Chapter 8 Safety and security

Exercise 1 Common physical safety issues

Complete the following table

Safety issue Cause Prevention

Electrocution Malfunctioned equipment, Repair faulty equipment

spillage of liquids, bare wires through a technician, keep
liquids and food away from
ICT equipment, check
insulation of wires frequently

Fire Improper ventilation of air Make sure air vents are not
vents, plugging multiple covered and there is proper
devices into a single electrical ventilation, do not plug too
supply outlet, leaving many devices into the same
equipment unattended for a outlet, turn off devices when
long time not in use, have a CO 2 fire
extinguisher handy

Tripping over cables long or tangled wires across Use cable covers to encase
the floor wires, conceal wires under
desks or carpets, use wireless
technology for reducing wires

Heavy equipment falling Insecure positioning of ICT Correct positioning of

devices,a poor/flimsy quality computer equipment leaving
desk margins from the edges of
desk, a strong and good
quality desk, make sure the
desk has ample space for
hand movement

Exercise 2 Personal data

1. Explain what is meant by personal data.

A:

Personal data refers to any detail used to identify an individual. For example, it is
easy to identify a person from their phone number or if you know their medical
history and name.

2. Explain why personal data should be confidential and protected.

A:

• Personal details can be stolen, copied, and sold to third parties without your
knowledge.
• Sharing of bank, financial and medical details can lead to fraudulent activities.
• Social networking sites could reveal personal information and identity theft.
They can also lead to cyberbullying. Sharing one’s location is common
practice on social networking sites and has led to cases of kidnapping and
theft, etc.
• Online gaming is also a source of cyber-attacks on a user’s computer or
mobile phone. Viruses, phishing or spyware are the most common issues.
• Chat rooms also pose the potential risk of users sharing too much personal
information.
• Some websites are inappropriate for young people, exposing them to
offensive or undesirable content.

3. What strategies could you use to minimise the potential dangers when
online?

A:

Do not:
● access sites that are a known source of viruses
● visit sites with violent, inappropriate, or offensive content
● open untrusted web pages, advertisements, or pop ups
Do:
● use an age-appropriate learner search engine to have access to relevant
websites
● use parental controls to avoid inappropriate sites
● access only trusted websites that are recommended by teachers or carers

4. What strategies could you use to minimise the potential dangers when
using email?

A:
Do not:
● read any content of emails from unknown or untrusted sources
● open any attachment of emails from unknown or untrusted sources
● reveal any personal details to people you don’t know or trust via email
● send any attachments or personal photos to an unknown source via email
Do:
● avoid clicking on links in untrusted emails, as these could be phishing and
provide false information
● avoid sharing any personal data via emails, as can be misused if your account
is hacked
● avoid opening any file attachments from an unknown source as it may contain
malicious or offensive content
● avoid sharing any pictures/picture in school uniform, as this is also your
personal data can lead to identity theft
 ● use blockers to avoid pop-up advertisements
● only email people you already know

5. Describe measures which should be taken when playing games on the

internet.

A:
Do not:
● share your real name while creating accounts or playing games
● share any personal details like your address, passwords etc., as this could
lead to bullying/ stalking
● share your password with anyone
● use voice chat or webcam
Do:
● install antivirus/anti-spyware software on your computer to help protect
against malware and identity theft
● buy new and downloadable games from legitimate sources to avoid virus
attacks on your computer system
● report abusive/unwanted users.

Exercise 3 Protecting data

1. Define the term hacking and describe its effects.

A:
Hacking means gaining illegal or unauthorized access to someone’s computer
system or a network. It is usually done using the internet and through remote
access. The people that do this are known as hackers. Hacking is often done with
the intention of harming or damaging a system or someone’s work. A hacker can
delete, remove, or change files on a system without permission.

Some of the effects of hacking are as follows:

● theft of credit card and bank account details for fraudulent activity (identity
theft)
● corrupting/damaging data
● theft of customer information and business data
● spamming the hacked email addresses/mobile numbers

2. Explain the measures that must be taken in order to protect data from
being hacked.

A:
• login credentials (username and password) for authentication
• encryption of data
• avoid clicking on random links or attachments sent over email.
• firewalls
• biometrics
 • digital certificates

3. Explain what is meant by the terms user id and password stating their
purpose and how they are used to increase the security of data.

