Learning Aim D

Question 1

What is ment by integrity of data in btec level 3 it

Answer 1

refers to the accuracy, consistency, and reliability of data throughout its lifecycle. It ensures that data remains unchanged and correct during storage, transmission, and retrieval. Maintaining data integrity is crucial to prevent errors, ensure trustworthiness, and support effective decision-making.

Question 2

What can be done to prevent data errors in data entry

Answer 2

Manual data entry can result in errors, so proper training of staff is essential to ensure they know how to input data accurately, and the importance of doing so.
Auditing procedures need to be in place so that individuals can be held accountable for inaccurate data entry.

Question 3

What is data verification

Answer 3

Data verification is the process of entering data twice, with the second entry being automatically checked against the first. If they match, the data is accepted. This is often used when entering and storing a new password.

Question 4

What is data validation

Answer 4

Data validation should be used to ensure the values that the user can enter are restricted. Data validation checks include type checks, range checks, format checks, length checks and presence checks.

Question 5

What are some types of malware

Answer 5

• Viruses
• Worm s
• Trojan horses (“Trojan”)
• Ransomware

Question 6

What is a virus

Answer 6

A computer virus is a small piece of software that someone can attach to a host program such as a spreadsheet macro or computer game. Whenever the program is run, the virus program runs too, reproducing itself and attaching to other programs.

Question 7

What is a worm

Answer 7

A worm is a standalone malware program that spreads to other computers, often via a network (including the Internet), generally relying on security weaknesses in the host computer to spread itself.

Question 8

What is a trojan

Answer 8

The Trojan is malicious software masquerading as a legitimate email that invites the user to open an attachment, which then gives the controller unauthorised access to that computer. It may be used to access personal information such as passwords or banking information. Unlike a virus, Trojans do not normally inject themselves into other software or spread themselves.

Question 9

What is ransomware

Answer 9

Ransomware is malicious software that, once installed on a computer, denies access to the computer until a ransom is paid. The NHS, universities and numerous commercial organisations suffered serious ransomware attacks in 2018 at the rate of about 38 new attacks every day.

Question 10

What is DOS attacks

Answer 10

This is an attempt to make a website inaccessible to genuine users or to disrupt services by overloading the website servers and resources with fake traffic.

Question 11

What is phishing

Answer 11

A phishing scam is a fraudulent email or message that appears to come from a legitimate organisation. Its purpose is to trick the recipients into sharing sensitive information such as passwords, usernames, bank and credit card details for malicious purposes. Attackers may make contact via email, social media, phone calls or text messaging.

Question 12

What is spear phishing

Answer 12

spear-phishing attacks target a specific victim, and messages are modified to include personal information. This makes them much more difficult for a user to identify. The spear-phisher may get their information by viewing personal profiles on social media sites, from which they will be able to find, for example, a person’s email address, friends list and posts about new gadgets that were recently purchased. An attacker posing as a friend may ask for usernames and passwords for various websites so that they can access photos.

Question 13

What is identity theft and the impact on individuals

Answer 13

It is when someone steals another person’s personal information, like their name, bank details, or Social Security number, and uses it without permission to commit fraud or other crimes.

Impacts:
• Identity theft can make victims stressed, anxious, unable to concentrate and have difficulty sleeping
• Identity fraud can also impact employment, housing, insurance, credit status and educational
opportunities

Question 14

What is cyberstalking and the impact on individuals

Answer 14

Cyberstalking is the use of the Internet, email, instant or text messages, or social media posts to stalk or harass a victim
Impacts:
• Individuals who stalk offline wil usually use some form of technology as a tool, e.g. mobile phones, social networks, computers or geolocation tracking
• Cyberstalking is where the perpetrator uses technology but doesn’t actually stalk the person in the physical offline world

Question 15

What are the Impacts on organisations when phishing attacks have occurred

Answer 15

Reputational damage: The publicity around a serious breach can be very damaging to the company. It may be perceived by customers as untrustworthy,

Intellectual property loss: Trade secrets, costly research, formulas and recipes, or customer lists may all be stolen for example, a single design could represent millions of pounds in research costs.

Direct costs: The cost of compensation to individuals who have had their data stolen and who have suffered personal financial losses or other consequences as a result, may run into millions. Fines for violations of the Data
Protection Act

Share value: Such an event may wipe millions of pounds off a company’s share value.

