| A | B | C | D | E | F | G | |
|---|---|---|---|---|---|---|---|
1 | |||||||
2 | Big Idea | Proposed Enduring Understaning for Middle School | Proposed Learning Objectives for Middle School | Agree/Disagree with including | |||
3 | 1. ETHICS | 1.1 Social goals reflect the foundational values (ethics) held by society; these core societal values impact all social environments, and are reflected in cybersecurity choices. | 1.1.1: Students will define societies, values and ethics. | ||||
4 | 1.1.2 Students will provide examples of ethical situations involving cybersecurity. | ||||||
5 | 1.1.4 Students will correlate how the role of values and ethics affects society (e.g., norms, laws, and policy decisions) as it relates to cybersecurity. | ||||||
6 | 1.1.4 Students will begin to correlate how the role of values and ethics affects society (e.g., norms, laws, and policy decisions) as it relates to cybersecurity. | ADD more REAL WORLD, Careers, etc if possible | |||||
7 | 1.1.5 Students will analyze online and offline behaviors in societies, i.e., themselves, peers, families, communities, and countries, and draw logical conclusions about the values that govern these behaviors. | ||||||
8 | 1.2: Ethical reflection and judgment are required in considering the potential harms, benefits, and trade-offs involved in cybersecurity. | 1.2.1 Students will identify what trades-offs are and what role trade-offs play in the physical world and cyberspace. | |||||
9 | 1.2.2 Students will define, explain, and identify the ways cyber tools and targets can be exploited. | <-- look again | either combine these or differentiate in a better way | ||||
10 | 1.2.3: Students will give examples of how tools are used in ways that were not intended by the system designer (pen tests, packet sniffers, firewall). | <-- look again | Another way to say this, the user may not know the assumptions of the designer for using the tool, leading the user to use the tool in a way the designer never intended. (from HS) | ||||
11 | 1.3: Cybersecurity practices include complex and ever-changing systems; this makes it hard to decide whose interests to protect and when. | 1.3.1 Students will examine components of a system in order to identify how different individuals interact within complex systems. | |||||
12 | 1.3.2 Students will discuss real-life scenarios (such as social media) and consider the ethical implications and whose interests the system protects. | ||||||
13 | 1.3.3: Students will discuss how even when a cybersecurity practice is legal, it may not be ethical. | ||||||
14 | 2. ESTABLISHING TRUST | 2.1 Cybersecurity relies on confidentiality, integrity, and availability (the CIA Triad). | 2.1.1: Students will define confidentiality, integrity, and availability, and explain the relative importance of each as it relates to information security. | ||||
15 | 2.1.2 Students will connect CIA concepts such as authentication and multiple layers of control are useful for trusting and verifying a system. | ||||||
16 | 2.1.3 Students will explain outcomes of CIA triad failures. | ||||||
17 | 2.1.4: Students will explain why they should protect information based on the CIA tradeoffs. | ||||||
18 | 2.1.5: Students will apply the principles of confidentiality and integrity to explain cryptography. | ||||||
19 | 2.2: The simpler you can make the design or implementation of a system, the better you can check whether or not it can be exploited. | 2.2.1 Students will define the principle of simplicity, including why easy to understand systems are important. | |||||
20 | 2.3 The more you restrict access, processes, resources, and users based on the policy, the more secure the system. | 2.3.1 Students will define and explain authorization and include who should and should not be authorized to access certain information and why. | |||||
21 | 2.3.2 Students will define the principle of least privilege, which is about differentiating among types of access control (mandatory, role- based, discretionary, and rule-based access controls). | REWRITE REGARDING LAYERS OF ACCESS | |||||
22 | 2.3.3 Students will define defense in depth as a strategy in which multiple layers of defense are placed through an IT system. Students can then outline how using layering is an effective strategy to use to defend against an attack. | REWRITE REGARDING DEFENSE IN DEPTH | Defense in depth can be divided into three areas: Physical, Technical, and Administrative | ||||
23 | 2.3.4 Students will recall that cybersecurity often applies to individual components. Students will explain that those individual components are used to build complex systems, and that the overall security of a system is dependent on the security of each individual component. | ||||||
24 | |||||||
25 | 3. UBIQUITOUS CONNECTIVITY | 3.1: The Internet is a large, globally distributed network that is divided into layers, governed by protocols, and connects a wide variety of devices. | 3.1.1 Students will recognize layers of a network. | ||||
