Paper 1 Unit 4

Question 1

When should work stations be assessed?

Answer 1

Every time a workstation is set up or changes are made
When a new employee starts with the company
For employees working from home
If an employee complains of any discomfort or pain

Question 2

What requirements are there for work stations?

Answer 2

Adjustable chairs
Adjustable lighting
Adjustable tilt and swivel monitors
Space around the keyboard for other devices and monitors

Question 3

How can a work environment be made safe for all staff?

Answer 3

Places to eat, drink water and use toilet and wash facilities
Good ventilation and reasonable working temperature with sufficient lighting
Regular maintenance of buildings and equipment
Floors and corridors free of trip and other hazards
Suitable fire procedures and escape routes

Question 4

What are the principles of the data protection act?

Answer 4

1. Data should be processed fairly and lawfully
2. Data should be used only for specific purposes and not disclosed to other parties without notable permission
3. Data should be relevant and not excessive
4. Data should be accurate and up to date
5. Data should be kept for as long as it is necessary
6. Individuals have the right to check what data is stored about them and update it when necessary
7. Security must be in place to prevent unauthorised access to the data
8. Data may not be transferred outside of the EU unless the country in question has adequate data protection legislation

Question 5

What are the key principles of the General Data Protection Regulation (GDPR)

Answer 5

1. Lawfulness, fairness and transparency- there must be valid reasons for collecting and using personal data
2. Purpose limitation- the purpose for collecting and using personal data must be clear from the start
3. Data minimisation- data must be adequate, relevant and limited to what is necessary
4. Accuracy- all reasonable steps must be taken to ensure that data is not incorrect or misleading
5. Storage limitation- data must not be held for longer than necessary
6. Security- adequate measures are in place
7. Accountability- the holder must take responsibility

Question 6

What does the computer misuse act label as criminal offences?

Answer 6

Unauthorised access to computer materials
Unauthorsied access to computer materials with the intent to commit or facilitate further offences
Unauthorised access with the intent to harm or break a computer system
Making, supplying or obtaining any articles for use in a malicious act using a computer
Unauthorised acts causing or creating risk of serious damage

Question 7

Why do people hack?

Answer 7

Ethical hackers have permission from companies to find vulnerabilities in systems so they can be fixed
Hacktivists break systems for politically or socially motivated reasons
Some people report faults to owners for a free but since they have unauthorised access, it is illegal
Criminal hackers have intent to cause damage or make financial gain

Question 8

What are the consequences of hacking a company?

Answer 8

Personal or sensitive data could be stolen and used to defraud people. This affects the victims of the crime and the reputation of the company and may bring a fine.
DDoS attacks can render an organisation’s web presence as unusable with there being a consequential loss of business and repuation.
Malware attacks that lock systems and threaten to delete data if a ransom us nor paid can place a significant burden on the organisation and paying the ransom does not guarantee the data will be released.

Question 9

What are the different types of malware attacks?

Answer 9

Virus, worm, trojan, ransomware, spyware, pharming

Question 10

What are the different types of social engineering?

Answer 10

Phishing, pretexting, shouldering

Question 11

What other forms of attack can take place on a business?

Answer 11

Brute force attack, DDoS attack

Question 12

What characteristics are protected from discrimination by the Equality Act?

Answer 12

Age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation

Question 13

How does the intellectual property act protect people’s work?

Answer 13

Unregistered designs protection provides the right to prevent others copying a design. Registered designs protection goes further providing full control of a design

Question 14

How can digital technologies be used to monitor the workplace?

Answer 14

Monitoring electronic communications, monitoring systems, secret monitoring

Question 15

What international laws apply to designing, developing and using digital systems?

Answer 15

EU Digital services act
US CAN-SPAM Act
EU Digital Marketing Act

Question 16

What does the British Computer Society code of conduct include?

Answer 16

Have due regard for public health
Promote equal access to the benefits of IT
Do not withhold or misrepresent information on the performance of products or services

Question 17

What does the Institiution of Analysts and Programmers code of conduct include?

Answer 17

Duties to the public (public health and safety and legal rights of 3rd parties and the land)
Duties to the profession (uphold dignity and professionalism, strive to improve standards, not using skills to mislead people)
Duties to the IAP (observe the code of conduct, act in the best interests of all stakeholders)
Duties to clients and employers (act responsibly and care for the client’s requirements, complete tasks on time and in budget, do not misrepresent a product or service)

Question 18

What would feature in a code of conduct?

Answer 18

Quality of work, contribution to society, safety, security and privacy, innovation

Question 19

How does a code of conduct benefit the organisation?

Answer 19

EMployees have a greater understanding of the business, working situation is improved for staff, business values are promoted, customers are attracted to the business, environmental and ethical expectations are set, the tone for the organisation is identified so stakeholders have a clear understanding of what to expect from it, security and confidence about standards are maintained, clear employee expectations are set out, professionals can be trusted to act in line with the code of conduct, the client can have reasonable expectations

Question 20

What international guidelines are agreed for IT systems?

Answer 20

International Standards Organisation
Web Content Accessibility Guidelines
World Wide Web Consortium
Internet Engineering Taskforce

Question 21

What is an acceptable use policy?

Answer 21

An agreement between an organisation and its staff about access to its equipment and services. It provides a framework for what is acceptable, what is not and what the consequences are.

Question 22

What details will an AUP include?

Answer 22

Use of internet and communications, personal and professional codes of conduct when using digital technology, what monitoring of employees will be in place, the use of the equipment and the access to data