A:
A user ID and a password are often required for logging into different
accounts to access secure information. A user ID is a unique piece of data
assigned to a user.

Passwords should be strong enough to stop criminals from guessing them or

hacking into your personal accounts or applications. A strong password must
be complex and should include uppercase and lowercase letters, numbers,
and special characters, for example, ErA32%h$1.
A plain password is a weak password and can be easily guessed or hacked.
Passwords should not be shared with anyone and must be changed regularly.

4. Explain what is meant by the term biometric data and why biometric
data is used.

A:
Biometrics involves scanning human features to authenticate someone’s
identity. Biometrics is a more secure way of data protection:
• Human features cannot be forgotten unlike a user id or password.
• Impressions of body parts are unique for every individual, and no one can
copy or fake them.

5. Explain what is meant by the term digital certificate and its purpose.

A:
A digital certificate is an electronic document with an additional security layer
used to store the key that contains the identity of the owner of data. This is called
the public key. The content of the certificate is verified by a third-party or a
company, which also provides the digital signature of the owner of the certificate.
This helps in establishing trust between the user and the internet browser or a
website.

6. Explain what is meant by the term Secure Socket Layer (SSL).

A:
SSL is a standard security layer, or a certificate added to the HTTP protocol.
When this security feature is added, HTTP is called HTTPS. This means that
data is encrypted and secured prior to being transmitted online, and a public
encryption key is required to decipher the data shared.
SSL certificates have a key pair: a public and a private key. These keys work
together to establish an encrypted connection between the server and the
client computer. The certificate also contains what is called the ‘subject’,
which is the identity of the certificate/website owner. When an SSL certificate
 is issued to a website, the transactions made by a credit card through that
website becomes trustworthy and secure.

7. Describe the features of a web page that identify it as using a secure

server.

A:
The web address will start HTTPS rather than HTTP. It may also have a locked
padlock icon next to the URL.

8. Define the terms.

A:
a. Phishing: Phishing refers to the act of luring users to give away
sensitive personal information such as bank account details, credit card
details, login credentials etc., for carrying out fraudulent activities.
Phishing methods include fake websites or emails that look genuine
and trick users into giveaway personal sensitive information. For
example, if a user receives an email from their bank that their account
password is due to expire. Once the user clicks on the ‘Change
Password’ link, the website redirects to a fake page, tricking the user to
enter all login credentials. These are captured and used for fraudulent
activity such as moving money transactions from the account

b. Pharming: Pharming is a type of social engineering, where a user will

be redirected from a genuine website to a fake one, unnoticed. They
may be prompted to enter login details, that are collected by a criminal
for use on the genuine site. Pharming attacks occur when web servers
are attacked, and malware code is inserted into a website that redirects
visitors. These attacks are quite difficult to spot and require the user to
be vigilant.

c. Smishing: Smishing is a form of phishing using SMS instead of

emails. The text messages will contain a URL or a mobile number,
which when clicked or called will trick the user into providing sensitive
personal details. People are less wary when using their phones, and
often consider this them to be more secure than computers. However,
as with phishing, the messages look genuine, so mobile phones are
also vulnerable to cyber-attacks.

9. Describe the methods which can be used to help prevent phishing,

pharming and smishing.

A:
How to Prevent a Pharming Scam:
• Outdated security software leaves your network vulnerable. Keep this up to
date. Run regular
• antivirus checks and spyware removal software to add an additional layer of
safety.
 • Change the default password on your Wi-Fi router. When a scammer tries to
access your computer, the first place they will check is the router. If the router
still has the default password, your network is vulnerable to attack.
• Be aware of what websites you visit. Fraudulent websites can install malicious
software or browser extensions on your computer that will modify the DNS
cache.
• Be careful of any emails you open. An email attachment can also contain
malware. Always make
• sure the email is sent from a known or reputed source.
• Look out for misspelt words, grammatical mistakes, subtle changes in the
design of the website
• along with any links such as ’contact us’ that are not working, etc.

