Cybersecurity - Lesson 10: Protecting Data Part 2
Overview
This lesson is a guided tour of multifactor authentication and software updates that students can use to protect their data. Following these discussions, students are introduced to a stimulus question where they will apply their knowledge gained throughout the unit to answer questions about an innovations data, benefits and harms, effects, and security or privacy concerns.
Purpose
This lesson serves two purposes. The first is to provide the final pieces of content students need to know in this unit - related to multifactor authentication and virus scanning software. These are tools students can use to protect the data. The second purpose of this lesson is to introduce students to questions that follow the same format as the questions students will encounter on the AP Multiple Choice Exam. The specific types of questions students will see in this lesson will help prepare them to answer "Single-Select Questions with Reading Passage", or SSQRP. These types of questions show up on the AP Computer Science Principles Multiple Choice Exam and involve a series of questions about a fictitious computing innovation.
Goals
Students will be able to:
- Explain the benefits of multifactor authentication.
- Discuss the benefits of computer virus scanning software and the need for regular updates.
- Thoughtfully answer a stimulus question.
Preparation
- Preview the slides.
- Read through the stimulus question.
Resources
For the students
Supplemental Code.org material
Getting Started (5 minutes)
Remarks
In the previous lesson we discussed how your data is protected through encryption. Today we are going to focus on what you can personally do to keep your data protected.
Prompt: What strategies do you use when creating a good password?
- Note: Make sure students don't reveal any of their current passwords in the discussion!
A good password is easy to remember, but hard for someone else to guess based on knowledge they have about you.
If your password is your dog's name and your birthdate, that's all personal information that someone else might be able to guess!
Discussion Goal
Students should discuss good password management, building off of their knowledge from earlier in the unit. The following slide contains best practices, but your students may have some more concrete suggestions for how they craft complex but memorable passwords.
Activity (35 mins)
Protecting Data (15 mins)
Display: Use the activity slides below or with the slides included with this lessons to guide the discussion on Protecting Data
| Slide | Say |
|---|---|
| Protecting Data | There are things you can do to protect your data. The first one we are going to talk about using multifactor authentication. |
| Single Factor Authentication | When we discussed passwords in the Warm Up, this was an example of single factor authentication. There is one layer of protection, that is centered around something you know: your password |
| Two Factor Authentication Part 1 | Two Factor Authentication: What do you think is another way of protecting your data? In addition to something you know, another layer is something you possess like a phone. Have you ever been required to put a phone number in when getting a password authenticated? Sometimes a text will be sent to your phone with a code to enter in, proving that you are the person who has the phone. This layer means someone who just guesses your password can't get in to your account - they would also need access to your phone. |
| Two Factor Authentication Part 2 | What are the problems with this system? How could it be hacked? Guide the discussion towards the answer that a phone could be stolen or a sim card lost |
| Two Factor Authentication Part 3 | There's another layer that can be used to protect your data. Can anyone guess what it is? If you guessed something physical or perhaps "biometrics", you are correct! A fingerprint is an example of this. A retina scan of your eye is another example. These three options: something you know, something you possess, and something you are make up multifactor authentication, which involves at least two of these options and preferably all three. If someone tried to access your account, they would be required to know your password, have access to your phone and your fingerprint! |
| Two Factor Authentication Part 4 | Why is this better than Single Factor Authentication? What are the challenges with the system? Is it worth any of the risks? Allow students time to think through these prompts, perhaps in small groups before having a whole class discussion. Multifactor authentication can keep data more protected than single factor authentication, but it requires extra steps which add time and often money (the cost of a phone, etc.). There are also privacy concerns with having your fingerprints or retina scanned. |
| Sofware Updates | Another way to protect your data involves updating your software. |
| Sofware Viruses | Let's review. What is a virus? Give students an opportunity to glance through the notes and review computer viruses from lesson 7. |
| Sofware Viruses | Do you remember how to protect your device from a computer virus? Allow students to suggest different forms of protection before clicking through the animation. Two things you can do: use virus scanning software and update system software. You could also say, keep all software updated! |
| Sofware Viruses | Do you remember how to protect your device from a computer virus? Allow students to suggest different forms of protection before clicking through the animation. |
| Protecting Data Summary | Data protection is a moving target. It's not a one and done process. It's not enough to install virus protection software and never thing about it again! New viruses and threats are constantly being developed - you need to keep your software up to date and use the best authentication practices you can in order to keep your data safe! |
Single-Select Questions with Reading Passage (SSQRP) (20 mins)
Now we are going to shift gears and discuss Single-Select Questions with Reading Passage or SSQRP. What is SSQRP?
Over the course of this unit you've learned a lot about computing innovations. SSQRP is designed to assess how well you understand the various issues surrounding computing innovations. The good news is, you aren't expected to have any prior knowledge about the computing innovations discussed in these questions - they are all made up. You will have a short reading passage followed by five multiple choice quesions that focus on data, purpose and effect, benefits and harms, and security concerns. SSQRP is present on the AP CSP exam, and there will be two in the end of unit assessment.
