Home /Silver - Unit 31 - Internet Safety for IT Users

Silver - Unit 31 - Internet Safety for IT Users

Relevant LINKS

BACK TO ITQ UNITS

Handbook home page

Overview

Internet Safety for Users at Silver Level requires the candidate to understand the risks associated with Internet use in terms of performance and reliability.  They need to demonstrate skill in protecting themselves and others as far as possible, as well as getting help where appropriate.  They need to know how to protect data and follow any legal guidelines and constraints that apply.

A work activity will typically be ‘straightforward or routine’ because:

The task or context will be familiar and involve few variable aspects. The techniques used will be familiar or commonly undertaken.

Example of context – reviewing and making recommendations on the school's eSafety Policy.

 

Assessor's guide to interpreting the criteria

General Information

QCF general description for Level 1 qualifications

  • Achievement at RQF level 1 (EQF Level 2) reflects the ability to use relevant knowledge, skills and procedures to complete routine tasks. It includes responsibility for completing tasks and procedures subject to direction or guidance.

  • Use knowledge of facts, procedures and ideas to complete well-defined, routine tasks. Be aware of information relevant to the area of study or work

  • Complete well-defined routine tasks. Use relevant skills and procedures. Select and use relevant information. Identify whether actions have been effective.

  • Take responsibility for completing tasks and procedures subject to direction or guidance as needed

Requirements

  • Standards must be confirmed by a trained Silver Level Assessor or higher

  • Assessors must at a minimum record assessment judgements as entries in the on-line mark book on the INGOTs.org certification site.

  • Routine evidence of work used for judging assessment outcomes in the candidates' records of their day to day work will be available from their e-portfolios and on-line work. Assessors should ensure that relevant web pages are available to their account manager on request by supply of the URL.

  • When the candidate provides evidence of matching all the criteria to the specification subject to the guidance below, the assessor can request the award using the link on the certification site. The Account Manager will request a random sample of evidence from candidates' work that verifies the assessor's judgement.

  • When the Account Manager is satisfied that the evidence is sufficient to safely make an award, the candidate's success will be confirmed and the unit certificate will be printable from the web site.

  • This unit should take an average level 1 learner 30 hours of work to complete.

Assessment Method

Assessors can score each of the criteria L, S, H. N indicates no evidence and is the default starting position. L indicates some capability but secure capability has not yet been achieved and some help is still required. S indicates that the candidate can match the criterion to its required specification. H indicates performance that goes beyond the expected in at least some aspects. Candidates are required to achieve at least S on all the criteria to achieve the unit. Candidates should be helped and encouraged to reference their work to the assessment criteria using assessment for learning process. e.g. IPU 1.1.2 for IPU Level 1 criterion 1.2. This will make it easier to provide the evidence required for the QA procedures when requested by the Account Manager. There is support for this from learner account profiles on the INGOT web site. PLTS is used to denote where there are opportunities to develop personal learning and thinking skills.

Expansion of the assessment criteria

1. The candidate will understand the risks that can exist when using the Internet

1.1 I can identify risks to user safety and privacy

The candidate will be able to list some of the risks associated with Internet use.

Evidence: will be provided directly from the presentation of work and assessor feedback

Additional information and guidance

The Internet is now all around us and increasingly embedded in every device.  Most devices are now "smart" which means they are Internet enabled and sending signals to other devices and sending feedback to a server somewhere.  Candidates need to show that they understand that with this extension of accessibility, comes more risk.  The most obvious risk that candidates will be aware of will be breaches of privacy.  Whenever they login to a system or create an account, someone will have access to that information.  Do they know who has access to it and for what purpose?  Can they guarantee that the information will not be used by someone for the wrong reasons.  If you are dealing with someone remotely, do you know who they are.  Are they who they claim to be, how do you know?  Candidates can put together a small table listing the risks with some examples.  For example.

Name of risk Description Example
phishing Tricking you into giving your bank details to steal money An email appearing to come from a known bank, such as Barclays, asking you to login to check your account.  
trojans Sitting in your system and being used by someone else Finding your Internet details and using your computer to send spam to other computers

1.2 I can identify risks to data security

The candidate will show that they understand the importance of protecting data.

