IGCSE ICT Chapter 8_Safety and Security

IGCSE ICT CHAP: 8.
SAFETY AND SECURITY
Chapter 8: Safety and Security

CAIE IGCSE ICT (0417) THEORY-REVISION
For Exams from 2023
Online Safety!
IGCSE ICT REVISION: CHAP 8 SAFETY AND SECURITY #ICT WITH TATCHEN 1
IGCSE ICT CHAP: 8. SAFETY AND SECURITY
Objectives of this chapter

8.1 Physical safety
✓Electrocution
✓Fire hazard
8.2 E-Safety
✓data protection acts
✓personal and sensitive data
✓ e-safety when using the internet
8.3 Security of data
8.1 Physical safety.

• Physical safety here deals with the dangers associated with the use of ICT equipments
or facilities that could lead to serious injuries or even loss of life. Possible safety issues
are: personal injury, electrocution, tripping and fire hazards.
• Possible causes of safety and preventive measures are described below.
Safety risk Possible causes of the risk Preventive measures
Personal injury • Falling of heavy equipments from desk • Use strong desk that can take weight
• Use of undersized desks of a computer and its accessories
• Use large enough desk with enough
room for the hardware
Electrocution • Exposed wires in computer cables • Check all cables regularly to ensure
• Poorly insulated electrical equipment they are in good conditions
• Spilling liquids on electrical equipment • Replace worn out cables
• Make use of residual current breakers
to prevent electrocution
• Do not bring liquids into the computer
lab or close to computers.
8.1 Physical safety.

Possible safety issues are: personal injury, electrocution, tripping and fire hazards. Their
possible causes and preventive measures are described below.
Safety risk Possible causes of the risk Preventive measures
Fire Hazard • Overloaded wall sockets • Increase the number of wall sockets
• Overheating of computer systems due • Clean dust from computers regularly
to poor heat dissipation • Do not block the cooling vents on the
• Short circuits from exposed wires computer
• Test/inspect all equipment regularly
• The computer room should be well
ventilated
• Always have serviced fire extinguishers
on standby.
Tripping on wires • Trailing wires on the floor • Connect wires away from the passage
• Damage flooring and wire guides. ways.
• Use cable ducts to safely direct cables.
• Use wireless devices to eliminate
trailing cables.
Exam question
Q. The office must be a safe working environment .
State two physical safety issues that might exist from the introduction of computers. [2]
Mar/P_12/Q9d/2022
• Answer:
✓ Tripping over trailing cables on the office floor
✓ Fire caused by overheating computers
✓ Fire caused by overloaded sockets
✓ Electrocution caused by spilling drinks on the computer
✓ Injuries caused by equipment falling
Exam question
Q. M_J/P_11/Q12a/2022
✓ Use CO2 fire extinguisher
✓ Don’t overload sockets
✓ Have fans/cooling system
✓ Use Residual Circuit Breaker/RCB
✓ Don’t bring drinks close to computers

✓ Cover/insulate live/bare wires
8.2 E-Safety.
❑E-safety refers to the safe and responsible use of
technology by its users.
• E-safety involves how to behave when using
technology such as:
✓When using the internet.
✓Sending and receiving emails
✓Using social media
✓Online gaming
https://www.educationandtraining.org.uk/sources-e-safety-
information-advice-support-children-young-people/
8.2 E-Safety.
https://blog.numbernagar.com/2019/11/01/an-awakening-call-towards-the-state-of-digital-literacy-and-online-safety-of-our-children/
8.2 E-Safety.
❑Data protection
• Most countries have data protection acts (DPA) designed to
protect individuals and to prevent incorrect or inaccurate storage
of data.
• DPAs protect the rights of individual from whom data is being
collected, on the storage, use disclosure of computerized data and
paper records.
• Some principles of data protection acts are:
• Data must be fairly and lawfully processed.
• The purpose must be stated
• Collected data must be adequate, relevant and not excessive.
• It should not be kept longer than the stated duration
• It must be well secured
• Its must not be transferred to other parties unless adequate protection
is guaranteed.
• Failure to follow these rules can lead to fines or imprisonment.
https://www.enzuzo.com/blog/data-privacy-laws
8.2 E-Safety.
❑Data protection
• Preventing unlawful data access:
✓Ensure personal data is not left lying around unattended to.
✓Do not leave sensitive data on computer monitors
unattended to. Log off each time you are living your desk.
✓Use strong passwords and user IDs to secure your
computers.
✓Regularly change your passwords and login IDs
✓Do not share sensitive information through emails or faxs.
Exam question Q. M_J/P_12/Q7a/2022
✓ Data should be fairly and lawfully processed

