Lesson Element Unit 1: Fundamentals of IT LO5: Understand ethical and operational issues and threats to computer systems Threats and digital security Instructions and answers for tutors These instructions cover the learner activity section which can be found on page 12. This Lesson Element supports Cambridge Technicals Level 3 in IT. When distributing the activity section to the learners either as a printed copy or as a Word file you will need to remove the tutor instructions section. The activity This lesson element will provide learners with an opportunity to identify threats to computer systems. They will look at physical and digital security methods and justify which methods are essential to use. Suggested timings Activities 1, 2 and 3: 30 minutes Activities 4, 5 and 6: 30 minutes WORK – This activity offers an opportunity for work experience. ABC – This activity offers an opportunity for English skills development. Version 1 1 © OCR 2016 Activity 1 Tutors should print out and cut up the images and keyword cards from the Threats Memory Game below. Tutors spread out the cards, face down, on a table in front of the learners keeping the image and keyword cards separate. Card by card the learners turn over an image card and try and match it to its keyword card. If there is no match then both cards are returned face down to their original positions. The process is repeated until all images and threats are correctly identified. Version 1 2 © OCR 2016 Threats Memory Game PHISHING HACKING VIRUS TROJAN Version 1 3 © OCR 2016 INTERCEPTION EAVESDROPPING DATA THEFT SOCIAL ENGINEERING Version 1 4 © OCR 2016 Activity 2 Tutors should ask learners to define the different types of threats. Learners can check their understanding using the web page: http://www.itscolumn.com/2012/03/28-types-ofcomputer-security-threats-and-risks/. Learners can also extend their learning by reading and discussing further threats listed on the web page. Activity 3 Tutors should print and cut up the images and keyword cards from the Security Memory Game below. Tutors spread out the cards face down on a table in front of the learners, keeping the image and keyword cards separate. Card by card the learners turn over an image card and try and match it to its security method card. If there is no match then both cards are returned, face down, to their original positions. The process is repeated until all images and security methods are correctly identified. Version 1 5 © OCR 2016 Security Memory Game LOCKS BIOMETRICS RFID TOKENS Version 1 6 © OCR 2016 PRIVACY FILTER SHREDDING ANTI-VIRUS FIREWALL Version 1 7 © OCR 2016 ANTI-SPYWARE USERNAME PASSWORD PERMISSIONS ENCRYPTION Version 1 8 © OCR 2016 Activity 4 Tutors should ask learners to organise the identified security methods into two groups: Physical security and digital security. Expected results Physical security Locks Digital security Anti-virus Biometrics Firewalls RFID Anti-spyware Tokens Username/password Privacy filters Permissions Shredding Encryption Activity 5 Tutors should ask learners to give justified reasons for security methods (identified in Activity 3) they would use to combat the threats that they have identified. This could be done as a class discussion, paired work or individually using the table provided in the learner activity. Version 1 9 © OCR 2016 Example answers Threat Phishing Hacking Security Anti-spyware Justification Anti-spyware will prevent unknown applications stealing personal information. Privacy filters Privacy filters will guard against personal information being read by onlookers. Firewalls will protect a network or system from unauthorised access. Firewalls Biometrics Virus Anti-virus Trojan Anti-virus Interception Encryption Shredding Eavesdropping Encryption Locks Data theft Social engineering Version 1 Encryption Biometrics are more secure than usernames/ passwords as they cannot be guessed. Anti-virus software will detect and protect against known computer viruses. The anti-virus software must remain up-to-date to provide protection. A Trojan is a computer invasion also protected against by anti-virus software. The anti-virus software must remain up to date to provide protection. Encryption will prevent access to the data as a decryption key is required. Shredding prevents unauthorised access to data no longer required. Encryption will prevent access to the data as a decryption key is required. Locks, securely locked doors will prevent public (visitors) use. Encryption will prevent access to the data as a decryption key is required. Tokens Tokens will only allow people with the token access to the data. RFID RFID will only allow people with RFID access to secure areas. Prevent a social engineering attack by using a combination of security methods in