Wednesday, March 05, 2008

E-Security Education Module for Australian Schools

The Department of Broadband, Communications and the Digital Economy (DBCDE) have issued a request for tender for an "E-Security Education Module for Australian Schools". Given that the government is funding increased broadband access for schools, these seems a wise move:
"This module will be delivered free to all Australian schools and will complement the Australian Government's cyber-safety initiatives. The Service Provider will also develop an evaluation methodology to assess the effectiveness of the module. The Service Provider will also update the module annually until Financial Year (FY) 2009/10 and then redevelop the module in Financial Year 2010/2011 to keep pace with changes in technology. ..."

From: E-Security Education Module for Australian Schools, DCON/08/13, Department of Broadband, Communications and the Digital Economy, 4-Mar-2008.
There is a 65 page tender document describing the project:

The Australian Government has identified the following three priorities to provide and integrated approach to Australia’s security;

  1. Reducing the e-security risk to Australian Government information and communications systems

  2. Reducing the e-security risk to Australia’s national critical infrastructure

  3. Enhancing the protection of home users and small to medium enterprises (SMEs) from electronic attacks and fraud.

One of the key aspects of addressing priority three is to ensure that school students who form an important part of the household profile recognise the important of e-security and are able to take appropriate measures to protect themselves from e-security threats and vulnerabilities.

This is particularly important as children are often recognised to be the heaviest users of the Internet and most comfortable using new technologies.

Given this, the e security education module for use within schools’ curricula would help children understand the importance of e-security. It would also provide them with skills and knowledge necessary to protect themselves from online threats. Such an education module would encourage the next generation of online users adopt a “culture of security” from the start.

It is envisaged that students would use the skills and knowledge they learn at school to improve e security measures taken at home. School activities that focus on e security would, therefore, have a wider impact than the immediate audience. In addition, learning about protection against e-security threats as part of the school curriculum is likely to have greater impact on young people than any other information source. This is because of the level of trust and credibility that is generally associated with knowledge that is imparted by teachers.

Tenderers should note that the e-security education module is an initiative under priority three (as outlined above) and will be distributed freely to all Australian schools. The ESNA be found at: http://www.dbcde.gov.au/__data/assets/pdf_file/71201/ESNA_Public_Policy_Statement.pdf

From: Request for Tender for E-Security Education Module for Australian Schools, 5.2 Overview, ATM document set, DBCDE, 4 March 2008

The RFT provides a useful insight into government thinking on online security and the large range of initiatives:
1. Introduction

The Department of Broadband, Communications, and the Digital Economy (DBCDE) is seeking proposals to design, develop, and update an education module on e-security practices for Australian school students. This module will be delivered free to all Australian schools and will complement the Australian Government's cyber-safety initiatives. The successful Tenderer will also develop an evaluation methodology to assess the effectiveness of the module. The successful Tenderer will update the module annually until Financial Year (FY) 2009/10 and then redevelop the module in Financial Year 2010/2011 to keep pace with changes in technology.

2. Objectives of the E-security Education Module
The successful Tenderer is required to ensure that the module is designed and developed in a way that meets the objectives of the Government's e-security policy, and complements associated cyber-safety, privacy and consumer fraud initiatives. Further, the successful Tenderer is required to design and develop a module that is consistent with the Ministerial Council on Education, Employment, Training and Youth Affairs (MCEETYA) Statements of Learning for ICT.

2.1 E-Security Policy objectives

The Australian Government has identified the following three priorities to provide and integrated approach to Australia's security;

  1. Reducing the e-security risk to Australian Government information and communications systems

  2. Reducing the e-security risk to Australia's national critical infrastructure

  3. Enhancing the protection of home users and small to medium enterprises (SMEs) from electronic attacks and fraud.

One of the key aspects of addressing priority three is to ensure that school students, who form an important part of the household profile, recognise the important of e-security and are able to take appropriate measures to protect themselves from e-security threats and vulnerabilities.

This is particularly important as children are often recognised to be the heaviest users of the Internet and most comfortable using new technologies.

Given this, the e security education module for use within schools' curricula would help children understand the importance of e-security. It would also provide them with skills and knowledge necessary to protect themselves from online threats. Such an education module would encourage the next generation of online users adopt a "culture of security" from the start.

It is envisaged that students would use the skills and knowledge they learn at school to improve e security measures taken at home. School activities that focus on e security would, therefore, have a wider impact than the immediate audience. In addition, learning about protection against e-security threats as part of the school curriculum is likely to have greater impact on young people than any other information source. This is because of the level of trust and credibility that is generally associated with knowledge that is imparted by teachers.

