-
Notifications
You must be signed in to change notification settings - Fork 11
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Amanda on Mona
committed
Feb 16, 2018
1 parent
f7abfc4
commit c3c985b
Showing
1 changed file
with
44 additions
and
136 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,159 +1,67 @@ | ||
| NOTE: Each individual lesson plan should be written up in its own | ||
| document here inside the "Chapter 2" directory. The easiest way to get | ||
| started is probably copying from the Lesson Plan Template here: | ||
| [*https://drive.google.com/open?id=1bByrJ2s2cKh-h6XvSFkFz91xCiSmW4rejz1gSbmM6pw*](https://drive.google.com/open?id=1bByrJ2s2cKh-h6XvSFkFz91xCiSmW4rejz1gSbmM6pw) | ||
| NOTE: Each individual lesson plan should be written up in its own document here inside the "Chapter 2" directory. The easiest way to get started is probably copying from the Lesson Plan Template here: [*https://drive.google.com/open?id=1bByrJ2s2cKh-h6XvSFkFz91xCiSmW4rejz1gSbmM6pw*](https://drive.google.com/open?id=1bByrJ2s2cKh-h6XvSFkFz91xCiSmW4rejz1gSbmM6pw) | ||
|
|
||
| This document can serve as a table of contents/guide to the lessons in | ||
| this section, with a bit of preceding documentation on what to expect | ||
| from the lesson plans. | ||
| This document can serve as a table of contents/guide to the lessons in this section, with a bit of preceding documentation on what to expect from the lesson plans. | ||
|
|
||
| **Working structure for this chapter document** | ||
|
|
||
| - Introduction/how we’ve grouped these lessons | ||
|
|
||
| - What you’ll find inside a lesson plan | ||
| - MVP curriculum -- suggested set of lessons to get a newsroom started? | ||
| - Lessons | ||
| - Threats to understand | ||
| - Things you can do to improve your personal security | ||
| - Basic | ||
| - Advanced | ||
| - Things your newsroom can do to improve institutional security | ||
|
|
||
| - MVP curriculum -- suggested set of lessons to get a newsroom | ||
| > started? | ||
|
|
||
| - Lessons | ||
| LESSONS and LINKS | ||
|
|
||
| <!-- --> | ||
| [***Connected App Hygiene***](https://docs.google.com/document/d/1ubihg-KeA-NGh7WvVOwOCuOo85PGg8bxn6RuvhTiaNM): 10 minutes, group activity | ||
|
|
||
| - Threats to understand | ||
| In this lesson, participants will learn how to check which third-party applications have access to their Gmail, Twitter, Facebook, and Github accounts. | ||
|
|
||
| - | ||
| [***Digital Literacy***](https://docs.google.com/document/d/19T_bl3iXRv-slGxFGAbMc0mHse_JN8_e05vzJ-vVpUk): This is an overview of basic concepts for digital literacy: what is a network, what is encryption, what is authentication, what is a computer? | ||
|
|
||
| - Things you can do to improve your personal security | ||
| [***Games & Activities***](https://docs.google.com/document/d/1GjvdLxs0EPhCNHNrq7f7uz-hcRMOAmiaQReUYOkuyvI): These are examples of games and activities for groups to learn about key concepts, such as how cell phone towers work. | ||
|
|
||
| - Basic | ||
| [***How to Set Up Signal***](https://drive.google.com/open?id=1cP1aELuoi2sbGkgvheX8Vhsj3Hg3RAySs-Gs03Bw-tU): 15-30 minutes, walkthrough and group activities | ||
|
|
||
| - | ||
| In this lesson, participants should have already locked down their mobile device and are now ready to install a secure messaging system called Signal. They will install Signal, learn how to review their setting for maximum protection, and practice messaging other users. This lesson is intended to be taught third, following Mobile Applications Security Settings (first) and Locking Down Your Mobile Device (second). | ||
|
|
||
| - Advanced | ||
| [***Locking Down Your Mobile Device***](https://docs.google.com/document/d/17wZNXEMwmpNQVq55Jq02jyjYEPmLyhcS0ytQHAsRbNc): 20-30 minutes, demonstration and walkthrough | ||
|
|
||
| - | ||
| In this lesson, participants will learn how to "lock down" their mobile device by creating a secure passcode for unlocking the phone and preparing the device for installation and use of a secure messaging system. This lesson should be paired with Mobile Applications Security Settings (first) and How to Set Up Signal (third). | ||
|
|
||
| - Things your newsroom can do to improve institutional security | ||
| [***Mobile Applications Security Settings***](https://drive.google.com/open?id=1UBN6Xri5Lz-hCoWS1YieAIgTeH75jt19RZofQCC1xdA): | ||
| 20-30 minutes, demonstration and walkthrough | ||
|
|
||
| - | ||
| In this lesson, participants will review the permissions they have granted to third-party applications on their mobile device. They will also learn to consider how applications may be using their data and different aspects of their mobile device (location services, microphone, camera). | ||
|
|
||
| LESSONS and LINKS | ||
| [***Passwords and 2FA***](https://drive.google.com/open?id=18WHq-2e8_F6vYwkOazQeXqcTLUmB9y_eeLlq27c3J-U): 60-90 minutes, workshop and walkthrough | ||