Evidence: will be evidenced by portfolio work and assessor feedback

Additional information and guidance

The key aspect here is to understand that there is a difference between data and how that can can have value.  If it didn't have value, people would not want to steal it.  The data that thieves are after is the data that will allow them to access closed areas of networks or things like bank accounts.  To do this, they will need login details.  To most people, these are just random names and words and letters, but in combination, they can be used for illegal access.  Once key example here is looking for secure access areas.  In a web browser, candidates should know that they should never give their personal details on a web site that does not show the secure access login details.  In most cases, depending on the browser, it will be a padlock symbol by the URL.  This is the one from the Vivaldi browser.  if it does not have this, it may well be dangerous.  You can see here the broken padlock.

1.3 I can identify risks to system performance and integrity

The candidate will show that they understand that some of these risks will affect the computer itself.

Evidence: will be provided by portfolio work and assessor feedback

Additional information and guidance

Many threats to a computer, which also affect users, also cause problems in terms of performance to the device itself.  Many viruses are designed to send out information to the people that installed them and therefore they will take away some of the Internet performance as they send out or receive messages.  They will also run detailed searches through the system files and code looking for secret information which will slow performance significantly.  In terms of integrity, some of these threats will change the core code and important files for functions that are important to the operating system.  These changes will cause the computer to function badly or work in a way that it was not designed to do.  Other invasive software, such as pop ups, will also slow down the computer as it deals with the various instructions.

1.4 I can outline how to minimise Internet risks

The candidate will demonstrate a few ways to minimise some of the threats.

Evidence: will be provided by portfolio work and assessor feedback

Additional information and guidance

Candidates should be introduced t, or be familiar with, a number of ways that some of the threats can be minimised.  There may not be a way to reduce them completely, especially with targeted systems like Windows, but they can at least reduce them and make them less dangerous to the system or their personal well being.  Some of these methods will be by using existing system mechanisms, such as anti-virus software.  There are many free versions of these programs, though they may not always deal with more complicated attacks such as Trojans, which make up 25% of all threats, but will deal with most.  Candidates will just need to give some basic instructions about how an anti-virus or anti-spyware program might work with some screen shots of the set-up or configuration screens.

1.5 I can outline factors that affect the reliability of information on websites

The candidate will be able to show a reasonable understanding of the reliability of data and bias.

Evidence: will be provided by portfolio evidence and assessor feedback

Additional information and guidance

Candidates will probably be aware that more and more of their information comes from the Internet.  very few young people access text books or paper based resources for convenience.  What does this mean for the quality of the information they can access and what about reliability?  Books have very detailed and complex mechanisms for publishing.  This makes it very difficult to publish information, usually, which is not accurate.  However, anyone can now create and publish a website and put on any information they want and claim that it is true,.  It is hard to dispute a person's website, or at least it would be hard for candidates to do this level of checking.  They need to be made aware that some websites might be more reliable because of reputation or tradition.  Generally speaking, the BBC website will be relatively accurate and cross checked, though may show some biases.  Bias is OK, as long as you know what way it leans so that you cam make informed judgements about it.  Government sites will tend to be biased towards the political views of the people currently in power.

Candidates just need to be shown some examples of information and have the opportunity to reflect on how reliable it is.  They could make a simple table to show some of the factors that affect reliability, such as intent, bias, source and purpose etc.

2. The candidate will know how to safeguard self and others when working online

2.1 I can take appropriate precautions to ensure own safety and privacy

The candidate will highlight some of the precautions they take while online

Evidence: will be provided directly from the presentation of work and feedback from assessors

Additional information and guidance

Some of this information might be evidenced in other criteria in this unit, but in general they need to show that they are aware of the dangers and they know some or all of the actions to take to reduce some of the identified risks.  They would not give their password out to people or choose passwords that are too easy.  They would not fill in forms and use their personal details, unless they were absolutely sure it was safe.  They would not give details to strangers online, regardless of what was said to them.  Most candidates will know to log out of machines when they leave them, especially in public places.

