Career Blade Information-Security-Analyst-Staying-Safe-Online
INFORMATION SECURITY ANALYST:
LESSON PLAN OVERVIEW
Career: Information security analysts plan and put security measures in place to protect a company’s communications and online information from unauthorized access.
Lesson: This lesson plan includes activities to introduce students to the information security analyst career by learning how security analysts help us stay safe online. Students will learn about ways to spot unsafe websites and phishing messages. They will also participate in a research project to identify the best ways to stay safe when they are online.
Grade Level: Middle Grades
Learning Objectives:
〉 Students will explore the career of information security analyst and learn how analysts protect computer systems and data from being hacked.
〉 Students will complete an activity to spot and identify unsafe websites and phishing messages.
〉 Students will conduct a research project to identify ways to stay safe on the internet and prepare a Public Information Program to educate others.
〉 Students will gain an insight into the information security analyst profession, including common job tasks, salary, career pathway, and credentials required to perform the job.
Materials Needed:
Activity #1: Creating a Cipher
〉 Student Worksheet: Let’s Go Phishing!
Activity #2: How to Stay Safe Online
〉 Student Worksheet: Using Information Campaigns to Prevent Cyberattacks
〉 Access to computers for internet research
TEACHER GUIDE
Lesson Instructions: The following lesson plan illustrates some of the basic skills, concepts, and procedures used by information security analyst in their daily work. Begin the lesson by reading the Class Message below to your students, then have them watch the recommended career video. Afterwards, facilitate a discussion using the Class Questions listed below.
After the discussion, students will work on two activities. Each activity has a printable worksheet with student instructions and areas to record their work. Have students read their worksheets before beginning each activity.
You should also familiarize yourself with the student worksheets to provide assistance when needed and to help in facilitating the discussion that ends each activity.
Class Message: Today, we are going to explore the career of information security analyst. How many of you are on social media, play games or use apps on a cell phone or tablet? Each time you log into a game, website, or device, someone could be attempting to hack your device or your account information. It is the job of an Information Security Analyst to protect customer accounts, computer systems, and programs and block unauthorized access to online systems.
This lesson will introduce you to the career of information security analyst by learning how to keep your personal data safe when online. You will learn how to spot and identify unsafe websites and phishing messages. You will also conduct research into ways to stay safe on the internet that can be shared with other people.
Let’s watch this short video to learn more about the role of information security analysts and how they work to protect us from hackers.
Class Discussion Questions:
〉 How many of you are on social media sites? How do you know these sites are safe? Allow students to share their personal experience using online sites.
〉 What do you do to stay safe online? Possible responses: I setup my security preferences for social media sites, I trust the site security, I don’t share my passwords, etc.
〉 How do you know someone isn’t stealing your personal information online? Possible responses: I use internet security software, I only use secure sites, etc.
〉 Have you ever heard the word, phishing? What does it mean? Possible response: phishing is when someone you do not know tries to trick you into giving them access to your device.
Activities Overview: This lesson plan includes two student activities. In Activity #1, students will learn how to spot and identify unsafe websites and phishing messages. In Activity #2, students will perform a research project to identify ways to stay safe on the internet to educate others.
Read and familiarize yourself with the student worksheet for each activity.
Activity #1: Let’s Go Phishing!
This activity teaches students how to look for unsecure websites and spot potential phishing messages.
Activity Instructions:
〉 Handout the student worksheet.
〉 Facilitate an introduction to the activity
〉 After completion, facilitate a discussion using the questions for the activity.
Read each scenario and check if it is safe or unsafe.
Safe Unsafe
X
Suzie receives an email message from her best friend, Stacey. The email says, “Hi Suzie! I just clicked on the attached link and won a trip to Disney World! Click on the link to see if you can win the trip and go with me!!!”
Mark receives a call on his cell phone from an unidentified caller. He answers the call anyway. The caller says, “Hi Mark, I’m Scott from Tele Mobile. Someone has hacked into your cell phone account and we need to verify your login and password.”
X http://gotothemovies.com
X Ashley receives a text from her friend, Tiffany. The text says, “Hey Ash, my mom said you can spend the night tonight and we can go to the mall. Text me back soon!
X https://staysafeonline.org
X
Jonathan is on social media and receives a private message from another guy in his English class. The message says, “Hey, I just watched the attached video and it’s hilarious, you have got to watch it!”
