Embedded Files
DCAT DERIVED GRADE EXAM
DCAT DERIVED GRADE EXAM
12COMP
12COMP
Date: Tue 24th & Wed 25th Sep
Date: Tue 24th & Wed 25th Sep
Time: During 12COMP lessons
Time: During 12COMP lessons
DURATION : 2 hrs over 2 lessons
DURATION : 2 hrs over 2 lessons
ROOM: your normal 12COMP room
ROOM: your normal 12COMP room
DCAT EXAM (3 credits)
DCAT EXAM (3 credits)
12COMP & 12DTEC
12COMP & 12DTEC
Date: Fri 18th Oct
Date: Fri 18th Oct
Time: 9:00am
Time: 9:00am
DURATION : 3hrs to complete: AS91899(DTEC) AND/OR AS91898(COMP)
DURATION : 3hrs to complete: AS91899(DTEC) AND/OR AS91898(COMP)
ROOM: Students will be allocated a room to go to sit the exam (not necessarily with their class).
ROOM: Students will be allocated a room to go to sit the exam (not necessarily with their class).
What is computer security?
What is computer security?
The goal of computer security is to ensure that online systems can be accessed easily - but only by those who should be using them! . . .
The goal of computer security is to ensure that online systems can be accessed easily - but only by those who should be using them! . . .
Computer security is referred to using several names; it’s also known as cybersecurity or information technology security (IT security), and many people also say “infosec” or “cyber” for short. It is about protecting the information files and computer systems from harm, theft, and unauthorised access.
Cyber security is the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks.
It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks, and technologies.
Funny ransomware song
Funny ransomware song
How big a deal is computer security?
How big a deal is computer security?
Percentage of organizations affected by malware 2018 to 2023
Percentage of organizations affected by ransomware 2018 to 2023
Highlights for Q3 2023
Highlights for Q3 2023
Breakdown by incident category for Q3 2023
Breakdown by incident category for Q3 2023
Questions may cover
Questions may cover
For 2024, the questions on impacts will focus on ethical issues & future-proofing.
For 2024, the questions on impacts will focus on ethical issues & future-proofing.
For computer security, questions may cover:
For computer security, questions may cover:
- Social engineering
- Biometric authentication
- Email white lists & black lists
- Common issues
- Data privacy
- Ways individuals can protect their computers
- Use of computer security
- Retail shopping
Resources & topics to explore
Resources & topics to explore
Social Engineering
Social Engineering
From Kaspersky: Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. In cybercrime, these “human hacking” scams tend to lure unsuspecting users into exposing data, spreading malware infections, or giving access to restricted systems. Attacks can happen online, in-person, and via other interactions.
From Imperva: Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
From CrowdStrike: 10 Types of Social Engineering Attacks and how to prevent them
Are there any ethical concerns around social engineering?
Does social engineering have an impact on future-proofing technology?
Biometric authentication
Biometric authentication
From TechTarget: Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are. Biometric authentication systems compare physical or behavioral traits to stored, confirmed, authentic data in a database.
From LoginTC: Biometric authentication refers to a cybersecurity process that verifies a user’s identity using their unique biological traits such as:
Facial recognition
Fingerprint Recognition
Eye Recognition
Voice Recognition
Retina/Iris Recognition
Gait Recognition
Vein Recognition
Are there any ethical concerns around biometric authentication?
Does biometric authentication have an impact on future-proofing technology?
email white lists & black lists
email white lists & black lists
From Paubox: Email whitelisting and blacklisting are methods used to filter out unwanted emails. Whitelisting creates a list of safe email addresses, while blacklisting creates a list of spam or untrustworthy ones.
What is application whitelisting & blacklisting? From CrowdStrike:
Application whitelisting is the approach of restricting the usage of any tools or applications only to those that are already vetted and approved. Organizations adopt this approach by delegating a system administrator or third-party application to manage the list of applications and enforce these restrictions.
Application Blacklisting is a less restrictive approach to whitelisting. This approach allows the use of any third-party tools, provided they are not on the blacklist. However, blacklisting doesn’t account for unidentified threats, sometimes resulting in a misleading sense of security.
