Professional Documents
Culture Documents
Cyber Security
Cyber Security
Brute-Force Attack
• A brute-force attack is a trial-and-error method used to crack passwords or
encryption keys by trying every possible combination until the correct one
is found
• The aim of a brute-force attack is to gain unauthorised access to a system
or network
Data Interception
• Data interception involves eavesdropping on communication channels to
intercept and steal sensitive information, such as passwords, credit card
numbers, or personal data
• The aim of data interception is to steal sensitive information for personal gain
or to use it for further cyber attacks
Hacking
• Hacking involves gaining unauthorised access to a system or network to
steal or manipulate data, disrupt services, or cause damage
• The aim of hacking can vary from personal gain to activism or cyber
espionage
Malware
Malware is malicious software designed to harm or gain unauthorised access to a
system or network. Types of malware include:
• A virus is a piece of code that attaches itself to a legitimate program or file
and then replicates itself to spread to other programs or files on the computer.
It can cause damage to the system, including deleting data or damaging
hardware
• A worm is similar to a virus but is a standalone program that can spread and
replicate itself over computer networks. It can take up storage space or
bandwidth
• A Trojan horse is a program that disguises itself as a legitimate program or
file, but when installed, it can delete data or damage hardware
• Spyware is software that records all key presses and transmits these to a
third party
• Adware is a type of software that displays unwanted advertisements on the
computer without the user's consent. Some of these may contain spyware and
some may link to viruses when clicked
• Ransomware is a type of malware that encrypts the user's files and demands
a ransom payment to decrypt them. It can cause data loss, and financial
damage and disrupt business operations
The aim of malware attacks can range from data theft to extortion or disruption of
services
Phishing
• Phishing involves the user is sent an email which looks legitimate
• This contains a link to a fake website where the user is encouraged to enter
their details
• The aim of phishing is to steal sensitive information for personal gain or to
use it for further cyber attacks
Pharming
• Pharming involves malware being downloaded without the user’s
knowledge
• This redirects the user to a fake website where they’re encouraged to enter
their personal details
• The aim of pharming is to steal sensitive information for personal gain or to
use it for further cyber attacks
Exam Tip
• A user needs to click on a link or an attachment to open the fake web page or
trigger a download of malicious code, and not just open the email
Social Engineering
• Social engineering involves manipulating individuals to gain access to
confidential information or to perform an action that benefits the attacker
• This can include techniques such as:
o This involves posing as someone else to gain trust or access to
sensitive information
o Attackers might pretend to be a co-worker, IT support personnel, or a
law enforcement officer to get people to divulge sensitive information or
perform an action they wouldn't otherwise do
o Baiting is a social engineering technique that involves enticing a victim
with a desirable item or promise to extract sensitive information or gain
access to a system
o Attackers might leave a USB drive with a tempting label, like "salary
information," in a public place and wait for someone to pick it up and
plug it into a computer
o Once the drive is connected to the computer, the attacker can access
sensitive information or install malware
o Pretexting involves creating a fake scenario to extract sensitive
information
o The attacker might pose as a bank representative and ask for personal
information to "verify your account”
o Impersonation
o Baiting
o Pretexting
Accidental Damage
Data could also be accidentally damaged in many ways:
Example Prevention
Loss of power Use a UPS
Liquids being spilt Don’t have water near the device
Keep device in a waterproof box when not is
Flooding
use
Use electrics safety and keep device in a
Fire
fireproof box when not is use
Hardware failure Correct care and maintenance of hardware
Software failure Making sure it is always up to date
Human error:
Add verification method for data deletion
• Pressing delete by mistake
• Not saving data
Set access levels for data to limit who can
• Not shutting down the computer
delete the data
correctly
Incorrect use of storage device Making sure device is ejected before removing
Exam Tip
• If you are given context in a question, you should apply your answer to the
scenario
• Back-up of data is not a method to help prevent the data being damaged. It
can replace the data if it is damaged, but it does not stop the data being
damaged
Anti-Malware
• Anti-malware solutions are used to prevent and remove malware, which is a
common type of security threat to data
• Anti-malware software includes anti-virus and anti-spyware programs,
which help to detect and remove malicious software from a computer system
• This software works by scanning the computer’s files and any files being
downloaded and comparing them to a list of known malware
• If any malware is found, it is quarantined to prevent the spread
• The malware is then deleted
Authentication
• Authentication is used to ensure that only authorised users can access data
• There are several methods of authentication:
o Passwords are used to protect sensitive data by preventing
unauthorised access. A strong password should be complex, unique,
and not easily guessed. Passwords should be changed regularly, and
users should avoid reusing passwords across multiple accounts.