Question 16

What is the function of an antivirus software

Answer 16

Virus detection
The main function of anti-virus software is to detect and remove computer viruses. Typically, it will scan all the files on your computer and compare them to a database of known virus signatures. This database is updated many times a day in order to ensure that the software wil recognise the latest viruses. Most anti-virus software will also scan files in real time so that a virus entering the system is instantly detected. A user can also initiate a scan of selected devices.

Monitoring for system problems
A virus may cause a computer system to behave erratically or slow down, or its memory to fill up. Many anti-virus programs will monitor a computer for signs that a component is not functioning correctly, since this can indicate the presence of a virus. It will then initiate a scan to detect the cause of the problem and if a virus is detected, it will quarantine or delete the infected file.

Quarantining a file
Anti-virus software may identify a file as probably, but not definitively, infected by a virus. In that case the file is not deleted immediately but is removed to a separate area of storage. It is not deleted until either the user chooses to delete it, or a pre-set period of time expires. This gives the user the option of removing the file from quarantine and protecting it from future action by the anti-virus software.

Question 17

What should be considered when making a password

Answer 17

• Do not leave a list of passwords in a drawer or write a password on a post-it note stuck on your
computer.
• Do not use personal dates or information such as family names or dates of birth, as passwords.
• Do not use a sequence of numbers, such as ‘12345’, or a sequence of letters, such as ‘qwerty’.
• Do not use easily guessed words such as your favourite football team or holiday location.
• Do not use the same password for all your accounts.
• Change your passwords regularly.
• Choose an apparently random password comprising at least eight upper- and lower-case letters, numeric
a n d special characters.

Question 18

What is a firewall

Answer 18

A firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network such as the Internet. It can be implemented as hardware, software, or a combination of both. It is considered to be the first line of defence in preventing unauthorised access to or from a private network, or even a standalone computer. The router can also stop an infected computer from attacking other computers by preventing malicious software from leaving your network.

Question 19

How does a firewall work

Answer 19

The firewall filters information coming through an Internet connection into a private network or computer system. Numbered doors called ports are opened so that only certain traffic is allowed to pass through. Some operating systems have a built-in firewall. Windows 10 has a one-way firewall that protects a system from incoming threats. A two-way firewall will also prevent malware or undesired applications from connecting to the Internet. Some organisations use firewalls to prevent employees sending certain types of email or transmitting sensitive data outside of the network.

Question 20

What is a firewall configuration

Answer 20

In an organisation using a private network, the network manager can specify the firewall configuration. The rules defining access can help to ensure that genuine users can access a website, while hackers cannot access server management or internal databases. By restricting unauthorised processes, firewalls prevent the spread of malicious computer viruses, worms and trojans that may attempt to install or hijack the application, hardware or network.

Question 21

What are limitations of a firewall

Answer 21

A firewall cannot protect against insider attack, nor can it protect against malware introduced via a flash drive or other portable device.

It also cannot protect against a “backdoor” attack; a malware type that bypasses normal authentication procedures and security checks.

If it is not properly configured, a firewall can give a false impression that the network is safe.

Question 22

Define the following
• Plaintext
• Cipher text
• Encryption
• Key
• Encryption algorithm

Answer 22

• Plaintext: the original message to be encrypted
• Ciphertext: the encrypted message
• Encryption: the process of converting plaintext into ciphertext
• Key: a piece of information or a random string of bits used for scrambling and unscrambling data
• Encryption algorithm: the formula for encrypting the plaintext

Question 23

What is symmetric encryption

Answer 23

In this type of encryption, the same key is
used to both encrypt and decrypt the data. Of course, the Caesar cipher would never be used in reality, but there are many other more complex algorithms that may be used in symmetric encryption.

Symmetric encryption is also known as private key encryption

Question 24

Pros and Cons to symmetric encryption

Answer 24

Pros of Symmetric Encryption
1.Fast and Efficient: Works quickly, making it good for encrypting lots of data.
2.Simple to Use: Only one key is needed to encrypt and decrypt.
3.Good Security: Strong encryption protects the data when the key is safe.
4.Less Demanding: Uses less computer power compared to other encryption methods.