Are there any ethical concerns around email whitelist & blacklists?
Doesemail whitelist & blacklists have an impact on future-proofing technology?
common issues
common issues
Search the internet for computer security common issues and you will get different lists.
There are so many common issues that you couldn't be expected to have in-depth knowledge on all of them.
But make sure you know about 3 of the more common of them.
From Liquid Web:
Ransomware Attack
Code Injection (Remote Code Execution)
Cross-Site Scripting (XSS) Attack
Data Breach
Malware and Virus Infection
DDoS Attack
Credential Stuffing Attack
Brute Force Attack
Weak Passwords & Authentication Issues
Social Engineering
SPAM and Phishing
Insider Threat
Sensitive Data Leak
No Backups
Not Updating or Patching Regularly
From SecurityScorecard: The Human Factor in Cybersecurity:
Physiological element
Insider threats
Social engineering
From CrowdStrike: 12 most common types of cyberattacks
See the explanation below on the differences between Google’s two-factor authentication (2FA) via text messages & using the Google Authenticator app
Retail specific from Linkedin (doc)
(isitai.com is 99.98% sure it was written by a human)
From Checkpoint
from American National University:
phishing attacks
malware infections
Weak Passwords/Credential Hacking
from MS Co-pilot:
Ransomware: This malicious software encrypts your files and demands a ransom for their release. High-profile cases like the Colonial Pipeline attack highlight its impact.
Malvertising: Online ads can carry malware, infecting your system when you click on them.
Inadequate Patch Management: Failing to update software leaves vulnerabilities open for exploitation.
Remember, staying informed and implementing good security practices are essential to protect your data
data privacy
data privacy
From TechTarget: Data privacy focuses on issues related to collecting, storing and retaining data as well as data transfers within applicable regulations and laws, such as GDPR and HIPAA. Data security is the protection of data against unauthorized access, loss or corruption throughout the data lifecycle.
From Cloudflare: Data privacy is the protection of personal data from those who should not have access to it and the ability of individuals to determine who can access their personal information.
Are there any ethical concerns around data privacy?
Does data privacy have an impact on future-proofing technology?
ways individuals can protect their computers
ways individuals can protect their computers
From California's DoJ: Keep your device secure. Make sure to download recommended updates from your device's manufacturer or operating system provider, especially for important software such as your internet browser. Antivirus software, antispyware software, and firewalls are also important tools to thwart attacks on your device.
From MicroSoft: Keep your computer secure at home
From The UK Information Commissioners Office: 11 practical ways to keep your IT systems safe and secure
From The NZ Privacy Commissioner: Privacy Commissioner encourages two-factor authentication in war on cybercrime
From American National University: Top 3 threats & protection tips
From FIDO: replacing passwords with paskeys.
For further info on passkeys - see the YouTube clip on FIDO under Biometric Authentication
Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA)
From MS Copilot: There are several forms of two-factor authentication (2FA), each offering different levels of security and convenience. Here are some of the most common types:
SMS Verification: A code is sent to your mobile phone via text message. See section below.
Authenticator Apps: Apps like Google Authenticator or Authy generate time-based codes.
Hardware Tokens: Physical devices that generate codes, such as key fobs. Primarily used to generate one-time passwords (OTPs) or authentication codes. Can be connected (e.g., USB tokens) or disconnected (e.g., key fobs with a screen displaying a code). Often used in corporate environments for accessing secure systems. Users may need to enter the generated code manually
Push Notifications: A prompt is sent to your mobile device to approve or deny access.
Biometric Verification: Uses fingerprints, facial recognition, or voice recognition.
Email-Based Systems: A code is sent to your email address.
Physical Authentication Keys: 23.Devices like YubiKey that you plug into your computer. Used to authenticate a user by physically connecting to a device. Typically USB-based devices like YubiKey, which can also support NFC or Bluetooth. Plugged into a computer or tapped on a mobile device to provide authentication without needing to enter a code. Often used for securing personal accounts and services. NOTE: hardware tokens usually generate codes for manual entry, whereas physical authentication keys provide a more seamless authentication experience by directly interacting with the device.
