Lesson Plan

Course:	Principles of Cybersecurity
Lesson:	Conduct and Ethics in a Digital World
Intensity:	Low
Duration:	1.0 hour

LEARNING OBJECTIVES

• Recognize a social engineering attack

• Restate examples of personal identifiable information

• Give examples of ethical violations

• Give examples of proper reporting authorities

• Recite code of conduct

SUMMARY OF TASKS

Social Engineering Exercise

• Ask a student what their middle name is

• Ask a student what their birthday is

• Ask a student what their pet's name is

• Ask a student where they were born

• Define social engineering

  • Psychological manipulation to get someone to divulge confidential information

  • The questions that you were just asked are typical banking website security questions

Proper Conduct

• Understanding information security is paramount

  • What is Personal Identifiable Information (PII)

    • Birthday

    • Parents' information

    • Address

    • Social Security Number

  • Don't give out PII to anyone who doesn't need it

  • Don't post about activities until after they happen

    • Vacations

    • Deployments

    • CAP missions

  • Respect others digital persona

    • Posted pictures with friends could compromise their security

      • Are they on vacation

      • Could someone be monitoring you to get to them

    • Victims of crimes could be hiding from their attackers

      • Don't post pictures that could compromise their location

• Bottom Line

  • Keep private data private

  • Be respectful of each other

  • Think before you post, text, share

OPSEC

• Define Operational Security (OPSEC)

  • 5-step process

    • ID Critical Information

    • Analysis of threats

    • Analysis of vulnerabilities

    • Assessment of risk

    • Apply appropriate measures

  • One or two minor details could be combined to uncover a major operation

    • Example: A picture of a crash scene

      • Just a picture to some

      • EXIF data gives GPS coordinates and time when picture was taken

Ethics

• Define ethics

  • How humans define right or wrong conduct

• Cyberspace may seem like the wild west

• It's our duty to not: lie, cheat, or steal

  • Lie

    • Impersonate someone

    • Give false information

  • Cheat

    • Hack a voting machine to change an election

    • Break into school computer to change grades

  • Steal

    • Pirate software

    • Use the Internet to illegally take money

• Discuss forensic procedures

  • Define Locards Exchange Principle

  • We can leave digital fingerprints

  • Law enforcement can use these to incriminate you

  • Just because you "clean your browser history" doesn't mean you're safe to commit a crime

• It's our duty to report wrong doing

  • Report to your mentors/teachers

  • Report to your parents

• Most cybersecurity certifications require a code of conduct

  • Violators may loose their certifications

  • Violators may loose their security clearance (government)

• Read your course code of conduct

EVALUATION CRITERIA

Students will take a five question quiz for this module

RESOURCES

School Code of Conduct

REFERENCES

Social Engineering - Wikipedia Ethics - Wikipedia Locards Exchange Principle - Wikipedia Operations Security - Wikipedia