U
NIT
11:
C
YBER
S
ECURITY AND
I
NCIDENT
M
ANAGEMENT
Pearson BTEC International Level 3 Qualifications in Information Technology –
Specification – Issue 3 – September 2022 © Pearson Education Limited 2022
155
Content
Learning aim A: Understand cyber security threats, system vulnerabilities
and security protection methods
A1 Cyber security threats
Apply an understanding of cyber security threats that impact on organisations in a range
of sectors and vocational-based scenarios.
All systems are vulnerable to attack from external and internal threats.
•
How internal threats occur, including:
o
employee sabotage and theft, including of physical equipment or data, and
damage such as fire, flood, power loss, terrorism or other disaster
o
unauthorised access by employees and other users to secure areas
and administration functions, including security levels and protocols
o
weak cyber security measures and unsafe practices, including security
of computer equipment and storage devices, security vetting of visitors,
visiting untrustworthy websites
o
accidental loss or disclosure of data, including poor staff training and
monitoring.
•
How external threats function, including:
o
malicious software (malware), including spyware, adware, ransomware;
viruses, including worms, rootkits and Trojans
o
hacking, including commercial, government, individuals
o
sabotage, including commercial, government, terrorism, individuals
o
social-engineering techniques used to obtain secure information by deception.
•
The impact of a credible threat is likely to result in some form of loss, such as:
o
operational loss, including manufacturing output, service availability and
service data
o
financial loss, including organisational, compensation and legal liability
o
reputation loss, including lack of service and employee or customer information
o
intellectual property loss, including new product design or trade secret.
•
The impact level of a successful attack on an organisation is determined by the
value of the loss, and that the value may not always be a monetary one.
•
Know that cyber security threats vary over time and cyber security
organisations provide regular updates on the current and changing threat
landscape.
Dostları ilə paylaş: 
