Revision tools
You can print this page for a quick reference guide or you can use the tools below to create printable test sheets
3a: Explain the difference between data and information
| Keyword | Definition |
|---|
| data | raw facts and figures |
| information | processed data with added meaning |
3b: Critique online services in relation to data privacy
| Keyword | Definition |
|---|
| critique | closely analyse in a way that finds any problems |
| data | facts and figures |
| data breach | where personal data has been shared without permission |
| online service | website, app or web server |
| personal information | data that might be used to identify someone |
| privacy | keeping personal information private |
3c: Identify what happens to data entered online
| Keyword | Definition |
|---|
| access | who is allowed to view data once it's stored |
| backup | storing additional copies of data in case it needs to be recovered |
| data | facts and figures that a web service might need to store |
| removal | if and when data is deleted |
| retention | how long data is stored for |
| storage | where and how data is stored |
3d: Explain the need for the Data Protection Act
| Keyword | Definition |
|---|
| accuracy | keeping data up to date |
| consent | permission to collect and store data |
| Data Protection Act | legislation (law) which determines how personal data is collected, stored and used |
| retention | how long data is stored before it's removed |
| security | how data is protected from unauthorised access |
| usage | how data is used |
3e: Recognise how human errors pose security risks to data
| Keyword | Definition |
|---|
| blagging | a message that tries to build up a personal relationship with someone so that they trust them enough to share money or personal data with them |
| name generator attack | getting people to enter personal information in a fun game or app which can then be used to guess their password or security question answers |
| phishing | a message that often pretends to be from a trustworthy source but which contains dangerous links to steal personal information or scam people |
| PIN | personal identification number |
| security risk | a weakness in security due to human or technical error |
| shoulder surfing | watching someone as they enter a PIN or password |
| social engineering | tricking people into handing over personal information that can then be used for fraud |
3f: Implement strategies to minimise the risk of data being compromised through human error
| Keyword | Definition |
|---|
| blacklist | blocking messages from unreliable sources |
| data breach | when security has been compromised so personal data has been shared without permission |
| data policy | rules which people in an organisation or business have to stick to in order to make sure data security isn't compromised |
| email filter | checking all email messages to block messages that may contain security risks |
| human error | when someone makes a mistake that leads to unauthorised access to data |
| training | educating people about the risks |
| whitelist | only allowing messages from reliable sources |
3g: Define hacking in the context of cyber security
| Keyword | Definition |
|---|
| authorised access | reading / changing data when you have permission to do so |
| computer system | hardware and software |
| hacking | Gaining unauthorised access to or control of a computer system |
| unauthorised access | reading / changing data when you do not have permission |
3h: Explain how a DDoS attack can impact users of online services
| Keyword | Definition |
|---|
| DDoS | Distributed Denial of Service (an attack that attempts to take down a web service, launched from multiple sources at the same time) |
| Denial | preventing other people from accessing |
| Distributed | spreading out an attack so that it is launched from multiple sources |
| DoS | Denial of Service (an attack that attempts to take down a web service) |
| Service | a website or online application |
3i: Identify strategies to reduce the chance of a brute force attack being successful
| Keyword | Definition |
|---|
| brute force | type of attack where all combinations of a password are tried until the correct one is found |
| complexity | avoiding common sequences and including a variety of capitals, numbers and symbols makes passwords harder for a brute force algorithm to detect |
| dictionary attack | type of brute force attack where a list of common words or phrases are combined to try to guess a password |
| length | longer passwords take longer for a brute force algorithm to detect |
| strategies | plans and steps that can be taken |
3j: Explain the need for the Computer Misuse Act
| Keyword | Definition |
|---|
| Computer Misuse Act | UK law passed in 1990 which makes it illegal to misuse a computer system or network without permission |
| Section 1 | Part of the Computer Misuse Act which makes it illegal to gain unauthorised access to data |
| Section 2 | Part of the Computer Misuse Act which makes it illegal to gain unauthorised use of a computer to commit or facilitate another offence |
| Section 3 | Part of the Computer Misuse Act which makes it illegal to perform unauthorised acts with intent to impair the operation of a computer |
| unauthorised | without permission from the person who owns a computer or network |
3k: List the common malware threats
| Keyword | Definition |
|---|
| Adware | a form of malware which displays adverts on a user's computer |
| Malicious | deliberately harmful |
| Malware | malicious software that is designed to gain access to your computer with malicious intent |
| Ransomware | a form of malware which encrypts user data and demands payment before they can access it again |
| Self replicate | the ability of some malware to copy itself and spread to infect other computers or programs |
| Spyware | a form of malware which shares user data without their permission |
| Trojan Horse | a form of malware that tricks you into installing it so that it can give someone else remote control over your computer |
| Virus | A form of malware which, when run by a user, infect other programs to self-replicate and cause damage |
| Worm | A form of malware which is able to self replicate without needing to be run by the user |
3l: Examine how different types of malware causes problems for computer systems
| Keyword | Definition |
|---|
| Adware | type of malware which causes additional adverts or popups to appear which might irritate users and slow down their computer |
| Malware | malicious software which might disable hardware, steal data, show unwanted adverts, send spam or demand payment |
| Ransomware | type of malware which encrypts users files and demands payment before they can decrypt and access them again |
| Spyware | type of malware which collects and shares user data without permission |
| Trojan Horse | type of malware which opens a back door to your computer so hackers can control it or access your data remotely |
| Virus | type of malware which can infect a computer by copying itself into other programs and trigger other malware |
| Worm | type of malware which spreads through a network using up the system's resources |
3m: Question how malicious bots can have an impact on societal issues
| Keyword | Definition |
|---|
| Bot | automated program that performs tasks repeatedly |
| bot herder | a malicious attacker who controls a botnet to launch a DDoS attack |
| botnet | network of malware infected computers which can be remotely controlled |
| chat bot | helpful bot which provides advice or support online |
| DDOS | distributed denial of service attack which tries to overwhelm a computer system with loads of traffic from multiple sources the same time |
| Malicious bot | automated program that performs a malicious task repeatedly |
| shop bot | useful bot which monitors prices of products at different online stores |
| web crawler | friendly bot which constantly searches the internet for new web pages to add to a search engine |
| zombie | a malware infected computer which can be remotely controlled as part of a botnet |
3n: Compare security threats against probability and the potential impact to organisations
| Keyword | Definition |
|---|
| high impact | type of threat that can severely disrupt a business or organisation if it occurred |
| high probability | type of threat that is very likely to occur |
| low impact | type of threat that might not disrupt a business or organisation much at all |
| low probability | type of threat that is unlikely to occur |
| security threat | risk of a cyber attack occuring |
3o: Explain how networks can be protected from common security threats
| Keyword | Definition |
|---|
| anti malware | software which detects and removes malware on a computer |
| authentication | making users log in before they can access data |
| auto updates | a setting which tells a computer to keep installing the latest security updates |
| firewall | network traffic filter which allows or blocks connections to and from remote computers |
| permissions | restricting access to certain files and folders based on user groups |
| quarantine | temporarily preventing access to certain files to prevent the spread of malware |
| virus definitions | details of how to detect viruses which need to be regularly updated to protect against recent threats |
3p: Identify the most effective methods to prevent cyberattacks
| Keyword | Definition |
|---|
| anti-malware | software which can detect and remove malware on a computer |
| auto updates | telling a computer to install the latest updates automatically so that insecure software can be fixed |
| biometrics | using fingerprints, iris scanning or other unique biological identifiers to log in a user |
| CAPTCHA | completely automated public turing test to tell the difference between people trying to log in and malicious software trying all password combinations |
| cost benefit analysis | working out if it's worth spending money to get the advantages it brings |
| firewall | a filter on network traffic which blocks or allows connections to and from computers based on a set of rules |
| password rules | requirements for passwords to make them harder for hackers to guess |
| staff training | educating users how to choose secure passwords and keep their login details safe |
| two factor authentication | making a user confirm that they are trying to log in using text, phone or app after they've put in their password |