How to Prevent Smishing Scams:

• Avoid clicking on any unknown messages with links. Always check if the
sender of the message is known to you or not.
• Do not reply to text messages with any of your personal details.
• If the text messages (along with the unknown number) asks you for a quick
reply, then that is a
• clear sign of smishing.
• Never call the phone number on the unknown SMS.
• Messages promising enormous prize money or freebies are a sure sign of
smishing.
• It is best to avoid responding to these messages or reading their content.

10. Describe how to recognise when someone is attempting to obtain

personal data, report the attempt, and avoid the disclosure of
information.

A:

How to spot a phishing email:

● A company email coming from a public domain, such as ‘[email protected]’
instead of ‘[email protected]’
● The message has a sense of urgency, e.g. ‘Your password is due to expire
today’.
● The email contains a strange or unexpected attachment like a file with
extensions.exe,.bat, etc.
● The email text contains misspelt or grammatically incorrect words.
● The text promises that you have won huge amounts of money, such as ‘You
have won a prize worth $2,000,000’.

How to spot a phishing website:

• Check the validity of the web address: look for a padlock symbol in the
address bar and check that the URL begins with https:// or shttp://.
• The ‘S’ shows that the web address has been encrypted and secured with a
secure socket layer (SSL) certificate. Without HTTPS, any data passed
through the site is insecure and could be intercepted by criminal third parties.
 11. Explain the difference between moderated and unmoderated forums and
the relative security of these.

A:
A moderated forum is one where any posts made will be checked by an admin
before it can be viewed by others. All comments are also checked before being
shown to ensure only posts/comments that meet the forum rules are shown. In an
unmoderated forum, there may be comments/posts which don’t meet the rules
and may be offensive.

12. Explain the concept of and how to recognise spam mail and avoid being
drawn into it.

A:
When you receive an email into your inbox, it is important to know which
category it
falls into. Some emails are relevant, but others are unwanted unsolicited
emails,
sent out in bulk and referred to as spam or junk mail. An email categorised as
spam usually
contains unwanted messages such as advertisements and promotions. It is
possible that these messages may contain unethical and dangerous
information, links, or attachments (phishing). Some service providers
automatically filter and mark these messages from unknown senders as spam
or junk.

How to Prevent Spam Emails:

• Enable the spam filters in your email application.
• Report the unwanted emails as spam or block the unknown senders.
• Unsubscribe to email lists you do not want to be a part of.
• Do not fill in your email ID on websites, online forums, or online forms unless
absolutely necessary.

13. Describe what encryption is and why it is used.

A:
A secure transfer of data requires a secure connection between the two
devices. This involves a secure http or HTTPS. The data packets
(information) are converted into a form that can only be understood by the
person who changed it (has the key). This process is called encryption of
data.
The data is not unencrypted as it is transmitted across the network, only when
the data reaches the intended destination. This is known as decryption.
The main purpose of encrypting data is so that criminals such as hackers
cannot access the private and confidential information, as they would be
unable to decipher the encryption.
 The encryption process requires the devices at either end of the transfer to
use an encryption key to unscramble the secure data. This technology can be
used to protect data in a hard disk, email, cloud, or HTTPS websites from
being accessed by unauthorised users.

14. Define the term computer virus and describe its effects.

A:

• Deleting/corrupting files or documents

• Slowing down or crashing the system by corrupting operating system files
• Displaying anonymous or irrelevant messages/websites
• Gaining control over the system

It is essential that networks are regularly protected from harmful or malicious

software (malware) being installed. Such software could potentially compromise
the security of the network, and may allow criminal activity to happen, including
the theft of personal or company data. In extreme cases, malware could also
potentially corrupt data in a network to the point it becomes unreadable – this
type of corruption is called a virus.

15. Describe how to take preventative action to avoid the danger of infecting
a computer with a virus from a downloaded file.