Each method has its own advantages and potential drawbacks.
Text Message (SMS) 2FA
How It Works: With SMS-based 2FA, you receive a one-time verification code via text message. When logging in, you enter this code along with your password.
Text Message (SMS) 2FA
How It Works: With SMS-based 2FA, you receive a one-time verification code via text message. When logging in, you enter this code along with your password.
Pros:
Easy to set up: No additional apps required.
Widely supported by various services.
Cons:
Security Risk: SMS can be intercepted or spoofed, making it less secure1.
Inconvenient: Manually entering codes can be cumbersome.
Reliability: Requires mobile network coverage.
In summary, while SMS 2FA is better than no 2FA, the Google Authenticator app provides stronger security and convenience. Consider using the app for better protection
Google Authenticator App
How It Works: Google Authenticator is a popular app used for two-factor authentication (2FA), which adds an extra layer of security to your online accounts. Here’s a brief overview of how it works:
Google Authenticator App
How It Works: Google Authenticator is a popular app used for two-factor authentication (2FA), which adds an extra layer of security to your online accounts. Here’s a brief overview of how it works:
Setup: When you enable 2FA on a service that supports Google Authenticator, you’ll be prompted to scan a QR code using the app. This QR code contains a secret key shared between the service and your app1.
Code Generation: The app uses this secret key and the current time to generate a unique, time-based one-time password (TOTP) every 30 seconds1. This means the code changes frequently, making it harder for unauthorized users to gain access.
Login Process: When you log in to a service with 2FA enabled, you’ll enter your username and password as usual. Then, you’ll be prompted to enter the code generated by Google Authenticator1. This code is only valid for a short period, adding an extra layer of security.
Offline Capability: One of the advantages of Google Authenticator is that it doesn’t require an internet connection or mobile service to generate codes. This makes it reliable even when you’re offline2.
Backup and Transfer: If you get a new phone, you can transfer your accounts to the new device using the app’s built-in transfer feature1.
Are there any ethical concerns around individuals protecting their computers?
Does individuals protecting their computers have an impact on future-proofing technology?
use of computer security
use of computer security
From CSFG: The goal of computer security is to ensure that online systems can be accessed easily - but only by those who should be using them! The online systems could range from banks to social network sites, school networks to home computers, and online shopping to corporate intranets. This provides the interesting challenge of putting barriers in place for access to computer systems, at the same time trying to avoid getting in the way of legitimate users.
The CIA Triad...
The CIA Triad...
Confidentiality, Integrity & Availability (CIA).
Confidentiality, Integrity & Availability (CIA).
You need the right mix of all three to get security right
You need the right mix of all three to get security right
From SimpleLearn: What is Computer Security?
From Ms Copilot: Using computer security involves several key practices to protect your data and systems. Here are some essential steps:
Use Strong Passwords: Create complex passwords that are difficult to guess. Use a mix of letters, numbers, and special characters, and avoid using the same password for multiple accounts.
Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
Keep Software Updated: Regularly update your operating system, browsers, and other software to protect against the latest security vulnerabilities.
Install Antivirus Software: Use reputable antivirus software to detect and remove malware. Keep it updated to ensure it can protect against new threats.
Be Cautious with Emails and Links: Avoid clicking on suspicious links or downloading attachments from unknown sources. Phishing attacks often use these methods to steal information.
Use Secure Networks: Avoid using public Wi-Fi for sensitive transactions. If you must use it, consider using a Virtual Private Network (VPN) to encrypt your data.
Backup Your Data: Regularly back up important data to an external drive or cloud service. This ensures you can recover your information in case of a cyberattack or hardware failure.
Educate Yourself: Stay informed about the latest cybersecurity threats and best practices. Awareness is a crucial part of staying secure.
Implementing these practices can significantly enhance your computer security and protect your personal and financial information.
Are there any ethical concerns around the use of computer security?
Does the use of computer security have an impact on future-proofing technology?
retail shopping
retail shopping
From ARCHERPOINT: Retailers handle valuable information, specifically customer data (including personally identifiable information or PII) and credit card numbers. As a result, they are prime targets for cybercriminals, who then sell this valuable information on the dark web.