(Optional) Distribute: Hand out Call Center - Reading Passage - ResourceCall Center Reading Passage: A chain of retail stores uses software to manage telephone calls from customers. The system was recently upgraded. Customers interacted with the original system using their phone keypad. Customers interact with the upgraded system using their voice. The upgraded system (but not the original system) stores all information from the calling session in a database for future reference. This includes the customer's telephone number and any information provided by the customer (name, address, order number, credit card number, etc.). The original system and the upgraded system are described in the following flowcharts. Each flowchart uses the following blocks.
Block 1
- Customer hears prerecorded message with answers to common questions (e.g., store hours)
- Customer hears list of departments and selects one using a phone keypad.
- Question: Did they call during business hours?
- If Yes, Customer is transferred to a representative from the department they selected.
- If No, Customer is prompted to leave a message for a representative of the deaprtment they selected.
Block 2
- Customer prompted to describe the issue.
- Customer describes the issue by voice.
- Question: Can the system identify the customer's issue?
- If No, Did they call during business hours?
- If they did call during business hours, Customer is transfered to a human operator.
- If they did not, Customer is asked to call back during business hours.
- If the system COULD identify the customer's issue, Does the Issue require a human response?
- If it does not require a human response, System plays an appropriate recording to the customer.
- If it does require a human response, did the call happen during business hours?
- If it is during business hours, Customer is transferred to a representative from a relavant department.
- If it is not during business hours, Customer is prompted to leave a message, which is then routed to a representative from a relevant department.
Do This: Direct students to take a few minutes to read the information about the computing innovation. They do not need to memorize anything - they can look back at the paper at any time while answering the questions.
Do This: Read through the "Sample Questions" slide as a class. This slide introduces the two categories from which questions will be pulled, along with common phrases. Go through the phrases, and make sure students understand what each phrase means. For example, you may want to spend time on the phrase "unintended effect" as this may be a confusing combination of words for some students. The focus here is on understanding question types - it may be useful to have students think through what some of the possible answer options might be for some of the questions.
AP Classsroom Direct students to navigate to AP Classroom and complete the five practice questions relating to the Call Center. Allow students to see the answers. Following this, discuss with the class any confusion over the questions or the computing innovation.
Single-Select Questions with Reading Passage ExamplesThe following table lists two topics with sample questions. The text in square brackets [ ] are different question options.
| Practice Topic 3: Abstraction in Program Development | Practice Topic 5: Computing Innovations |
|---|---|
| Which of the following input data [must be obtained/is needed] by the upgraded system that was NOT needed by the original system? | Which of the following is considered a potential effect of the the application rather than a [function/purpose] of the application? |
| Which of the following data is not [obtained/provided] directly from the user but is necessary for the upgraded system to operate as described? | Which of the following is [LEAST/MOST] likely to be a [BENEFIT/HARM] of storing the information from each calling session in a database? |
| Which of the following data is necessary for the Call Center to process in order to enable it to provide an answer to the caller? | Of the following potential benefits, which is [LEAST/MOST] likely to be provided by the upgraded system? |
| Which of the following is [LEAST/MOST] likely to be included in the directory? | Which of the following may be an unintended effect of the use of Call Center? |
| N/A | Which of the following is the [LEAST/MOST] [likely/plausible] data [PRIVACY/SECURITY/STORAGE] concern of the upgraded system? |
| N/A | Which of the following groups is [LEAST/MOST] likely to receive targeted advertisements? |
| N/A | Which of the following statements is [LEAST/MOST] likely to be true about the tradeoffs of the Call Center recording the caller's phone number? |
And that's SSQRP! Hopefully you saw through this example the steps of reasoning through the answers and applying your knowledge of the issues related to computing innovations.
Teaching Tip
To assign questions to students on AP Classroom, once logged in navigate to the Question Bank. Search for the following question:
benefit of storing call session information
Then add this question to a quiz like so:
Once you have added one question, you'll see that you can easily import the other 4 practice questions into your quiz.
Click where it says "5 questions"
And choose to add all of the questions.
Following this, you can assign the assessment to your students and they can practice the Reading Passage questions.
Discussion Goal
If students are struggling with answering this question, prompt them with more specific questions:
- How will you decide on your next password?
- Will you use two-factor or multifactor authentication when you have the opportunity?
- How often do you update your software?
- How up to date is the software on your devices?
Wrap up (5 Minutes)
Remarks
In the first half of class, we discussed protecting data. Let's review that.
Prompt: Discuss with a partner how you plan to protect your data.
Journal: Students add to their journals the definitions for: multifactor authentication and computer virus scanning software.
- Multifactor Authentication: a method of computer access in which a user has to successfully provide evidence in at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are). Each step provides a new layer of security.
- Computer Virus Scanning Software: protects a computing system against infection.
Assessment: Check for Understanding
For Teachers
Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.
For Students
Open a word doc or google doc and copy/paste the following question.
Question
Reflection: What concerns do you have about multifactor authentication? Is it a good long term solution for data privacy?
Standards Alignment
- CSTA K-12 Computer Science Standards (2017): 3A-NI-06,3A-NI-07,3B-NI-04
- CSP2021: IOC-2.B
Next Tutorial
In the next tutorial, we will discuss Code.Org Unit 10 Lesson 11, which describes Developing a shared presentaton to present their vision.