Cybersecurity Microcredential with MCCE

ADVERSARIAL THINKING and THREAT MODELING for RISK ASSESSMENT

Background and Rationale

Why Should Students Learn Cybersecurity?

Cybersecurity teaches students about protection of computer operating systems, networks, and data from cyber attacks. They learn how to monitor systems, assess risks to systems, and mitigate threats. For example, younger students should be aware of the consequences of using passwords that can be easily guessed and older students should learn means to minimize their risk on public wi fi and social media. As the world becomes more digitally connected, the field has growing global importance and the number of job openings at all levels is growing. 

Key Concepts: Adversarial Thinking, Threat Modeling, Risk Assessment

Goal: The educator creates or selects and implements an activity that requires students to engage in modeling and weighing the risks associated with a cyber threat using situational perspective and adversarial thinking. 

What is Adversarial Thinking? Threat Modeling? Risk Assessment?

Threat Modeling is an organized process to identify potential security threats and vulnerabilities, rate the seriousness of each, and prioritize techniques to prevent or lessen the severity of attacks and protect resources. These threats can be intentional or unintentional.

Adversarial thinking considers all of the ways that a system might be compromised by the "bad guys". This is a useful tool for Threat Modeling.

Risk Assessment considers all of the costs of protecting information: time, money, and resources; and balances those against the likelihood of an attack, along with the cost of the damage that could be done by an attack in order to make recommendations on how to prioritize security measures.

In any organization there are always going to be risks involved that need to be managed. Risks fall into two main categories: inherent risks (risks that cannot be avoided) and residual risk (what remains after measures are taken to stop the inherent risks). Every organization also has a risk appetite, or level of risk, that they are willing to assume.

When assessing risk, possible threats need to be considered and weighted. Threats can be environmental: hurricane, tornado, earthquake, etc. There are also man-made threats like external attempts to disrupt an organization,  as well as accidental or intentional disruptions by employees. Companies should always be aware of their risks or have a good sense of risk awareness. An external evaluation is known as a risk control assessment while an internal evaluation is a risk control self-assessment. To be able to provide some sort of measurement on threats, a quantitative evaluation can be performed to include Single Loss Expectancy (SLE) or an Annualized Rate of Occurrence (ARO) to give people an understanding of the likelihood of a particular threat affecting you. Adversarial thinking requires evaluating a system by thinking about how to exploit and undermine it and identifying ways to alter its content and integrity. A complete understanding of potential risk includes knowledge of possible system compromises by adversaries. (Adapted from Cyber.org)

Assessment Rubric

To earn this micro-credential, you must receive a “passing” score for Parts 1, 2 and 3. 

Part 1: Identification and implementation of the Activity

Describe the activity (up to 1 page) including these details:

  1. Intended grade levels

  2. Intended prior experience recommended for students

  3. Approximate time needed to implement the lesson.

  4. Engagement or warm-up activity

  5. Key take aways. Describe what students will be able to do upon completion of the lesson.

  6. Source of the activity (or reference sources used to create the activity) with a description of any adaptations made.

  7. Alignment to standards

  8. Differentiation and instructional supports

  9. Assessment

I. Alignment to the K12 Cyber Standards

The lesson aligns with the letter and spirit of the MD K-12 Cyber Standards: 


___ Aligns to Cyber Standards

  •  Targets grade level K12 Cyber Standard(s) to the full depth of the standards for teaching and learning.  

  • Cyber practices central to the lesson are identified, handled in a grade appropriate way, and connected to the content being addressed. 

____ Integrates concepts and practices

  •  into meaningful experiences for students, rather than solely focus on the concepts 

  • Provides significant content.

  • Offers opportunities for creative expression.

  • Includes socially relevant and culturally situated contexts.I

II. Instructional Supports

The lesson/unit is responsive to varied student learning needs:  

___ Clarity: 

  • Includes clear and sufficient guidance to support teaching and learning of the targeted standards (e.g. identifies a specific threat and how to model the strategies to respond to the threat)

  • Uses and encourages precise and accurate language, terminology and concrete or abstract representations in the discipline.  

