Career Blade Information-Security-Analyst-Battling-Cyberattacks-and-Hackers
INFORMATION SECURITY ANALYST: BATTLING CYBERATTACKS
AND HACKERS
LESSON PLAN OVERVIEW
Career: Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems from unauthorized access. Their responsibilities are continually expanding as the number of cyberattacks increases
Lesson: This lesson plan includes activities to introduce students to the information security analyst career by learning some of the concepts and skills used by security analysts.
Grade Level: High School
Learning Objectives:
〉 Students will explore the role of information security analysts in protecting computer systems and data from being hacked.
〉 Students will learn about encryption algorithms and create a cipher.
〉 Students will research and discuss current methods of preventing hacking and cyberattacks and will complete a strategic planning exercise to create a public information program to help others practice better online security.
〉 Students will also gain an insight into the information security analyst profession, including common job tasks, salary, career pathway, and credentials required to perform the job.
Materials Needed:
Activity
Activity #2: Using Information Campaigns to Prevent Cyberattacks
〉 Computer for internet research
〉 Student Worksheet: Using Information Campaigns to Prevent Cyberattacks
TEACHER GUIDE
Lesson Instructions: The following lesson plan illustrates some of the skills, concepts, and procedures used by information security analysts in their daily work. Begin each lesson by reading the Class Message below to your students, then have them watch the recommended career video. Afterwards, facilitate a discussion using the Class Questions listed below.
After the discussion, students will work on two activities. Each activity has a printable worksheet with student instructions and areas to record their work. Have students read their worksheets before beginning each activity.
You should also familiarize yourself with the student worksheets to provide assistance when needed and to help in facilitating the discussion that ends each activity.
Class Message: Today we are going to explore some of the responsibilities and duties of information security analysts, a career within the Information Technology business sector Information security analysts work to protect an organization’s computer and communications networks from security breaches and investigate violations when they occur.
Information security analysts install and use software such as firewalls, security software, and data encryption to protect sensitive information. If a breach occurs, the security analyst is responsible for investigating and documenting the breach to determine the scope of the damage and enact measures to prevent future breaches.
In this lesson, we will learn about some information security concepts and procedures, such as data encryption algorithms and ciphers, how and why computer systems are targeted by cyberattacks, and researching ways to prevent cyberattacks.
Let’s watch this short video to learn more about information security analyst and how they work to protect us from hackers and cyberattacks
Class Discussion Questions:
〉 Have any of you experienced a cyberattack or had your cell phone, tablet, or laptop hacked? If so, share your experience.
〉 Have any of you ever had or known someone whose bank debit card or credit card was hacked? If so, what happened? How was the issue resolved? What was done to protect the card from further attacks?
〉 What do you do to keep your electronic devices protected from cyberattacks?
〉 What are some of the challenges information security analysts may face when combating cyberattacks and hackers?
Activities Overview: This lesson plan includes two student activities. Activity #1 presents the concept of encryption algorithms and challenges students to create a basic cipher. Activity #2 challenges students to research, discuss, and present solutions for preventing cyberattacks.
Read and familiarize yourself with the student worksheet for each activity.
Activity #1: Creating a Cipher
In this activity, students will learn about encryption and types of ciphers and will create a cipher.
Activity Instructions:
〉 Handout the student worksheet.
〉 Facilitate an introduction to the activity
〉 After completion, facilitate a discussion of the questions for the activity.
Activity Discussion:
〉 Did you know that information security analysts have to learn encryption methods to secure the transmission of information?
〉 What would be the consequences if encrypted information was accessed and deciphered by an unauthorized individual?
〉 Would you be interested in becoming an information security analyst? Why or why not?
Activity #2: Creating a Public Information Program to Prevent Cyberattacks
Strategic planning is a way of solving complex problems through a creative process that integrates brainstorming, collaboration, and the possibilities of new technologies and processes. In this exercise, students will use strategic planning techniques to explore ways to better protect their personal information and devices from cyberattacks.
Instructions are shown below, along with handouts that students can use to document their progress in the project. You may decide to extend this project over several class periods in order to let students work in depth to develop their own solutions to problems. This design challenge should take anywhere from 1 to 2 hours or more, depending on the age level and how detailed you expect the results to be. Students may use the suggested online resources in the activity or come up with their own ideas for protecting information and devices from cyberattacks.
Activity Procedure: Students will work groups to research best practices and create a public information program to help others protect their online data and devices.
