12COMP CAT
computer security
Level 2 CAT
12COMP & 12DTEC
Date: Wednesday, 18th of October
Time: TBA
DURATION : 3hrs to complete: AS91899 (DTEC) AND/OR AS91898 (COMP)
ROOM: Students will be allocated a room to go to sit the exam (not necessarily with their class).
What is 'computer security'?
The goal of computer security is to ensure that online systems can be accessed easily - but only by those who should be using them! . . .
Computer security is referred to using several names; it’s also known as cybersecurity or information technology security (IT security), and many people also say “infosec” or “cyber” for short. It is about protecting the information files and computer systems from harm, theft, and unauthorised access.
Cyber security is the application of technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks.
It aims to reduce the risk of cyber attacks and protect against the unauthorised exploitation of systems, networks, and technologies.
a funny song on ransomware...
How big a deal is computer security?
from Computer Weekly
ISSUE DATE: 24 August 2021
We estimated the monetary loss from cybercrime at approximately $945 billion. Added to this was global spending on cybersecurity, which was expected to exceed $145 billion in 2020. Today, this is $1 trillion dollar drag on the global economy.
Political, ethical, and social incentives can also drive attackers.
Highlights for Q2 2022
Breakdown by incident category for Q2 2022
Questions may cover
- Common issues
- Ways to protect individual devices and devices managed by an organisation
- Policies or practices of a New Zealand-based* organisation that has had issues with computer security.
- There will be a question on “impacts” in relation to future-proofing or human factors.
* This must be a particular New Zealand-based organisation or entity specified by the candidate. For example, Countdown (but not “supermarkets”), the Auckland DHB (but not “hospitals”), Westpac (but not “banks”), or “my school”.
Resources & topics to explore
Topics you could research
The CIA Triad...
Confidentiality, Integrity & Availability (CIA).
You need the right mix of all three to get security right
Defense vs Offence
Defensive cybersecurity is all about blocking. This could come in the form of both tools and actions. You have your defensive tools that are designed to prevent or mitigate the effects of a cyberattack—such as antivirus software, firewalls, etc. And then you have your defensive actions, which include things like patching software and fixing system vulnerabilities.
Offensive cybersecurity, on the other hand, is all about tackling and outmaneuvering. The focus here is on seeking out the hackers, and in some cases, attempting to disable or “hack back” to disrupt their operations.
No matter which side of the field you’re on, the goal of any cybersecurity strategy should always be preventing the hackers (a.k.a. the opponent) from winning. But that brings us back to our original question: should we be playing offense or defense in cybersecurity?
The answer is both.
The best teams know how to block and tackle. In cybersecurity, building the best possible defense means folding in some offensive strategies to gain intel on attackers and how they’re trying to penetrate your systems.
Although it is the police and Government agencies that are best placed to partake in the offensive cybersecurity