✓ Data should only be processed for the stated purpose
✓ Data should be adequate, relevant and not excessive/limited
✓ Data should not be kept longer than necessary
✓ Data should be collected for specific purposes
✓ Data subjects are allowed access to their personal data
✓ Data should be accurate and kept up to date
✓ Data should not be transferred to another country unless they have adequate protection
✓ Parental consent required for processing personal data of children including online
services
8.2 E-Safety.
❑ Personal data
• Personal data is data about a living person that can be used to identify that
person or be used with other information to identify an individual.
• Examples of personal data
✓ Name, home address, IP address, email address),
✓ ID card/ passport number,
✓ Date of birth (DOB)
✓ Banking details
✓ Photographs.
• Some personal data is considered sensitive and should be handled with extra
care. Examples of sensitive personal data:
✓ Political views
✓ Political affiliations (party)
✓ Religious beliefs
✓ Sexual orientation/gender
✓ Criminal records
✓ Medical history
✓ Ethnicity/race
IGCSE ICT CHAP: 6 ICT APPLICATIONS
Exam question Q. M_J/P_12/Q7b/2022
Personal data is data relating to an individual/person that can be used to identify that person
Examples of personal data

Name, address, date of birth, gender, biometrics, mobile/cell phone number, credit/debit card
number, personnel ID number, personal appearance, medical record, criminal record, ethnic
origin, picture of yourself, political opinions, religious or philosophical beliefs, trade-union
membership record, genetic data, IP address, racial identity
IGCSE ICT CHAP: 6 ICT APPLICATIONS
Exam question Q. M_J/P_12/Q7c/2022
✓ The person can be directly identified from the data

✓ The data is confidential as it links directly to the person
✓ If someone gets access to the data, the information can be used to attack the person
✓ If not kept confidential and secure it could lead to home burglaries as people post holiday details
on social media
✓ It could lead to the chance of users suffering physical harm from people with access to their data
8.2 E-Safety.
❑Using the internet
• Some rules to follow to stay safe online
✓ Ensure the websites you visit/use are secured by locking for https or a padlock sign.
✓ Only do online shopping on sites with encrypted connections/payments options.
✓ Always conduct online search in safe search with the high level of security.
✓ Only use recommended or trusted websites by teachers or parents.
✓ Be careful of what you download from online
✓ Always sign out from sites after using them.
8.2 E-Safety.
❑Sending and receiving emails
✓ Only open email attachments or links from known sources
✓ Ensure your ISP has effective email filtering for spams
✓ Only reply to emails from people you know or have an good idea
of the email origin.
✓ Always ensure you don’t mention personal information like your
school when replying to emails.
✓ Ensure emails with company addresses are well checked to match
with the actual company before replying to them.
✓ Manually type in email addresses
✓ Avoid clicking on hyperlinks within emails, they could be phishing
scams
✓ Take care when copying people or forwarding emails to multiple
people.
8.2 E-Safety.
❑Using social media
How to safe online!
✓ Do not send personal photos to people you do not know.
✓ Make use of privacy settings when posting photos online
✓ Do not give out personal information to people you do not know.
✓ Ensure photos you post online can not link you to a place
✓ Do not accept friend requests from people you don’t know.
✓ Avoid forwarding inappropriate messages
✓ Always respect other peoples confidentiality
✓ Never arrange to meet with people you don’t know
✓ Report any form of online abuse to an adult.
8.2 E-Safety.
❑Online gaming
Some risks associated with online gaming:
✓ Be ware of online predators in gaming environments
✓ Cyberbullying; sending threatening or intimidating
electronic messages to people online
✓ Avoid the use of webcams
✓ Use of voice masking technology
✓ Possible cyber attacks
✓ Game violence can translate to violent behavior in the
individual.
https://www.grantthornton.in/insights/blogs/self-regulatory-bodies-
for-online-gaming-sector-a-game-changing-policy-measure/
Exam question
Q. M_J/P_11/Q12b/2022
✓ Respect other players

✓ Check game ratings for age
✓ Report/block cyberbullies
✓ Reduce the amount of time spent gaming
✓ Be careful of in-app purchases
✓ Turn on privacy settings
✓ Don’t use your real name//use a nick name
✓ Don’t give away personal information
Exam question
Q. M_J/P_11/Q12c/2022
✓ User ID identifies the user

✓ A password is a string of characters that make up the authentication system
✓ They are needed to improve security
✓ Using both an ID and a password give a unique authentication
8.2 Security of Data.