Activity Instructions:
〉 Hand out the student worksheet.
〉 Assign students to groups.
〉 Facilitate an introduction to the activity
〉 After completion, facilitate a discussion of the questions for the activity.
Activity Results: Students will develop and present their public information program to educate others on how to protect their data and online devices from attacks. The presentation could include a demonstration of a safe practice, a poster display, a PowerPoint presentation, flyer, or other way to present the group’s findings.
Activity Discussion:
〉 During your research, were you able to identify recurring elements in hacking and cyberattacks?
〉 Could you determine how attacks were carried out or deployed?
〉 What do you think makes cyberattack victims susceptible to a security breach?
〉 How will you apply what you learned in this project to protect your online accounts and devices?
〉 Did you enjoy using strategic planning to complete this activity? This method of problem solving can be applied to any problem or issue.
CAREER INSIGHT
Career Highlight: This lesson plan highlights some of the concepts and skills an information security analyst uses on a daily basis to protect sensitive information and systems. See the Employers in My Area section to contact businesses and organizations in your area about classroom demonstrations, on-site visits, or other additional career exposure opportunities.
Featured Career:
Information Security Analyst
Career Descriptions: Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases.
Information security analysts typically perform the following tasks:
〉 Monitor their organization’s networks for security breaches and investigate a violation when one occurs
〉 Install and use software, such as firewalls and data encryption programs, to protect sensitive information
〉 Prepare reports that document security breaches and the extent of the damage caused by the breaches
〉 Conduct penetration testing, simulated attacks analysts use to identify vulnerabilities in their systems before they can be exploited
〉 Research the latest information technology (IT) security trends
〉 Develop security standards and best practices for their organization
〉 Recommend security enhancements to management or senior IT staff
〉 Help computer users install and learn new security products and procedures
Information security analysts are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. These plans allow for the continued operation of an organization’s IT department. The recovery plan includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.
Information security analysts must stay up to date on IT security and on the latest methods hackers use to infiltrate computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization.
Most information security analysts work full time. They sometimes have to be on call outside of normal business hours in case of an emergency. Some work more than 40 hours per week.
Other Names for this Career: Data Security Administrator, Security Analyst, Information Security Officer, Systems Analyst, Information Security Specialist, Information Systems Security Analyst, Information Technology Specialist, Information Systems Security Officer, Network Security Analyst, Information Technology Security Analyst (IT Security Analyst)
EDUCATOR RUBRIC
ACTIVITIES #1 AND #2
ITEM
Creating/Using Cypher
Creating a Public Information Program
Presenting the Solution
Does Not Meet Expectations
Student was unable to write a cypher to encrypt the Benjamin Franklin quote.
Meets Expectations Exceeds Expectations
Student was able to write a Caesar Cipher and/or a Vigenère Cipher to encrypt the Benjamin Franklin quote.
Student was able to create a unique cypher for encrypting the quote from Benjamin Franklin.
Internet Safety in the Real World
Student was unable to complete a public information program to educate and inform others on how to prevent from being the victim of a hack.
Student was unable to give a completed presentation on how to improve internet safety.
Student completed a public information program to educate and inform others on how to prevent from being the victim of a hack.
Student was able to give a presentation on how to improve internet safety.
Student demonstrated originality and creativity designing a unique public information campaign educating others on how to prevent being the victim of a hack.
Student demonstrated originality and creativity in giving a presentation on improving internet safety.
Student did not express or understand how people in different careers work to make the internet safer.
Student is able to express how people in different careers work to make the internet safer.
Student is able to express how people in different careers work to make the internet safer and how this creates a measurable impact on society.
ACTIVITY #1: CREATING A CIPHER
Introduction: First, let’s learn a little about cryptography, encryption, and ciphers. Cryptography involves creating written or generated codes that allow information to be kept secret.
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.
A cipher is an algorithm for performing encryption or decryption. It is a series of well-defined steps that can be followed as a procedure. Most ciphers are based on sophisticated algorithms utilizing mathematical equations.
Here are some common Shift Method ciphers. These types of ciphers utilize the alphabet
The Caesar cipher is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter that is some fixed number of positions up or down the alphabet.