Read the messages below and check if it is a phishing message or safe. If phishing, circle the things in the message that appear to be suspect.
Safe Phishing
X
X
You receive the following flier in your home mailbox, “Hi Neighbor, Jumping World just recently opened for business in the Town Square area and you are invited to our Open House on May 5th. We will have food, drinks, and of course, free entry to our facility. Come join us for a day of family fun!”
You receive the following email, “Congratulations, you have won the grand prize from our drawing. Please click the link below and enter this number, 56A9D, to claim your prize.” X
You receive the following text, “Welcome students, we are excited to have you as a student at Tennessee Middle. We have received notification that some student email accounts may have been hacked and need for you to click the link below to make sure your account was not affected. Please click the link and enter your Student ID and Password where indicated.”
Activity Discussion:
〉 Have any of you or anyone you know received possible phishing messages? What made you think it was a phishing message? Allow students to share their experience.
〉 Did you find it difficult to determine which messages were real and which were phishing? What made it difficult? Allow students to share their experience.
〉 What are some other ways you can be safe on the internet? Possible responses: Do not respond to people you don’t know. Don’t click on links sent to you unless you know you can trust the sender. Think before answering a message. Check with a parent or an adult if you’re not sure a website is legitimate.
Activity #2: How to Stay Safe Online
Students will perform a research project to identify the Top 10 ways to stay safe on the internet and prepare a Public Information Program to educate other students on how to stay safe online.
Activity Results: This activity challenges students to create a public information program to help others protect their data and devices from a cyber attack.
Activity Instructions:
〉 Hand out student worksheet.
〉 Assign students to groups.
〉 Facilitate an introduction to the activity
〉 Students can create a top ten list, design a flyer, or create a PowerPoint to share what they found about staying safe online.
〉 After completion, facilitate a discussion of the questions for the activity
Activity Discussion:
〉 What internet safety tips will you start using on your devices? Allow students to share their research results.
〉 From your research, which internet safety tip surprised you the most? Allow students to share their research results.
〉 What do you think is the most important tip for staying safe on the Internet? Possible responses: don’t click on links you’re not sure of; only access websites with https web addresses; keep security software up to date.
CAREER INSIGHT
Career Highlight: This lesson plan highlights some of the skills information security analysts use daily to protect data and sensitive information from attacks. See the Employers in My Area section to contact businesses and organizations in your area about classroom demonstrations, on-site visits, or other additional career exposure opportunities.
Featured Career:
Information Security Analyst
Career Descriptions: Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyber attacks continue to increase.
Information security analysts perform the following job tasks:
〉 Monitor their organization’s networks for security breaches and investigate a violation when one occurs
〉 Install and use software, such as firewalls and data encryption programs, to protect sensitive information
〉 Prepare reports that document security breaches and the extent of the damage caused by the breaches
〉 Conduct penetration testing, simulated attacks used to identify weaknesses in their systems before they can be exploited
〉 Research the latest information technology (IT) security trends
〉 Develop security standards and best practices for their organization
〉 Recommend security enhancements to management or senior IT staff
〉 Help computer users install security products and learn new security procedures.
Information security analyst are heavily involved with creating their organization’s disaster recovery plan, a procedure that IT employees follow in case of emergency. These plans allow for the continued operation of an organization’s IT department. The recovery plan includes preventive measures such as regularly copying and transferring data to an offsite location. It also involves plans to restore proper IT functioning after a disaster. Analysts continually test the steps in their recovery plans.
Information security analysts must stay up to date on IT security and the latest ways hackers are infiltrating computer systems. Analysts need to research new security technology to decide what will most effectively protect their organization.
Most information security analysts work full time. They sometimes have to be on call outside of normal business hours in case of an emergency. Some work more than 40 hours per week.
Other Names for this Career: Data Security Administrator, Security Analyst, Information Security Officer, Systems Analyst, Information Security Specialist, Information Systems Security Analyst, Information Technology Specialist, Information Systems Security Officer, Network Security Analyst, Information Technology Security Analyst (IT Security Analyst)
STANDARDS ALIGNMENT
Activity #1: Let’s Go Phishing
English Language Arts Standards
READING STANDARDS: Range of Reading and Level of Text Complexity
Make inferences in increasingly complex text and logically explain their thinking behind the inferences;
〉 Read and comprehend a variety of literary nonfiction at the high end of the grades 68 text complexity band independently and proficiently.
