Lesson Summary


This lesson will increase student awareness of the concept that there are dangers associated with Internet usage. It addresses Internet Security with issues inherent to Internet usage: viruses, worms, Trojan horses, and identity theft. The primary objective of this lesson is to equip students with knowledge that will enable them to make responsible choices regarding their Internet use, to prevent security risks.


  • Students will be able to identify key general attributes of the threats to the security of computers and information via the Internet such as viruses, worms, and Trojan Horses.
  • Students will understand critical attributes of the sources, and consequences to individuals and society, of identity theft.
  • Students will understand how to protect themselves and their computers from external threats.
  • Students will develop a strategy to inform others of the security risks inherent to Internet usage.


Session 1

  1. Getting Started (10 min) - Introduce vocabulary and discuss Internet security.
  2. Guided Activity (35 min) - Students explore malicious code, identity theft and its effects
  3. Wrap Up (5 min) - Journaling about problems associated with the Internet.


Learning Objectives

CSP Objectives

Big Idea - Internet
  • EU 6.1 - The Internet is a network of autonomous systems.
    • LO 6.1.1 - Explain the abstractions in the Internet and how the Internet functions. [P3]
      • EK 6.1.1A - The Internet connects devices and networks all over the world.
  • EU 6.3 - Cybersecurity is an important concern for the Internet and the systems built on it.
    • LO 6.3.1 - Identify existing cybersecurity concerns and potential options to address these issues with the Internet and the systems built on it. [P1]
      • EK 6.3.1C - Implementing cybersecurity has software, hardware, and human components.
      • EK 6.3.1D - Cyberwarfare and cybercrime have widespread and potentially devastating effects.
      • EK 6.3.1E - Distributed denial-of-service attacks (DDoS) compromise a target by flooding it with requests from multiple systems.
      • EK 6.3.1F - Phishing, viruses, and other attacks have human and software components.
      • EK 6.3.1G - Antivirus software and firewalls can help prevent unauthorized access to private data.

Key Concepts

Students will:

  • Learn about the different types of malicious code and how to take prevention steps to safeguard systems, data, and identity.

  • Give advice on secure cyber practices.

Essential Questions

  • How is cybersecurity impacting the ever increasing number of Internet users?
  • What are some potential beneficial and harmful effects of computing?
  • What are different types of malicious code and what is the intention of each attack?
  • How can internet users protect themselves from malicious code and prevent such cybercrime attacks?
  • How can internet users follow secure practices to reduce the risk of identity theft?


Teacher Resources

Student computer usage for this lesson is: required

Teacher's resources:

  • NA SAIT Security Video - Malicious Code - Malware Video - https://www.youtube.com/watch?v=7wAHZLFiY-E
  • What to do if you are a victim of Identity Theft: Possible Answers
    • The FTC’s website is a one-stop resource to both learn about identity theft and walk you through the appropriate actions if your identity is stolen: http://www.ftc.gov/bcp/edu/microsites/idtheft/
    • Some possible steps if your identity is stolen:
      • Report the identity theft to the three major credit bureaus: Experian, TransUnion, and Equifax.
      • File a police report with local law enforcement.
      • Report the theft to the FTC online at www.ftc.gov/idtheft or by phoning 1-877-ID-THEFT (1-877-438-4338).
    • Possible ways for Deterring Identity Theft:
      • Shred financial documents that are not being kept for safeguarding. [This allows a teacher to cover the kind of information that should be held and for how long (in years). It also allows a teacher to cover what documents are best kept in a safe deposit box, a home safe, regular home files, etc.]
      • Do not carry around your Social Security card in your wallet.
      • Do not give out personal information over the phone or over the Internet unless you are absolutely sure who you are dealing with.
      • Choose computer and electronic passwords with care by avoiding birth dates, your Social Security number, your mother’s last name, etc.
      • Try not to have your postal mail pile up in your mailbox for several days; if you are going to be away for a few days, have your mail held at the post office until you return.
      • Do not click on suspicious links in e-mail or complete forms with your account number and password. Check the web address.
      • Be suspicious about regular bills that do not arrive on time, denials of credit for no apparent reason, calls or letters about purchases you did not make, charges on your financial statements that you do not recognize.
      • Use a password to access your mobile devices such as your cell phone, tablet (iPad), etc., just as you would have a password to get access to your e-mail accounts.

