Computer Science · 10th Grade · Cybersecurity and Digital Defense · Weeks 28-36

Introduction to Cybersecurity Threats

Students identify common cybersecurity threats such as malware, phishing, and denial-of-service attacks.

Common Core State StandardsCSTA: 3A-NI-05CSTA: 3A-NI-07

About This Topic

Threat modeling and vulnerabilities shift the focus from how systems work to how they can be broken. In 10th grade, students learn to think like both a defender and an attacker to identify risks. This topic covers technical exploits, like SQL injection, and human-centric risks, like social engineering. This aligns with CSTA standards for identifying and mitigating security risks.

By understanding the 'attack surface' of a system, students learn that security is not a one-time setup but an ongoing process. They also explore the ethics of 'white hat' hacking and the responsibility of disclosing vulnerabilities. This topic comes alive when students can physically map out the entry points of a system and debate the most likely threats in a given scenario.

Key Questions

  1. Differentiate between various types of malware.
  2. Analyze the characteristics of a phishing attempt.
  3. Explain how a denial-of-service attack impacts network availability.

Learning Objectives

  • Classify common types of malware, including viruses, worms, and ransomware, based on their propagation and impact.
  • Analyze the key components of a phishing email or message to identify deceptive tactics.
  • Explain the mechanism by which a denial-of-service attack disrupts network services and affects user access.
  • Compare the defensive strategies used to mitigate malware infections and phishing attempts.

Before You Start

Basic Computer Networking Concepts

Why: Understanding network protocols and how data travels is essential for comprehending DoS attacks and network vulnerabilities.

Introduction to Computer Systems and Software

Why: Knowledge of how software operates and interacts with hardware is foundational to understanding malware infection and execution.

Key Vocabulary

MalwareShort for malicious software, this includes viruses, worms, trojans, and ransomware designed to harm or exploit computer systems.
PhishingA social engineering tactic where attackers impersonate trusted entities via email, text, or calls to trick individuals into revealing sensitive information.
Denial-of-Service (DoS) AttackAn attack that overwhelms a target system or network with traffic, making it unavailable to legitimate users.
RansomwareA type of malware that encrypts a victim's files, demanding a ransom payment for the decryption key.
Trojan HorseMalware disguised as legitimate software, which, when executed, allows attackers to gain unauthorized access or cause damage.

Watch Out for These Misconceptions

Common MisconceptionCybersecurity is only about strong passwords and firewalls.

What to Teach Instead

The human element is often the weakest link. Social engineering role plays help students realize that technical defenses can be bypassed by simply tricking a person into giving up access.

Common MisconceptionHackers are always 'bad' people in hoodies.

What to Teach Instead

Many hackers are 'ethical hackers' who work for companies to find and fix bugs. Discussing the different 'hat' colors (white, gray, black) helps students understand the diverse motivations in the field.

Active Learning Ideas

See all activities

Inquiry Circle: The School's Attack Surface

Groups walk around the school (or a virtual model) to identify potential security vulnerabilities, including physical ones (developed doors) and digital ones (public Wi-Fi). They create a 'Threat Map' and rank the risks by likelihood and impact.

50 min·Small Groups

Role Play: The Social Engineering Challenge

One student plays a 'vishing' (voice phishing) attacker trying to get a password, while the other plays a busy employee. The class observes the tactics used and discusses which psychological triggers (urgency, authority, fear) were most effective.

25 min·Pairs

Think-Pair-Share: Ethical Disclosure

Present a scenario where a student finds a major bug in a popular gaming platform. Pairs must decide: do they tell the company, post it online, or keep it quiet? They must justify their choice based on ethical frameworks and potential consequences.

20 min·Pairs

Real-World Connections

  • Cybersecurity analysts at major financial institutions like JPMorgan Chase constantly monitor for and defend against phishing campaigns targeting customers and employees to prevent account fraud.
  • Network administrators for cloud service providers such as Amazon Web Services (AWS) implement sophisticated defenses to prevent large-scale denial-of-service attacks that could disrupt services for millions of users.
  • Forensic investigators use specialized tools to analyze malware samples recovered from compromised systems, tracing the origin and method of infection for organizations like the FBI.

Assessment Ideas

Quick Check

Present students with three short scenarios describing cyber incidents. Ask them to identify the primary threat type (malware, phishing, DoS) for each and briefly explain their reasoning.

Discussion Prompt

Facilitate a class discussion using the prompt: 'Imagine you receive an urgent email from your bank asking you to click a link and verify your account details immediately. What are the red flags that suggest this might be a phishing attempt, and what is the safest course of action?'

Exit Ticket

On an index card, have students define one cybersecurity threat (malware, phishing, or DoS) in their own words and provide one specific example of how it could impact an individual or organization.

Frequently Asked Questions

What is social engineering in cybersecurity?
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It relies on human error and trust rather than technical software exploits to gain access to secure systems.
What is a 'Zero-Day' vulnerability?
A Zero-Day vulnerability is a software flaw that is unknown to the developer. It is called 'Zero-Day' because the developer has had zero days to fix it, making it extremely dangerous if discovered by attackers first.
How do I protect myself from phishing?
Always check the sender's email address, look for urgent or threatening language, and never click on suspicious links or download unexpected attachments. When in doubt, contact the person or company directly through a known, official channel.
How can active learning help students understand threat modeling?
Active learning, like the 'Attack Surface' investigation, turns security from an abstract concept into a tangible problem-solving exercise. When students physically look for weaknesses, they begin to see the world through a 'security lens.' This proactive mindset is much more effective for long-term retention than simply memorizing a list of common threats.

More in Cybersecurity and Digital Defense

Social Engineering Tactics

Students learn about social engineering techniques and how human psychology is exploited in cyberattacks.

2 methodologies

Common Software Security Flaws

Students identify common software security flaws and understand how they can be exploited, focusing on prevention.

2 methodologies

Introduction to Cryptography

Students learn the basic principles of cryptography, including symmetric and asymmetric encryption.

2 methodologies

Digital Signatures and Certificates

Students learn how digital signatures verify authenticity and integrity, and the basic role of digital certificates in trust.

2 methodologies

Authentication and Authorization

Students learn about different authentication methods (passwords, biometrics, MFA) and authorization principles.

2 methodologies

Incident Response Planning

Students develop an understanding of the steps involved in responding to a cybersecurity incident or data breach.

2 methodologies