〉 Determine the meaning of words and phrases as they are used in a text, including figurative, connotative, and technical meanings; analyze the impact of a specific word choice on meaning and tone, including analogies and allusions to other texts.
Activity #2: How to Stay Safe Online
〉 Conduct research to answer a question (including a self-generated question), drawing on multiple sources and generating additional related, focused questions that allow for multiple avenues of exploration.
〉 Support interpretations, analyses, reflections, or research with evidence found in literature or informational texts, applying grade 8 standards for reading; assess whether the reasoning is sound and the evidence is relevant and sufficient to support the claims and recognize when irrelevant evidence is introduce
〉 Demonstrate command of the conventions of standard English grammar and usage.
〉 Demonstrate command of the conventions of standard English capitalization, punctuation, and spelling.
〉 When writing and speaking, choose precise language to express ideas concisely.
Science and Engineering Practices
〉 Constructing explanations and designing solutions to explain phenomena or solve problems.
〉 Engaging in argument from evidence to identify strengths and weaknesses in a line of reasoning, to identify best explanations, to resolve problems, and to identify best solutions.
School Counseling Model and Standards Policy
〉 Appropriately utilize social media to enhance learning, develop positive relationships, communicate, and engage in age appropriate entertainment
〉 Develop and practice effective technology skills
〉 Demonstrate critical thinking and decision-making skills to make informed decisions
〉 Communicate effectively using oral, written, and listening communications skills
〉 Exercise personal safety skills
EDUCATOR RUBRIC
ACTIVITIES #1 AND #2
ITEM Does Not Meet Expectations
Research
Public Information Program Presentation
The group’s research was based on less than 3 sources and lacked detail to support their decisions on the top 10 ways to stay safe on the internet.
Meets Expectations Exceeds Expectations
The group had 3 resources documented and had adequate support and understanding for their top 10 ways to stay safe on the internet
The presentation indicated a lack of understanding of the task through their lack of detailed explanation. The presentation was clear and concise and demonstrated a complete and thorough understanding of the task through the addition of supporting details and explanation. The presentation was informative.
Team Work Student did not work well in their team.
Student worked will in their team and contributed equally.
The group documented 5 or more resources and had excellent detailed support and understanding for their top 10 ways to stay safe on the internet.
The presentation was clear and concise and demonstrated a complete and thorough understanding of the task through the addition of supporting details and explanation and included nuances not captured easily by other groups. The presentation was convincing and informative.
Student worked well in their team, contributed equally, and exhibited leadership.
Introduction: In this activity, you will learn some basic things you can do to stay safe online and practice spotting potentially unsafe websites and phishing messages.
Only Use Secured Websites
When accessing websites on the Internet, look for secured sites. If the web address starts with “http,” this is an unsecured website. If the web address starts with https, the website is secure.
Malicious Email Messages
A malicious email message can look like it came from a website you visit often or even from a friend. It often urges you to click on a link to win a prize or watch a video. If you are unsure whether an email is real, either contact the company or friend to verify the email is legitimate or delete it. Do not click on a suspicious link.
Spam Email Messages
Spam is the electronic version of junk mail. Again, if it is something you did not request or order, do not click the link. Delete the email.
Phishing Messages or Links
Phishing attacks use email, social media sites, and website links that collect your personal information or infect your device with malware, spyware, viruses, and botnets. These are harmful programs that can infect other devices connected to the infected device. To spot a phishing message, examine the email address. Look for misspelled words or wording that doesn’t make sense. If it looks suspicious, don’t click on any links and delete the message.
Spyware
Spyware can be downloaded onto your device without your permission, usually when you visit an unsafe website, click a link, or open an attachment. Spyware can track your online movements and steal your passwords and other information.
Botnets
Botnets are networks of computers infected by malware that are controlled by criminals, usually for financial gain. Botnets are designed to harvest data such as logins and passwords, Social Security numbers, credit card numbers, and other personal information.
How to Protect Your Devices
〉 When in doubt, delete it. Links in emails, tweets, posts, and online advertising are how cybercriminals try to access your information. If it looks suspicious, delete it and mark the message as spam or block the user.
