Unit 01 - Lesson element - Threats and digital security (DOC, 1MB)

advertisement
Lesson Element
Unit 1: Fundamentals of IT
LO5: Understand ethical and operational
issues and threats to computer systems
Threats and digital security
Instructions and answers for tutors
These instructions cover the learner activity section which can be found on page 12. This
Lesson Element supports Cambridge Technicals Level 3 in IT.
When distributing the activity section to the learners either as a printed copy or as a
Word file you will need to remove the tutor instructions section.
The activity
This lesson element will provide learners with an opportunity to identify threats to computer
systems. They will look at physical and digital security methods and justify which methods
are essential to use.
Suggested timings
Activities 1, 2 and 3: 30 minutes
Activities 4, 5 and 6: 30 minutes
WORK – This activity offers
an opportunity for work
experience.
ABC – This activity offers an
opportunity for English skills
development.
Version 1
1
© OCR 2016
Activity 1
Tutors should print out and cut up the images and keyword cards from the Threats Memory
Game below. Tutors spread out the cards, face down, on a table in front of the learners
keeping the image and keyword cards separate. Card by card the learners turn over an
image card and try and match it to its keyword card. If there is no match then both cards are
returned face down to their original positions. The process is repeated until all images and
threats are correctly identified.
Version 1
2
© OCR 2016
Threats Memory Game
PHISHING
HACKING
VIRUS
TROJAN
Version 1
3
© OCR 2016
INTERCEPTION
EAVESDROPPING
DATA THEFT
SOCIAL
ENGINEERING
Version 1
4
© OCR 2016
Activity 2
Tutors should ask learners to define the different types of threats. Learners can check their
understanding using the web page: http://www.itscolumn.com/2012/03/28-types-ofcomputer-security-threats-and-risks/.
Learners can also extend their learning by reading and discussing further threats listed on
the web page.
Activity 3
Tutors should print and cut up the images and keyword cards from the Security Memory
Game below. Tutors spread out the cards face down on a table in front of the learners,
keeping the image and keyword cards separate. Card by card the learners turn over an
image card and try and match it to its security method card. If there is no match then both
cards are returned, face down, to their original positions. The process is repeated until all
images and security methods are correctly identified.
Version 1
5
© OCR 2016
Security Memory Game
LOCKS
BIOMETRICS
RFID
TOKENS
Version 1
6
© OCR 2016
PRIVACY
FILTER
SHREDDING
ANTI-VIRUS
FIREWALL
Version 1
7
© OCR 2016
ANTI-SPYWARE
USERNAME
PASSWORD
PERMISSIONS
ENCRYPTION
Version 1
8
© OCR 2016
Activity 4
Tutors should ask learners to organise the identified security methods into two groups:
Physical security and digital security.
Expected results
Physical security
Locks
Digital security
Anti-virus
Biometrics
Firewalls
RFID
Anti-spyware
Tokens
Username/password
Privacy filters
Permissions
Shredding
Encryption
Activity 5
Tutors should ask learners to give justified reasons for security methods (identified in Activity
3) they would use to combat the threats that they have identified. This could be done as a
class discussion, paired work or individually using the table provided in the learner activity.
Version 1
9
© OCR 2016
Example answers
Threat
Phishing
Hacking
Security
Anti-spyware
Justification
Anti-spyware will prevent unknown applications
stealing personal information.
Privacy filters
Privacy filters will guard against personal
information being read by onlookers.
Firewalls will protect a network or system from
unauthorised access.
Firewalls
Biometrics
Virus
Anti-virus
Trojan
Anti-virus
Interception
Encryption
Shredding
Eavesdropping
Encryption
Locks
Data theft
Social
engineering
Version 1
Encryption
Biometrics are more secure than usernames/
passwords as they cannot be guessed.
Anti-virus software will detect and protect
against known computer viruses. The anti-virus
software must remain up-to-date to provide
protection.
A Trojan is a computer invasion also protected
against by anti-virus software. The anti-virus
software must remain up to date to provide
protection.
Encryption will prevent access to the data as a
decryption key is required.
Shredding prevents unauthorised access to
data no longer required.