The successful Tenderer should note that the e-security education module is an initiative under priority three (as outlined above) and will be distributed freely to all Australian schools. The ESNA be found at: http://www.dbcde.gov.au/__data/assets/pdf_file/71201/ESNA_Public_Policy_Statement.pdf

2.2 Complementary Initiatives

The successful Tenderer is required to ensure that the module complements other e-security and cyber-safety initiatives detailed below that are either already in place or currently being developed. The successful Tenderer needs to ensure that the module links to, and is consistent with, the messages of the following initiatives:

Stay Smart Online

Stay Smart Online is the Government's e-security website. The website provides practical, step by step information for Australian Internet users on how to secure their computers and adopt smart online practices.

It focuses on four main areas:
  • 'Securing Your Computer,'

  • 'Small Business Safe Online',

  • 'Smart Transacting Online'; and

  • 'Kids Safe Online.'1

Further information about Stay Smart Online can be found at: http://www.staysmartonline.gov.au.

Tenderers should note that the module will be hosted on this website.

National Alert Service

National E-Security Alert Service (NAS), a free subscription based service, will provide home users and small businesses with information on the latest e-security threats and vulnerabilities in simple, non-technical, easy to understand language. It will also provide possible solutions to address these threats and vulnerabilities. The NAS is currently being developed and will be delivered through the Stay Smart Online website.

Tenderers will note that the module is required to provide a reference to the NAS. Subscribing to this service will help teachers and students to remain informed about the latest e-security threats and vulnerabilities and what they can do to address them.

National E-Security Awareness Week

An annual National E-Security Awareness Week to be held in collaboration with industry and community organisations to highlight the importance of online security to Australians. The Week will also provide an opportunity to emphasise the importance of secure online practices to teachers, parents and students.

Australasian Consumer Fraud Taskforce

The Department is a member of the Australasian Consumer Fraud Taskforce (ACFT) which comprises 18 government regulatory agencies and departments with responsibility for consumer protection regarding fraud and scams. The ACFT runs an annual awareness initiative to increase the level of scam awareness in the community.

Further information on the Taskforce's activities can be found at http://www.scamwatch.gov.au

Cyber-Safety Initiative

NetAlert

The NetAlert - Protecting Australian Families Online initiative is managed by the DBCDE and includes:

  • The National Filter Scheme, which provides every Australian household and public library with access to a free Internet content filter to help block unwanted content; and

  • a new website and national helpline to provide advice about protecting children online, as well as access to the free filters, and information about how they work.

Further information on NetAlert can be found at http://www.netalert.gov.au

Australian Communications and Media Authority (ACMA)

ACMA's cybersafety education activities include:

  • providing information on current trends in Internet safety

  • undertaking targeted awareness raising activities - including the Cybersafe Schools and Cybersmart Kids programs in schools

  • the continuing review of filtering technology, including another trial of ISP-level filtering technologies in Tasmania

  • reporting annually to the Government on Internet filtering technologies to ensure Australian families are offered the best available filtering.

Cybersafe Schools

Cybersafe Schools is an Internet safety program designed to help teachers empower students on safe use of the Internet. Australian primary and secondary teachers are provided with appropriate curriculum support materials to enable them to deliver effective education programs. Students are presented with learning activities that are relevant, effective and created specifically for their level of education.

Further information on the Cybersafe Schools can be found at http://www.netalert.gov.au/programs/cybersafe_schools.html

Cybersmart Kids

Cybersmart Kids Online is a community awareness project developed by ACMA with the objective of providing parents and children with information and tools to help them have a rewarding, productive and safe experience of the Internet.

Further information on Cybersmart Kids Online can be found at http://www.cybersmartkids.com.au

Digital Education Revolution

The Digital Education Revolution is a major part of the Australian Government Education Revolution. Under the Digital Education Program the Australian Government has committed to provide:
  • grants of up to $1 million for schools to assist them to provide for new or upgraded ICT for secondary students in years nine to twelve; and

  • a contribution of up to $100 million for the provision of high-speed fibre-to-the-premises broadband connections to Australian schools.

Further information on the Digital Education Revolution can be found at http://www.digitaleducationrevolution.gov.au/

The Successful tenderer should note that the module will assist in ensuring that the Australian students' improved access to ICT and high speed broadband will occur in a secure way.

2.3 Education Policy Objectives

2.3.1 Target Audience

The successful tenderer will design a module that can be delivered to Australian students in school years three and nine. The school years were chosen as a result of stakeholder feedback and research undertaken by DBCDE.

By school year three, many Australian students are using the Internet.2 While this age group is generally limited in their use of the Internet for information purposes or playing computer games, they are still exposed to e-security threats if not appropriately protected. It is important that students are made aware of these threats right from the start and have the skills and knowledge to appropriately protect themselves. This way they will be more confident using online technologies.

