Technologies · Year 10

Active learning ideas

Cybersecurity Best Practices for Individuals

Active learning works for this topic because cybersecurity habits form through repetition, not just listening. Students need to feel the tension of a phishing email, see the gaps in their own password habits, and experience the relief of finding a real software update that closes a known flaw.

ACARA Content DescriptionsAC9DT10P01
25–40 minPairs → Whole Class4 activities

Activity 01

Role Play40 min · Small Groups

Audit Station: Device Security Checklists

Students rotate through stations to assess passwords, update status, browsing history, and two-factor setups on their devices. They document findings on a checklist template and brainstorm fixes. Groups compare results and prioritize actions.

Develop a personal cybersecurity checklist for online safety.

Facilitation TipFor Audit Station, provide real devices or lab simulations so students can physically check settings like MFA and update status.

What to look forProvide students with a scenario: 'You receive an email asking you to click a link to verify your account details immediately.' Ask them to write two sentences explaining why this might be a phishing attempt and one action they should take instead.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 02

Role Play30 min · Pairs

Role-Play: Phishing Defense Scenarios

Pairs draw phishing email examples and act out responses: one sends the lure, the other identifies red flags and reports it. Switch roles, then debrief safe habits like verifying senders. Class votes on best defenses.

Analyze the risks associated with public Wi-Fi networks.

Facilitation TipIn Phishing Defense Scenarios, give students actual phishing examples from email archives so they practice spotting real-world tricks.

What to look forDisplay a list of password examples (e.g., 'password123', 'MyDogSpot!', 'QwertY789'). Ask students to identify which passwords are weak and explain in one sentence why, referencing criteria like length, complexity, and predictability.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 03

Role Play35 min · Small Groups

Hunt Game: Update Vulnerability Research

In small groups, students use safe search tools to find recent vulnerabilities patched by updates. They check school device update status, justify patching urgency, and create posters warning of risks.

Justify the importance of regular software and operating system updates.

Facilitation TipDuring Update Vulnerability Research, assign each pair a CVE database entry so they connect a specific flaw to a patch.

What to look forPose the question: 'Imagine you are traveling and need to check your email at an airport. What are the biggest risks of using the public Wi-Fi, and what steps can you take to minimize them?' Facilitate a class discussion, guiding students to mention risks like data sniffing and suggest solutions like VPNs.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

Activity 04

Role Play25 min · Pairs

Debate Pairs: Public Wi-Fi Risks

Pairs prepare arguments for and against using public Wi-Fi for tasks like banking. They present evidence on interception risks, propose VPN solutions, and vote on safest practices after whole-class discussion.

Develop a personal cybersecurity checklist for online safety.

Facilitation TipIn Debate Pairs, require students to cite at least one source per argument to move beyond gut feelings.

What to look forProvide students with a scenario: 'You receive an email asking you to click a link to verify your account details immediately.' Ask them to write two sentences explaining why this might be a phishing attempt and one action they should take instead.

ApplyAnalyzeEvaluateSocial AwarenessSelf-Awareness
Generate Complete Lesson

A few notes on teaching this unit

Effective teaching avoids assuming students know why updates matter beyond 'it’s annoying.' Start with a quick demonstration of a real exploit, like a ransomware screen capture, to show the cost of inaction. Avoid lecturing about multi-factor authentication—instead, have students enable it on their own devices and troubleshoot the steps together. Research shows hands-on experience with real risks shifts behavior more than warnings alone.

Successful learning looks like students confidently explaining why a password is weak, pausing before clicking suspicious links, and updating devices without reminders. They should also back up claims with evidence from the activities, not just opinions.

Watch Out for These Misconceptions

  • During Audit Station, watch for students who assume antivirus software alone fully protects devices from all cyber threats.

    Use the Device Security Checklists to guide students through testing multiple defenses: scan for malware, review password strength, and inspect update status. When they find gaps, ask them to add a note explaining why each layer matters.

  • During Debate Pairs, watch for students who believe public Wi-Fi is secure if it requires a password to join.

    During the debate, provide a Wi-Fi interception simulation tool (like Wireshark) to show how data travels unencrypted even on password-protected networks. Have students revise their arguments based on the evidence they collect.

  • During Update Vulnerability Research, watch for students who think software updates mainly add new features and can be skipped if the device works fine.

    Assign each pair a CVE database entry tied to a real exploit. Ask them to trace how skipping an update led to a breach, then present their findings to the class using the research hunt materials.

Methods used in this brief

More in Networks and the Invisible Web

Introduction to Computer Networks

Exploring the fundamental concepts of networks, including types (LAN, WAN), topologies, and the benefits of networked systems.

2 methodologies

Network Hardware and Components

Identifying and understanding the function of key network devices such as routers, switches, modems, and access points.

2 methodologies

Network Protocols and Data Transmission

Understanding how data is packetized and routed across the internet using TCP/IP and other protocols.

2 methodologies

The OSI Model and TCP/IP Stack

Exploring the layered architecture of network communication, understanding how data flows through different protocol layers.

2 methodologies

IP Addressing and DNS

Learning about IP addresses (IPv4 and IPv6), subnetting, and the Domain Name System (DNS) for naming and locating resources.

2 methodologies