Lesson Notes By Weeks and Term v3 - Senior Secondary 3
Security and Ethics
Download the Lessonotes Mobile Nigeria 2025 app for faster lesson access on Android and iPhone.
Security and Ethics
Download the Lessonotes Mobile Nigeria 2025 app for faster lesson access on Android and iPhone.
Subject: Computer & IT
Class: Senior Secondary 3
Term: 3rd Term
Week: 3
Theme: Computer Ethics
This page supports the lesson note with a companion video and a short classroom-ready summary.
For class groups and homework, share this lesson page so learners also get the summary, objectives, and full lesson context.
State sources of security breaches in computer network State preventive measures against security breaches State is sues of legal importance to consider when using ICT
Computer Ethics Legal Implication (Nigeria): The Nigerian Data Protection Regulation (NDPR) 2019 governs the processing of personal data. Organizations must obtain consent, protect data, and notify authorities in case of a breach. Individuals have rights regarding their data. Nigerian
Example: A hospital must ensure patient records are kept confidential and not shared without consent. A mobile network provider must protect subscribers' call records and personal details.
5. Copyright and Intellectual Property: Definition: Legal rights granted to creators of original works (literary, artistic, scientific) to control their use and distribution.
Legal Implication (Nigeria): Protected by the Nigerian Copyright Act. This extends beyond piracy to proper attribution and fair use. Nigerian
Example: A student must cite sources when using information from books or websites for their projects to avoid plagiarism, which is an ethical and often academic violation of copyright.
6. Netiquette (Network Etiquette): Definition: The set of customary rules for polite and considerate behavior in online environments. While not strictly legal, violations can lead to social consequences, account suspension, or contribute to harassment, which can be illegal. Nigerian
Example: Avoiding inflammatory language in online forums, respecting others' opinions on social media, not spreading misinformation.
3. Teaching and Learning Activities Phase 1: Introduction and Engagement (10 minutes)
Teacher Activity: Begins by asking students to share any personal experiences or stories they have heard about people losing money, accounts being hacked, or issues related to online fraud in Nigeria. Facilitates a brief class discussion on the importance of staying safe online.
Introduces the topic: "Security and Ethics in ICT." Student Activity: Students share experiences, listen to others, and participate in the discussion, reflecting on the relevance of the topic to their lives.
Phase 2: Concept Exploration (30 minutes)
Teacher Activity: Presents a simplified scenario (e.g., "Imagine your mobile banking app details are stolen. How could this happen?"). Systematically explains "Sources of Security Breaches" (Malware, Phishing, Hacking, Physical Theft, Insider Threats, Weak Passwords, Software Vulnerabilities, Natural Disasters) using clear definitions and relevant Nigerian examples. May use a whiteboard or flip chart to list key terms. Engages students with questions like "Have you ever received a suspicious email or text message promising something too good to be true?" Transitions to "Preventive Measures," explaining each strategy (Antivirus, Firewalls, Strong Passwords/MFA, Updates, Backups, Training, Physical Security, Encryption) with practical tips applicable in a Nigerian context (e.g., protecting JAMB profile, mobile money). Facilitates a brief group discussion where students suggest which preventive measures are most crucial for them personally.
Student Activity: Students listen attentively, take notes on key definitions and examples. Respond to teacher's questions and share their understanding. Participate in the group discussion, sharing opinions on preventive measures and their personal relevance.
Phase 3: Legal and Ethical Issues (25 minutes)
Teacher Activity: Introduces the concept of "Digital Citizenship" and the responsibilities that come with using IC
T. Explains "Issues of Legal Importance": Piracy, Hacking, and Cybercrimes (including different types like online fraud, identity theft, cyberstalking) with clear definitions and specific reference to the Nigerian Cybercrime Act 2015 where applicable. Discusses Data Privacy (NDPR) and Copyright as essential ethical and legal considerations. Shows a short (2-3 minute) news clip or reads a news report about a recent cybercrime incident in Nigeria (if available and appropriate). Divides students into small groups (3-4 per group) and assigns each group a scenario related to piracy, hacking, or cybercrime in Nigeria. Scenario
Examples: Group 1: A popular Nigerian musician discovers their new album is being illegally downloaded and distributed on several websites. What legal issue is this, and what can be done?