o Biometrics uses biological data for authentication by identifying unique
physical characteristics of a human such as fingerprints, facial
recognition, or iris scans. Biometric authentication is more secure than
using passwords as:
▪ A biometric password cannot be guessed
▪ It is very difficult to fake a biometric password
▪ A biometric password cannot be recorded by spyware
▪ A perpetrator cannot shoulder surf to see a biometric password
o Two-factor authentication (2FA) requires users to provide two forms
of authentication before accessing data, such as a password and a
verification code sent to a mobile device. This provides an extra layer
of security and reduces the risk of unauthorised access. 2FA is widely
used to protect online accounts, such as email or banking.
• These methods help to prevent unauthorised access and protect sensitive
data
Communications
• Checking the spelling and tone of communications is important to prevent
phishing attacks
URL
• Checking the URL attached to a link is another way to prevent phishing
attacks.
• Hackers often use fake URLs to trick users into visiting fraudulent websites
o e.g. http://amaz.on.co.uk/ rather than http://amazon.co.uk/
Firewalls
• A firewall can be software or hardware based
• It monitors incoming and outgoing traffic between the computer and the
network and keeps a log of the traffic
• The user sets criteria for the traffic (this is called the whitelist/blacklist) and
the traffic is compared with this
• The firewall will accept or reject the traffic based on this and an alert can be
sent to the user
• It can help prevent hacking and malicious software that could be a threat to
the security of the data
Privacy Settings
• Privacy settings are used to control the amount of personal
information that is shared online
• They are an important measure to prevent identity theft and other forms of
online fraud
• Users should regularly review their privacy settings and adjust them as
needed
Proxy-Servers
• Proxy-servers are used to hide a user's IP address and location, making it
more difficult for hackers to track them
• They act as a firewall and can also be used to filter web traffic by setting
criteria for traffic
• Malicious content is blocked and a warning message can be sent to the user
• Proxy-servers are a useful security measure for protecting against external
security threats as it can direct traffic away from the server
Physical Methods
o Physical methods are used to physically protect hardware that stores
sensitive data
o This can include:
▪ Locked rooms needing a key or card access
•
o
▪ CCTV
•
o
▪ Bodyguards
Backup
• This is the process of making a copy of files in case something happens to
the original ones
• Backing up data is important to protect against data loss due to hardware
failure, cyber-attacks, or other disasters
• Backups should be stored in a secure location, and multiple copies should
be made
• Regular backups ensure that data can be recovered in the event of a
security breach or data loss
Ethics
There are a number of ethical concerns when using the Internet:
• Addiction
o Aspects of the internet e.g. social media can cause this
• Breaching copyright
o Breaking the law by copying someone’s work
• Cyber bullying
o Using the internet to bully people
• Data protection
o A person’s data is not used according to the law
• Environmental effects
o Increased use of the internet increases the use of electrical power
• Fake news
o News stories that could be very misleading or harmful
• Inappropriate materials
o Materials that could cause harm/offence to people e.g. children
• Intellectual property theft
o Stealing other people's work
• Piracy
o Using piracy websites to gain content for free that should have been
paid for
• Plagiarism
o The copying of other people’s work without their permission
o Claiming someone else’s work as your own
• Privacy
o A person’s data could be leaked
Automated Systems
Automated Systems
• Automated systems use sensors, a microprocessor and actuators
o Sensors detect changes in the environment and convert them into
electrical signals that can be processed by a microprocessor
o Microprocessors analyse the signals from the sensors and make
decisions based on pre-programmed logic
o Actuators receive signals from the microprocessor and perform
actions such as opening a valve or turning on a motor
• By combining sensors, microprocessors, and actuators, automated systems
can be created that respond to changes in the environment without human
intervention
Worked example
A theme park has a game where a player tries to run from the start to the finish
without getting wet. The system for the game uses sensors and a microprocessor to
spray water at a player as they run past each sensor. Describe how the sensors and
the microprocessor are used in this system
[8]
Robotics
Robotics
Robotics is an area of computer science that deals with the creation, design, and
operation of robots.
