Lesson Plan: Chapter 12

Connecting to CSTA Standards

GradesConceptSubconceptStandard NumberPractice
6-8Impacts of ComputingSafety Law & Ethics2-IC-23Communicating About Computing: 7.2

Describe tradeoffs between allowing information to be public and keeping information private and secure.

Sharing information online can help establish, maintain, and strengthen connections between people. For example, it allows artists and designers to display their talents and reach a broad audience. However, security attacks often start with personal information that is publicly available online. Social engineering is based on tricking people into revealing sensitive information and can be thwarted by being wary of attacks, such as phishing and spoofing.

Learning Outcomes/Goals

In this chapter, an elderly turtle shows his PII to the narrator, in a naive attempt to get a library card. This type of sharing invites problems due to the lack of security around personal credentials. Use the questions in this chapter to determine the kind of information that should be shared online, and what shouldn't. Interesting discussions can arise when discussing things like sharing facial images, fingerprints, and IDs. Think in particular about how older adults are targeted in scams. Students can compare the experiences of elders in their community with their own, online. They are directed to draw a cartoon strip of ways to address and prevent the various types of attacks, and then to produce a training video to educate elders in their communities.

Differentiated Instruction

Lower level studentsHigher level students
Can complete the comic and collaborate or work individually to create a videoCan connect the comic to the video asset and present both to elders in their communities.

Transfer Learning

While social engineering attacks impact the elders in a community, everyone is at risk. Students can research groups of people or institutions that undergo attacks, and demonstrate how they are thwarted. Alternately, they can demonstrate the damage that occurs when such an attack is successful.


  • Phishing: A social engineered cyberattack created by hackers to fool victims into revealing personal information that can then be exploited.
  • PII: Personally-identifiable information, or data that can be associated with a given person, such as a social security number.
  • Social engineering: A term covering the techniques used to trick people into revealing their personal information over the internet, often used for hacking into accounts and theft.
  • Spear phishing: A highly targeted attack to steal information or corrupt the devices of its victims. Since it targets specific individuals, it requires accessing their personal information.
  • Spoofing: A type of cyberattack designed to impersonate an individual.


Students in this chapter are tasked with learning what kind of PII should, and should not, be shared online. They can be assessed on their grasp of their local laws, compared with international standards.

Research three ways that your local and national laws define PII and how to protect it. Then, compare it wtih an international law.Write a summary of five different types of privacy laws and how they address given privacy breach risks.

Quiz Answers

Q1: Phishing involves:

a. Misdirected emails

b. Emails from anonymous sources

c. Emails from sources who are not who they say they are

Q2: PII stands for personally identifiable information.

a. True

b. False

Q3: The GDPR allows for a user to:

a. Object to using their data for marketing purposes

b. Transfer their data from one system to another

c. Both of these

More Resources/Materials

Assignment and Rubric: A Training Manual

Now that you have a video instructional guide, work with an older individual in your community to help train them on how to protect themselves from phishing, spoofing, and social engineering attacks. Send them the video or watch it with them and ask for their feedback. Work with them to talk to their friends, perhaps in your local community center for older individuals. Get their thoughts on how to make your training manual more useful. With their feedback, add another element to your training guide, perhaps by building a small website, having your police department include your video on their website, or writing up a pamphlet, cartoon, or brochure to accentuate your training.

ExemplaryAdequateNeeds Improvement
The student works with local law enforcement to research attacks that have happened in the community and how they recommend addressing them, build a training manual, and record a video that they then present to their community.The student does two of these elementsThe student only does one of these elements.

*tip: prior to saving as a PDF, select the 'light' mode at the top using the 'sun' icon.