ICT IGCSE: Safety and Security

Questions and Answers

Which of the following measures helps minimize the risk of electrocution in ICT labs?

• Regularly checking the state of cables and plugs
• Using wireless keyboards and mice
• Ensuring equipment has adequate ventilation
• Ensuring all drinks are kept away from computers (correct)

Sharing political views on social media does not pose a potential risk to personal data security.

False (B)

What is the primary purpose of e-safety lessons in schools?

To educate young people about the potential risks of using the internet appropriately and how to stay safe online.

To minimize potential dangers online, one should only use a student-friendly search engine with ______.

safety filters

Match the following techniques with their corresponding descriptions:

Phishing = Tricking users into revealing personal information through deceptive emails or websites Smishing = Using fake SMS messages to trick users into giving away personal details Vishing = Using voice messages to trick users into calling premium rate telephone numbers Pharming = Redirecting users to fake websites through malicious code

Which of the following actions can help prevent credit card fraud?

Regularly checking bank statements for suspicious activity (D)

Biometrics is a security measure that relies on easily reproducible data.

False (B)

What is one way to identify that the website is using a secure server?

The website URL will display 'https' instead of 'http'.

A ______ acts as a barrier between a computer system and potential threats from the internet.

firewall

Which of the following is a potential disadvantage of using cloud storage?

Risk of data loss due to provider error (C)

Why should status updates be cautiously managed?

They can alert others of one's location. (D)

Using appropriate language while communicating with other gamers online is unnecessary as long as you are using a pseudonym.

False (B)

What is the primary goal of 'hacking'?

To gain unauthorized access to a computer system without the owner's knowledge or permission.

The process of converting data into a format that is unreadable without a 'key' is known as ______.

encryption

Which of the following actions can help prevent smishing?

Checking the SMS message for spelling mistakes (D)

What is the main characteristic of a moderated online forum?

Posts are reviewed by an administrator before being published. (B)

Replying to spam emails is an effective way to stop receiving them in the future

False (B)

What type of software monitors your computer use and logs key presses?

Spyware

To prevent unauthorised access, regularly perform ______ of equipment to check if it is passing safety standards.

Regular maintenance

What is the primary function of a digital certificate?

To verify the identity of the sender in an online transaction (A)

Flashcards

Preventing Electrocution

Keeping drinks away from computers and ICT equipment to prevent electrical hazards.

Prevent Equipment Overheating

Ensuring equipment has sufficient airflow to prevent overheating.

Preventing cable tripping hazards

Using cable ducts and tucking cables away to prevent accidents.

Strategies to minimize safety risks

Regular equipment checks for safety, cable inspections, wireless use, and clearing trip hazards.

Why personal data should be confidential?

Personal information that should be kept private to avoid risks like stalking and identity theft.

How to avoid inappropriate disclosure of personal data

Activating privacy settings, avoiding sharing data with strangers, and not posting inappropriate content.

Minimize potential online dangers

Using trusted websites, student-friendly search engines with filters, and restricting access to certain content.

Minimizing dangers on social media

Knowing how to block and report unwanted users, keeping adults informed, and never arranging to meet strangers.

What is Hacking?

Unauthorized access to a computer system without permission, leading to data corruption or theft.

What is Spyware?

Software that monitors computer use and logs keystrokes, potentially stealing passwords and banking details.

What is Phishing?

Emails that look legitimate but trick users into providing personal or payment details on fake websites.

What is Pharming?

Malicious code that redirects users to fake websites, even with a correct URL, to steal personal details.

What is Smishing?

Fake SMS messages claiming prizes, requesting calls to premium numbers or personal data input.

What is Spam Email?

Unsolicited commercial emails sent in bulk, often promoting scams or unwanted products.

What is Credit Card Fraud?

Tricking a user into giving personal information which can be used for fraudulent card transactions

What is Biometrics?

A method of authentication that uses unique human characteristics for identification

What is Encryption?

Converting information into a meaningless form to protect it from unauthorized access.

What is Cloud storage?

Online storage medium used to back up files which can be accessed from any device with an internet connection.

Digital Certificates

Used to verify the identity of the sender in an online business transaction.

Secure Socket Layer (SSL)

A secure connection that keeps data safe when sending sensitive information.