Characteristics
• A robot is a machine that can be programmed to carry out a range of
tasks autonomously or semi-autonomously
• Robots have a mechanical structure or framework, which gives them a
physical body that can move and interact with the environment
• Electrical components, such as sensors, microprocessors and actuators,
allow robots to receive information from their surroundings and respond to it
• Robots are programmable, which means they can be designed to follow a
set of instructions or algorithms, allowing them to complete a variety of tasks
and respond to changing situations
Roles
Robots can perform various tasks in different areas, such as:
• Industry
o Robots can be used in manufacturing and assembly lines to increase
productivity and accuracy
• Transport
o Robots can be used in warehouses and logistics to move
and transport goods
• Agriculture
o Robots can be used for tasks such as planting, harvesting, and
spraying crops
• Medicine
o Robots can be used in surgical procedures to
increase precision and reduce risk of errors
• Domestic
o Robots can be used for tasks such as vacuuming, lawn mowing, and
cleaning
• Entertainment
o Robots can be used as toys or in amusement parks to provide
entertainment
Advantages Disadvantages
Increased productivity: robots can work High initial investment: purchasing and setting up
continuously without breaks or fatigue robots can be expensive
Consistency and accuracy: robots can Maintenance costs: robots require regular
perform tasks with a high level of precision maintenance and repairs, which can add to the
and accuracy overall cost.
Lack of flexibility: robots are programmed for
Safety: robots can perform tasks that are
specific tasks and cannot adapt easily to new
dangerous or hazardous for humans
situations or tasks.
Cost-effective: robots can help reduce labour Unemployment: increased use of robots can lead to
costs in the long run job loss in certain industries.
AI
• Artificial Intelligence is a branch of computer science that involves creating
computer systems that can perform tasks that would normally require
human intelligence
• The goal of AI is to simulate intelligent behaviour in machines, including:
o problem-solving, decision-making, natural language processing
• AI is often used in areas such as:
o Robotics
o Natural language processing
o Expert systems
o Machine learning
• Machine learning is a subset of AI that focuses on giving computers the
ability to learn and improve from data, without being explicitly programmed
• There are different types of AI, including weak AI, strong AI, and
superintelligence
o Weak AI, also known as narrow AI, is designed to perform a specific
task or set of tasks
o Strong AI, also known as artificial general intelligence (AGI), is
designed to perform any intellectual task that a human can do
o Superintelligence is a hypothetical AI that would surpass human
intelligence in all areas
• AI has advantages such as increased efficiency, accuracy, and scalability
• However, AI also has disadvantages such as the potential for job loss,
biassed decision-making, and ethical concerns around its use
Characteristics
• Collection of data and rules
o AI systems require large amounts of data to perform tasks
o The data is processed using rules or algorithms that enable the
system to make decisions and predictions
• Ability to reason
o AI systems can use logical reasoning to evaluate information
and make decisions based on that information
• Ability to learn and adapt
o This will mean it can change its own rules and data
AI systems can be designed to learn from past experiences and adjust their
behaviour accordingly
Components
There are two main types of AI systems:
Expert Systems:
Machine Learning: