Learning aim B: Investigate issues relating to the use of digital systems B1 Cybersecurity The fundamental concepts of threats to data and systems, and ways that threats can
be mitigated.
•
The concept that threats can be internal (from within the organisation)
and external (from outside of the organisation) and motivation for these,
e.g. financial gain, industrial sabotage, disruption.
•
Internal
threats to the data
, including:
o
intentional security breach by a rogue or disgruntled employee(s)
o
accidental security breach
o
poorly designed or implemented security policies
o
incorrectly configured systems
o
damage to computer systems (intentional or accidental).
•
The external
threats to the data
, including:
o
unauthorised access to systems, e.g. hackers
o
malware, e.g. viruses, spyware, rootkit, ransomware
o
social engineering, e.g. phishing, vishing, pharming
o
changes/updates to systems and software
o
natural disasters, e.g. fire, flood, earthquake.
•
The concept of data privacy.
•
The trade-offs between ensuring data is secure and private, and ensuring
access for all stakeholders to required data, information, or systems.
•
Ways to mitigate threats to security and privacy, including:
o
installing and configuring firewalls
o
installing, using, and updating anti-malware software
o
device hardening
o
user access levels
o
security policies, e.g. passwords, limiting concurrent log-in, restricted log-in
times
o
additional access restrictions, e.g. two-factor authentication, biometrics,
physical locks/doors.
•
Legislative requirements for ensuring the security and privacy of data in relation
to the network, connected devices and users.