  • Instructional expectations are easy to understand and use.  

  • Provides requisite background knowledge for teachers and students

___ Engagement

  • Engages students in productive struggle through relevant, thought-provoking questions, problems and tasks that stimulate interest and elicit critical thinking.  

  • Allows students to demonstrate their understanding of the cyber concepts independently or collaboratively.  

  • Demonstrates an effective sequence and a progression of learning.

 ___ Differentiation

  • Provides appropriate level and type of scaffolding, differentiation, intervention and support for a broad range of learners.

  • Supports diverse cultural, language skills, interests, and styles. 

  • Provides support for students working below grade level.  

  • Provides extensions for students who are ready for more.  

  • Offers a mix of instructional approaches for a variety of learners such as multiple representations (e.g., including models, using a  range of questions, checking for understanding, flexible grouping, pair-share).

III. Assessment

The lesson/unit assesses whether students are mastering standards-based content and skills: 


___ Student assessment

  • Is designed to elicit direct, observable evidence of the degree to which a student can independently demonstrate the targeted cyber standards. 

  • Uses methods that are accessible and unbiased to determine student proficiency, including the use of grade level language in student prompts.  

  • Makes use of project-based or portfolio-based assessment methods to authentically measure performance

___ Teacher supports

  • Includes aligned rubrics, answer keys and scoring guidelines that provide sufficient guidance for interpreting student performance.  

  • Use varied modes of curriculum-embedded assessments that may include pre-, formative, summative and self-assessment measures. 

___ Collaboration options

  • Assess students’ ability to communicate the activity’s significance and development process, including collaboration among members 

View Creative Commons Attribution 3.0 Unported License at http://creativecommons.org/licenses/by/3.0/. Educators may use or adapt. If modified, please attribute EQuIP

Passing

The activity and associated practice(s) are clearly described, meaning that student and teacher actions at each stage of the activity are detailed. Citations are provided for any resources used or adapted for the activity.

Not Passing

Submission does not meet requirements.

Part 2: Work examples and artifacts

Submit a video (5-7 minutes in length) that demonstrates highlights of the lesson. You can either record yourself teaching the lesson, record your students engaging in an activity in the lesson, or record your comments while commenting on anonymized student work submitted for the lesson. Your video should capture evidence of at least two of the three aspects (threat modelling, adversarial thinking, and risk assessment) in detail.

Passing

Video demonstrates appropriately structured activities in the educator’s classroom, evidenced by showing at least two of the 3 elements within the video. Strong evidence of one or more of the three practices of threat modelling, adversarial thinking, and risk assessment.

Almost Passing

Video does not fully demonstrate activities, or activities are not appropriately structured. Some evidence of one or more of the three practices of threat modelling, adversarial thinking, and risk assessment.

Not Passing

Incomplete or missing video artifact. No evidence of one or more of the three practices of threat modelling, adversarial thinking, and risk assessment.

Part 3: Reflection

Provide a written reflection (up to 500 words) on what you learned from implementing the risk and threat activities, including at least two of the following questions:

  1. What was the impact of implementing your activity with your class? How successful was the activity? Provide evidence to support your answer.

  2. What challenges did you face when implementing this activity? How might you address those challenges for the future?

  3. How well did this activity fit into your lesson cycle? How might you incorporate this activity or related activities on these concepts into your teaching practice in the future?

  4. Do you feel that the students will be able to transfer what they learned through this activity to other tasks? Why or why not?

Passing

Reflection clearly indicates how the activity affected both the students and the educator, including changes to the educator’s pedagogical practices. The reflections are specific and supported by examples. Evidence of success includes student work or the results of formative or summative assessments. Reflection mentions the activity in the broader context of a lesson cycle or unit. Educator includes details of transferable skills, using evidence from classroom artifacts or behaviors.

Not Passing

Incomplete or missing video artifact. No evidence of one or more of the three practices of threat modelling, adversarial thinking, and risk assessment.