Unit Number:

Y/618/3631

Level:

Level 1

Credit Value:

6

GLH:

48

Unit Aim:

Learners will learn about cybercrime and the risks and effects it has on individuals and organisations. They will understand routine protective methods used to maintain cybersecurity including the principles of vulnerability and penetration testing and user access control.

Assessment Guidance:

N/A

Grading Guidance:

N/A

 LEARNING OUTCOMES

 ASSESSMENT CRITERIA

The learner will:

The learner can:

1    Know about cybercrime.

• Identify different forms of cybercrime and possible motives.
• Outline how cybercrime can affect individuals and organisations.
• Describe the tactics cybercriminals use to defraud people.

Common forms of cybercrime and motives:

• Phishing: using fake email messages to get personal information
• Stealing/misusing personal information (identity theft)
• Hacking: accessing, shutting down or misusing websites, networks and IT systems
• Advocating terrorism-related acts
• Email and internet fraud
• Theft of financial or card payment data
• Theft and sale of corporate data
• Cyberextortion (demanding money to prevent a threatened attack)
• Ransomware attacks
• Denial-of-Service (DoS) attack

• Cryptojacking (where hackers mine cryptocurrency using resources they do not own)
• Cyberespionage (where hackers access government or company data)

AC 1.3:

• Social engineering: relies on human instinct of trust, carefully worded email, voicemail, or text message from a cybercriminal can convince people to transfer money, provide confidential information, or download a file that installs malware.

Tactics to defraud:

• Phishing: tactics include deceptive emails, websites, and text messages to steal information.
• Spear phishing: email is used to carry out targeted attacks against individuals or businesses.
• Baiting: an online and physical social engineering attack that promises the victim a reward.
• Malware: victims are tricked into believing that malware is installed on their computer and that if they pay, the malware will be removed.
• Pretexting: uses false identity to trick victims into giving up information.
• Vishing: urgent voice mails convince victims they need to act quickly to protect themselves from arrest or other risk.
• Learners could refer to a ‘real world’, for example, by looking at each other’s social media accounts to identify information that could potentially be used to defraud their peers.

2    Know about protective methods to maintain cybersecurity.

• ·Identify routine importance of cybersecurity testing.
• ·State the importance of cybersecurity testing.
• ·Set up user access controls.

AC 2.1

• Protective methods: practicing diligence, installing appropriate anti-virus software, installing other appropriate security software, turning on firewall, protecting personal information, browser safety, client software, frequent and regular updating, care with email attachments, not opening pop ups, avoiding emails from unknown sources, not visiting suspect sites, anti-malware software, use and protection of passwords, data protection (personal/financial information), restricting access, regular backups.

AC 2.2:

• Cyber security testing: measures the effectiveness of security measures against a potential attack, can be manual or automated, vulnerability testing to reduce the possibility for intruders (hackers) to get unauthorised access, penetration testing (ethical hacking).
• Purpose: to test an IT system, network or web application to find security vulnerabilities that a cybercriminal could exploit.

AC 2.3:

• User access controls: learners could do this by setting up user access control on a network or operating system. For example, a cloud based application could be used to set up shared folders, learners could set various permissions, including some with restricted access.

3    Know about legislation and codes of conduct related to cybersecurity.

3.1    Identify protections for and responsibilities of individuals and organisations as set out in key legislation.