Search the California Content Standards

Standard:
Explain the privacy concerns related to the collection and generation of data through automated processes.

Descriptive Statement:
Data can be collected and aggregated across millions of people, even when they are not actively engaging with or physically near the data collection devices. Students recognize automated and non-evident collection of information and the privacy concerns they raise for individuals. For example, students could explain the impact on an individual when a social media site's security settings allows for mining of account information even when the user is not online. Alternatively, students could discuss the impact on individuals of using surveillance video in a store to track customers. Additionally, students could discuss how road traffic can be monitored to change signals in real time to improve road efficiency without drivers being aware and discuss policies for retaining data that identifies drivers' cars and their behaviors.

Standard:
Evaluate the social and economic implications of privacy in the context of safety, law, or ethics.

Descriptive Statement:
Laws govern many aspects of computing, such as privacy, data, property, information, and identity. International differences in laws and ethics have implications for computing. Students make and justify claims about potential and/or actual privacy implications of policies, laws, or ethics and consider the associated tradeoffs, focusing on society and the economy. For example, students could explore the case of companies tracking online shopping behaviors in order to decide which products to target to consumers. Students could evaluate the ethical and legal dilemmas of collecting such data without consumer knowledge in order to profit companies. Alternatively, students could evaluate the implications of net neutrality laws on society's access to information and on the impacts to businesses of varying sizes.

Standard:
Compare and contrast security measures to address various security threats.

Descriptive Statement:
Network security depends on a combination of hardware, software, and practices that control access to data and systems. The needs of users and the sensitivity of data determine the level of security implemented. Potential security problems, such as denial-of-service attacks, ransomware, viruses, worms, spyware, and phishing, present threats to sensitive data. Students compare and contrast different types of security measures based on factors such as efficiency, feasibility, ethical impacts, usability, and security. At this level, students are not expected to develop or implement the security measures that they discuss. For example, students could review case studies or current events in which governments or organizations experienced data leaks or data loss as a result of these types of attacks. Students could provide an analysis of actual security measures taken comparing to other security measure which may have led to different outcomes. Alternatively, students might discuss computer security policies in place at the local level that present a tradeoff between usability and security, such as a web filter that prevents access to many educational sites but keeps the campus network safe.

Standard:
Compare and contrast cryptographic techniques to model the secure transmission of information.

Descriptive Statement:
Cryptography is a technique for transforming information on a computer in such a way that it becomes unreadable by anyone except authorized parties. Cryptography is useful for supporting secure communication of data across networks. Examples of cryptographic methods include hashing, symmetric encryption/decryption (private key), and assymmetric encryption/decryption (public key/private key). Students use software to encode and decode messages using cryptographic methods. Students compare the costs and benefits of using various cryptographic methods. At this level, students are not expected to perform the mathematical calculations associated with encryption and decryption. For example, students could compare and contrast multiple examples of symmetric cryptographic techiques. Alternatively, students could compare and contrast symmetric and asymmetric cryptographic techniques in which they apply for a given scenario.

Standard:
Plan and develop programs for broad audiences using a specific software life cycle process.

Descriptive Statement:
Software development processes are used to help manage the design, development, and product/project management of a software solution. Various types of processes have been developed over time to meet changing needs in the software landscape. The systems development life cycle (SDLC), also referred to as the application development life cycle, is a term used in systems engineering, information systems, and software engineering to describe a process for planning, creating, testing, and deploying an information system. Other examples of common processes could include agile, spiral, or waterfall. Students develop a program following a specific software life cycle process, with proper scaffolding from the teacher. For example, students could work in teams on a common project using the agile development process, which is based on breaking product development work into small increments. Alternatively, students could be guided in implementing sprints to focus work on daily standup meetings or scrums to support efficient communication.

Standard:
Develop programs for multiple computing platforms.

Descriptive Statement:
Humans use computers in various forms in their lives and work. Depending on the situation, software solutions are more appropriate or valuable when available on different computational platforms or devices. Students develop programs for more than one computing platform (e.g. desktop, web, or mobile). For example, students could develop a mobile app for a location-aware software product and a different program that is installed on a computer. Alternatively, students could create a browser-based product and make it accessible across multiple platforms or computers (e.g., email).

Standard:
Identify and fix security issues that might compromise computer programs.

Descriptive Statement:
Some common forms of security issues arise from specific programming languages, platforms, or program implementation choices. Students read a given a piece of code that contains a common security vulnerability, explain the code's intended function or purpose, provide and explain examples of how a specific input could exploit that vulnerability (e.g., the program accessing data or performing in unintended ways), and implement a change in the code to mitigate this vulnerability. For example, students could review code that takes a date as input, recognize that the code doesn't check for appropriate last days of the month, and modify the code to do that. Alternatively, students could review code that supports entry of patient data (e.g., height and weight) and doesn't prompt users to double check unreasonable values (e.g., height at 6 feet and weight at 20 pounds).

Standard:
Develop and use a series of test cases to verify that a program performs according to its design specifications.

Descriptive Statement:
Testing software is a critically important process. The ability of students to identify a set of important test cases communicates their understanding of the design specifications and potential issues due to implementation choices. Students select and apply their own test cases to cover both general behavior and the edge cases which show behavior at boundary conditions. For example, for a program that is supposed to accept test scores in the range of [0,100], students could develop appropriate tests (e.g, a negative value, 0, 100, and a value above 100). Alternatively, students developing an app to allow users to create and store calendar appointments could develop and use a series of test cases for various scenarios including checking for correct dates, flagging for user confirmation when a calendar event is very long, checking for correct email address format for invitees, and checking for appropriate screen display as users go through the process of adding, editing, and deleting events.

Standard:
Modify an existing program to add additional functionality and discuss intended and unintended implications.

Descriptive Statement:
Modularity and code reuse is key in modern software. However, when code is modified, the programmer should consider relevant situations in which this code might be used in other places. Students create and document modifications to existing programs that enhance functionality, and then identify, document, and correct unintended consequences. For example, students could take an existing a procedure that calculates the average of a set of numbers and returns an integer (which lacks precision) and modify it to return a floating-point number instead. The student would explain how the change might impact multiple scenarios.

Standard:
Evaluate key qualities of a program through a process such as a code review.

Descriptive Statement:
Code reviews are a common software industry practice and valuable for developing technical communication skills. Key qualities of code include correctness, usability, readability, efficiency, and scalability. Students walk through code they created and explain how it works. Additionally, they follow along when someone else is explaining their code and ask appropriate questions. For example, students could present their code to a group or visually inspect code in pairs. Alternatively, in response to another student's presentation, students could provide feedback including comments on correctness of the code, comments on how code interacts with code that calls it, and design and documentation features.