Lesson Plan

Course:

Principles of Cybersecurity

Lesson:

Conduct and Ethics in a Digital World

Intensity:

Low

Duration:

1.0 hour

LEARNING OBJECTIVES

  • Recognize a social engineering attack

  • Restate examples of personal identifiable information

  • Give examples of ethical violations

  • Give examples of proper reporting authorities

  • Recite code of conduct

SUMMARY OF TASKS

Social Engineering Exercise

  • Ask a student what their middle name is

  • Ask a student what their birthday is

  • Ask a student what their pet's name is

  • Ask a student where they were born

  • Define social engineering

    • Psychological manipulation to get someone to divulge confidential information

    • The questions that you were just asked are typical banking website security questions

Proper Conduct

  • Understanding information security is paramount

    • What is Personal Identifiable Information (PII)

      • Birthday

      • Parents' information

      • Address

      • Social Security Number

    • Don't give out PII to anyone who doesn't need it

    • Don't post about activities until after they happen

      • Vacations

      • Deployments

      • CAP missions

    • Respect others digital persona

      • Posted pictures with friends could compromise their security

        • Are they on vacation

        • Could someone be monitoring you to get to them

      • Victims of crimes could be hiding from their attackers

        • Don't post pictures that could compromise their location

  • Bottom Line

    • Keep private data private

    • Be respectful of each other

    • Think before you post, text, share

OPSEC

  • Define Operational Security (OPSEC)

    • 5-step process

      • ID Critical Information

      • Analysis of threats

      • Analysis of vulnerabilities

      • Assessment of risk

      • Apply appropriate measures

    • One or two minor details could be combined to uncover a major operation

      • Example: A picture of a crash scene

        • Just a picture to some

        • EXIF data gives GPS coordinates and time when picture was taken

Ethics

  • Define ethics

    • How humans define right or wrong conduct

  • Cyberspace may seem like the wild west

  • It's our duty to not: lie, cheat, or steal

    • Lie

      • Impersonate someone

      • Give false information

    • Cheat

      • Hack a voting machine to change an election

      • Break into school computer to change grades

    • Steal

      • Pirate software

      • Use the Internet to illegally take money

  • Discuss forensic procedures

    • Define Locards Exchange Principle

    • We can leave digital fingerprints

    • Law enforcement can use these to incriminate you

    • Just because you "clean your browser history" doesn't mean you're safe to commit a crime

  • It's our duty to report wrong doing

    • Report to your mentors/teachers

    • Report to your parents

  • Most cybersecurity certifications require a code of conduct

    • Violators may loose their certifications

    • Violators may loose their security clearance (government)

  • Read your course code of conduct

EVALUATION CRITERIA

Students will take a five question quiz for this module

RESOURCES

School Code of Conduct

REFERENCES

Social Engineering - Wikipedia Ethics - Wikipedia Locards Exchange Principle - Wikipedia Operations Security - Wikipedia

PreviousQuizNextCode of Ethics

Last updated