❑Data stored in a computer or being transferred around networks is
usually prone to security threats such as:
▪ Hacking
▪ Phishing
▪ Smishing
▪ Pharming
▪ Viruses
▪ Malware
▪ Card frauds etc

Data threats
❑Hacking
▪ Hacking is gaining unauthorized access to a computer system
▪ Hacking can lead to: identity theft, misuse of personal data, deletion of data,
corruption of data.
▪ How to prevent hacking?:
✓ make use of strong firewalls
✓ Use strong passwords
✓ Use anti-hacking software
✓ Use user IDS and strong passwords

Data threats
❑ Phishing; smishing, vishing
▪ Phishing involves the use of legitimate looking emails to target a users computer system. A users computer is
accessed when they click on a link or attachments in the email.
▪ The email often looks like it comes from a trusted source and takes you to fake websites where you are fooled
into giving out your personal data.
▪ Creators of this email can steal bank account or credit card details. Identity theft from personal information.
▪ How to prevent phishing or smishing:
✓ Be cautious when opening emails or attachments
✓ Do not click on extensions or attachments with extensions .exe, .bat, .com, .php, etc
✓ Use ISP and browsers with phishing filters.
▪ Smishing is a form of phishing which involves use of SMS system to send fake messages.
▪ The text message contains a number or links a user is asked to call or dial.
▪ When the recipient dials a code they can steal bank details, personal details etc.
▪ Vishing is another form of phishing which uses voicemail message to trick the user into calling them back or
provided numbers.
▪ Over a phone call you are asked to provide personal information with the hope of winning something.

Data threats
❑Pharming
▪ Malicious code is installed on a user’s computer or on a web server.
▪ This malicious code can redirect you to fake sites without your knowledge.
▪ Creators of this malicious code can steal personal data like debit/credit card details, bank details etc. pharming
can also lead to identity theft.
▪ How to prevent pharming?
✓ Use anti-spyware software which can remove and identify and delete pharming code.
✓ Always stay alert while browsing online for clues that can redirect you to other sites.
https://www.universalcpareview.com/ask-joey/what-is-a-pharming-attack/

Data threats viruses
❑Viruses and malware
• Malwares of various forms are threats to Key loggers ransomware
the integrity and security of data.

• Various anti-malware software are capable Malware
of removing most of these malwares.

Adware Worms
Trojan horse

Data threats
Malware Description effects Prevention
• • •
• Viruses Programs or software that
can replicate/copy itself
Computer can be caused to
stop functioning well or
Install and keep updated
anti-virus software.
within a user computer crashed. • Be careful when opening
with the intention of • Deletion of files from email attachments.
deleting, corrupting files computer. • Do not use software from
etc. • Corrupt Operating system unknown sources
• • •
• worms Self-replicating viruses
capable of spreading in the
Spreads through out the
network and corrupts files
Use up to date anti-virus
software.
whole computer and and the network. • Carry out regular antivirus
corrupting the whole scans
network.
• They are inbuild to
computer software or
emails and replicate
unnoticed.

Data threats
Malware Description Effects Prevention
• Malicious program which often • Trojan horse can give cyber
Trojan horse appears as legitimate software but criminals access to your
has some embedded malicious computer.
code. • Installs spywares to steal
• The trojan horse replaces the Passwords, IP address, etc.
legitimate software and causes
harm to the computer.
• This is a form of spyware that • Capture personal data such • Use up-to-date anti-
Key logging monitors a user’s keyboard as credit/debit card details. spyware.
software •
activities and gathers information.
It is designed to gather keystrokes
• Bank account numbers and
passwords.
• Regularly change
passwords and use
and automatically email small files different access options.
to cybercriminals.