Cons of Symmetric Encryption
1.Key Sharing Problem: The key must be shared with others securely, which can be tricky.
2.If Key is Stolen: Anyone with the key can access the data.
3.Not Ideal for Large Groups: Managing lots of keys for many users can get complicated.
4.No Built-in Verification: It doesn’t confirm who sent the message—extra steps are needed for that.

Question 25

What is asymmetric encryption

Answer 25

Also known as end-to-end encryption, this is a much more secure technique. There are two keys:
• The public key, available to anyone who wishes to send an encrypted message to the recipient
(e.g. a bank)
• The private key, available only to the recipient, which is used to decrypt the message
The keys are numbers which have been paired together.
Key 1 (the public key) is made up of two very large prime numbers paired together.
Key 2 is one of these prime numbers. The larger the public key number, the more difficult it is to find the other prime factor needed to break the code.

Question 26

Pros and Cons to Asymmetric

Answer 26

Pros of Asymmetric Encryption
1.Secure Key Sharing:
A public key can be shared safely, while the private key stays secret.
2.Authentication:
It helps verify the sender’s identity using digital signatures.
3.Good for Large Networks:
Works well when there are many users, as each has their own key pair.
4.Strong Security:
Even if someone gets the public key, they cannot decrypt the message without the private key.

Cons of Asymmetric Encryption
1.Slower:
It takes more time than symmetric encryption because it’s more complex.
2.Needs More Power:
Uses more processing power, which can be a problem for some devices.
3.Key Management:
Managing public and private keys for lots of users can still be tricky.
4.Private Key Risks:
If the private key is stolen, the encryption is no longer secure.

Question 27

What are the 7 key principles in GDPR

Answer 27

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

Question 28

What is the purpose of access control

Answer 28

• Access controls should identify and allow access only to authorised individuals.
• Some forms of access control may allow access to a room only at specific times of day.
• Some access systems will record the ID and time of everyone entering a building or secure area.

Question 29

What are types of authentication

Answer 29

• Something the user knows, such as a PIN or password
• Something the user has, such as a smart card or electronic key fob
• A user’s physical (biometric) attribute, such as their face, retinal pattern, fingerprint or voice

Question 30

Advantages and disadvantages to biometrics

Answer 30

Advantages of biometrics
• Security - biometric methods are almost impossible to hack
• Convenience - PINs and passwords may be forgotten
• Information collected - an organisation can keep track of thousands of employees with one biometric device and software
• Time-saving - it is usually a faster method of gaining access to a device or an area than typing in a PIN or password

Disadvantages of biometrics
• Errors sometimes occur and the biometric device does not recognise the individual
• Clothing, glasses, injury or darkness can affect recognition
• Biometric devices cost more than traditional security devices
• They can be slow if the software has trouble identifying an individual

Question 31

What are file Permissions

Answer 31

• read only - users can access the files and read the contents. The password set by the file’s creator must be entered before the contents can be changed or deleted.
• read/write - users can access the files and add to contents. They will not be able to delete the files
without entering the password. They may be able to copy the files.
• full access/full control - users can access the files, edit contents and delete files. No password is
required.

Question 32

What is disaster recovery plan

Answer 32

A disaster recovery plan documents the procedures to be followed in the event of a disaster. Its major objective is to minimise disruption and data loss. The plan should specify:
• the objective and purpose of the plan
• who will be responsible for implementing the plan in the event of disaster
• what procedures will b e followed

Question 33

The benefits of having a documented disaster recovery plan include:

Answer 33

• minimising risk of delays
• guaranteeing reliability of standby systems
• providing a standard for testing the plan
• minimising decision-making during a disaster
• reducing potential legal liabilities
• lowering stress in a potentially very stressful situation

Question 34

What are the two types of backup organisation may use

Answer 34

• Full backup of all data, which can be restored independently of any other backup. This takes more time and disk space, but restoring files in the event of data loss is a relatively simple process.

• Incremental backup, which records only the changes made since the last backup. This is faster, but restoring files is a more complex procedure. A full backup is made less frequently, for example once a week, say on Monday evening. If a disaster occurs on Friday morning, the incremental backups made on Tuesday, Wednesday and Thursday are applied to the full backup to restore the system to its state on Thursday evening.