Unit 7 – Assessment
1 Day
This is a summative assessment of Unit 7. It should be administered after completing Unit 7, Lessons 1-7.
Archives: Downloads
“Intro to the Challenge of Cybersecurity – Unit 7 – Lesson 7”
Unit 7 – Lesson 7 – “The Continuous Cycle of Security”
2 Days
This is the culminating lesson of the unit, bringing together many of the aspects of the unit to demonstrate that cybersecurity is constantly evolving, that there is no such thing as perfect security, and that risk must be planned for and held to a level where the risk balances the tradeoffs an organization is willing to make.
“Intro to the Challenge of Cybersecurity – Unit 7 – Lesson 6”
Unit 7 – Lesson 6 – “Penetration Testing”
5 Days
In this lesson, the focus is on penetration testing. Students will conduct hands-on labs with DoS attacks, address spoofing, performing attacks with Meterpreter, and hardening a compromised server.
“Intro to the Challenge of Cybersecurity – Unit 7 – Lesson 4”
Unit 7 – Lesson 4 – “Marcus Hutchins: Can We Label His Hat?”
1 Day
This lesson is based upon the Wired Magazine article The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet written by Andy Greenberg. Marcus Hutchins, the hacker who discovered a kill switch in WannaCry (arguably the worst cyberattack the world had ever seen) was arrested by the FBI for hacking crimes he had committed in the past. This lesson challenges students to think about the gray area that often occurs in the cyber world and wrestle with ideas of right and wrong.
“Intro to the Challenge of Cybersecurity – Unit 7 – Lesson 5”
Unit 7 – Lesson 5 – “Discord: Software and Unintended Consequences”
1 Day
Software is always developed with one or more purposes in mind, but then released into the real world where users frequently make use of the software based upon different interests and assumptions than the original designer. In this lesson students explore how developing software can have unintended consequences and that this complicates the world of cybersecurity.
“Intro to the Challenge of Cybersecurity – Unit 7 – Lesson 3”
Unit 7 – Lesson 3 – “The Cyber Kill Chain”
2 Days
In this lesson students learn about the cyber kill chain and apply that understanding to scenarios to explore the role that the kill chain plays in a cyberattack. After exposure to the kill chain, students investigate the cyber kill chain through the lens of the 2017 Equifax data breach. On the second day of this lesson students apply this understanding of the kill chain to the scenario they began working on in Unit 5, Lesson 8 and Unit 7, Lesson 2.
“Intro to the Challenge of Cybersecurity – Unit 7”
Unit 7 – “Threats, Vulnerabilities, and Attacks: A Closer Look”
15 Days
Unit 7 begins with threat modeling, which is challenging and uncertain. The unit picks up on attacks covered earlier and identifies the threat source. The unit goes further by teaching students how to think about the threat source in terms of resources, capabilities, motivations and aversion to risk. The unit then pivots to the attack kill chain and students explore a few historic threat sources using the kill chain. The exploits will be looked at carefully to realize how features that were designed to help administrators and users can be the same tools that enable exploitation of targets for nefarious goals. This is a perfect time to reemphasize the role of ethics and the fact that the same policy approach that allows something to happen that might be “good,” also affords the fissure that allows the “bad.” The unit carefully considers right and wrong and the many shades of gray of white-gray-black hat hacking. Now that we are deeper into the anatomy of attacks, the unit changes perspective from that of the offender, to that of the defender and looks carefully at how to conduct vulnerability assessment (aka penetration testing). In digging deeper into threats, attacks and vulnerabilities, students are doing risk assessment, so the unit revisits controls. Not every vulnerability can/should be remediated. There is no such thing as perfect security. Therefore, decisions need to be made regarding what needs to be remediated, why, how, etc.
“Intro to the Challenge of Cybersecurity – Unit 7 – Lesson 1”
Unit 7 – Lesson 1 – “What Were the Threats?”
1 Day
This lesson begins the unit exploring three previous attacks that students will have examined earlier in the course. This examination will be through the lens of the threat environment. Students will work in small groups to analyze their assigned attack thinking about both internal and external sources and both intentional and unintentional consequences. Each group will be assigned an attack and tasked with noting information about the attack and how that attack relates to the threat environment.
“Intro to the Challenge of Cybersecurity – Unit 7 – Lesson 2”
Unit 7 – Lesson 2 – “Threat Modeling”
2 Days
This lesson builds upon the introduction to the idea of threat modeling that students developed in the first lesson of the unit. Students will work to develop a threat model based upon a hypothetical scenario provided to them. Day 1 focuses on building the model, while day 2 focuses on presentations and feedback.
“Intro to the Challenge of Cybersecurity – Unit 6 – Lesson 1”
Who are the Stakeholders?
4 days
This lesson explores the motivations and interests of three stakeholders in cybersecurity: 1) businesses, 2) designers/service providers, and 3) consumers. Through the activities, students should begin to see how differing interests and goals contribute to cybersecurity failures.