CHAPTER 8-SAFETY AND SECURITY

PAST PAPER MARKING SCHEME

1. Four from:
• Personal data is data relating to a living individual/person
• The person can be identified either from the data or from the data in conjunction with other
information.
• Allow a mark for any example such as: name, address, date of birth, place of birth, bank
details
• The data can be sensitive:
• Allow a mark for any example e.g. racial, ethnic, medical, religious, relating to a trade
union, mental health, sexual, relating to criminal offences
2. Six from:
• Know how to block and report unwanted users
• Never arrange to meet anyone alone
• Always tell an adult if you plan to meet someone
• Report unwanted/abusive messages
• Meet in a public place
• Avoid the misuse of images
• Avoid showing images of her in school uniform
• Avoid showing personal images
• Avoid showing full name/address/personal data
• Use appropriate language
• Respect confidentiality
3. E-safety protects personal data from people who should not have access to it
• Personal data needs to be kept safe so that others cannot use it against us
• Protects sensitive data
• Use of it e-safety protects vulnerable people
• Protects other people’s views
• Example of issues of access to personal data: blackmail / spreading rumours /identity theft
/ stalking
• E-safety reduces the risks when using ICT using social media sites, online gaming users
believe they are safe
• E-safety trains users to be responsible on the internet
• Giving out personal information can help predators to find out further details about a
person, such as where they live / where they go to school / used to track the person
• People on the internet may not be what they seem
• Need to be able to block people on the internet
• Need to know how to report problems on the internet
• If we do not use e-safety then users are being put at risk as they will not know the dangers
• Freedom of speech can be affected Introduction of the ‘nanny’ state
• If we do not apply e-safety approaches we open ourselves up to attack
• Use of netiquette
• Covers a number of electronic devices like, computers, tablets, mobile phones, games
consoles
• An example of personal data
 • Example of sensitive data ethnic origin / religion / political / criminal records /sexual
orientation
4. Three Matched pairs:
• Electrocution from spilling drinks
• Use of RCB / Check insulation regularly / check equipment regularly /
• No drinks or food near ICT equipment
• Fire from sockets being overloaded or equipment overheating
• Use a CO2 fire extinguisher / Don’t cover IT equipment vents / check electrics regularly /
don’t overload sockets / ensure good ventilation
• Tripping over trailing cables
• Use cable ducts / fasten cables to walls / use wireless devices / hide cables under flooring
• Heavy equipment falling could injure someone
• Use strong desks / use large desks / secure equipment to wall or floor or Desk
5. Maximum three Strategies and Maximum three matching Reasons:
• Don’t give out personal information to people you do not know they could use it for
identity theft
• Don’t send photos of yourself to people you do not know these could be used to
impersonate/identity theft
• Don’t post photos of yourself on the social media without privacy settings being set anyone
you don’t know could see the images
• Don’t post photographs that could be linked to you showing images of your school/school
uniform could attract strangers
• Maintain privacy settings to stop non-friends from contacting you/control of who sees your
information
• Only make friends with people you know/known to other friends this stops ‘others’ gaining
access to your personal information
• Don’t enter private chat rooms stops the stranger writing inappropriate messages (as other
people are watching)
• Do not post email addresses/real addresses/real name, etc. these could be used to find
information about you/identity theft/stalk you/break in
• Do not reply to or communicate with people you do not know they could extract personal
information from you
6. The user has to be present to enter the computer system
• Non-biometric systems allow others to enter system by stealing passwords/security cards
• Biometrics not affected by strong electromagnetic fields but a swipe card could be
• Relative higher level of accuracy
• Passwords need to be strong to reach same level of accuracy
• Passwords can be forgotten whereas biometrics cannot
• Encryption does not stop hackers
• Firewalls do not stop hackers only unauthorised systems
• Firewalls can be turned off
• The more complex the password the more chance of it being forgotten
• Shoulder surfing passwords can lead to illegal entry but not with biometrics
• If fingerprint damaged/use of dark glasses/swipe card damaged/password forgotten then
data entry can be stopped