Students' resources:

  • writing journals
  • blogs

Lesson Plan

Session 1

Getting Started (10 min)

  1. Journal: How might malicious code be a threat to Internet security?
    • Possible answers to bring up: identity theft, data theft, stealing money, breaking down other computers, turning other computers into bots to create more problems, etc.
  2. Introduce the topic/Discussion: Inform the students that today they will be talking about Internet security and participating in discussions about the dangers of viruses and , identity theft and malware along with resources and prevention tips.
    • Malicious code is programming code designed with a harmful intent (to hack, cause damage, etc.). With Internet usage comes rights and responsibilities to protect your computer from malicious code. Malicious code causes millions of dollars in damage every year.
    • How can malicious code spread across many computers so quickly?
    • Examine the idea of interconnectedness.
    • Look together at the Digital Attack Map which displays global DDoS activity on any given day. Attacks are displayed as dotted lines, scaled to size, and placed according to the source and destination countries of the attack traffic when known. Have students react to the histogram at the bottom of the map to explore historical data and select a country to view DDoS activity to or from that country at http://www.digitalattackmap.com/understanding-ddos/ .
  3. Introduce key vocabulary - have students crowdsource definitions or look up separately and compare.
    • Computer virus
    • Spyware
    • Ransomware
    • Bot
    • Hacker
    • Malware
    • Adware

Guided Activity (30 min) - Malicious Code and Identity Theft

  1. Play the NA SAIT Security Video: "Malicious Code - Malware" at https://www.youtube.com/watch?v=7wAHZLFiY-E ( 3 minutes, from 2013)
    • AnnMarie Keim, IT Specialist, discuss the concepts of Internet Security and introduce the different types of malicious code and how to protect from this type of cybercrime. Keep your system updated, use antivirus and firewall. Backup important files.
  2. Review the following words from previous lessons:
    • routers
    • firewalls
  3. Discuss: Is malcious code the only way to cause harm on the Internet? (no) 
    • https://vimeo.com/63422786 (0:30) Google mini-video to show what phishing is, using a brick through a glass window example to get attention.
    • Talk about social hacking, using ordinary everyday life tricks to get information like looking over somebody’s shoulder when they type their password, sneaking inside of a locked door before it closes, etc. Point out that it is a combination of people, software and hardware that are both the problem and the solution to Internet security.
  4. Students work in groups to explore selected topics. See the document in the lesson folder: Lesson 13 Cybersecurity: Malicious Code, Identity Theft Additional resources for possible resources. Or search and look for a reliable provider of information. Students create a blog post about their topic to share at the end of class.
    • Suggested topics: (decribe how they work and what can be done to protect against them in terms of human behavior, software and hardware)
      1. Famous viruses,
      2. Virus Hoaxes
      3. Worms
      4. Trojan Horses
      5. identity theft
      6. Phishing scams
      7. Cellphone and texting scams
      8. Ransomware
      9. Firewalls
      10. Antivirus and anti-malware protection


Wrap Up (5 min)

Students will read the following prompt and respond in their journals:

  • The only 100% way to prevent malicious code attacks and identity theft is to not go on the Internet. Do you see that as a viable solution for individuals? Corporations? Support your answer.

Consider the following questions and discuss answers as a class:

  1. Have you or someone you’ve known experienced a virus, or malware? What was the outcome? What did you take away from this experience?
    • Cover the following:
      • Time and Money spent – (by corporations and by individual to protect computer)
      • What were the consequences?
      • What did the victim go through?
  2. How can you avoid malicious code? 
    • Possible Answers:
      • Anti-virus software
      • Anti-spyware software
      • Anti-adware software
      • Restore points
      • Keep patches and updates current on your computer
      • Careful use of email
      • Careful use when downloading items

Homework (optional)

On your home computer, see how vulnerable you are to malware and identity theft:

  • Carry out some remedies and prevention tips (minimum of three tasks) that you learned today.
  • On your blog, list what you did to safeguard your system, your data, and your identity.
  • Be prepared to share in the next class

Options for Differentiated Instruction


If there is additional time, watch one of the TED talks

  • James Lyne: Everyday cybercrime -- and what you can do about it (17:26)
  • The Internet is on fire | Mikko Hypponen | TEDxBrussels (19:16)

Students can create an "Identity Theft Prevention Action Plan," including a purpose and list of ten guidelines, to share with family and friends after they have researched prevention tips on the FTC website.

  • Students may use their choice of the following Web 2.0 websites to create their action plan:
  • Students will embed their action plan to a blog post in order to share with teacher, classmates, friends, and family. Students should email friends and family (minimum of three people with the teacher cc'd) the link to this blog post on Identity Theft Prevention Action Plan (title of blog post and subject line of email).

Evidence of Learning

Formative Assessment

  • Journal writings
    • Introduction question prompts
    • Wrap-up question prompt

  • Class discussions - answers, input, and further inquiry by students

  • Identity theft prevention plan

Summative Assessment

Unit Assessment and Investigate/Explore Performance Project – at end of unit.