IT and the Law

Question 1

SQL

Answer 1

Structured Query Language - a popular form of query language which deals with databases.

Question 2

Query Language

Answer 2

A specialised programming language based around databases.

Question 3

SQLi

Answer 3

Structured Query Language Injection - a method of hacking which replaces part of a legitimate query with a malicious payload, enabling access to private information or information such as the structure of the database. Restricting permissions and turning off error messages can help to limit these.

Question 4

Query String

Answer 4

A piece of data added to the end of a URL to identify information such as the name of the account being used.

Question 5

Blind Injection

Answer 5

A SQLi attack where no data is known about the structure of the database being used.

Question 6

Sanitisation (Databases)

Answer 6

Methods that prevent malicious query strings being inputted, such as restricting possible input strings or parsing them.

Question 7

Computer Misuse Act

Answer 7

A legislation passed in 1990 after accessed was gained to private emails on Prestel. It covers unauthorised access or modification to computer materials.

Question 8

Data Protection Act

Answer 8

A legislation passed in 1998 which covers protection of personal data. It covers data protection, pseudonymisation, the right to erase data and more.

Question 9

Supervisory Authority

Answer 9

A group that ensures data protection. In the UK, this is the Information Commissioner’s Office (ICO).

Question 10

Data Protection Officer

Answer 10

An individual employed in companies with over 250 employees to ensure data is secure.