Essential Questions
- How do you know when data or information is secure? What can I do to keep data more secure?
- Who has access to data and how do I know it’s them?
- What rights do I have for using the software on my computer?
Big Ideas
Before someone has access to a resource on an IT infrastructure, they should go through some form of authentication to prove that they truly have the right to use that resource. IT Support specialists set up different types of authentication methods, and not just passwords. Even when passwords are used, different levels of access can be configured for files, folders, and devices.
Whether intended or not, IT support specialists can also come across a variety of information that should be kept secure, such as Personally Identifiable Information (PII) or Protected Health Information (PHI). IT technicians are responsible for establishing a system of permissions that allow only the appropriate people to access secure information and how that information may be kept secure through encryption. They are also responsible for being proactive about establishing procedures and technology solutions for Data Loss Prevention (DLP) and policies for recovering data, when necessary.
Connection to Student Lives
How do you know your information is safe? You probably use a password for a lot of the sites you visit as well as those you use for school or work. Do you use the same password over and over? Do you use strong passwords? How do you know?
Passwords are just one way to authenticate someone using technology, but they’re not flawless, especially if you don’t follow guidelines for creating strong passwords. You’d be surprised how many people never change their password, or use passwords you can guess easily, like using their pet or child’s name or a birthday. As an IT support specialist, you can set up policies that can enforce people to keep the information and devices you support more secure.
You can create policies that require people to use strong passwords or other ways to authenticate themselves. You can also set the permissions to files, folders, and other resources on your network. You may also encrypt different kinds of data so people can’t access it. As an IT support specialist you need to understand technology and behavioral best practices for keeping data secure and enforce those best practices from those who use your network’s resources.
Framing Problem
How can you ensure data is kept secure, so it can only be accessed by those who have permission to, and what do you do if there is an incident in which data may be at risk?
Cornerstone Assessment
Students configure data protection in Windows and should be able to explain how files, folders, and disks can be made more secure. They can also review or propose policies to enforce security best practices, helping to keep data secure and what to do if an incident occurs that risks the exposure or loss of data.
DPI Standards
- NCCTE.2020.II22.01.06 - Use Microsoft Windows control panel utilities.
- NCCTE.2020.II22.02.02 - Explain logical security concepts.
- NCCTE.2020.II22.02.03 - Compare wireless security protocols and authentication methods.
- NCCTE.2020.II22.02.06 - Compare Microsoft Windows OS security settings.
- NCCTE.2020.II22.02.07 - Implement security best practices to secure a workstation.
- NCCTE.2020.II22.04.06 - Explain the processes for addressing prohibited content activity, privacy licensing, and policy concepts.
A+ Standards
TOPIC 13C Protect Data During Incident Response
TOPIC 13A: Implement Security Best Practices
TOPIC 13B: Data Protection Policies
Knowledge
- Different categories of authentication factors, including something you know, something you have, or something you are, and advantages and disadvantages of each
- Rules for making passwords difficult to guess
- Policies to enforce the use of Access Control Lists (ACLs)
- Options to configure passwords and restrict accounts in Windows
- How to encourage others to lock their workstations
- Best practices to follow for implementing security on workstations and data
- How to recognize confidential and sensitive data types and understand how it can be kept secure
- Different levels of classification that may be applied to information
- Examples of misusing Personally Identifiable Information (PII) and how they might be avoided
- How different levels of permissions may be applied to files, printers, shared folders, and network directory databases through user or group accounts
- Challenges of encrypting data without strong authentication
- The differences between implementing Encrypting File System (EFS) versus Full Disk Encryption (FDE)
- How Data Loss Prevention (DLP) protect against data loss through removable media
- Different types of licensing agreements
- The difference between shareware, freeware, and open source software
- Guidelines for implementing data protection policies
- Examples of security incidents covered under an incident response policy that IT support specialists may need to report or provide data about
- The steps in the security incident handling lifecycle and the role of documentation in those steps
- How IT support specialists can support a forensic investigation so as to not compromise it
Skills
- Configure, or explain, password and account policies on a standalone workstation via the Local Security Policy snap-in (secpol.msc) or the Group Policy snap-in (gpedit.msc)
- Configure domain password policies using Group Policy.
- Configure account restrictions.