2.2 I can protect personal information online

The candidate will show safe practices while using online systems

Evidence: will be provided directly from assessor feedback

Additional information and guidance

Candidates will likely be introduced to best practices as part of the school's AUP and other eSafety practices and candidates should be able to show that they use these best practices consistently and effectively.  They should not leave login details publicly visible or allow others to use their own personal details without permission.

2.3 I can carry out checks on others' online identity

The candidate will show some basic safety practices when dealing with online people they are not familiar with

Evidence: will be provided directly from portfolios and assessor feedback

Additional information and guidance

There should be some ways to check someone's identity.  A very simple way to check emails to see if they are legitimate is to hover the mouse over the links in the emails to see where they go or check the urls against the actual companies.  In the following image, the email claims to be from FedEx, an actual company, and the subject line seems to back this up as it talks about a shipment (FedEx is a shipping company) but the email address is clearly not from the company and the attached zip file will almost certainly contain a virus.

Here is one pretending to be from a well known bank.

2.4 I can describe the forms and features of cyberbullying

The candidate will demonstrate their awareness of cyberbullying

Evidence: will be provided directly from the presentation of work and assessor feedback

Additional information and guidance

According to BullyingUK, the main types of cyberbullying are: harassment, denigration, flaming, impersonation, outing and trickery, cyberstalking and exclusion.  Candidates should at least be able to define these different threats by using websites like the one listed.  They don't have to, but it might be useful to put it into a personalised poster of their own for reference.

2.5 I can identify when and how to report online safety issues

The candidate will demonstrate confidence in knowing who to talk to if they are concerned.

Evidence: will be provided directly from portfolio work and assessor feedback

Additional information and guidance

Candidates should know what systems are available in case there are problems that they are aware of.  They may be able to have a presentation from the school network manager about what security options and processes are available.  This could be a witness statement from the assessor to say that they have had some basic training on what to do and how.

2.6 I can identify where to get online help and information on e-safety

The candidate will show an awareness for reference points for additional help and support

Evidence: will be provided directly from portfolios and assessor witness statement

Additional information and guidance

There are generally sites that are made available by school and college service providers that show candidates where to look for more detail about e-safety.  Candidates need to show that they know these resources or have been shown where they are.

3. The candidate will take precautions to maintain data security

3.1 I can take appropriate precautions to maintain data security

The candidate will demonstrate how to maintain data security for their files

Evidence: will be provided directly from the presentation of work

Additional information and guidance

Data security means not letting anyone else get to your files and use them without your permission.  The main issue here is probably the effective use of sharing permissions.  Schools are increasingly using online cloud based systems and these are useful for sharing files for collaboration, however, they need to make sure that the settings they use do not allow others to access the files.  They need to check all permissions and make sure that when they want someone to only have read permissions, they don't inadvertently get read/write access.  Most files will have the ability to set the file access rights and candidates will need to demonstrate this knowledge to the assessor.

The above image is the view of the file properties menu from a Linux system.

3.2 I can take appropriate precautions to maintain system performance and integrity

The candidate will demonstrate a number of tactics to maintain a good system

Evidence: will be provided directly from the presentation of work and assessor feedback

Additional information and guidance

This may be addressed in other criteria as it will be a combination of actions to make sure that the system is not being slowed by viruses and other unwanted software and also that no unwanted applications have entered the system to affect performance.  The candidates will need to show that they have regular checks and actions to keep the system at the best performance, this could include actions such as disk clean-up and defragmentation, as removing the virus software constantly causes the disk to fragment and could slow it down.

3.3 I can use appropriate browser safety and security settings

The candidate will show a variety of ways to secure their Internet browsing activity

Evidence: will be provided directly from the presentation of work

Additional information and guidance

Most browsers have some built in security measures such as the display of secure sites shown in 1.2 above.  Candidates can show some of the other methods and facilities that are available.  Some of this will exist across all browsers, as long as they can show that they know where to look and the basics of settings that work for them.  The main setting will be about not being tracked or allowing your details to be seen.

The main ones on this Vivaldi browser are to prevent other servers gaining details through phishing or other attacks, not allow tracking of what you are doing.  This is a home machine so it is reasonably safe to allow the browser to save web based passwords for convenience, but candidates should know not to do this on publicly available machines.  Candidates can do a similar screen capture with some call-outs showing the features they use and why.

