Introduction

Unit 5: Week 4: Behavioral Security Concepts

Unit 5: Week 4: Behavioral Security Concepts

Essential Questions

  • What are your rights when using school or district technology?
  • What protections should you expect when using school or district technology?

Big Ideas

Our lives are full of personal data and information that can tell a lot about us. Some people want to find out this information and exploit it, sometimes through something innocuous like sending you advertisements, but it can get worse. Identity theft is a serious threat to anyone who uses information and communications technologies.

IT staff at districts and businesses take steps to protect confidential information from its users. But similar to password security, people should also be cautious when they are using the Internet, social media, communications media, and online file sharing.

Acceptable use is often governed by district or organizational policies. Because you may come into contact with other users’ PII (Personally Identifiable Information)–even street addresses, phone numbers, and emails are PII, you should understand what your district’s policies are for accessing and keeping confidential data secure.

Connection to Student Lives

Think about all the different accounts you have, or that your friends have, and not just for school. At school you probably have at least one district-generated account you use to access school resources. Depending on the project you create, you may also have additional accounts to complete schoolwork, like sites where you share documents and other data.

Now add on any personal accounts you have. Some people have more than one personal email account, and they can have social media accounts for Twitter, Instagram, Facebook, TikTok, and others. Maybe more than one of those, too. You also may have eCommerce accounts where you’ve purchased items online, accounts to store videos and photos, and a variety of other accounts.

When you are using those accounts, you are creating data that can be tracked. It can be tracked back to you! Sometimes, it can be used to identify who you are, your online habits, and perhaps even where you live. You should know what data different services track and how they keep your PII secure. When you work for a Help Desk, you need to think of other people’s PII like your own, and be sure you follow steps to keep it safe and secure.

Framing Problem

What is or should be acceptable use of school or district hardware, software, and networking? IT Departments implement procedures for helping to keep their users’ data safe and secure, but user’s bear part of the burden, as well. You need to know the expectations, limitations, and threats associated with keeping data and PII secure.

Cornerstone Assessment

Students will review the written policies and procedures for students, staff, and guests designed to provide a secure and safe experience while using school or district hardware, software, or networking. Many Acceptable Use Policies are written with dense, legal-sounding language and are not very reader-friendly to students or families. Students can suggest changes to policies to make them more user friendly, identifying any gaps or need for revision, and document those in the Help Desk knowledge base. Students will create documentation (written, images, posters, advertisements, videos, press campaigns, web sites, social media campaigns, or other formats) to inform users (students, staff, and guests) about steps they can take to keep their devices, identity, and data safe. This may include best practices for stronger passwords covered the previous week.

DPI Standards

  • 6.00 Understand computer security
  • 6.01 Identify the types of computer security threats
  • 6.03 Identify secure web browsing practices

CompTIA Standards

  • 6.3 Summarize behavioral security concepts

Knowledge

  • What an SOP is
  • The types of confidential information that should be governed by classification and handling procedures and some common ways sensitive data may be treated carelessly
  • What an Acceptable Use Policy is, and what their dsitrict’s AUP contains
  • Types of workplace surveillance
  • Two main privacy issues associated with the use of social networking, communications services, and file-sharing services
  • What metadata is and how it is used

Skills

  • Explain the importance of written policies and procedures in ensuring behavioral security.
  • Describe basic principles for handling confidential information.
  • List some privacy and usage issues for corporate systems and Internet/social media sites.

Vocabulary

  • Expectations of privacy when using: (The Internet [Social networking sites, Email, File sharing, Instant messaging], Mobile applications, Desktop software, Business software, Corporate network) -
  • Handling of confidential information (Passwords, Personal information, Customer information, Company confidential information) -
  • Written policies and procedures -

Supporting Vocabulary

  • Acceptable Use Policy or Fair Use Policy
  • Identity theft
  • Metadata
  • Security assurance, monitoring data, physical monitoring

Weekly Map

Monday

Introduction to problem: What is Acceptable Use?

Online Pre-assessment  (available for student practice, as well)

Team meetings to develop project plan and goals

Tuesday

Review content resources with whole group

Small group and independent exploration of resources

Contribute to team project

Wednesday

Hands-on exploration with IT professionals: Handling confidential information

Team progress check with supervisor (using project plan)

Thursday

Hands-on exploration with IT professionals: Handling confidential information

Small group and independent exploration of resources

Contribute to team project

Friday

Team sharing of progress with whole group

 

Online post-assessment

Lesson Ideas

Students work in teams to review Unit 5.4 in their textbook. The students collaborate on adding to their Frayer-type digital presentation or other documentation that records and illustrates key vocabulary and concepts in the Units. Students contribute to these files throughout the semester to prepare for the CompTIA certification exam and to contribute to the Help Desk knowledge base.

Student teams work together to review school or district policies on Acceptable Use. They could create a more user-friendly version of the district’s Acceptable Use Policy or parts of it. These can be used to create an awareness or public relations campaign with users of the district’s technology resources, such as students but also including teachers, administrators, and other staff as well as guests who may have access to district resources. Teams may consider improving password security habits as presented in week 3 as one of their topics.

Technicians help students understand appropriate procedures if they do encounter confidential information during their Help Desk support. Confidential information can include “directory information,” such as names, addresses, and emails, which don’t sound highly confidential but still should not be distributed to others.

Potential Resources

The Official CompTIA ITF+ Instructor’s Manual and Student Guide: Units 4.1 and 4.2

Frayer Diagram Template (slide deck, document, or other)

Have students craft  a classroom responsible use policy from your district’s AUP is an activity from the Be A Model Digital Citizen choice board.

Khan Academy

  • How the Internet works. A short course that covers wired and wireless networks; IP addresses and DNS; packets, routers, and reliability; HTTP and HTML; Encryption and public keys; and cybersecurity

Technology Gee