Computer Science Grade 9 20 min

8. Recognizing and Reporting Cyber Incidents

Learn how to recognize and report cyber incidents, such as phishing emails or suspicious activity.

Tutorial Preview

1

Introduction & Learning Objectives

Learning Objectives Define the term 'cyber incident' and differentiate it from a normal computer problem. Identify at least four common types of cyber incidents, such as phishing, malware, denial-of-service, and unauthorized access. Recognize key indicators that a cyber incident may be occurring on a personal computer or network. Explain the critical importance of immediate and accurate reporting of cyber incidents. Outline the step-by-step process for reporting a cyber incident to an appropriate authority (e.g., school IT, parents). Construct a basic incident report that includes essential details like date, time, systems affected, and a description of the event. What would you do if a scary pop-up locked your computer and demanded money? 😱 Let's learn how t...
2

Key Concepts & Vocabulary

TermDefinitionExample Cyber IncidentAn event that violates a security policy or poses a threat to a computer system or network. It's an active security breach, not just a technical glitch.A hacker successfully guessing your password and logging into your email account to send spam messages to your contacts. PhishingA fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising as a trustworthy entity in an electronic communication.Receiving an email that looks like it's from your favorite online game, asking you to click a link and 'verify' your password to receive a free item. Malware (Malicious Software)Software specifically designed to disrupt, damage, or gain unauthorized access to a computer system.A progra...
3

Core Syntax & Patterns

The 'I.R.P.' Reporting Protocol Step 1: Identify -> Step 2: Report -> Step 3: Preserve A simple, memorable three-step process for handling a potential incident. First, IDENTIFY the signs of the incident. Second, REPORT it immediately to a trusted authority (teacher, parent, IT). Third, PRESERVE the evidence by not turning off the machine or deleting files unless instructed. The '5 W's' of Incident Reporting Report = { Who, What, Where, When, Why } A pattern for creating a useful incident report. Your report should always try to answer these five questions: WHO is affected? WHAT happened (symptoms, messages)? WHERE did it happen (which computer, app, or website)? WHEN did it start? WHY do you think it happened (e.g., 'I clicked a strange li...

4 more steps in this tutorial

Sign up free to access the complete tutorial with worked examples and practice.

Sign Up Free to Continue

Sample Practice Questions

Challenging
A student receives a phishing email, clicks the link, and enters their school username and password on a fake login page. They realize their mistake moments later. Combining the I.R.P. protocol and advice on pitfalls, what is the best sequence of actions?
A.1. Delete the email. 2. Change their password. 3. Hope for the best and don't tell anyone.
B.1. Immediately change their password on the official school website. 2. Report the incident to IT, explaining what happened. 3. Preserve the phishing email for IT to inspect.
C.1. Report to IT that their password was stolen. 2. Wait for IT to tell them to change the password. 3. Unplug the computer from the network.
D.1. Forward the phishing email to all their friends to warn them. 2. Change their password. 3. Run an antivirus scan.
Challenging
An incident report reads: 'My project file was deleted from the shared drive around noon. I think my classmate Alex did it because we had an argument.' Why is this a poorly constructed report, even if the suspicion is correct?
A.It fails to mention the exact file name and location, which is the most critical part of the 'What' and 'Where'.
B.It speculates on the 'Who' and 'Why' (the attacker and motive) instead of sticking to observable facts.
C.It doesn't use the correct 'I.R.P.' terminology in the description.
D.It should have been reported to the principal instead of the IT department.
Challenging
Considering the 'Preserve' step of the I.R.P. protocol, why is it often better to disconnect a malware-infected computer from the network rather than immediately shutting it down?
A.Because shutting it down might cause the attacker to get a notification.
B.Because disconnecting it from the network is easier than finding the power button.
C.Because shutting down the computer can erase volatile memory (RAM) which may contain crucial evidence about the malware's behavior.
D.Because the computer's files can only be recovered if the power remains on.

Want to practice and check your answers?

Sign up to access all questions with instant feedback, explanations, and progress tracking.

Start Practicing Free

More from V. Cybersecurity Fundamentals

1. Introduction to Cybersecurity 2. Common Cyber Threats: Malware, Phishing, and Social Engineering 3. Passwords and Authentication 4. Protecting Your Devices: Antivirus Software and Firewalls 5. Safe Browsing Practices

Ready to find your learning gaps?

Take a free diagnostic test and get a personalized learning plan in minutes.

Free Diagnostic Test Sign Up Free