A:
To guard against this type of behaviour, a network should have anti-malware
and anti-virus
applications installed, which protects all devices on the network.

16. Describe the measures that must be taken in order to protect against
hacking.

A:
• login credentials (username and password) for authentication
• encryption of data
• avoid clicking on random links or attachments sent over email.
• firewalls
• biometrics
• digital certificates

17. Describe how it is possible to be the subject of fraud when using a

credit card online.

A:
• Shoulder surfing: spying on someone while they use a cash-dispensing
machine, such as an ATM or other electronic device to obtain their personal
identification number (PIN), password, etc.
 • Card cloning: also known as skimming, this technique involves attaching a
data skimming device to the card reader slot to copy information from the
magnetic strip, or cameras to record the keystrokes.
• Keylogger: Keyboard capturing using a key logger software without
permission.

18. Explain the issues related to security of data in the cloud.

A:
Data stored on the cloud can be accessed from any computer with internet
access and therefore is more susceptible to hacking then data stored on a single
computer.

19. Explain the concept of a firewall and why it is used.

A:

A firewall is a piece of hardware or software that sits between a computer and

the internet. Firewalls monitor every piece of data entering or exiting a
computer from another network such as the internet. This will identify any
outside process attempting to install something on a computer without a
user’s consent.

20. Discuss the effectiveness of different methods of increasing security.

A:
Having passwords has some effectiveness as if someone doesn’t know the
password they won’t be allowed to gain entry. Using biometrics is more
secure than using passwords as they can’t be shared with someone else.
A firewall is a stronger method of security as all data going in and out of the
network will be checked.

Exam style questions

1. Explain what is meant by personal data.

A:

Personal data is data relating to a living individual/person

The person can be identified either from the data or from the data in
conjunction with other information.
Examples include name, address, date of birth, place of birth, bank details
The data can be sensitive e.g. racial, ethnic, medical, religious, relating to a
trade union, mental health, sexuality, relating to criminal offences

2. What strategies could someone use on social media/networking sites,

instant messaging and internet chat rooms to minimise the potential
dangers?
A:

• Know how to block and report unwanted users

• Never arrange to meet anyone alone
• Always tell an adult if you plan to meet someone
• Report unwanted/abusive messages
• Meet in a public place
• Avoid the misuse of images
• Avoid showing images in your school uniform
• Avoid showing personal images
• Avoid showing full name/address/personal data
• Use appropriate language
• Respect confidentiality

3. Discuss why eSafety is needed.

A:
• E-safety protects personal data from people who should not have access to it
• Personal data needs to be kept safe so that others cannot use it against us
• Protects sensitive data
• Use of e-safety protects vulnerable people
• Protects other people’s views
• If someone has access to your personal data this could be used for blackmail
/ spreading rumours / identity theft / stalking
• E-safety reduces the risks when using ICT using social media sites, online
gaming users believe they are safe
• E-safety trains users to be responsible on the internet
• Giving out personal information can help predators to find out further details
about a person, such as where they live / where they go to school / used to
track the person
• People on the internet may not be what they seem
• Need to be able to block people on the internet
• Need to know how to report problems on the internet
• If we do not use e-safety then users are being put at risk as they will not know
the dangers
• Freedom of speech can be affected
• If we do not apply e-safety approaches we open ourselves up to attack
• Use of netiquette
• Covers a number of electronic devices like, computers, tablets, mobile
phones, games consoles

4. Explain how to avoid inappropriate disclosure of personal data

including: my own name, address, school name, a picture in school
uniform.