Study Notes

• These notes cover ICT IGCSE Safety and Security

Physical Safety

• Electrocution can occur from spilling drinks near computers, ICT labs, & office desks; all drinks should be kept away
• Overheating of equipment can be prevented by ensuring good ventilation and not covering equipment in use
• Tripping over trailing cables can be prevented by using cable ducts and tucking cables away
• Strategies to minimize potential safety risks include regular equipment maintenance, cable checks, using wireless connections, and ensuring trip hazards are removed from under desks

E-Safety and Personal Data

• Personal data includes contact details, addresses, personal images, payment details, medical histories, political views, family details, and passwords
• This data should be confidential to prevent stalking, theft, blackmail, or sale to third parties

Avoiding Inappropriate Disclosure

• Ensure privacy settings on social media are activated
• Do not share data with strangers via social media or email
• Do not post inappropriate content
• E-safety lessons in schools educate the youth on potential risks of using the internet appropriately

Internet Use and Email Safety

• Personal online activity includes general browsing for news, research, and online shopping/banking
• Email is utilized to contact friends, family, co-workers, share attachments (images, presentations), and contact organizations
• Minimize the potential dangers of internet use by using trusted websites, student-friendly search engines with safety filters, and restricted content access
• When emailing, only correspond with known people, think before opening emails from unknown people, and protect personal information, such as your school's name or your picture in school uniform

Social Media and Online Gaming

• Social media is used personally to share information with friends and followers, and for business to promote awareness
• Online gaming is now popular on various platforms, with many games offering multiplayer options
• Minimize the potential dangers by knowing how to block and report unwanted users, never giving out personal information, avoiding meeting strangers, and keeping adults informed
• When gaming, never use your real name, use appropriate language, and only play with trusted friends

Hacking and Prevention

• Hacking is unauthorized access to a computer system without the user's knowledge or permission
• Effects of hacking include deleting, corrupting, copying, and editing files, identity theft, exposing company information, and disrupting production
• Strategies to prevent hacking include using firewalls, strong passwords, protection software, and hiring a professional hacker

Spyware

• Spyware secretly monitors computer use, logging keystrokes and internet browsing activity
• Spyware sends collected data to the planter, including passwords and banking details, with the ability to also install software to read cookie data and alter your web browsing preferences
• Anti-spyware software and using a pointing device to select characters can prevent spyware

Phishing

• Phishing involves deceptive emails requesting users to update details, potentially passwords, for financial gain by threat actors
• Victims are tricked into entering data on fake websites, and the gained details are then used fraudulently or for identity theft.
• Email filters to allow only emails from safe senders.

Pharming

• Pharming involves malicious code installed on a web server or computer redirecting users to a fake website, even with a legitimate URL
• A user will be tricked into entering personal details on a fake website that looks like the real website, which can lead to fraud or identity theft
• Anti-spyware software could eliminate pharming code from a computer

Smishing

• Smishing (SMS phishing) involves fake text messages claiming a prize, requesting a call or website visit to give personal information
• Double check the SMS message, paying attention to spelling to ensure it is free of mistakes

Spam Email

• Spam is unsolicited junk email sent to many recipients from a mailing list.
• Spam could be part of a phishing scam or promoting products
• Avoid clicking on suspicious links

Credit Card Fraud

• Online credit card fraud is when a user is tricked into giving financial and information through phishing, pharming, and spyware.
• Accounts can be breached and used for unauthorized purchases, and money can be transferred from a breached account
• Use a strong password, ensure websites have a secure connection, install/update spyware software, and regularly check bank statements

Biometrics

• Authentication relies on unique human characteristics, requiring the user's presence and making data difficult to copy
• Fingerprint scans press a finger against a scanner, comparing to the database for identification
• Retina/iris scans use infrared to scan unique blood vessel patterns in the retina
• Face recognition scans physical facial features
• Voice recognition compares speech to a stored voice pattern
• Advantages of voice and face recognition include that they are non-instrusive as a method, and are cheap to implement

Firewalls

• Firewalls provide security to a computer or network, located between the computer and internet connection
• Firewalls examine network traffic and block/alert users to potential risks

Passwords

• Passwords are a common authentication method used when logging into user accounts online
• Breached passwords can lead to account hacks and shared information

Encryption

• Secures data and requires a 'key' to reveal the original information

Cloud Storage

• Cloud storage provides a medium used to back up files, which can be accessed from any device with an internet connection

Moderated forums

• Moderated forums are online discussion forums where all posts are moderated by an administrator

Un-moderated forums

• Un-moderated forums are online discussion forums where no measures are put in place to moderate posts by users

Digital Certificates

• Digital certificates verify the sender’s identity & provides for the encrypted response

Secure Socket Layer (SSL)

• Security protocol using a secure connection, ensuring data is kept safe when sending sensitive information and encrypting it before sending
• Only the other computer party can read and understand the exchanged data
• Security validated by certificate authorities by validating secure websites SSL provides for a S after http in the URL address.
• A padlock appears on browser and company name is green when valid.