Computer Science · Grade 10

Active learning ideas

Cyber Threats and Vulnerabilities

Active learning works for cyber threats because students need to experience the impact of real-world risks to grasp their urgency. Hands-on simulations and collaborative tasks build confidence in identifying vulnerabilities before they lead to harm. This approach shifts cybersecurity from abstract theory to tangible, memorable lessons.

Ontario Curriculum ExpectationsCS.HS.S.1CS.HS.S.2
30–50 minPairs → Whole Class4 activities

Activity 01

Case Study Analysis35 min · Pairs

Phishing Identification Relay: Email Sort

Provide 20 sample emails printed or digital. Pairs sort them into phishing or legitimate piles within 10 minutes, noting red flags like urgent language or suspicious links. Debrief as a class to vote on borderline cases and share strategies.

Differentiate between various types of cyber threats and their attack vectors.

Facilitation TipDuring Phishing Identification Relay, assign each pair a unique email set so they can’t copy answers from peers.

What to look forPresent students with short scenarios describing a potential cyber incident. Ask them to identify the primary cyber threat involved (e.g., phishing, malware) and one specific vulnerability that allowed the incident to occur. For example: 'An employee clicks a link in an email and their computer starts acting strangely. What threat and vulnerability are most likely?'

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 02

Case Study Analysis45 min · Small Groups

Vulnerability Audit Stations: System Scan

Set up stations with checklists for passwords, updates, and access controls. Small groups rotate, auditing sample devices or policies, then propose fixes. Groups present one key finding to the class.

Analyze how human factors contribute to cybersecurity vulnerabilities.

Facilitation TipAt Vulnerability Audit Stations, rotate student roles every 5 minutes to keep engagement high and avoid dominance by a few voices.

What to look forFacilitate a class discussion using the prompt: 'Imagine our school's network is hit by a ransomware attack. What are three immediate consequences for students and teachers, and what steps should the IT department take first?' Encourage students to consider data access, learning disruption, and communication.

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 03

Case Study Analysis50 min · Small Groups

Threat Impact Simulation: Role-Play Attack

Assign roles: attackers, defenders, victims. Small groups plan a phishing or malware scenario, execute it safely, then switch to mitigate. Reflect on impacts via shared digital board.

Predict the potential impact of a successful cyberattack on individuals and organizations.

Facilitation TipFor Threat Impact Simulation, debrief immediately after the role-play to capture emotional reactions before they fade.

What to look forProvide students with a list of common cyber threats and vulnerabilities. Ask them to choose one threat and explain in 2-3 sentences how a specific vulnerability makes that threat more effective. For instance: 'Explain how weak passwords contribute to the success of brute-force attacks.'

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

Activity 04

Case Study Analysis30 min · Small Groups

Cyber Threat Mind Map: Collaborative Build

In small groups, students start with a central node for cyber threats and branch to types, vectors, vulnerabilities. Add examples and impacts using digital tools like Jamboard. Merge maps class-wide.

Differentiate between various types of cyber threats and their attack vectors.

Facilitation TipDuring Cyber Threat Mind Map, pause after 10 minutes to highlight connections students missed before they add more branches.

What to look forPresent students with short scenarios describing a potential cyber incident. Ask them to identify the primary cyber threat involved (e.g., phishing, malware) and one specific vulnerability that allowed the incident to occur. For example: 'An employee clicks a link in an email and their computer starts acting strangely. What threat and vulnerability are most likely?'

AnalyzeEvaluateCreateDecision-MakingSelf-Management
Generate Complete Lesson

A few notes on teaching this unit

Start with relatable scenarios, like a school’s Wi-Fi outage or a teacher’s compromised account, to ground the topic in real stakes. Avoid overwhelming students with technical jargon; instead, focus on patterns they can recognize across contexts. Research shows that students retain cybersecurity best when they teach it to others, so prioritize peer-led discussions over lectures.

Successful learning looks like students confidently linking specific threats to vulnerabilities and explaining consequences with clear examples. They should demonstrate empathy for victims by proposing layered defenses in discussions. Evidence of growth includes fewer assumptions about technology’s infallibility and more focus on human factors.

Watch Out for These Misconceptions

  • During Phishing Identification Relay, watch for students who assume all suspicious emails are poorly written.

    Use the relay’s peer-created emails to highlight polished phishing attempts. After the activity, ask groups to present one subtle clue they noticed in their most convincing email.

  • During Vulnerability Audit Stations, watch for students who believe one strong password is enough to stop all attacks.

    Have students test a 'strong' password against a mock brute-force tool at the station. The debrief should stress layered defenses like two-factor authentication and password managers.

  • During Threat Impact Simulation, watch for students who assume cyber threats only affect large companies.

Methods used in this brief

More in Networks and the Internet

Introduction to Computer Networks

Understand the basic components of a computer network and different network topologies.

2 methodologies

Network Hardware and Devices

Identify and explain the function of common network hardware components like routers, switches, and modems.

2 methodologies

The Internet: A Network of Networks

Explore the structure and function of the internet as a global network, including its history and key organizations.

2 methodologies

IP Addresses and DNS

Understand how devices are identified on a network using IP addresses and how the Domain Name System (DNS) translates human-readable names.

2 methodologies

TCP/IP and Packet Switching

Analyze the rules that govern how data packets travel across complex networks without getting lost, focusing on TCP/IP.

2 methodologies