26 | 3.1.2 Students will define protocols and recall that protocols are how computers communicate with one another. | ||||||
27 | Students will explain how layers of protocols interact within a network --> (suggestion) | 3.1.3 Students will examine and explain how various layers of protocols create a network. | |||||
28 | 3.1.4 Students will describe basic network concepts such as IP address, DNS, Internet, LAN. | ||||||
29 | 3.1.5 Students will describe physical layers of a network such as cables, servers and switches. | ||||||
30 | 3.2: The Internet provides a large attack surface, which offers efficiencies or economies of scale for adversaries. | 3.2.1 Students will recall that the internet and its connected devices, networks and systems allows an adversary to reach a large number of devices. | |||||
31 | 3.2.2 Students will identify, define, and explain how attacks are designed to infiltrate computers, networks, and systems. | ||||||
32 | 3.2.3 Students will identify potential and common vulnerabilities. | ||||||
33 | 3.2.4 Students will identify components of a network defense, explain why each is valuable, and examine specific network defenses to determine how secure the network is. | ||||||
34 | 4. DATA SECURITY | 4.1: Data security deals with the quality of the data. It refers to the accuracy and consistency (validity) of data over its lifecycle. Ie; the protection from corruption or errors and the privacy of data. | 4.1.1: Students will define what data integrity is and use the CRAAP test to analyze existing data. | ||||
35 | 4.1.2: Students will define what origin integrity is. | Feels redundant to 4.1.1 and 4.1.3 | |||||
36 | 4.1.3 Students will recall and be able to explain that original data is trustworthy, and its source is trusted to produce trustworthy data. | ||||||
37 | 4.1.4: Students will recall that data must be protectedat rest, in transit, and in use | ||||||
38 | 4.2: Data security deals with data confidentiality, i.e., it being accessible to only those who have access privilege to it. | 4.2.1: Students will recall the purpose of personal data protection to include data, and the rights and freedoms of the people that the data is connected to. | Exclude what personal data protection is about...can be re-worded more effectively | ||||
39 | 4.2.2: Students explain that data confidentiality is about protecting data against unintentional, unlawful, or unauthorized access, disclosure, or theft. | ||||||
40 | 4.2.3: Students will define and identify examples of physical controls that are used to secure data. | ||||||
41 | 4.2.4: Students will define, evaluate and recommend technical controls that can be used to secure data. | ||||||
42 | 4.3: Cryptography techniques are necessary to keep data private and secure, and evolve with changes in technology. | 4.3.1 Students will define cryptography and identify the role of the sender and receiver. | |||||
43 | 4.3.2 Students will assess how cryptography has been used throughout history. Students will also identify key figures in cryptography. | ||||||
44 | 4.3.3 Students will describe how and why brute force attacks are used and what can be done to protect against such attacks. | ||||||
45 | 5. System Security | EU 5.1: Systems consist of a combination of hardware and software that together achieve some objective and security requires integration of both. | 5.1.1 Student will define hardware and software and compare and contrast (tell the difference between) them. | ||||
46 | 5.1.2 Students will analyze the security needs of hardware and software systems. | ||||||
47 | |||||||
48 | 5.2: Hardware security protects the machine and peripheral hardware from theft and from electronic intrusion and damage. | 5.2.1 Students will explain how layering (using multiple physical deterents) is a way to protect hardware | |||||
49 | 5.2.2 Students will analyze the security needs of internal and external hardware components. | ||||||
50 | |||||||
51 | 5.3: Security vulnerabilities in software are weaknesses in a system's design, implementation, or operation and management that could be exploited to violate the system's security policy. | 5.3.1 Students will define patches (including other common terms for patches such as bug fixes or software updates) and explain why patches are important. | |||||
52 | 5.3.2 Students will describe common software vulnerabilities. | ||||||
53 | 5.4: Software and Hardware (or Systems) are everywhere society is becoming increasingly reliant on those systems. | 5.4.1 Students will explain the pros and cons of society becoming increasingly reliant on systems. | |||||
54 | 5.4.2 Students will explain the effect that inoperable systems have on society. | ||||||
55 | 6. Adversarial Thinking | EU 6.1: Adversity consists of unintended challenges to a system that result in unexpected results. | 6.1.1 Students will define adversity as it relates to cybersystems. | ||||
