Cybersecurity Ethics Education for Students
Imagine your high school student getting behind the wheel of your family car. What if the student has NO driver’s education, not from the family, not from a driver’s education course or school, not even understanding the regulations that surround driving a car. She knows how to start the car. He knows the difference between the accelerator and the brake. She knows that turning the steering wheel to the right turns the car to the right and turning it to the left turns the car to the left.
The student gets out on the road and, not knowing to watch for pedestrians, hits and severely injures someone. The driver, the family, the pedestrian, the pedestrian’s family, the police and the lawyers are all affected. Trauma ensues among all these parties and the tale can take a long time to end. The student learning the rules of the road first might have prevented all this.
What does this have to do with cybersecurity education, ethics or even etiquette? Posting something on offensive, abusive or provocative on a social network is a similar cybersecurity issue. All of a sudden, you have hurt feelings. Police and lawyers could become involved. People might actually cause physical harm to your child, another child or an adult. Trauma and emotional if not bodily harm is inflicted. It is not driving a multi-ton vehicle, but the damage could be very real.
Comparison of Driver Training to Social Networking Training
In driver training, Student drivers are afforded the following:
- Rules/regulations of the road (per state and federal regulations)
- A parent or adult riding with them until they get their license
- A test to verify that the training was comprehensive enough to establish the safety of the driver
- A refresher course should the driver face some challenges and violate the rules of the road
- A daily reminder that the driver is just one of many on the road and some consideration/etiquette is essential
- The removal of driving privileges should the driver ignore or wantonly disregard the rules of the road
This is what most students performing social networking get in the way of training and/or certification prior to using the technology:
- Nothing (unless they are brought to legal action or their parents take a very active role in the rehabilitation)
Other than some courses on cybersecurity that show how vulnerable systems are and how to defeat them, there are very few courses that actually address the ethics that accompany having a social networking account.
Cybersecurity Ethics Course Objectives
As a form of prevention (or remediation as the case may be), I want to offer some skeletal outlines and objectives for courses that could prevent many of the events happening in social networking (most of which are not even or ever reported).
- Teach students to comprehend their roles in the social network environment and the impact of just one post (visuals can be included here)
- Instruct students to prevent themselves from violating the mores of social networking or computer security including “piggy-backing” or “shoulder surfing”
- Educate students to detect someone “piggy-backing” or “shoulder surfing” and deter that person from doing so
- Explain to students the impact of giving their password or user ID to unauthorized persons
- Enlighten students on the impact of posting information that, when used in conjunction with publicly known information, could result in identity theft or worse
- Ask students to list different ethical considerations of posting something on social networking including copyright protected information, intellectual property information, personal Information (including someone else’s birthday or other personal information), testing information, information on how to crack passwords or hack others’ accounts and password or other identifying information on another account that could help a “black hat” hack a site or a user identification
- Teach students social networking etiquette in response to specific situations or scenarios including:
- Public use of technology
- Use of technology while participating in a live social event
- Use of technology while in class or conducting a study group
- Use of technology while driving, mowing the lawn or performing another function that could lead to distraction and destruction
- Have students list the problems associated with the misuse of social networking posts, passwords, or the illegal use of another person’s identity
Although this is not an exhaustive list of objectives, it serves as a starting point for those that need a place to begin. In addition, I tried to have these objectives comply with the Bloom’s Taxonomy, specifically trying to have them meet the “application” stage, which would give the student more than a “memorization” scheme.
The curriculum of a cybersecurity ethics course can be either classroom or online, with the online course possibly being mobile based to give the student a more realistic look at the different situations that could exist in their social networking.