Students in secondary school differ greatly from students in lower grades in their use of the Internet. Year nine students are at the younger end of the spectrum of secondary school students. Secondary students tend to use the Internet for information, entertainment (eg downloading music or movies) transactions and social interaction (eg through social networking sites or online chat rooms). Given this, the exposure of this group to online threats can be significant and hence the need for greater e-security awareness and understanding. The focus on year nine is also consistent with the Government's Digital Education Revolution policy that targets students in year nine to twelve for new or upgraded ICT.

The successful tenderer is required to ensure that the e-security education module is tailored to year three and nine students based on their use of online technologies and their level of exposure to online threats.

The basic e-security messages taught at the year three will be built on with more detailed and complex messages in school year nine.

2.3.2 MCEETYA's Statements of Learning for ICT (School Years Three and Nine)

The Statements of Learning were developed as a means of achieving greater national consistency in curriculum outcomes across the eight States and Territories. The Statements of Learning for ICT have been developed collaboratively by State, Territory and Australian education authorities. They provide a description of knowledge, skills, understandings and capacities that all students in Australia should have the opportunity to learn. The development of the Statements has involved identification of what is common amongst State and Territory curricula as well as what is essential for all students to learn.

The successful tenderer is required to ensure that the e-security education module will fit into the "Ethics, Issues and ICT" component of the Statements of Learning for ICT. The following are the relevant excerpts from the Statements which the module is required to be consistent with:

Statement for Learning: Year 3 Ethics, issues and ICT

Students have opportunities to apply ICT protocols and appropriate ethical expectations. They develop understandings of the safe and responsible practices required when using ICT through discussion and observation of practices.

Students examine the relevant values inherent in particular ICT environments and identify issues and practices for using ICT in a safe and responsible manner. They identify the owner(s)/creator(s) of digital information and acknowledge them.

Students use basic preventative strategies for addressing health and safety issues and reflect on their personal safety and information security practices when using ICT. They identify how ICT is used in the community and recognise ways they impact on people.

Professional Elaboration: Year 3 Ethics, issues and ICT

Students comply with expectations and protocols when using ICT. They develop understandings of the safe and responsible practices required when using ICT through discussion and observation of practices.

Students have the opportunity to:

*develop and apply protocols for safe and responsible use of ICT

*examine relevant values and identify issues and practices for using ICT in a safe and responsible manner

*identify the owner(s)/creator(s) of digital information and acknowledge them

*use basic preventative strategies addressing health and safety issues when using ICT

*reflect on individual use of ICT to enhance personal safety and information security

*identify how ICT are used in the community and ways they impact on people.

Year 9 Ethics, issues and ICT

Students have opportunities to consistently apply codes of practice relevant to local and global environments. They identify and discuss the potential and implications of ICT for learning.

Students take into account individual rights and cultural expectations when accessing or creating digital information, understanding that values shape how ICT are used. They adhere to codes of practice and apply strategies to conform to intellectual property and copyright laws, particularly in relation to online access. They analyse and evaluate their ICT use to consider economic, social, ethical, and legal perspectives. They also develop and maintain strategies for securing and protecting digital information.

Students select practices to ensure health and safety issues are minimised when using ICT and recognise that some users will have specialised needs. They apply their knowledge of how ICT are used today in order to predict possible future impacts on the workplace and society.

Professional Elaboration: Year 9 Ethics, issues and ICT

Students consistently apply the codes of practice relevant to both local and global environments. They identify implications associated with the use of ICT and discuss the place and potential of ICT for learning and in society.

Students have the opportunities to:

*apply practices that take into account individual rights and cultural expectations when accessing or creating digital information

*understand that values shape how ICT are used

*adhere to codes of practice and apply strategies to conform to intellectual property and copyright laws, particularly in relation to online access

*adopt practices to ensure health and safety issues are minimised when using ICT

*develop and maintain strategies for securing and protecting electronic information

*apply knowledge of how ICT are used today to predict potential future impacts on the workplace and society

*analyse and evaluate ICT use, considering economic, social, ethical and legal perspectives.

The Statements of Learning for ICT can be found on: http://www.mceetya.edu.au/verve/_resources/SOL06_ICT.pdf

3. E-security Education Module

The successful tenderer is required to develop a module that assists schools in educating students about the importance of e-security and how to stay secure online. The module will be a resource for teachers and students.

The focus for the module will be on e-security aspects of online participation. The module will empower students in taking the initiative to secure their systems and their data, and to participate in online activities in a secure way. The successful tenderer will need to demonstrate how the module can complement and link to other awareness and educational materials on e-security and cyber-safety developed or being developed by the Australian Government, as discussed in Statement of Requirement 2.2 of this tender.

3.1 Methodology

The successful tenderer is required to design the module and the evaluation methodology in consultation with the Department and other relevant stakeholders identified by the Department.

While the complexity of content will be different for the different year levels, the general design principles and targeted behaviours should be consistent.

