Computing · Year 10

Active learning ideas

Network Security Threats: Malware

Active learning transforms abstract malware concepts into tangible experiences. Students model virus spreads, analyze real attacks, and role-play phishing, which builds deeper understanding than lectures alone. These activities make propagation methods and human behaviors visible in ways that static slides cannot.

National Curriculum Attainment TargetsGCSE: Computing - Network Security

25–45 minPairs → Whole Class4 activities

Activity 01

Case Study Analysis30 min · Pairs

Simulation Lab: Virus Spread Model

Provide students with a simple network diagram on paper or digital tool. In pairs, they simulate virus propagation by passing 'infected' cards between nodes, noting spread speed. Discuss controls like firewalls after 10 minutes.

Differentiate between a virus, a worm, and ransomware based on their propagation and impact.

Facilitation TipDuring the Virus Spread Model, circulate and ask guiding questions like 'What happens if a user doesn’t open the infected file?' to surface misconceptions early.

What to look forProvide students with three scenarios describing malware behavior. Ask them to identify the type of malware (virus, worm, ransomware) for each scenario and briefly explain their reasoning based on how it spreads or its impact.

AnalyzeEvaluateCreateDecision-MakingSelf-Management

Generate Complete Lesson

Activity 02

Case Study Analysis45 min · Small Groups

Case Study Rotation: Malware Attacks

Prepare stations with summaries of virus, worm, and ransomware incidents. Small groups rotate, annotating impacts and exploits on worksheets. Groups share findings in a whole-class debrief.

Analyze how malware exploits vulnerabilities in software and human behavior.

Facilitation TipIn the Case Study Rotation, assign roles such as reporter, analyst, or defender to ensure every student contributes insights from their case.

What to look forPose the question: 'Imagine a company's entire customer database is encrypted by ransomware. What are the top three most significant consequences they would face, and why?' Facilitate a class discussion, encouraging students to justify their answers with specific impacts like financial loss, reputational damage, or legal issues.

AnalyzeEvaluateCreateDecision-MakingSelf-Management

Generate Complete Lesson

Activity 03

Case Study Analysis25 min · Individual

Prediction Challenge: Ransomware Scenario

Present an organizational network setup. Individually, students predict ransomware consequences and mitigation steps on templates. Pairs then compare and refine predictions.

Predict the potential consequences of a successful ransomware attack on an organization.

Facilitation TipFor the Ransomware Scenario, provide a timer to pressure-test decision-making and highlight trade-offs between paying ransom and system recovery.

What to look forPresent students with a list of common malware propagation methods (e.g., opening email attachments, downloading pirated software, clicking pop-up ads, exploiting unpatched software). Ask them to categorize each method as primarily exploiting human behavior or software vulnerabilities.

AnalyzeEvaluateCreateDecision-MakingSelf-Management

Generate Complete Lesson

Activity 04

Case Study Analysis35 min · Pairs

Phishing Role-Play: Human Exploits

Assign roles as employees receiving phishing emails. Pairs craft and 'send' mock emails, then switch to identify red flags. Debrief on behavioral vulnerabilities.

Differentiate between a virus, a worm, and ransomware based on their propagation and impact.

Facilitation TipDuring Phishing Role-Play, switch roles halfway so students experience both attacker and victim perspectives, deepening empathy and awareness.

AnalyzeEvaluateCreateDecision-MakingSelf-Management

Generate Complete Lesson

A few notes on teaching this unit

Teachers should use analogies carefully—compare worms to a rolling snowball but clarify that real malware exploits unpatched code, not just curiosity. Prioritize hands-on modeling over passive reading, because malware behavior is dynamic. Research shows students grasp propagation best when they see cause-and-effect in real time, so simulations beat slides. Avoid over-reliance on scare tactics; instead, focus on how defenses like updates and skepticism reduce risk.

Students confidently distinguish malware types by their spread and impact. They explain why some malware succeeds despite antivirus and articulate layered defenses like updates and training. Clear articulation and peer feedback show mastery during simulations and discussions.

Watch Out for These Misconceptions

During Virus Spread Model, watch for students assuming all malware spreads the same way.
Have students annotate their simulation results with sticky notes labeled 'user action' or 'self-replicating' to highlight differences between virus and worm behavior.
During Case Study Rotation, watch for students believing antivirus software stops all malware.
Direct students to examine case study malware samples for notes on zero-day exploits or delayed patching, then discuss why these slip through antivirus.
During Ransomware Scenario, watch for students thinking malware only affects one device.
Ask groups to map the ransomware’s lateral movement on a whiteboard, showing how it jumps across the network to emphasize enterprise-scale impact.

Methods used in this brief

Case Study Analysis

More in Connected Networks

LANs and WANs

Distinguishing between Local Area Networks and Wide Area Networks.

2 methodologies

Network Topologies: Star and Mesh

Comparing Star and Mesh topologies and their advantages/disadvantages.

2 methodologies

Network Hardware: Routers, Switches, WAPs

Understanding the roles of routers, switches, and Wireless Access Points.

2 methodologies

Wired vs. Wireless Connections

Comparing Ethernet and Wi-Fi, including transmission speeds and security.

2 methodologies

The Internet and World Wide Web

Distinguishing between the Internet as infrastructure and the Web as a service.

2 methodologies