Data threats
Malware Description effects Prevention
Adware • Floods a user with unwanted • Hijack browsers • Use anti-malware.
advertising. • Unwanted pop-ups • Do not click on untrusted
links.
Ransomware • Programs that encrypts data in • Immediate encryption of a • Avoid phishing emails
someone's computer system and user’s data. • Regularly back up
holds it hostage. • Blackmail important files
• The owners are often asked to pay
for the decryption key.

Data threats
❑Debit/credit Card fraud
❑ Illegal use of another person’s debit/credit card. A number of possible ways in which credit card details can be
stolen are:
▪ Shoulder surfing: when the card owner is using ATMs, at POS terminals etc.
• Watching you key in your PIN, listening in when you give out card details.
▪ Card cloning: use of electronic devices to clone bank cards, the device records all information on the card which
is then transferred to a fake card.
▪ Use of key logging software: software monitors and detects all key presses particularly when entering card
details such as:
▪ PIN, card number, security code (Card verification value-CVV)
How to prevent card fraud?
Shield the keyboards when using public ATMs or POS terminals
Don’t key in bank details on mobile devices in public places
Be watchful of the security cameras that can record passwords or personal data.
Use biometric access methods.

Data protection
❑To protect data, various authentication means are used to verify the security
and trustworthiness of data. Security of data can be protected using:
• Biometrics
• Digital certificates
• Secure sockets layer (SSS)
• Encryption
• Firewalls
• Two-factor authentication
• User ID and password.

Data protection
❑Biometric authentication
• Biometrics authentication is used to gain access to devices or system.
• It makes use of unique features in human beings such as: fingerprints, signature
recognitions, eye scans, facial recognition, voice recognition etc.
• Biometric authentication is used in most electronic devices such as mobile phones,
tablets, laptops etc
https://abilitynet.org.uk/factsheets/voice-recognition-overview

Data protection
Biometric technique Advantages Disadvantages
Fingerprint scans • Very high accuracy • Some people find it intrusive

• Very easy to use • Prone to mistakes for dirty/
• Most widely used biometric damaged skin
technique
Signature recognition • Very short verification time • Signature must be consistent.

• Relatively low-cost technology
Iris recognition • Fast verification time, (<5 S) • Very intrusive

• High accuracy • Uses a lot of memory for data
storage.

Data protection
Biometric technique Advantages Disadvantages
Face recognition ▪ Non-intrusive ▪ affected by lighting conditions

▪ Relatively inexpensive ▪ Affected by facial hair, age etc.
Voice recognition ▪ Non-intrusive ▪ Voice can easily be cloned and

▪ Fast verification time, < used illegally.
5 secs ▪ Low accuracy
▪ Relatively inexpensive
tech
https://abilitynet.org.uk/factsheets/voice-recognition-overview

Data protection
❑Digital certificates
• A digital certificate is a pair of files stored on a user’s computer to ensure
security of data sent over the internet.
• A digital certificate often has a public key (can be accessed by anyone) and a
private key which is only known to the computer user.
• A digital certificate is usually attached to an email to ensure security and
authenticity of the email. The certificate is made up of six parts:
1. the senders email address,
2. The name of the sender,
3. The serial number of certificate,
4. The validity of the certificate,
5. Public key
6. Digital signature of certificate authority (Cas) such as VeriSign.

Data protection
❑Secure sockets layers (SSL)
▪ SSL is a protocol that ensures secure communication over the internet.
▪ SSL encrypts data transmission between a user and webserver for secured communication.
▪ Secure sockets layers can been verified after logging onto a website by the presence of “s” in
http of websites. E.g https:ict.com/ or the appearance of the pad lock sign.
Examples of areas making use of SSL:
✓ Sending and receiving emails
✓ Online banking and financial transactions,
✓ Online shopping
✓ Using cloud storage Not secure http:/ictwithtatchen.com/notes
✓ Video calls
✓ Social network sites etc.
Secured https:/ictwithtatchen.com/notes
https://www.geeksforgeeks.org/difference-between-http-and-https/
Exam question
Q. Nov_/P_13/Q7c/2021
✓ User ID identifies the user

✓ A password is a string of characters that make up the authentication system
✓ They are needed to improve security
✓ Using both an ID and a password give a unique authentication