Group 2: A student gained unauthorized access to the school's online portal to change their grades. What legal issue is this, and what are the consequences?
Group 3: An individual receives an SMS asking for their bank details to claim a "COVID-19 relief fund" from the government. What kind of cybercrime is this, and what should the person do?
Student Activity: Students listen, take notes, and ask clarifying questions. Engage with the news Security and Ethics Term: 3rd Term Week: 10 ---
1. Overview and Learning Objectives This topic introduces students to the critical aspects of computer security and ethical considerations in the digital world. In an increasingly connected Nigeria, where online transactions, e-learning, and digital communication are commonplace, understanding how to protect information and behave responsibly online is paramount. This lesson will equip students with the knowledge to identify security threats, implement preventive measures, and navigate the legal and ethical landscape of Information and Communication Technology (ICT).
Performance Objectives: Upon completion of this lesson, students will be able to: Identify various sources through which computer networks can be compromised or breached. Describe effective strategies and measures to prevent security breaches in computer systems and networks. Discuss key legal and ethical issues that are important to consider when using Information and Communication Technology (ICT) in Nigeria and globally.
Real-world Applications in Nigeria: Understanding these concepts is crucial for students as they engage with digital platforms for education (e.g., JAMB CBT, e-learning portals), finance (mobile banking, online payments), and social interaction. This knowledge will help them protect their personal data (e.g., BVN, NIN, exam results), avoid falling victim to cyber fraud prevalent in Nigeria, and become responsible digital citizens who respect intellectual property and legal frameworks like the Cybercrime Act.
2. Key Concepts and Explanations A. Sources of Security Breaches in Computer Networks Security breaches occur when unauthorized individuals gain access to a computer system or network, leading to data theft, modification, or destruction. These breaches can originate from various sources:
1. Malware (Malicious Software): Viruses: Programs that attach themselves to legitimate software and spread to other computers when the infected software is executed. They can corrupt files, delete data, or display annoying messages. Nigerian
Example: A student downloads a cracked version of a game or educational software from an unverified website, unknowingly installing a virus that corrupts their project files.
Worms: Self-replicating programs that spread across networks without human intervention, often by exploiting vulnerabilities in operating systems or software. They consume network bandwidth and can carry other malware.
Trojan Horses: Programs that appear legitimate but contain malicious code. They do not self-replicate but trick users into installing them (e.g., a fake software update, a "free" utility). Once installed, they can create backdoors for attackers. Nigerian
Example: A user receives an email attachment disguised as an "invoice from NEPA" or "JAMB admission letter" which, when opened, installs a Trojan.
Ransomware: Malware that encrypts a user's files or locks their system, demanding a ransom (usually cryptocurrency) for their release. Nigerian
Example: A small business owner's accounting software files are encrypted, crippling their operations until a ransom is paid, or backups are restored.
Spyware: Software that secretly monitors a user's activities, collecting personal information like browsing history, keystrokes, and login credentials, then sending it to a remote attacker.
Adware: Software that automatically displays advertisements, often unwanted pop-ups, typically bundled with free software. While not always malicious, some adware can track user behaviour.
2. Phishing and Social Engineering: Phishing: A type of social engineering where attackers attempt to trick individuals into revealing sensitive information (passwords, bank details) by masquerading as trustworthy entities (banks, government agencies, popular websites) in electronic communications, especially email or text messages (smishing). Nigerian
Example: Receiving an email claiming to be from a Nigerian bank (e.g., GTBank, Zenith Bank) asking to "verify your account details" by clicking a malicious link, or an SMS promising a fake government grant if personal details are provided.
Social Engineering: The psychological manipulation of people into performing actions or divulging confidential information. It exploits human trust, curiosity, or fear. Phishing is a common form of social engineering. Nigerian
Example: An attacker calls someone pretending to be from their internet service provider (e.g., Glo, MTN) and asks for login details to "resolve a network issue."