• Intrusive as personal details have to be stored in biometrics
• Can be a slower entry using biometrics as more checking is carried out
• Security can be lowered with biometrics due to problems in reading data
 • Harder to set up the biometric system
• Takes longer to add new people to the system
• Biometrics can use a lot of memory to store the data
• Signature/voice entry – person needs to write the signature the same each time/speak the
same each time
• Voice can be recorded by mobile device and then used to enter system
• Security issues if data from signatures are used in other ways
• Examples: Retina/iris scan
7. A virus is a piece of software/program code – 1 mark
One from:
• It infects a computer
• Attaches itself to files
• Has the ability to replicate itself
8. Four from:
• Scrambling/encoding of data
• Uses encryption software/encryption key
• Requires a decryption/encryption key to unscramble
• Meaningless to the hacker
• Secures data being transferred from computer to computer
• Protects sensitive data/prevents personal/confidential data falling into wrong Hands
9. One from:
• Use of user name and strong password
• Biometrics
• Use of a dongle
• Physical locks
• Firewall
10. Comparisons
• Both use the internet
• Both redirect the user to a fake website
• Both can lead to fraud and identity theft
• Both use websites that look legitimate
• Personal data is compromised
Max four from:
Differences
• With phishing emails are sent to the computer
• In pharming malicious code is uploaded to the computer
• In phishing clicking a link sends user to a fake website
• In pharming the code redirects the user to a fake website without their knowledge
• The email in phishing appears to have come from a trusted source
• Website in pharming appears to be genuine
• In pharming spyware can be used to record key presses
11. Six from:
• Avoid clicking on any unknown texts with links/Avoid clicking links in texts from people
you do not know.
• Do not reply to text messages that have asked you about any of your personal
finances/details.
• Report any suspicious activity.
 • Be on the lookout for messages that contain the number 5000 or any number that is not a
phone number as this is used by smishers.
• If the text messages urge you for a quick reply then that is a clear sign of smishing.
• Do extensive research before replying to any message. There are plenty websites that
allow anyone to run searches based on a phone number and see any relatable information
about whether or not a number is legitimate.
• Never call back a phone number that was associated with the text from an unknown
source.
• If the message states ‘Dear user, congratulations, you have won.’ It is a clear sign for
smishing.
• Check the time when the unknown message was sent.
• If the text message was sent at an unusual time, then that is another sign of smishing.
12. Four from:
• Data should be fairly and lawfully processed
• Data should only be processed for the stated purpose
• Data should be adequate, relevant and not excessive/limited
• Data should not be kept longer than necessary
• Data should be processed in accordance with the data subject’s rights
• Data should be kept secure
• Data should not be transferred to another country unless they have adequate protection.
• Data should be processed in a transparent manner
• Data should be collected for specified/explicit/legitimate purposes
• Data should only be further processed for archive purposes which is compatible with the
initial purposes
• Data kept for archiving should safeguard the rights and freedoms of individuals
• Explicit consent required for processing sensitive data
• Parental consent required for processing personal data of children including online
services
• Data subjects are allowed access to their personal data
13. Comparisons
• Both use communication devices to collect personal data
• Both require the user to communicate quickly
• Both require the user to enter personal data
• Both use the internet
Max five from:
Differences
o Smishing: fake text messages/SMS are sent to a phone
o Phishing: fake emails are sent to your computer
o In smishing the user may be asked to make a phone call
o A smishing message is shorter than a phishing email
o Easier to spot a smishing message
o Smishing messages tend to use 5000 in the message
14. Six from:
o Avoid clicking on any unknown emails with links.
o Do not reply to emails that have asked you about any of your personal data.
o Report any suspicious activity.
o If the email urges you for a quick reply then that is a clear sign of phishing.
o Do extensive research before replying to any message, check the domain name/company
name
 o If the email is too good to be true, it possibly is
o Check the time when the unknown email was sent.
o If the email was sent at an unusual time, then that is another sign of phishing.