From Ms Copilot: Computer security is crucial for retail shopping for several reasons:
Protecting Customer Data: Retailers collect a lot of personal and financial information from customers, such as credit card numbers and addresses. Ensuring this data is secure helps prevent identity theft and fraud12.
Maintaining Customer Trust: Customers need to feel confident that their information is safe when shopping online. A security breach can damage a retailer’s reputation and lead to a loss of customer trust3.
Compliance with Regulations: Many regions have strict data protection laws that retailers must comply with. Ensuring robust cybersecurity measures helps retailers avoid legal penalties4.
Safeguarding Business Operations: Cyberattacks can disrupt business operations, leading to downtime and lost sales. Effective security measures help ensure that retail operations run smoothly5.
By prioritizing computer security, retailers can create a safer shopping environment, protect their assets, and build stronger relationships with their customers.
From SafeCore: Cyber security in the retail sector: the scenario, risks and future challenges
Are there any ethical concerns around retail shopping?
Are there any ethical concerns around retail shopping?
From MS Copilot: There are several ethical issues surrounding the use of technology in retail shopping. Here are some of the key concerns:
Privacy and Data Security: Retailers collect vast amounts of customer data, including purchase history, preferences, and personal information. Ensuring this data is securely stored and used ethically is crucial to prevent breaches and misuse1.
AI and Algorithmic Bias: The use of artificial intelligence (AI) in retail, such as for personalized recommendations or dynamic pricing, can inadvertently perpetuate biases. This can lead to unfair treatment of certain customer groups2.
Labor and Automation: The increasing use of automation and robotics in retail can lead to job displacement. Ethical considerations include how to balance technological advancement with the impact on employees3.
Consumer Manipulation: Advanced technologies can be used to manipulate consumer behavior, such as through targeted advertising and personalized shopping experiences. This raises questions about the ethics of influencing consumer choices1.
Environmental Impact: The production and disposal of electronic devices used in retail, such as self-checkout machines and digital displays, contribute to environmental issues. Retailers need to consider the sustainability of their technology use3.
Addressing these ethical issues requires a robust governance framework and a commitment to transparency and fairness.
Future-proofing technology in the retail shopping sector
Future-proofing technology in the retail shopping sector
From MS Copilot: Future-proofing technology in retail shopping involves adopting and integrating innovative solutions that enhance the shopping experience, streamline operations, and ensure long-term sustainability. Here are some key technologies being used:
Artificial Intelligence (AI) and Machine Learning (ML): These technologies help retailers analyze vast amounts of data to optimize inventory, personalize customer experiences, and improve decision-making processes12.
Augmented Reality (AR) and Virtual Reality (VR): AR and VR provide immersive shopping experiences, allowing customers to visualize products in their environment or try on clothes virtually3.
These technologies not only improve the current retail landscape but also prepare businesses for future challenges and opportunities.
LINKS TO other esources
LINKS TO other esources
Topics you could research
Topics you could research
Hacking; Good vs Bad
Hacking; Good vs Bad
Is all hacking bad?
Is all hacking bad?
Defense vs Offence
Defense vs Offence
Defensive cybersecurity is all about blocking. This could come in the form of both tools and actions. You have your defensive tools that are designed to prevent or mitigate the effects of a cyberattack—such as antivirus software, firewalls, etc. And then you have your defensive actions, which include things like patching software and fixing system vulnerabilities.
Offensive cybersecurity, on the other hand, is all about tackling and outmaneuvering. The focus here is on seeking out the hackers, and in some cases, attempting to disable or “hack back” to disrupt their operations.
No matter which side of the field you’re on, the goal of any cybersecurity strategy should always be preventing the hackers (a.k.a. the opponent) from winning. But that brings us back to our original question: should we be playing offense or defense in cybersecurity?
The answer is both.
The best teams know how to block and tackle. In cybersecurity, building the best possible defense means folding in some offensive strategies to gain intel on attackers and how they’re trying to penetrate your systems.
Although it is the police and Government agencies that are best placed to partake in the offensive cybersecurity
Policies & Practices of companies
Policies & Practices of companies
Page updated
Report abuse