A:
• Don’t give out personal information to people you do not know
 • Don’t send photos of yourself to people you do not know
• Don’t post photos of yourself on the social media without privacy settings
being set
• Don’t post photographs that could be linked to you
• Maintain privacy settings
• Only make friends with people you know/known to other friends
• Don’t enter private chat rooms
• Do not post email addresses/real addresses/real names, etc.
• Do not reply to or communicate with people you do not know

5. Explain the concept of a firewall and why it is used.

A:
• Monitors and controls incoming and outgoing data traffic
• Helps to prevent malware being downloaded
• Prevents computer accessing undesirable/unauthorised sites
• Prevents unauthorised users accessing the computer
• Keeps a list of undesirable sites/IP addresses
• Keeps a list of acceptable sites/IP addresses
• Warns you of threats
• Allows you to accept/reject downloaded programs

6. Define the term computer virus.

A:
• A virus is a piece of software/program code
• It infects a computer
• Attaches itself to files
• Has the ability to replicate itself

7. Explain the difference between moderated and unmoderated forums.

A:
In a moderated forum all posts are held in a queue. It reduces the chance of
offensive messages and stops several postings of the same topic.
An un-moderated forum is not policed so doesn’t have these benefits.

8. Explain how to avoid being drawn into spam email.

A:
• Do not reply to spam emails
• Use a spam email filter
• Block images in HTML messages as these are used as web beacons
• Unclick check boxes when buying items online
• Do not sign up to commercial mailing lists

9. Describe preventative action to avoid the danger of infecting a computer

with a virus from a downloaded file.
A:
• Scan emails / attachments before opening
• Use up to date anti-virus software
• Do not download attachments from unknown sources
• Avoid opening spam emails

10. Describe the methods which can be used to help prevent.

A:

a. Phishing:
• Be careful when opening emails from people you do not know
• Be careful when opening attachments from people you do not know
• Do not click on executable (.exe) files / batch (.bat) files sent to you
• Never give out bank details / PIN / passwords / personal details in an email
• Report any phishing attempts
• Do not respond to emails from addresses you do not recognise

b. Pharming:
• Use anti-spyware to remove pharming code
• Check sites carefully before a link is clicked
• Delay using a link sent in an email as some sites are time related
• Check the URL / web address of the website before you enter personal details
• Make sure you are on a secure website

c. Smishing:
• Never give your bank details / PIN / password/personal details over the phone
/ text message
• Ignore text messages from numbers you do not recognise
• Report any smishing attempts
• Never click on links in text messages from unexpected people
• Never phone the phone numbers that are given in a suspect text message

11. Explain what is meant by the term biometric data and why biometric
data is used.

A:
Biometric data includes fingerprints, Retina scans, Voice recognition, Iris scans,
Handprint

Why it is used:
• The biometric data is unique to the user
• Biometric data is always with you
• Passwords can be copied/forgotten/guessed/cracked
• Difficult to copy/forge biometric data
• Eliminates shoulder surfing
• Prevents key logging software
 12. Describe the features of a web page that identify it as using a secure
server.

A:
• The web address should start with https
• There is a closed/green padlock
• When the padlock is clicked a message will state the connection is
encrypted/secure
• The web page has a digital/SSL certificate
• The green padlock shows it has an Extended Validation (EV) certificate/CA
certificate

13. Explain the concept of spam mail.

A:
• Electronic Junk email/unsolicited emails/sent to a person without requesting it
• Deliberate filling up of a user’s inbox/many emails sent at once
• Emails sent to everyone on the mailing list

14. Define the terms:

A:

a. Phishing:
• Uses the internet
• Redirects the user to a fake website
• Can lead to fraud and identity theft
• Uses websites that look legitimate
• Personal data is compromised
• Emails are sent to the computer
• Clicking a link sends user to a fake website
• The email appears to have come from a trusted source
• Uses communication devices to collect personal data
• Requires the user to communicate quickly
• Requires the user to enter personal data

b. Pharming:
• Uses the internet
• Redirects the user to a fake website
• Can lead to fraud and identity theft
• Uses websites that look legitimate
• Personal data is compromised
• Malicious code is uploaded to the computer
• The code redirects the user to a fake website without their knowledge
• Website appears to be genuine
• Spyware can be used to record key presses

c. Smishing:
• Uses communication devices to collect personal data
• Requires the user to communicate quickly
• Requires the user to enter personal data
• Uses the internet
• Fake text messages/SMS are sent to a phone
• The user may be asked to make a phone call
• Smishing messages tend to use 5000 in the message