Section 6

Question 1

Define ‘logical prevention methods’

Answer 1

This is a computer-based method of protecting data which is normally implementing using software.

Question 2

Name 4 logical prevention methods (there are 6 altogether):

Answer 2

Password protection
Firewalls
Authentication
Encryption
Access Levels
Anti-Malware software

Question 3

What is password protection?

Answer 3

• A string of characters that should only be known to the user.
• Strong passwords are advised (numbers, letters, symbols)
• Users are the biggest security danger (because they share passwords, write them down, don’t change them often etc.).

Question 4

What is a firewall?

Answer 4

• Software that monitors the data packets that enter and leave the network/ computer.
• A firewall is usually built into a computer’s operating system, but dedicated firewall software and hardware can be used.

Question 5

What is Authentication?

Answer 5

• Methods used to verify the identity of the user and prove that they’re the account holder.
• Methods include CAPTCHA, two-factor authentication (2FA), one-time passcode (OTP).
•Apps from some organisations, such as banks, use this.

Question 6

What is encryption? How does it work?

Answer 6

• The use of an algorithm to scramble data so it becomes unreadable.
• Data (plain text) is encrypted using an ENCRYPTION Key becoming cypher text. Data is sent across a network and decrypted the other side using a DECRYPTION Key.

Question 7

What are Access Levels?

Answer 7

• Network administrators can allocate accounts to user which allow them to access specific files and folders. For example, a student account at a school wouldn’t have the same level of privileges as an administrator account.

Question 8

What is Anti-Malware Software?

Answer 8

• Software that detects malware which can then be quarantined or deleted.
• New viruses are created all the time, so it is essential that software is updated regularly to ensure that it continues to work effectively.

Question 9

Define ‘physical prevention methods’.

Answer 9

This involves tangible ways of keeping data secure and safe.

Question 10

Name 4 physical prevention methods (there are 6 altogether):

Answer 10

Locks
CCTV
Backup systems
Biometrics
Security Staff
Location of Hardware

Question 11

What are locks?

Answer 11

• Locks can be used on doors to computer rooms and server rooms to stop people breaking in and stealing equipment.
• It is also important to lock the room where backups are kept.
• Locks can be unlocked by traditional keys, or opened by codes, key cards, tags, or biometric data.

Question 12

What is CCTV?

Answer 12

• Cameras inside and outside the rooms can be used to monitor activity 24/7.
• The quality of the image on CCTV can be a factor; using HD monitors and cameras can improve this.

Question 13

What are backup systems?

Answer 13

• Data can be backed up away from the main location. This could be another site or cloud based.
• If the computers are damaged, the data will still be safe. Even if data is backed up, it is still a disruption to retrieve them.

Question 14

What are biometrics?

Answer 14

• A scanner can be used to gain access to locked rooms.
• Methods used for access could be facial recognition, iris recognition, and thumb prints.
• It is very useful as the user does not have to carry a key or ID card, and the ID details cannot be passed on to someone else.

Question 15

What are security staff?

Answer 15

• Security staff could be used to protect computer systems that may contain sensitive data.
• This is an expensive method of security.

Question 16

What is Location of Hardware?

Answer 16

• Hardware should be stored in a safe location so it cannot be affected by natural disasters.
• It is also sensible to keep computers in a room that does not have large expanses of windows.
• The room should be cool and well ventilated to avoid overheating.

Question 17

What is a security policy?
Tiawdtidtpiaofst

Answer 17

This is a written document that is designed to protect individuals and organisations from security threats.

Question 18

Name the three types of policies:

Answer 18

Acceptable Use Policy
Staff training/ responsibilities
Disaster recovery plan

Question 19

Describe an Acceptable Use Policy.

Answer 19

A set of rules that tells users how to use the network.
Your school will have their own acceptable use policy

Question 20

Describe Staff training/ responsibilities.

Answer 20

The expectation on staff is to be more responsible when using data and a big part of this is to train staff to become aware of external threats and how best to manage these.

Question 21

Describe a disaster recovery plan.

Answer 21

A document that outlines how an organisation responds to a cyber-attack, natural disasters or power-cuts.