|
|
||
| [***Connected App | ||
| Hygiene***](https://docs.google.com/document/d/1ubihg-KeA-NGh7WvVOwOCuOo85PGg8bxn6RuvhTiaNM): | ||
| 10 minutes, group activity | ||
|
|
||
| In this lesson, participants will learn how to check which third-party | ||
| applications have access to their Gmail, Twitter, Facebook, and Github | ||
| accounts. | ||
|
|
||
| [***Digital | ||
| Literacy***](https://docs.google.com/document/d/19T_bl3iXRv-slGxFGAbMc0mHse_JN8_e05vzJ-vVpUk): | ||
| This is an overview of basic concepts for digital literacy: what is a | ||
| network, what is encryption, what is authentication, what is a computer? | ||
|
|
||
| [***Games & | ||
| Activities***](https://docs.google.com/document/d/1GjvdLxs0EPhCNHNrq7f7uz-hcRMOAmiaQReUYOkuyvI): | ||
| These are examples of games and activities for groups to learn about key | ||
| concepts, such as how cell phone towers work. | ||
|
|
||
| [***How to Set Up | ||
| Signal***](https://drive.google.com/open?id=1cP1aELuoi2sbGkgvheX8Vhsj3Hg3RAySs-Gs03Bw-tU): | ||
| 15-30 minutes, walkthrough and group activities | ||
|
|
||
| In this lesson, participants should have already locked down their | ||
| mobile device and are now ready to install a secure messaging system | ||
| called Signal. They will install Signal, learn how to review their | ||
| setting for maximum protection, and practice messaging other users. This | ||
| lesson is intended to be taught third, following Mobile Applications | ||
| Security Settings (first) and Locking Down Your Mobile Device (second). | ||
|
|
||
| [***Locking Down Your Mobile | ||
| Device***](https://docs.google.com/document/d/17wZNXEMwmpNQVq55Jq02jyjYEPmLyhcS0ytQHAsRbNc): | ||
| 20-30 minutes, demonstration and walkthrough | ||
| In this lesson, participants will learn how to protect their online accounts by choosing a secure password, apply that password to their primary email account, and enable two-factor authentication. | ||
|
|
||
| In this lesson, participants will learn how to "lock down" their mobile | ||
| device by creating a secure passcode for unlocking the phone and | ||
| preparing the device for installation and use of a secure messaging | ||
| system. This lesson should be paired with Mobile Applications Security | ||
| Settings (first) and How to Set Up Signal (third). | ||
| [***Phishing Basics***](https://drive.google.com/open?id=1Y8-HNr3fen-trxzlMbutiCqHZiV1OJqfIdFTAlkzv3Q): 45 minutes, workshop | ||
|
|
||
| [***Mobile Applications Security | ||
| Settings***](https://drive.google.com/open?id=1UBN6Xri5Lz-hCoWS1YieAIgTeH75jt19RZofQCC1xdA): | ||
| 20-30 minutes, demonstration and walkthrough | ||
| In this lesson, participants will be asked to develop a stronger awareness of phishing and spear-phishing attacks. They will learn how these attacks work, including different techniques attackers may use. This workshop will teach basic safety techniques and introduce tools that may reduce the probability of being attacked. | ||
|
|
||
| [***Physical Custody and Disk Encryption***](https://docs.google.com/document/d/1TP32QtkQGqR1xDRn5wn7OOEkTKDl0Bg_A9ZtgFP0wvI): **TK minutes**, workshop | ||
|
|
||
| In this lesson, participants will learn strategies for protecting their devices and data in the event of temporary and permanent custody loss situations (Officials taking a device at the border versus a laptop being stolen). Trainer will discuss risks associated with various scenarios and introduce strategies for mitigating many of those risks. | ||
|
|
||
| [***Pre-training Survey for Trainers and Newsrooms***](https://docs.google.com/document/d/1-Fss4doRtbCfX1jgLVEUm4qPcKqtkW38UxIJEhzY5V0): 60-90 minutes, interview-style | ||
|
|
||
| This resource is for trainers to engage with the newsroom leadership and IT leadership before developing the training and workshops. This allows the trainer to get the lay of the land, learn about the technology infrastructure in place, and see how the key leadership teams are communicating. | ||
|
|
||
| [***Scrubbing Metadata: a low-fi method***](https://docs.google.com/document/d/1MS9MoeXmXw_TYOmjXto9mvg-EROL5vds2sl5zytQTZk): 30 minutes, small group discussion and partner activity | ||
|
|
||
| In this lesson, participants will be introduced to the concept of metadata for document and image files. The trainer will lead a short discussion about why journalists would want to strip out sensitive metadata and why sources may give journalists documents and image files that have the metadata removed. Participants will then work in pairs to practice removing metadata from a document and an image file. | ||
|
|
||
| [***Secure Tip Pages***](https://docs.google.com/document/d/1qo-GeMES_W0CQiqqr4wkgaXiX9_9n-J3oXEvKMiH4bU): 60+ minutes, intended for leadership or administrators | ||
|
|
||