3.1.1 Design Principles

The successful tenderer is required to design the module with the following principles in mind:

  • Students recognise and appreciate the importance of e-security in their use of ICT;

  • Students adopt secure online behaviours and strengthen their computer defences; and

  • Students be aware of, and comply with legal or organisational guidelines/policies around the use of the Internet.

3.1.1.1 Students recognise and appreciate the importance of e-security in their use of ICT

While school students heavily rely on ICT, including the Internet, for a range of purposes it is important that they do so in a secure manner so that they make the most of the benefits offered by these technologies. They must recognise that e-security threats can lead to serious ramifications such as theft of personal data. This, in turn, can also expose them to cyber-safety threats such as online grooming or cyber-bullying.

3.1.1.2 Students adopt secure online behaviours and strengthen their computer defences

Students must be made aware of the risks and consequences associated with unsecure online behaviour, such as indiscriminate accessing and sharing of information and passwords, clicking on links to emails from unknown sources or providing personal information without a full understanding how that information will be used.

In addition to adopting secure online behaviours, it is important that students are aware of the need to have appropriate technological measures in place to strengthen their computer defences, such as security software.

3.1.1.3 Students be aware of, and comply with legal or organisational guidelines/policies around the use of the Internet.

Becoming an effective cyber citizen means that students recognise legal and organisational boundaries in relation to the use of ICT. They need to be aware that crossing those boundaries can have detrimental effects for themselves and many other people. This includes the indiscriminate sharing of software, music, movie clips and copyrighted information.

3.1.2 Desired Behaviours

The successful tenderer should outline how they will be able to design a module that fosters secure online behaviours. Key aspects of such behaviour for Australian students should include:
  • Implementing and maintaining technological security solutions;

*Developing and fostering secure online behaviours; and

*Understanding of appropriate responses should a threat eventuate.

3.1.2.1 Implementing and maintaining technological security solutions

Students need to actively ensure that up to date security software is installed and regularly updated on their computers, and adjusting Internet browser security settings to an appropriate level.

3.1.2.2 Developing and fostering secure online behaviours

These include:

  • Identifying practices that may compromise systems and data, such as clicking on links within emails and pop ups.

  • Developing safe password management habits, such as changing passwords regularly and ensuring that others are not able to access their passwords.

  • Actively looking for well-known and universally accepted signs of security reassurance from websites, messages or emails. This is especially important when accessing websites that ask for personal and/or financial details. Some examples of well-known and universally accepted signs are the https at the beginning of the address bar and a locked padlock at the bottom of the browser screen.

  • Awareness of the importance of Acceptable Use Agreements3.

  • Downloading and sharing files in a safe way, including the acknowledgement of intellectual property rights and copyright protection.

  • Managing spam, scam and hoax messages.

  • Managing their information in a way that ensures their privacy and protection from identity theft

  • Using wireless connections and open Internet terminals in a safe way.

These behaviours can be applied in the use of multiple ICTs, such as computers and mobile phones.

3.1.2.3 Understanding of appropriate responses should a threat eventuate

This includes:

- Reporting unusual activity (eg computer is exceptionally slow) to parents, teachers or the owner of the compromised computer,

- Awareness of the necessary steps to clean up a system,

- In serious circumstances, assisting in the process of reporting security breaches to the relevant authorities,

- Re-installing data through back-ups; and

- Seeking extra help in relation to e-security issues. This includes accessing appropriate websites for further information on how to respond to e-security issues.

4. Compatibility

The successful tenderer is required to ensure that technical interoperability is a key feature in the design of the module. The module is required to take into account the differing ICT capabilities of schools as well as individual school policies blocking certain sites and downloading software from the Internet.

The successful tenderer is required to clearly articulate to the minimum system requirements for the module to run and the anticipated Internet connection needed for the module to successfully run off the Stay Smart Online website. The module should run on Windows, Mac and Linux based systems.

5. Accessibility

The module is required to comply with Australian Government accessibility requirements, which can be accessed at: http://webpublishing.agimo.gov.au/

Australian schools should be able to easily access the module via the Stay Smart Online website, any additional website requested by the Department and a compact disc (CD). ...

1 Note that this section provides links to NetAlert, which is discussed later in the document.

2 Note that the 2005 report kidsonline@home found that children are accessing the Internet at younger ages, with just over 30% of children having started using the Internet at age five or six years old. The largest portion first accessed the Internet at age nine or 10. It is envisaged that by targeting school year three, the module is targeting students prior to the largest take-up of the Internet.

3 Acceptable Use Agreements are documents where students sign a “contract” agreeing to use ICT and the Internet in a way that is acceptable by the ICT owner. An example of an acceptable use agreement can be found on: http://www.ict.schools.nt.gov.au/computers_networks/forms/AUPolicy_EC.pdf

From: Request for Tender for E-Security Education Module for Australian Schools, 5.5 Services, ATM document set, DBCDE, 4 March 2008

No comments: