This graphic shows how the skills needed to produce high standard are progressively developed from step one through to progression step five. Use this when planning activities to ensure that progression in skills and the appropriate level of challenge are central to any task.
In an increasingly interconnected world, the importance of students learning cybersecurity extends beyond individual awareness to societal resilience. Cyber threats pose a constant risk to personal privacy, sensitive data, and critical infrastructure. By cultivating cybersecurity skills, students become adept at understanding and mitigating these threats, contributing to a safer digital landscape. This knowledge is not only crucial for protecting their own online presence but also for addressing broader issues such as data breaches, ransomware attacks, and cyber warfare.
Furthermore, as technology becomes integral to various industries, cybersecurity proficiency is a valuable asset in the job market. Students equipped with cybersecurity know-how are better positioned to navigate the evolving digital landscape and play pivotal roles in securing the future of technology. Ultimately, fostering a cybersecurity mindset among students is an investment in both individual well-being and the collective security of our increasingly digitised society.
Top Tips
Mix it up!
Consider using a variety of scenarios/case studies to inspire and enthuse students. Sometimes getting them to identify sources of information may be useful to engage with them.
USE PESTLE
Use a PESTLE (political, economic, social, technology, legal and environmental) analysis before discussions to draw out points that can be referenced and argued.
Cybok
Use the Cybok Knowledgebase to support the understanding of advanced knowledge and techniques.
Get Practical
Where you can introduce practical and interactive resources which can be paper based or online.
Involve industry
Bring industry experts to support in curriculum and resource development. They can provide opportunities that can inspire and challenge.
Here are some Websites and resources that you can use to develop cyber security skills. These are a small selection - there are MANY more available. It is essential that you select the applications and software that is suitably matched to the learner's stage and that each learner experiences a range of these applications as they apply and develop their digital skills.
PS1 - Cyber Hygiene
What does good look like?
Pupils having an awareness of the information that can be collected, used and created by themselves and others.
How about...
Guess who: A class activity where pupils share and collect information about their favourite things and use this to guess who they are talking about.
Skills & Knowledge
Cyber Hygiene
Pupils are aware of what a password is and why it might be used. Pupils can create and use password independently.
Threats to cyber security
Pupils are aware that others might want to see/use information about them.
Networking
Pupils understand that devices are connected, and that data can be communicated using a network.
PS2 - Cyber awareness
What does good look like?
Students should possess an understanding of the information that can be gathered, utilised, and generated by themselves and their peers. It is essential for students to engage in discussions regarding this information and recognise its significance both personally and for others.
How about...
Caesar cipher activity involving the encryption and decryption of simple messages in a classroom environment. Use resources such as National Geographic Cryptography Wheel to explore cryptography methods.
Use problem solving games to develop critical and analytical thinking linked to the topics listed.
IT scavenger hunt around school identifying devices (computer systems, networked devices, networks, connection types, IoT etc.) of their school/other context and representing them in a graphic (inputs, processing and output)
Skills & Knowledge
Cryptography
Pupils are aware of what cryptography is and why it is used. Pupils use cryptography with messages.
Protection methods
Pupils are aware of what makes a strong password and the importance of keeping the information secure and memorable for use. Pupils create and independently use passwords across different systems/devices.
Attackers, motivations, and methods
Pupils are aware that there may be people who would want to use/steal their sensitive information.
Cyber Hygiene
Pupils are aware of the importance of protecting their information and the different forms passwords can come in
Pupils are aware of Digital footprints- data they are sharing and what is being generated about them/others and how it could be used.
Targets
Pupils are aware of targets for cyber security threats
Cyber security, its importance and use
Pupils are aware of what cyber security is. Pupils are aware of the importance of cyber security to protect data.
Other
Pupils are aware of what a computer system is. Pupils are aware of the differences between a computing system and a network. Pupils are aware of the Internet of Things.
PS3 - Cyber Security Fundamentals
What does good look like?
At this stage, students should actively explore diverse scenarios and case studies to enhance their comprehension of key topics. Emphasis is placed on mastering the CIA triad and honing skills through varied learning activities. The primary focus is on deepening understanding of attack vectors, protection measures, impacts, and legislation related to cyber incidents. Utilise a wide range of contexts to foster meaningful discussions and enhance learning through practical skill development using a variety of websites/games.
How about...
Cybersecurity Incident Analysis: Task students with analysing real-world cybersecurity incidents or case studies. Discuss the root causes, the impact on organisations, and the subsequent risk management strategies employed.
Interactive Simulation Games: Utilise cybersecurity simulation games or online platforms that allow students to experience and respond to simulated cyber threats. This hands-on approach enhances practical skills in a controlled environment. For example, you could use the Cyber Skills Live Website to learn about different attack vectors.
Skills & Knowledge
Cryptography
Pupils are aware of different cryptographic methods and the benefits and drawbacks of their use. Pupils are aware of the differences between symmetric and public key encryption. Pupils are able to use different cryptographic methods. Pupils are able to solve challenges/problems linked to cryptographic methods
Attack vectors
Pupils can describe attack vectors including their limitations and impacts on a computer system/network. Pupils are able to solve challenges/problems linked to attack vectors.
Protection methods
Pupils can describe protection methods and how they can be used to mitigate attack vectors. Pupils are able to solve challenges/problems using protection methods.
Attackers, motivations and methods
Pupils are aware of the types of attackers, their motivations and attack vectors they use.
Cyber Hygiene
Pupils are aware of the benefits and limitations of different passwords forms.