Question 22

What are the 2 phases in a disaster recovery plan? Describe them.

Answer 22

Before phase - Putting measures in place in preparation for a disaster. This could be backing up data in another location.
During phase - How to respond if and when a disaster takes place. For example, a backup generator if there is a power cut.

Question 23

What is confidential computing?

Answer 23

• Confidential computing is an emerging technology used for storing data more securely.
• It’s a cloud computing technology that isolates sensitive data in a protected hardware-based environment (such as the devices we use).

Question 24

How does confidential computing work?

Answer 24

• Protection of data at rest - encrypting it before storing it in the device itself.
• Protection of data in transit - use of end-to-end encryption.
• Protection in use - encrypting data while being used by RAM or CPU.

Question 25

Why use confidential computing? Give 2 ideas.

Answer 25

• To protect sensitive data, even while in use - and to extend cloud computing benefits to sensitive workloads.
• To protect intellectual property.
• To protect data processed at the edge (Edge computing)
• To eliminate concerns when choosing cloud providers.

Question 26

Define ‘Ethics’.

Answer 26

Rules of conduct in a particular culture or group recognised by an external source or social system. For example, a medical code of ethics that medical professionals must follow.

Question 27

Define ‘Morals’.

Answer 27

Principles or habits relating to right or wrong conduct, based on an individual’s own compass of right and wrong.

Question 28

Name 2 ethical issues to consider (there are 4 altogether):

Answer 28

Privacy and security
Monitoring of individuals
Impact of data loss or damage
Cookies

Question 29

ETHICAL ISSUES TO CONSIDER… Privacy and security

Answer 29

Privacy and Security - the storage of data by organisations who are legally bound to keep it secure.

Question 30

ETHICAL ISSUES TO CONSIDER - Monitoring of individuals

Answer 30

Monitoring of Individuals - the use of software to monitor employees and what they do or the use of facial recognition cameras.

Question 31

ETHICAL ISSUES TO CONSIDER - Impact of data loss or damage

Answer 31

Impact of data loss or damage - the impact this has on the organisation’s reputation or individuals’ sales/ revenue.

Question 32

ETHICAL ISSUES TO CONSIDER - Cookies

Answer 32

Cookies - small text files designed to remember information such as certain items that are in your checkout.

Question 33

Name 2 monitoring threats (there are 4 altogether):

Answer 33

Social Networking Sites
Search engines
Cookies
Geotagging

Question 34

MONITORING THREATS - Social Networking Sites

Answer 34

They will keep track of interaction that takes place.

Question 35

MONITORING THREATS - Search engines

Answer 35

They record information about your searches such as IP address, time spent searching, search queries made

Question 36

MONITORING THREATS - Cookies

Answer 36

Small text files stored on your computer, and they can store your browsing habits and websites you regularly visit.

Question 37

MONITORING THREATS - Geotagging

Answer 37

People may post photos online, such as social media and link names or other information with the photo.

Question 38

What is The Data Protection Act?

Answer 38

The Data Protection Act 1998 sets out to protect the privacy of personal information.
It only covers personal information about living individuals, not about businesses. It is run by the Information Commissioner’s office.

Question 39

Define ‘Data Subjects’:

Answer 39

People who have data held about them (just about everybody really).

Question 40

Define ‘Data Users’:

Answer 40

The people or organisations who hold the data (there are far more data users than many people think).

Question 41

Define ‘Data Controller’:

Answer 41

An organisation holding data (data users) has to have a data controller - a person who makes sure the act is followed.

Question 42

What is the mnemonic used to remember the 8 Principles of the Data Protection Act?

Answer 42

SLURPOAF

Question 43

What are the 8 Principles of the Data Protection Act?
SLURPOAF

Answer 43

• Must be kept Secure
• Let subjects see the data stored on them.
• Must be kept Up-to-date
• Should be Relevant
• Used for intended Purpose
• Obtained lawfully
• Accurate
• Should not be kept For longer than necessary.

Question 44

There are 6 Rights of the Data Subject.

Name 3 of them.