〉 Think before you act. Be careful when the message asks you to act immediately, offers you something that is too good to be true, or asks for personal information.
〉 If possible, make passwords a phrase or sentence. Passwords should be at least 12 characters long. Create a different password for every account.
〉 Use locking on your devices. Use the built-in security to lock your devices with a password. This keeps others from getting access to your devices.
Activity Description: Now that you have learned some things you can do to stay safe online, let’s practice spotting some possible unsafe websites, phishing messages, and links.
Activity Procedure:
Read each scenario and check whether the message is Safe or Unsafe.
Safe Unsafe
Suzie receives an email message from her best friend Stacey. The email says, “Hi Suzie! I just clicked on the attached link and won a trip to Disney World! Click on the link to see if you can win the trip and go with me!!!”
Mark receives a call on his cell phone from an unidentified caller. He answers the call anyway. The caller says, “Hi Mark, I’m Scott from Tele Mobile. Someone has hacked into your cell phone account and we need to verify your login and password.”
http://gotothemovies.com
Ashley receives a text from her friend, Tiffany. The text says, “Hey Ash, my mom said you can spend the night tonight and we can go to the mall. Text me back soon!
https://staysafeonline.org
Jonathan is on social media and receives a private message from another guy in his English class. The message says, “Hey, I just watched the attached video and it’s hilarious, you have got to watch it!”
Read the messages below and check whether if it is a phishing message or safe. If phishing, circle the items in the message that appear to be suspect.
Safe Phishing
You receive the following flier in your home mailbox, “Hi Neighbor, Jumping World just recently opened for business in the Town Square area and you are invited to our Open House on May 5th. We will have food, drinks, and of course, free entry to our facility. Come join us for a day of family fun!”
You receive the following email, “Congratulations, you have won the grand prize from our drawing. Please click the link below and enter this number, 56A9D, to claim your prize.”
You receive the following text, “Welcome students, we are excited to have you as a student at Tennessee Middle. We have received notification that some student email accounts may have been hacked and need for you to click the link below to make sure your account was not affected. Please click the link and enter your Student ID and Password where indicated.”
Activity Discussion:
〉 Have any of you or anyone you know received possible phishing messages? What made you think it was a phishing message?
〉 Did you find it difficult to identify which messages were real and which ones were phishing? What made it difficult?
〉 What are some other ways you can be safe on the internet?
ACTIVITY #2: HOW TO STAY SAFE ONLINE
Introduction: Information security analysts are responsible for protecting a company’s computer networks by researching and applying methods to prevent attacks and hackers from accessing company and customer information. These security measures also protect individuals when they use a company’s website, play games online, or communicate with friends.
Activity Description: This activity challenges students to identify the Top 10 ways to stay safe on the internet and create a Public Information Program to educate other students on how to stay safe online.
Activity Procedure: Individually or in teams, research the internet to identify the top 10 ways to stay safe online. Next, develop a Public Information Program to share your findings with other students.
RESEARCH WAYS TO STAY SAFE ON THE INTERNET
Search for information on how to stay safe when communicating with others and accessing websites on the Internet.
Here are some links to get you started:
Cybersecurity 101 (http://tn-caps.com/r/68NS1)
Cyber Protection Starts with Us (http://tn-caps.com/r/68NS2)
〉 What can you do to make sure your internet connection is secure?
〉 How can you tell if you are on a secure website?
〉 What can you do to protect yourself online against identity theft?
〉 What are some things you can do to prevent having your devices hacked?
Discuss these questions in your group and assign a team member to take notes.
CREATE A PUBLIC INFORMATION PROGRAM TO HELP OTHER STUDENTS STAY SAFE ON THE INTERNET
Using the information from your research, select the Top 10 ways to stay safe on the internet.
Next, create a Public Information Program presentation based on your findings to present to the class. Your presentation could include a demonstration of a safe practice, a poster display, a PowerPoint presentation, flyer, or other way to present your findings. Be creative!
Assign a team member to document your Top 10 ways to stay safe on the internet and ideas for sharing the information in a presentation below:
Assign a team member to deliver your presentation to the class.
Activity Discussion:
〉 What internet safety tips will you start using on your devices?
〉 From your research, which internet safety tip surprised you the most?
〉 What do you think is the most important tip for staying safe on the internet?
