Lesson Plan

• Describe the risk‑management process and the three categories of security controls.
• Explain how physical, technical, and administrative controls mitigate specific threats.
• Apply concepts such as least privilege, defence‑in‑depth and network segmentation to a simple risk‑assessment scenario.
• Evaluate appropriate controls using a risk‑assessment matrix.

• Projector and screen
• Whiteboard and markers
• Printed handouts of the risk‑assessment matrix
• Laptops with a simple IDE (e.g., VS Code) installed
• Sample data‑security case study sheets
• Sticky notes for group brainstorming

Begin with a brief news clip about a recent data breach to capture interest. Ask students what they already know about how organisations protect data and what might go wrong. Explain that by the end of the lesson they will be able to identify and apply specific methods to reduce those risks.

1. Do‑now (5'): Quick quiz on types of threats and basic security terms.
2. Mini‑lecture (10'): Overview of the risk‑management process and categories of controls.
3. Group activity (15'): Using the handout, each group completes a risk‑assessment matrix for the provided case study.
4. Demonstration (10'): Show encryption and role‑based access control in the IDE.
5. Discussion (10'): Physical and administrative controls – examples and why they matter.
6. Check‑for‑understanding (5'): Exit ticket – list three controls they would prioritise for the case study and why.

Summarise the key methods—encryption, access controls, physical safeguards, policies, and layered defence. Collect the exit tickets to gauge understanding, and assign a short homework: write a one‑page plan outlining which controls they would implement for a home‑network scenario.