o If the to: box has a large number of similar emails to yours then it is phishing
o If there are several grammar mistakes then it is suspicious
15. Eight from at least two methods:
Portable devices and cloud
• Storing the data on a portable hard/SSD/Pen drive/cloud means that the device is with
you at all times and not with the laptop computer
• No data is stored on the laptop computer if a portable SSD/HDD/pendrive/cloud is used
so if the laptop computer is stolen nothing is lost
• If the pendrive is lost then all your data is lost
• The access to the cloud can be password protected
• If the laptop gets stolen the data will be safe on the cloud
Passwords and encryption
• The data on the computer can be encrypted to increase security
• Data can use strong passwords making it more secure
• Passwords to the data can be forgotten and lost especially if the laptop password needs
to be remembered
• Security methods prevent users who do not know password from gaining access
• Passwords could be difficult to remember which could lock the device
Physical security
• Use of a dongle to log onto the laptop ensures that only the person with the device gains
access
• Devices like pendrives/dongles tend to be small and can easily be lost/stolen
• If the dongle is stolen/lost then access to the laptop is difficult
• Security software may malfunction rendering the laptop impossible to access
Biometrics
o Biometrics can be used to access the laptop/data this means that the user needs to be
present
o Difficult to fake/replicate biometrics
o Biometric data cannot be reset once compromised
o Biometrics are unique therefore it is an added security method
16. Gaining unauthorised access to a computer system – 1 mark
Two from:
Examples
o Can lead to the identity theft of data
o Can lead to the misuse of/access to personal data
o Data can be deleted
o Data can be changed
o Data can be corrupted
o Place malicious files/software
17. Three from:
o Use of firewalls to block unauthorised computer systems
o Use of passwords
o Use of intrusion detection software/anti-spyware
o Use two-factor authentication
o Switch off WiFi/computer when not in use
18. Password should not relate to personal details
Should be a long password
Not previously used password
Should not include repeating/obvious patterns//predictable words
Password should be strong
19. Use anti-spyware/up to date antivirus software
o Play the games with the firewall operational
o Play only with authorised versions of games which you have purchased from the correct
sources and for which you have a licence
o Download/buy files and new software from reputable sources
o Do not forget to delete your account details when you are not playing again
o Keep the game software up to date.
o When disposing of your gaming device ensure all of your personal information has been
deleted.
o Choose a username that does not reveal any personal information
o Be aware of criminals buying or selling ‘property’ that exists inside a computer game, in
the real world.
20. Two from:
• Could be hardware or software
• Sits between the computer/network and the router
• Filters/controls/monitors data/traffic coming in and out of the college network
Four from:
o Checks whether the data passing through it meets a given set of rules
o Blocks data that does not satisfy the rules
o Alerts user about unwanted data
o Can log all incoming and outgoing data/traffic to check later
o Can prevent/block access to undesirable/inappropriate websites/IP addresses
o Keeps a list of undesirable IP addresses
o Can prevent hackers gaining access to the system
o Can send out warnings
o Can block the unwanted traffic in and out of the network
o Keeps a list of desirable IP addresses/websites
o It can block IP addresses
21. Two from:
o User id and password can sometimes be easily guessed
o Passwords can be hacked with key logging software
o Passwords can be hacked by using random password generators
o Others can see the details being typed in
o If the home computer saves the log in information, then anyone can access
o If the user does not logout, then others can access data
22. Six from:
o I block unwanted messages/suspicious users… …and report the sender
o Before using the messaging system, I check how to block and report unwanted users…
…this stops predators
o I never arrange to meet strangers alone
o I always tell a responsible adult if I plan to meet someone
o I always meet in a public place
o I avoid giving away personal information
o I report abusive messages from a sender of the messages
o I report cyber-bullying
 o When sending messages I always use appropriate language
o If someone messages me with private and personal information about themselves I
respect their confidentiality/privacy
o I always read carefully the messages before I send
o I avoid sarcasm
o I am not offensive when replying
o I carefully check that I am replying to the correct person
o I do not enable my location when messaging
23. Two from:
o Use drop-down lists
o Use biometric passwords
o Use one use tokens/OTP
o Use a device instead of a password