Data protection
❑Encryption
▪ Encryption of data is mainly used to mask the data in case it has been hacked or is accessed
illegally.
▪ Cypher script is the process of encrypting (encoding) data (plain text) with an encryption key.
▪ The intended user of the encrypted data must have the decryption key to decrypt the data
before it can be used.
▪ Why encrypt data?
✓ Guard against risks of hacking, pharming etc
✓ Ensure privacy in communication,
✓ Protect sensitive information,
https://kinsta.com/knowledgebase/what-is-encryption/
Exam question
Q. Nov/P_13/Q5a/2021
✓ Encryption is scrambling of data

✓ It changes the data into a form that is not understandable
✓ It requires the intended receiver to have a decryption key to decode the data
✓ Encrypted using a encryption key/code Changes plain text into cypher text
8.2 Security of Data. Your Internet/

Firewall
Data protection computer web
❑Firewalls
▪ A firewall can be in the form of software or hardware which forms a secure layer between your
computer and an external network.
▪ Firewall in form of software is usually installed as part of the operating system
▪ A gateway is a firewall in the form of hardware which can monitor communication between networks.
▪ A firewall filters incoming and outgoing network traffic to ensure secure communication.
▪ Tasks carried out by firewalls?
✓ Examines network traffic between incoming and outgoing communications
✓ Checks outgoing/incoming data to meet particular standars
✓ Provides warnings for software installations and upgrades.
✓ Blocks data that does not meet the required criteria for transmission
✓ Can be used to prevent access to undesirable sites
✓ Can prevent viruses and hackers

Data protection
❑Two-factor authentication
▪ Makes use of two forms of verification to verify the user; it could be a PIN and biometric, PIN and password etc.
▪ Its is mostly used for online banking/payments. Apart from providing your card details a bank can send you a
verification code to authorize the payment.
▪ The code is sent directly to your email or phone number.
▪ Two-factor authentication has three key features:
✓ You need a known password or PIN
✓ A mobile number or email address
✓ A unique identification method such as biometrics.
Enter username*
Code sent to Enter the
Enter password*
email or number received code
Exam question
Q. Nov/P_13/Q5b/2021
✓ Use anti-spyware to prevent key logging

✓ Change passwords regularly
✓ Use a different password for each system
✓ Use longer passwords as they are harder to guess
✓ Use strong passwords
✓ Use two-factor authentication so that hackers need both parts
✓ Use a dropdown list for password entry
✓ Use a biometric password
✓ Do not use passwords that directly links to the user
IGCSE ICT CHAP:8.
Safety and Security
References:
1. Cambridge IGCSE Information and Communication Technology, 3rd edition.
Graham Brown, David Watson
2. https://www.cambridgeinternational.org/search/gcsearch.aspx?q=ict

IGCSE ICT Chapter 8_Safety and Security

Uploaded by

Copyright:

Available Formats

You might also like

IGCSE ICT Chapter 8_Safety and Security

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IGCSE ICT Chapter 8_Safety and Security

Uploaded by

Copyright:

Available Formats

IGCSE ICT CHAP: 8.

SAFETY AND SECURITY

Chapter 8: Safety and Security

Objectives of this chapter

8.1 Physical safety.

8.1 Physical safety.

✓ Don’t bring drinks close to computers

Exam question Q. M_J/P_12/Q7a/2022

✓ Data should be fairly and lawfully processed

Exam question Q. M_J/P_12/Q7b/2022

Examples of personal data

Exam question Q. M_J/P_12/Q7c/2022

✓ The person can be directly identified from the data

✓ Respect other players

✓ User ID identifies the user

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

the integrity and security of data.

of removing most of these malwares.

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

8.2 Security of Data.

Fingerprint scans • Very high accuracy • Some people find it intrusive

Signature recognition • Very short verification time • Signature must be consistent.

Iris recognition • Fast verification time, (<5 S) • Very intrusive

8.2 Security of Data.

Face recognition ▪ Non-intrusive ▪ affected by lighting conditions

Voice recognition ▪ Non-intrusive ▪ Voice can easily be cloned and

8.2 Security of Data.

8.2 Security of Data.

✓ User ID identifies the user

8.2 Security of Data.

✓ Encryption is scrambling of data

8.2 Security of Data. Your Internet/

8.2 Security of Data.

✓ Use anti-spyware to prevent key logging

You might also like