- Encrypt files and folders in Windows
- Configure, or explain, encryption using BitLocker
Vocabulary
Implement Security Best Practices
Authentication factor
Radio Frequency Identification (RFID)
Key fob
Biometric information
- False negative
- False positive
Two-factor authentication
Three-factor authentication
Software token
Replay attack
RADIUS
TECACS+ (Terminal Access Controller Access Control System Plus)
Access Control List (ACL)
Implement Data Protection Policies
Information Content Management (ICM)
Personally Identifiable Information (PII)
Protected Health Information (PHI)
Payment Card industry Data Security Standards (PCI DSS)
Permission
Access Control List (ACL)
- Access Control Entries (ACE)
Encrypting File System
Full Disk Encryption
- BitLocker
- Trusted Platform Module
Data Loss Prevention
End User License Agreement (EULA)
- Original Equipment Manufacturer (OEM)
- Retail
- Volume
- Server and Client Access Licenses (CAL)
Shareware
Freeware
Open Source
Digital Rights Management (DRM)
Protect Data During Incident Response
Incident response policy
Incident
Computer Security Incident Response Team (CSIRT)
Computer forensics
- Latent
Chain of Custody
Weekly Map
Monday
Introduction to problem: Security Best Practices
Online Pre-assessment (available for student practice, as well)
Review content resources with whole group: Topic 13A: Discussing Security Best Practices Implementation
Tuesday
Review content resources with whole group: 13B: Data Protection Policies
Small group and independent exploration of resources
Activity 13-1: Discussing Security Best Practices Implementation
Activity 13-2: Discussing Data Protection Policies
Wednesday
Hands-on exploration with IT professionals: Activity 13-3: Configuring Data Protection
Progress check with supervisor
Thursday
Hands-on exploration with IT professionals: Activity 13-3: Configuring Data Protection
Small group and independent exploration of resources: Topic 13C: Protect Data During Incident Response
Activity 13-4: Discussing Data Protection During Incident Response, if time allows
Friday
Hands-on exploration with IT professionals: Activity 13-3: Configuring Data Protection & Activity 13-4, if necessary
Team progress check with supervisor or sharing of progress with whole group
Online post-assessment
Lesson Ideas
There are a lot of security practices and terms students must become comfortable with in these topics. Depending on the level of access your students have to devices and a network, they may have limitations applying some of the skills referenced in these topics.
Preferably, students will be able to engage in Activity 13-3: Configuring Data Protection as the primary focus of their hands-on applications during these topics. Students should become aware of how file permissions, folder encryption, and disk encryption can and may not protect data on fixed disks and removable media. This is another activity that relies on virtual machines. If not available, consider how students can at least observe the use of security measures, such as the Advanced Security Settings and BitLocker.
Potential Resources
The Official CompTIA A+ Core 1 & Core 2 Instructor Guide for Exams 220-1001 and 220-1002
- Topic 13A: Discussing Security Best Practices Implementation (pp. 754-761)
- Activity 13-1: Discussing Security Best Practices Implementation (pp. 762-763)
- Topic 13B: Data Protection Policies (pp. 764-772)
- Activity 13-2: Discussing Data Protection Policies (pp. 773-774)
- Activity 13-3: Configuring Data Protection (pp. 775-780)
- Topic 13C: Protect Data During Incident Response (pp. 781-784)
- Activity 13-4: Discussing Data Protection During Incident Response (pp. 785)
Professor Messer at ProfessorMesser.com and YouTube offers numerous free videos of various lengths for many of the topics for the CompTIA 220-1001 A+ Exam. They are easy to understand, narrated videos with visuals. If you are teaching a CompTIA course, the site notes “You’re welcome to use them as much as you’d like, provided you embed the videos with the associated YouTube link or link directly to my site. Please click the “Contact Us” link at the top of our web page and let me know how you’re using them.”
- Professor Messer’s 220-1001 Core 2 CompTIA A+ Training Course videos on ProfessorMesser.com. Search or scroll to find the topics you’re interested in.
Entry Level I.T. Training from Technology Gee
Microsoft Support
- Windows commands
- Configure security policy settings
- Local Group Policy Editor
- How to encrypt a file
- Turn on device encryption using BitLocker
- Windows sign-in options and account protection
Other Articles and Resources:
Disk vs File Encryption – Which is Best for Your Organization? From The Purple Guys, an IT support group in Kansas City, KS.
Guidance on the Protection of Personal Identifiable Information from the U.S. Department of Labor
What is Shareware? – How it works and how to protect yourself from kaspersky, a digital security company (contains advertisements)
Your Guide to Using BitLocker Encryption on Windows 10 by Andre Da Costa for groovypost. Thorough step-by-step tutorial. (contains advertisements)