order to prevent an attacker persuading a victim to give out all security details. Username/password Biometrics RFID 10 © OCR 2016 Activity 6 Tutors ask learners to share one threat they have identified, and their justified reasons for using a particular security method, with the rest of the group. Tutors ask the group to vote on whether they agree or disagree with the learner’s decisions. If the group disagrees, the tutor sets up a discussion group to identify alternative methods. We’d like to know your view on the resources we produce. By clicking on ‘Like’ or ‘Dislike’ you can help us to ensure that our resources work for you. When the email template pops up please add additional comments if you wish and then just click ‘Send’. Thank you. If you do not currently offer this OCR qualification but would like to do so, please complete the Expression of Interest Form which can be found here: www.ocr.org.uk/expression-of-interest OCR Resources: the small print OCR’s resources are provided to support the teaching of OCR specifications, but in no way constitute an endorsed teaching method that is required by the Board, and the decision to use them lies with the individual teacher. Whilst every effort is made to ensure the accuracy of the content, OCR cannot be held responsible for any errors or omissions within these resources. © OCR 2016 – This resource may be freely copied and distributed, as long as the OCR logo and this message remain intact and OCR is acknowledged as the originator of this work. OCR acknowledges the use of the following content: Activity 1: 73319470 Lightspring; 81825655 gualtiero boffi; 131448572 Steve Heap; 177250427 tanuha2001; 223094779 wk1003mike; 246319285 Wichy; 248596792 wk1003mike; 258903893 Creativa Images. Activity 3: 9650737 Lou Oates; 9650737 watcharakun; 34835914_Kairos; 42943528 Angela Waye; 47557069 Vladru; 106052978_JMiks; 106865984 Lost Mountain Studio; 136874459 Franck Boston; 211081186 LovePHY; 244816201 kentoh; 279374651_Marcos Mesa Sam Wordley; 285401465 Black Jack. All images courtesy of shutterstock.com Please get in touch if you want to discuss the accessibility of resources we offer to support delivery of our qualifications: resources.feedback@ocr.org.uk Version 1 11 © OCR 2016 Lesson Element Unit 1: Fundamentals of IT LO5: Understand ethical and operational issues and threats to computer systems Learner Activity Threats and digital security This lesson element will provide you with an opportunity to identify threats to computer systems. You will also look at physical and digital security methods and justify which methods are essential to use. Activity 1 You will be given a number of cards face down. Do not turn them over and look at them until asked to do so. Each player in turn chooses and turns over one card from the image group and then one card from the keywords group. The aim is to match the image card with its keyword card. If there is no match return both cards face down to their original positions. Repeat the process until all images and threats are correctly identified. Activity 2 Write a definition for each of the different types of threats. You can check your understanding using the web page: http://www.itscolumn.com/2012/03/28-types-ofcomputer-security-threats-and-risks/. You can also extend your learning by reading and discussing further threats listed on the web page. Activity 3 You will be given a number of cards face down. Do not turn them over and look at them. Spread out the cards face down on the table. Each player in turn chooses one card and turns it over, then chooses another card and turns it over. The aim is to match each image card with its security method card. If there is no match return both cards face down to their Version 1 12 © OCR 2016 original positions. Repeat the process until all images and security methods are correctly identified. Activity 4 Organise the identified security methods into two groups, Physical Security and Digital Security. Write your results in the table below. Anti-spyware Anti-virus Biometrics Encryption Firewalls Locks Permissions Privacy filters RFID Shredding Tokens Username/password Physical security Version 1 Digital security 13 © OCR 2016 Activity 5 For each threat you have identified in Activity 3, give justifiable reasons for the security methods you would use to prevent or combat the threat. You can use the table provided below to note your answers. The web page https://www.getsafeonline.org/ may also be of assistance with your justifications. Threats and security Threat Phishing Security Justification Hacking Virus Trojan Interception Eavesdropping Data theft Social engineering Activity 6 Share one threat you have identified and justify your reasons to the rest of the class. Version 1 14 © OCR 2016