Answer 44

• See what data is being held about them if they ask the data user. They may have to pay to see it.
• Change anything that is wrong
• Refuse to have some data stored at all, if it might cause damage or distress.
• Refuse to allow processing for direct marketing - junk mail
• Complain to the Data Protection Commission if they think the rules have been broken.
• Claim compensation if they can prove they have been cause damage by a data controller breaking the rules.

Question 45

There are 3 exemptions to the Data Protection Act.
Name 2.

Answer 45

National security - you cannot demand to see your data if national security is at stake.
Police Investigations - information being used to prevent crime is not covered (though police records are).
Examination results are exempt until they are published by the examining bodies.

Question 46

Name 4 of the 7 main principles of the GCPR:

Answer 46

• Accountability
• Lawfulness, fairness, and transparency
• Purpose limitation
• Data Minimisation
• Accuracy
•,Storage limitation
• Integrity and confidentiality (security)

Question 47

What is The Computer Misuse Act?

Answer 47

The Computer Misuse Act (1990) was developed to cope with the problems of computer hackers and viruses.

Question 48

What are two of the three principles of the computer misuse act?

Answer 48

• It is illegal to access unauthorised data eg. Hacking
• It is illegal to access unauthorised data with the intent to commit a crime.
• It is illegal to access unauthorised data and change it e.g. Planting viruses and deleting files.

Question 49

What does RIPA stand for?

Answer 49

The Regulation of Investigatory Powers Act

Question 50

What does The Regulation of Investigatory Powers Act (RIPA) allow?

Answer 50

• It allows authorised people to carry out surveillance or data investigations upon individuals or businesses.
• It makes it illegal for unauthorised people to do this.

Question 51

What two main areas does the Regulation of Power Act cover?

Answer 51

Detection and prevention of terrorism.
Prevention and detection of crime.

Question 52

Give 2 issues with The Regulation of Powers Act:

Answer 52

• Many people believe this is an invasion of privacy - especially when being falsely accused.
• Many businesses monitor people at work - invasion of privacy?
• Many people are encrypting communications making it very difficult to monitor!

Question 53

What is The Electronic Communications Act?

Answer 53

• When the government realised that internet communications were growing in 2000, they wanted to ensure people trusted e-communications and online sales.
• They introduced this law to ensure that companies and people can have legal support when trading online. It ensures that encryption is carried out with credit card details and it makes digital signatures legally binding like a normal hand signature.

Question 54

Name 2 issues with The Electronic Communications Act: (think signatures)

Answer 54

• Not many people know what a digital signature is or how to get one.
• Not many people know how to actually use a digital signature.
• Most people still do not 100% fully trust the internet and prefer a handwritten signature and documents in important situations (eg. buying a house, car etc.).

Question 55

Give the three main concerns of using a computer regularly:

Answer 55

Eye strain
Repetitive Strain Injury (RSI)
Back ache

Question 56

Give 3 symptoms of eye strain and their solutions:

Answer 56

Burning or itching eyes - use monitors which don’t flicker.
Blurring or double vision - Have blinds at the windows so that the sun doesn’t shine directly on the screen.
Headache - Use suitable lights that disperse evenly and don’t shine on the screen.
Nausea - Use a screen filter
Fatigue - Keep your eyes at least 18 inches from the screen and regularly look away from the screen and focus on something in the distance.

Question 57

What is RSI?

Answer 57

Repetitive Strain Injury (RSI) is damage to the fingers, wrists, and other parts of the body due to repeated movements over a long period of time.

Question 58

Give two symptoms of RSI and their solutions:

Answer 58

Aching
Pain in arms/ wrists even after rest
Weakness/ swing/ tenderness

Regular breaks
Wrist supports

Question 59

What is Back ache?

Answer 59

Many computer users suffer serious back problems. This is probably due to poor posture or an awkward position while sitting at a computer.

Question 60

Give 3 solutions to back ache:

Answer 60

Fully adjustable chairs
Footrests
Regular breaks
Adjustable monitor
Don’t slouch

Question 61

Name 6 employer regulations (The Law)

Answer 61

Provide tillable screens
Provide foot supports
Provide anti-glare screen filters
Make sure lighting is suitable
Provide adjustable chairs
Pay for appropriate eyesight tests