56 | 6.1.3 Students will classify actions that could cause harm to cybersystem as intentional or unintentional. | ||||||
57 | 6.1.4 Students will analyze how human actors in a cybersystem behave to cause harm both intentionally and unintentional . | ||||||
58 | 6.2: Adversarial thinking is the process of reasoning about how opposing forces could prevent a system from meeting both its functional and security goals. | 6.2.1 Students will define adversarial thinking (the ability to approach systems, cyberspace and actions from an opposing force perspective) as it relates to cybersystems. | |||||
59 | 6.2.2: Students identify the ways in which natural events and unintentional errors can cause a system to fail. | ||||||
60 | 6.2.3 Students will analyze scenarios to examine how adversarial thinking is put into practice. | ||||||
61 | 7. Risk | EU 7.0 Cybersecurity requires risk management. | 7.0.1 Students will define risk management and explore careers in cybersecurity risk management. | should we include exploring careers in other areas as well? | |||
62 | 7.0.2 Students will explain the importance of authentication and authorization in limiting the risk (in the system.) | ||||||
63 | 7.0.3 Students will discuss levels of acceptable risk as they explain why systems are not completely secure and always have the potential to be exploited. | ||||||
64 | EU 7.1: Cybersecurity risk weighs the potential damage that threats, vulnerabilities and attacks could cause. | 7.1.1 Students will explain why cybersecurity professionals need to prioritize how they will use their funding to protect their system. | |||||
65 | 7.1.2 Students will explpain the relationship between effect of CIA on risk. | ||||||
66 | 7.1.3 Students will examine Denial of Service attacks and identify what is most at risk during an attack. | ||||||
67 | 7.2 Cybersecurity risk requires emergent and complex responses. | 7.2.1 Students will describe how cybersecurity involves: a) Protecting personal information, data and the systems that store, process, and transmit that data, b) detecting an unwelcome intrusion in the network, c) responding in an effort to contain attacks, repair holes, and recover normal operating status, d) securing hardware, software, information/data, and hardening networks/system | 7.2.1 Discuss examples of emergent and complex responses to Cybersecurity risks. Other suggestion to simplify this: Students will describe how cybersecurity involves protecting information, data and systems; detecting intrusions; responding to attacks; and securing systems. This may be something I don't fully understand so I may have oversimplified. | Students will describe the complex nature of cybersecurity which involves protecting information, data, and systems; detecting intrusions; responding to attacks; and securing systems. | |||
68 | 7.2.2 Students will define and explain risk responses such as reducing, mitigating, controlling, accepting, avoiding or transferring. | should we add a 3rd objective to address "emergent"? Maybe: Students will discuss why it is important to stay abreast of the latest trends in cyber attacks and solutions. | |||||
69 | 8. Implications | 8.1: Cybersecurity shapes and is shaped by significant historical ideas and events. | 8.1.1 Students will identify historical cyber events and explain the impacts of permanent or temporary loss of cybersecurity systems on society. | ||||
70 | 8.1.2 Students will identify signficant technologies and cybersystems throughout history. | ||||||
71 | |||||||
72 | 8.2: Cybersecurity is global, transcending traditional boundaries, and is always evolving. | 8.2.1 Students will explain the importance of securing a system is an ongoing process so that as systems evolve they can be protected. | |||||
73 | 8.2.2 Students will provide examples of how increasing the number of globally connected devices in a system can increase attack surfaces. | **connection to ubiquitous connectivity?? | |||||
74 | 8.2.3 Students will analyze how information from digital footprints can increase an individual's cyber risk . | ||||||
75 | 8.3 The worth of cybersecurity is often determined by the communities' preferences, their willingness to support their protection financially, the trade-offs it chooses and their perception of risk. | 8.3.1 Students will describe the value of protecting digital assets regardless of size. | |||||
76 | 8.3.2 Students will discuss scenarios of when the financial cost for security outweighs the potential risk. | please revise this wording...maybe analyze?? | |||||
77 | |||||||
78 | |||||||
79 | |||||||
80 | |||||||
81 | |||||||
82 | |||||||
83 | |||||||
84 | |||||||
85 | |||||||
86 | |||||||
87 | |||||||
88 | |||||||
89 | |||||||
90 | |||||||
91 | |||||||
92 | |||||||
93 | |||||||
94 | |||||||
95 | |||||||
96 | |||||||
97 | |||||||
98 | |||||||
99 | |||||||
100 |