3.4 I can use appropriate client software and security settings

The candidate will demonstrate a basic understanding of security settings on client software

Evidence: will be provided directly from the presentation of work

Additional information and guidance

The client software is likely to be an anti-virus program of some description.  It may be possible for the network team to show what precautions they use to protect students in school or college, but this would not appear to the student's on their own devices.  For example, servers might use SpamAssassin to stop spam email and ClamAV to prevent viruses.

Candidates will more than likley use a client such as Outlook, Gmail or Thunderbird, for example, for their email client.  In this case, what settings can they use to deal with Spam or unwanted emails?

Candidates own images are likely to be from home based anti-virus programs as well.

4. The candidate will follow legal constraints, guidelines and procedures which apply when working online

4.1 I can identify legal constraints on the uploading and downloading of software and other digital content

The candidate will demonstrate a good understanding of the law relating to digital content

Evidence: will be provided directly from the presentation of work and assessor feedback

Additional information and guidance

The ease of using the Internet tends to make it very difficult for people to appreciate the laws and regulations involved in its use.  Most people can easily find peer to peer sites that allow them to listen to the latest music or find sites that allow them to watch films or download games.  The fact that all of these things are possible, does not detract from the fact that they are illegal and governed by strict laws.  The fines and prison terms for most of these acts is quite severe and were recently increased to make them higher.  If someone makes a copy of a film and sells it on the fine is £50,000 and the prison term is up to 10 years.  On the other side, when people upload their own material, they need to be aware of who can access it and for what purpose.  In most cases, if they feel their work is valuable, such as their own musical composition or images, they may wish to apply some kind of licensing to protect it should someone else take it and use it for their own.

Candidates should be able to list a number of laws and regulations that will affect what they do online, such as the Copyright, Designs and Patents Act 1988, the Data Protection Act or the Video Recordings Act.

4.2 I can identify legal constraints on online behaviour

The candidate will discuss a number of legal constraints

Evidence: will be provided directly from the presentation of work

Additional information and guidance

There will be some overlap here with the previous criterion as the laws will govern much of what is carried out in terms of activity related to uploads and downloads.  Candidates need to show that they appreciate some of the key laws that will affect what they do, but also some others that may affect their actions.  In terms of online behaviour, the Internet is difficult to control and there will be instances of bad behaviour that they may come across or unpleasant content.  Some of this will be protected by Free Speech which is an important aspect of the UK's democratic system, but it is always difficult to know what is free speech and what is hate speech.  In broad terms, candidates should perhaps know that they should not treat people other than the way they would like to be treated.  If people are hateful or unpleasant, they need to report them so that someone else can deal with the person in the appropriate way.  Candidates should know that certain material is age restricted and if it is deemed for 18+, they should not really be using it.

4.3 I can correctly observe guidelines and procedures for the safe use of the Internet

The candidate will demonstrate an internalisation and application of these best procedures

Evidence: will be provided directly from assessor feedback

Additional information and guidance

Candidates should be able to show, in their day to day use, that they are aware of best practice and can work within the guidelines of the system they use.  Most of the observation for this will be during their school or college lessons, so the assessor should be able to determine how effectively they apply the rules and regulations of the local environment (school AUP for example) and more wider issues such as being polite and supportive online and not causing problems to others.

Moderation/verification
The assessor should keep a record of assessment judgements made for each candidate guided by the above guidance. Criteria should be interpreted in the context of the general descriptors of QCF Level 1 qualifications.  They should make notes of any significant issues for any candidate and be in a position to advise candidates on suitable routes for progression. They must be prepared to enter into dialogue with their Account Manager and provide their assessment records to the Account Manager through the on-line mark book. They should be prepared to provide evidence as a basis for their judgements through reference to candidate e-portfolios. Before authorising certification, the Account Manager must be satisfied that the assessors judgements are sound. In the event of missing evidence, the assessor will be requested to gather appropriate information before the award can be made.
  • Printer-friendly version
  • PDF version