Threats to cyber security
Pupils are aware of different threats to cyber security and can describe why they are of interest to attackers
Targets
Pupils are aware of different targets for cyber security threats and can explain why they are targets.
Impacts of cyber security incidents
Pupils are aware of a wide range of impacts of a cyber security incident. Pupils are able to analyse a scenario and be able to identify the impacts of a cyber security incident.
Other
Pupils are aware of the differences between authentication and verification. Pupils can outline metadata and internet cookies and how they can be used in a cyber security incident. Pupils can describe how the Internet of Things works and some potential cyber security threats to the devices and network.
PS4 - Cyber Security in Practice
What does good look like?
At this stage, students are urged to deepen their comprehension of the causes and mechanisms behind cybersecurity incidents, as well as the broader implications and risk management procedures involved. Skill refinement should persist through interactive platforms, with a heightened focus on selecting tools and techniques for effective mitigation and protection. Furthermore, students should delve into the specified topics within the realm of networks and broader computer systems, encompassing domains such as OT, IoT, and AI.
How about...
Tool Selection Workshop: Conduct a workshop where students explore and select cybersecurity tools for specific scenarios. This exercise encourages critical thinking about the appropriateness and effectiveness of various tools in different contexts. For example, you could use CyberChef or develop an application to learn about cryptography.
Network Security Project: Assign students a project to investigate and implement security measures in a networked environment. This could involve securing traditional networks as well as exploring the security challenges associated with OT, IoT, and AI systems. For example, get students to setup a simple network and undertake a capture the flag activity.
Skills & Knowledge
Cryptography
Pupils are aware of advanced cryptographic techniques. Pupils identify the benefits and limitations of advanced cryptographic techniques.
Attack vectors
Pupils are aware of different attack vectors and their use within the TCP-IP 5 layer model. Pupils are able to solve challenges/problems linked to attack vectors.
Protection methods
Pupils can identify some impacts of a protection method being used by an individual/group/organisation. Pupils are able to solve challenges/problems using protection methods.
Attackers, motivations, and methods
Pupils describe types of attackers, their motivations and attack vectors they use. Pupils are able to analyse a scenario and be able to discuss attackers, motivation and methods.
Cyber hygiene
Pupils are aware of what MFA is and its purpose to protect a computer system/network. They can outline the different methods used in MFA.
CIA Triad
Pupils are aware of the CIA triad and its use in finding vulnerabilities and methods for creating solutions to cyber security problems. Pupils are able to compare and analyse scenarios using the CIA triad to find vulnerabilities and solutions to problems.
Threats and impacts to cyber security
Pupils are aware of a wide range of impacts of a cyber security incident. Pupils are able to analyse a scenario and be able to identify the impacts of a cyber security incident.
Other
Pupils explain how legislation and/or ethics can be linked to a cyber security scenario. Pupils are aware of the differences between OT, IT, digital forensics and IoT. Pupils are aware cyber incidents leave a digital trail and that trail can be used to understand how an attack happened and the impact (law enforcement use). Pupils are aware of what incident response is and its purpose and benefits to an organisation/individual/group. Pupils are aware of testing and monitoring measures. Pupils are aware of what measures can be taken in risk management and outline methods of identifying vulnerabilities. Pupils are aware of ethical hacking and pen testing and its importance in identifying vulnerabilities of a computer system/network. Pupils are able to explain the benefits, limitations and dangers of IoT.
PS5 - Exploring the Cyber Security Ecosystem
What does good look like?
At this stage students are encouraged to explore advanced CyBok Knowledge Bases topics, conducting critical analysis and evaluation of cybersecurity incidents. The goal is to leverage this understanding to strengthen their proficiency in incident management and preparation for computer systems and networks. A key focus lies in comprehending how legislation influences the preparation, actions, and reactions to incidents, emphasising the pivotal role of legal frameworks in cybersecurity protocols.
How about...
Legislation reviews and analysis: Assign students specific cybersecurity incidents and have them analyse how existing legislation influenced the response and management of each incident. This could involve researching relevant laws and regulations.
Policy Analysis: Task students with analysing policies, and incident management processes. This promotes in-depth exploration and critical thinking. For example, learners could review processes designed by different types of organisations and evaluate their purpose and process.
Skills & Knowledge
Attack vectors
Pupils can explain attack vector characteristics including their limitations and impacts on a computer system and network. Pupils are able to solve challenges/problems linked to attack vectors.
Protection methods
Pupils can explain protection methods and how they can be used to mitigate attack vectors. Pupils are able to solve challenges/problems using protection methods.
Cyber hygiene
Describe contemporary processes that protect the security and integrity of data.
CIA Triad
Pupils can explain the CIA triad and its use in finding vulnerabilities and methods for creating solutions to cyber security problems. Pupils are able to compare and analyse scenarios using the CIA triad to find vulnerabilities and solutions to problems.
Other
Explain how relevant legislation impacts on security, privacy, data protection and freedom of information
Pupils can outline the differences between OT, IoT and IT and the threats and protection methods linked to these
Pupils understand measures used to protect against cyber security incidents
Pupils understand how to manage cyber security incidents
Pupils are able to use CyBok to be aware of some of these topics: Risk Management & Governance, Law & Regulation, Human Factors, Privacy & Online Rights, Malware & Attack Technologies, Adversarial Behaviours, Security Operations & Incident Management, Forensics, Cryptography, Operating Systems & Virtualisation Security, Distributed Systems Security, Authentication, Authorisation & Accountability, Software Security, Web & Mobile Security, Secure Software Lifecycle, Network Security, Hardware Security, Cyber-Physical Systems Security, Physical Layer & Telecommunications Security