Download Category: Lessons

Unit 7 – Lesson 6 – “Penetration Testing”

5 Days

In this lesson, the focus is on penetration testing. Students will conduct hands-on labs with DoS attacks, address spoofing, performing attacks with Meterpreter, and hardening a compromised server.

Unit 7 – Lesson 4 – “Marcus Hutchins: Can We Label His Hat?”

1 Day

This lesson is based upon the Wired Magazine article The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet written by Andy Greenberg. Marcus Hutchins, the hacker who discovered a kill switch in WannaCry (arguably the worst cyberattack the world had ever seen) was arrested by the FBI for hacking crimes he had committed in the past. This lesson challenges students to think about the gray area that often occurs in the cyber world and wrestle with ideas of right and wrong.

Unit 7 – Lesson 5 – “Discord: Software and Unintended Consequences”

1 Day

Software is always developed with one or more purposes in mind, but then released into the real world where users frequently make use of the software based upon different interests and assumptions than the original designer. In this lesson students explore how developing software can have unintended consequences and that this complicates the world of cybersecurity.

Unit 7 – Lesson 3 – “The Cyber Kill Chain”

2 Days

In this lesson students learn about the cyber kill chain and apply that understanding to scenarios to explore the role that the kill chain plays in a cyberattack. After exposure to the kill chain, students investigate the cyber kill chain through the lens of the 2017 Equifax data breach. On the second day of this lesson students apply this understanding of the kill chain to the scenario they began working on in Unit 5, Lesson 8 and Unit 7, Lesson 2.

Unit 7 – Lesson 1 – “What Were the Threats?”

1 Day

This lesson begins the unit exploring three previous attacks that students will have examined earlier in the course. This examination will be through the lens of the threat environment. Students will work in small groups to analyze their assigned attack thinking about both internal and external sources and both intentional and unintentional consequences. Each group will be assigned an attack and tasked with noting information about the attack and how that attack relates to the threat environment.

Unit 7 – Lesson 2 – “Threat Modeling”

2 Days

This lesson builds upon the introduction to the idea of threat modeling that students developed in the first lesson of the unit. Students will work to develop a threat model based upon a hypothetical scenario provided to them. Day 1 focuses on building the model, while day 2 focuses on presentations and feedback.

Who are the Stakeholders?

4 days

This lesson explores the motivations and interests of three stakeholders in cybersecurity: 1) businesses, 2) designers/service providers, and 3) consumers. Through the activities, students should begin to see how differing interests and goals contribute to cybersecurity failures.

Who bears the cost?

3 days

After examining the roles and interests of stakeholders, this lesson delves deeper into costs. It begins with a comparison of a global pandemic to a global cybersecurity incident. The information is drawn from The Solarium Commission White Paper “Cybersecurity Lessons from the Pandemic.” Prevention is less expensive than reaction. The other activities involve student identification of economic loss from a cyber attack, and the cost of an Internet shutdown to estimate the economic cost of Internet disruptions.

Unit 5 – Lesson 4 – “Policy Controls”

2 Days

This lesson focuses on security policies as controls. The focus is on the implementation of the policy, updates, and policy enforcement. Students work on activities that highlight the importance of security policies for ensuring the confidentiality, integrity, and availability of data. The lesson concludes with a laboratory exercise where the students experiment with installation and removal of software on an organizational machine in violation of an acceptable use policy.

Unit 5 – Lesson 3 – “Asymmetric Cryptography”

11 Days

Shifting from symmetric to asymmetric cryptography, this lesson takes students on a deeper dive beginning with the concept of public key cryptography to round out the use of cryptography as a mechanism to maintain confidentiality. The lesson shifts to the connection that cryptography has to ensure integrity through the study of hash functions, before making a final shift to the study of digital signatures.