| In this lesson, trainers are able to help a news organization set up a secure tip page, or a resource for sources who may want to leak confidential information with the newsroom. This lesson includes how to contact a newsroom, tips for sources for maintaining their own anonymity, and discusses common secure channels and their various tradeoffs. | ||
|
|
||
| [***Training Newsrooms on Two-Factor Authentication***](https://docs.google.com/document/d/1LrFfI1Y18U4eTCiDMZ0Lz1Cc4wwK8tkVJWbZ6ZRMYYo): TK minutes, workshop and walkthrough | ||
|
|
||
| In this lesson, participants will review the permissions they have | ||
| granted to third-party applications on their mobile device. They will | ||
| also learn to consider how applications may be using their data and | ||
| different aspects of their mobile device (location services, microphone, | ||
| camera). | ||
|
|
||
| [***Passwords and | ||
| 2FA***](https://drive.google.com/open?id=18WHq-2e8_F6vYwkOazQeXqcTLUmB9y_eeLlq27c3J-U): | ||
| 60-90 minutes, workshop and walkthrough | ||
|
|
||
| In this lesson, participants will learn how to protect their online | ||
| accounts by choosing a secure password, apply that password to their | ||
| primary email account, and enable two-factor authentication. | ||
|
|
||
| [***Phishing | ||
| Basics***](https://drive.google.com/open?id=1Y8-HNr3fen-trxzlMbutiCqHZiV1OJqfIdFTAlkzv3Q): | ||
| 45 minutes, workshop | ||
|
|
||
| In this lesson, participants will be asked to develop a stronger | ||
| awareness of phishing and spear-phishing attacks. They will learn how | ||
| these attacks work, including different techniques attackers may use. | ||
| This workshop will teach basic safety techniques and introduce tools | ||
| that may reduce the probability of being attacked. | ||
|
|
||
| [***Physical Custody and Disk | ||
| Encryption***](https://docs.google.com/document/d/1TP32QtkQGqR1xDRn5wn7OOEkTKDl0Bg_A9ZtgFP0wvI): | ||
| **TK minutes**, workshop | ||
|
|
||
| In this lesson, participants will learn strategies for protecting their | ||
| devices and data in the event of temporary and permanent custody loss | ||
| situations (Officials taking a device at the border versus a laptop | ||
| being stolen). Trainer will discuss risks associated with various | ||
| scenarios and introduce strategies for mitigating many of those risks. | ||
|
|
||
| [***Pre-training Survey for Trainers and | ||
| Newsrooms***](https://docs.google.com/document/d/1-Fss4doRtbCfX1jgLVEUm4qPcKqtkW38UxIJEhzY5V0): | ||
| 60-90 minutes, interview-style | ||
|
|
||
| This resource is for trainers to engage with the newsroom leadership and | ||
| IT leadership before developing the training and workshops. This allows | ||
| the trainer to get the lay of the land, learn about the technology | ||
| infrastructure in place, and see how the key leadership teams are | ||
| communicating. | ||
|
|
||
| [***Scrubbing Metadata: a low-fi | ||
| method***](https://docs.google.com/document/d/1MS9MoeXmXw_TYOmjXto9mvg-EROL5vds2sl5zytQTZk): | ||
| 30 minutes, small group discussion and partner activity | ||
|
|
||
| In this lesson, participants will be introduced to the concept of | ||
| metadata for document and image files. The trainer will lead a short | ||
| discussion about why journalists would want to strip out sensitive | ||
| metadata and why sources may give journalists documents and image files | ||
| that have the metadata removed. Participants will then work in pairs to | ||
| practice removing metadata from a document and an image file. | ||
|
|
||
| [***Secure Tip | ||
| Pages***](https://docs.google.com/document/d/1qo-GeMES_W0CQiqqr4wkgaXiX9_9n-J3oXEvKMiH4bU): | ||
| 60+ minutes, intended for leadership or administrators | ||
|
|
||
| In this lesson, trainers are able to help a news organization set up a | ||
| secure tip page, or a resource for sources who may want to leak | ||
| confidential information with the newsroom. This lesson includes how to | ||
| contact a newsroom, tips for sources for maintaining their own | ||
| anonymity, and discusses common secure channels and their various | ||
| tradeoffs. | ||
|
|
||
| [***Training Newsrooms on Two-Factor | ||
| Authentication***](https://docs.google.com/document/d/1LrFfI1Y18U4eTCiDMZ0Lz1Cc4wwK8tkVJWbZ6ZRMYYo): | ||
| TK minutes, workshop and walkthrough | ||
|
|
||
| In this lesson, participants will be introduced to three types of | ||
| multi-factor authentication: SMS, authentication apps, and security | ||
| keys. Trainers will discuss the relative merits of each method and | ||
| provide a demonstration for setting up each type. | ||
| In this lesson, participants will be introduced to three types of multi-factor authentication: SMS, authentication apps, and security keys. Trainers will discuss the relative merits of each method and provide a demonstration for setting up each type. |