For example, with a right shift of 3, A would be replaced by D, B would become E, and so on as shown in this chart:
Sample Message: Here is an example of a Caesar cipher
Cipher: KHUH LV DQ HADPSOH RI D FDHVDU FLSKHU
The Vigenère cipher is another method of encrypting alphabetic text that is a little more complicated. The cipher is created based on the letters of the Message and a Keyword. Using a 26×26 table with A to Z as the Row heading and Column heading – see the sample table below. This table is usually referred to as the Vigenère Table. The first row of the table has the 26 alphabet letters. Starting with the second row, each row has the letters shifted to the left one position. For example, when B is shifted to the first position on the second row, the letter A moves to the end and so on.
Locate the first letter of the Message in the Column. In this example, it is the letter H. Then locate the row for the first letter of the Keyword (study), which is S. So, the first letter of the Cipher is Z, where the column and row intersect. Continue until all letters in the Message and Keyword have been matched up.
Sample Message: Here is an example of a Vigenère cipher
Keyword: STUDY
Activity Description: In this activity, you will practice creating a cipher utilizing the Caesar cipher, Vigenère cipher, or by coming up with your own cipher method.
Activity Procedure: Write a cipher for the following quote and include the method you used and the key to decipher the message. When done, present your cipher method to the class.
〉 “Tell me and I forget. Teach me and I remember. Involve me and I learn.” Benjamin Franklin
Write your cipher for the quote, the cipher method used, and the key to decipher the message below:
Activity Results: You created a cipher for the quotation from Benjamin Franklin and shared it with the class, explaining the method you used to develop the cipher
Activity Discussion:
〉 Did you know that information security analysts have to learn encryption methods to secure the transmission of information?
〉 What would be the consequences if encrypted information was accessed and deciphered by an unauthorized individual?
〉 Would you be interested in becoming an information security analyst? Why or why not?
ACTIVITY #2: CREATING A PUBLIC INFORMATION PROGRAM TO PREVENT CYBERATTACKS
Introduction: Today, we are going to research and learn more about cyberattacks, what they are, why they are a problem, and some solutions for preventing and combatting cyberattacks.
Recently, many large companies and government entities have experienced cyberattacks on their computer networks. In some cases, the hackers have accessed personal identifiable information, personal protected information, and important company intellectual property and financial information. Information security analysts are responsible for protecting company computer networks by researching and enacting methods to prevent attackers and hackers from accessing networks
Activity Description: This activity challenges students to create a Public Information Program to help others protect their data and devices.
Activity Procedure: In teams, research and identify ways for combating cyberattacks and hackers and create a Public Information Program to educate others on protecting their data and devices from future attacks
IDEAS FOR PROTECTING DATA AND ONLINE DEVICES FROM CYBERATTACKS
Separate into groups and discuss the following questions:
〉 Have you or someone you know ever had a device hacked such as a cell phone, tablet, laptop, or gaming console? If so, share the experience with your group.
〉 Brainstorm some ideas for preventing hackers and cyberattacks.
Discuss these questions in your group and assign a team member to take notes:
RESEARCH FOR SOLUTIONS TO PREVENT CYBERATTACKS
Next, using the internet, search for information on preventing cyberattacks and hacking.
Here are some links to get you started:
〉 10 Steps to Improve Your Online Security (http://tn-caps.com/r/92NS1)
〉 10 Ways to Protect Your Privacy Online (http://tn-caps.com/r/92NS2)
〉 10 Ways to Protect Against Hackers (http://tn-caps.com/r/92NS3)
Consider these questions:
〉 What are some things you can do to prevent having your device hacked?
〉 Identify precautions you can take to help protect your personal data.
Discuss research in your group and assign a team member to take notes below:
CREATE A PUBLIC INFORMATION PROGRAM TO HELP PREVENT HACKING AND CYBERATTACKS
Using the information from your group discussion and research, develop a Public Information Program to educate and inform others on how to prevent being hacked.
Create a presentation on your Public Information Program to present to the class. Your presentation could include a demonstration of a safe practice, a poster display, a PowerPoint presentation, flyer, or other way to present your findings. Be creative!
Use the space below to sketch out your presentation:
Assign a team member or team members to present your information program to the class
Activity Discussion:
〉 During your research, were you able to identify recurring elements in hacking and cyberattacks?
〉 Could you determine how attacks were carried out or deployed?
〉 What do you think makes cyberattack victims susceptible to a security breach?
〉 How will you apply what you learned in this project to protect your online accounts and devices?
〉 Did you enjoy using strategic planning to complete this activity? This method of problem solving can be applied to any problem or issue.