Encryption will prevent access to the data as a
decryption key is required.
Locks, securely locked doors will prevent public
(visitors) use.
Encryption will prevent access to the data as a
decryption key is required.
Tokens
Tokens will only allow people with the token
access to the data.
RFID
RFID will only allow people with RFID access to
secure areas.
Prevent a social engineering attack by using a
combination of security methods in order to
prevent an attacker persuading a victim to give
out all security details.
Username/password
Biometrics
RFID
10
© OCR 2016
Activity 6
Tutors ask learners to share one threat they have identified, and their justified reasons for
using a particular security method, with the rest of the group. Tutors ask the group to vote on
whether they agree or disagree with the learner’s decisions. If the group disagrees, the tutor
sets up a discussion group to identify alternative methods.
We’d like to know your view on the resources we produce. By clicking on ‘Like’ or ‘Dislike’ you can
help us to ensure that our resources work for you. When the email template pops up please add
additional comments if you wish and then just click ‘Send’. Thank you.
If you do not currently offer this OCR qualification but would like to do so, please complete the
Expression of Interest Form which can be found here: www.ocr.org.uk/expression-of-interest
OCR Resources: the small print
OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board,
and the decision to use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for
any errors or omissions within these resources.
© OCR 2016 – This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the
originator of this work.
OCR acknowledges the use of the following content: Activity 1: 73319470 Lightspring; 81825655 gualtiero boffi; 131448572 Steve Heap; 177250427 tanuha2001;
223094779 wk1003mike; 246319285 Wichy; 248596792 wk1003mike; 258903893 Creativa Images. Activity 3: 9650737 Lou Oates; 9650737 watcharakun;
34835914_Kairos; 42943528 Angela Waye; 47557069 Vladru; 106052978_JMiks; 106865984 Lost Mountain Studio; 136874459 Franck Boston; 211081186
LovePHY; 244816201 kentoh; 279374651_Marcos Mesa Sam Wordley; 285401465 Black Jack. All images courtesy of shutterstock.com
Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications: resources.feedback@ocr.org.uk
Version 1
11
© OCR 2016
Lesson Element
Unit 1: Fundamentals of IT
LO5: Understand ethical and operational
issues and threats to computer systems
Learner Activity
Threats and digital security
This lesson element will provide you with an opportunity to identify threats to computer
systems. You will also look at physical and digital security methods and justify which
methods are essential to use.
Activity 1
You will be given a number of cards face down. Do not turn them over and look at them until
asked to do so. Each player in turn chooses and turns over one card from the image group
and then one card from the keywords group. The aim is to match the image card with its
keyword card. If there is no match return both cards face down to their original positions.
Repeat the process until all images and threats are correctly identified.
Activity 2
Write a definition for each of the different types of threats. You can check your
understanding using the web page: http://www.itscolumn.com/2012/03/28-types-ofcomputer-security-threats-and-risks/.
You can also extend your learning by reading and discussing further threats listed on the
web page.
Activity 3
You will be given a number of cards face down. Do not turn them over and look at them.
Spread out the cards face down on the table. Each player in turn chooses one card and
turns it over, then chooses another card and turns it over. The aim is to match each image
card with its security method card. If there is no match return both cards face down to their
Version 1
12
© OCR 2016
original positions. Repeat the process until all images and security methods are correctly
identified.
Activity 4
Organise the identified security methods into two groups, Physical Security and Digital
Security. Write your results in the table below.
Anti-spyware
Anti-virus
Biometrics
Encryption
Firewalls
Locks
Permissions
Privacy filters
RFID
Shredding
Tokens
Username/password
Physical security
Version 1
Digital security
13
© OCR 2016
Activity 5
For each threat you have identified in Activity 3, give justifiable reasons for the security
methods you would use to prevent or combat the threat. You can use the table provided
below to note your answers. The web page https://www.getsafeonline.org/ may also be of
assistance with your justifications.
Threats and security
Threat
Phishing
Security
Justification
Hacking
Virus
Trojan
Interception
Eavesdropping
Data theft
Social engineering
Activity 6
Share one threat you have identified and justify your reasons to the rest of the class.
Version 1
14
© OCR 2016
Download