3. Hacking (Unauthorized Access): The act of gaining unauthorized access to computer systems or networks, often to steal data, disrupt services, or cause damage. Hackers exploit vulnerabilities in software, misconfigured systems, or weak security practices. Nigerian
Example: A cybercriminal people into performing actions or divulging confidential information. It exploits human trust, curiosity, or fear. Phishing is a common form of social engineering. Nigerian
Example: An attacker calls someone pretending to be from their internet service provider (e.g., Glo, MTN) and asks for login details to "resolve a network issue."
3. Hacking (Unauthorized Access): The act of gaining unauthorized access to computer systems or networks, often to steal data, disrupt services, or cause damage. Hackers exploit vulnerabilities in software, misconfigured systems, or weak security practices. Nigerian
Example: A cybercriminal breaches a school's server to alter students' examination results or steal staff payroll data.
4. Physical Theft or Loss: Laptops, smartphones, external hard drives, or USB drives containing sensitive data can be stolen or lost, leading to unauthorized access if not properly secured (e.g., encrypted). Nigerian
Example: A student's laptop containing their final year project and personal photos is stolen from a public transport vehicle.
5. Insider Threats: Security breaches caused by current or former employees, contractors, or business partners who have authorized access to an organization's systems. These can be malicious (e.g., disgruntled employee stealing data) or accidental (e.g., negligent employee opening a phishing email). Nigerian
Example: A staff member in a telecommunications company sells customer data to marketers or rival companies.
6. Weak Passwords and Authentication: The use of easily guessable passwords (e.g., "123456", "password", "Abuja123") or lack of multi-factor authentication makes systems vulnerable to brute-force attacks or dictionary attacks.
7. Software and Hardware Vulnerabilities: Flaws or bugs in operating systems, applications, or hardware components that can be exploited by attackers to gain unauthorized access or control.
8. Natural Disasters: Floods, fires, earthquakes, or power surges can physically damage computer infrastructure, leading to data loss or system unavailability if proper disaster recovery measures are not in place. Nigerian
Example: A fire outbreak in an office building destroys servers containing critical company data. B. Preventive Measures Against Security Breaches Implementing a multi-layered approach to security is essential.
1. Use Robust Antivirus and Anti-malware Software: Install reputable security software on all computers and ensure it is regularly updated. This software scans for, detects, and removes malicious programs.
Practical Tip: Schedule daily automatic scans and ensure real-time protection is enabled.
2. Employ Firewalls: A firewall acts as a barrier between a computer/network and the internet, monitoring and controlling incoming and outgoing network traffic based on predefined security rules. It prevents unauthorized access to private networks.
Practical Tip: Enable the built-in firewall on operating systems (e.g., Windows Firewall) and use hardware firewalls for corporate networks.
3. Strong Passwords and Multi-Factor Authentication (MFA): Strong Passwords: Use long, complex passwords that combine uppercase and lowercase letters, numbers, and symbols. Avoid personal information. Change passwords regularly.
MFA: Requires two or more verification methods to gain access (e.g., password + a code sent to a phone, or a fingerprint scan). This significantly enhances security, even if a password is compromised.
Practical Tip: Advise students to use password managers and enable 2-Factor Authentication (2FA) on their email, social media, and banking apps.
4. Regular Software Updates and Patching: Keep operating systems, web browsers, and all installed software updated. Updates often include security patches that fix newly discovered vulnerabilities that hackers could exploit.
Practical Tip: Enable automatic updates where possible.
5. Data Backup and Recovery: Regularly back up important data to external drives, cloud storage, or network servers. This ensures data can be recovered in case of theft, hardware failure, malware attack, or natural disaster.
Practical Tip: Follow the "3-2-1 rule": at least 3 copies of your data, stored on 2 different types of media, with 1 copy offsite.
6. Employee Training and Awareness (Combating Social Engineering): Educate users about the dangers of phishing, social engineering, and safe online practices. Teach them to recognize suspicious emails, links, and unsolicited requests for information.
Practical Tip: Conduct workshops or simulations where students learn to identify phishing attempts.
7. Physical Security Measures: * Control physical access to computer equipment (servers, workstations). Use locks, access cards, CCTV, and secure locations. Laptops