budget 30 minutes)

1. This activity is an individual activity.

2. Explain that each team will be analyzing privacy risks, researching relevant laws, creating a PSA and programming an optional game or encryption program.  Give each student access to the Unit 3 ARC Challenge Materials and have them read files 0 - 5

3. Give each student copies of the KNW chart.   

4. Students should read the project descriptions thoroughly and complete a KNW for each project.  

Activity 3.3.2 (budget 3 hours)

1. Bring the teams together and have them discuss the individual KNW charts.

2. Teams complete the Project Analysis Requirements for the entire ARC Challenge.  They may not know all the steps for some of the items yet but that can be clarified throughout the unit.

3. Student teams complete their plan for Sprint #1 which focuses just on the Innovation Risk Assessment.  Project managers for this challenge should not be students who were project managers for previous challenges, if possible.

4. Teams work on the challenge in class.  The teacher should be moving around, supporting each team when necessary.  

5. The content needed for Sprint 1 focuses mainly on PII and personal privacy.  This content was covered in Section 3.1.  Teacher help during this Sprint will most likely be either covering content and analysis from the PII lesson or facilitating the creation of the rating graphic.

Resources

• 3.3.1: ARC Challenge Materials (all documents for this challenge) 

• 3.3.1: KNW Chart (student worksheet)