Graham Brown, Brian Sargent - Cambridge International AS Level Information Technology Student's Book-Hodder Education (2024).pdf
Document Details
Uploaded by RefreshingPointOfView
2024
Cambridge International
Tags
Related
- George Reynolds - Ethics in Information Technology-Course Technology (2014)-63-87.pdf
- Cambridge 8-sinf Informatika.pdf
- Cambridge IGCSE information and communication technology. by Graham Brown David Watson (z-lib.org).pdf
- ICT Information and Communications Technology Cambridge IGCSE Lesson 1_Part1 PDF
- Cambridge IGCSE Information and Communication Technology Third Edition PDF
- Cambridge IGCSE Information and Communication Technology PDF
Full Transcript
This page intentionally left blank 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 1 23/11/23 7:02 AM F-0120 /147/HO02989/work/indd Cambridge...
This page intentionally left blank 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 1 23/11/23 7:02 AM F-0120 /147/HO02989/work/indd Cambridge International AS Level Information Technology Second edition Graham Brown Brian Sargent 9781036005603_CIE_AS_Level_IT_Title_Page.indd 1 26/10/2023 14:08 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 2 30/11/23 7:36 PM elhiddnnew /147/HO02989/work/indd Endorsement indicates that a resource has passed Cambridge International Education’s rigorous quality-assurance process and is suitable to support the delivery of a Cambridge syllabus. However, endorsed resources are not the only suitable materials available to support teaching and learning, and are not essential to achieve the qualification. Resource lists found on the Cambridge website will include this resource and other endorsed resources. Any example answers to questions taken from past question papers, practice questions, accompanying marks and mark schemes included in this resource have been written by the authors and are for guidance only. They do not replicate examination papers. In examinations the way marks are awarded may be different. Any references to assessment and/or assessment preparation are the publisher’s interpretation of the syllabus requirements. Examiners will not use endorsed resources as a source of material for any assessment set by Cambridge International Education. While the publishers have made every attempt to ensure that advice on the qualification and its assessment is accurate, the official syllabus, specimen assessment materials and any associated assessment guidance materials produced by the awarding body are the only authoritative source of information and should always be referred to for definitive guidance. Our approach is to provide teachers with access to a wide range of high-quality resources that suit different styles and types of teaching and learning. For more information about the endorsement process, please visit www.cambridgeinternational.org/endorsed-resources. Cambridge International Education copyright material in this publication is reproduced under licence and remains the intellectual property of Cambridge University Press & Assessment. Third-party websites and resources referred to in this publication have not been endorsed by Cambridge International Education. Answers to the practice questions and activities and all source files needed for the Student’s Book can be downloaded from www. hoddereducation.com/cambridgeextras. Computer hardware and software brand names mentioned in this book are protected by their respective trademarks and are acknowledged. Photo credits: p50 [top] © Courtesy of International Business Machines Corporation, © International Business Machines Corporation; p50 [bottom] © Julian Herzog/CC BY (https://creativecommons.org/licenses/by/4.0); p93 [left] © Alvey & Towers Picture Library/Alamy Stock Photo; p93 [right] © David Jones/PA Images/Alamy Stock Photo; p93 [bottom] © Justin Kase zsixz/Alamy Stock Photo; p267 © MclittleStock/ stock.adobe.com; p269 [left] © imageBROKER.com GmbH & Co. KG/Alamy Stock Photo; p269 [right] © Firas Nashed/stock.adobe.com; p271 © Designua/stock.adobe.com Text credits: p46 Table 1.14 reproduced by permission of Lloyd’s Register; p151 Figure 6.3 adapted from, ‘Americans with lower incomes have lower levels of technology adoption’ Pew Research Center, Washington, D.C. (21 June 2021) https://www.pewresearch.org/ short-reads/2021/06/22/digital-divide-persists-even-as-americans-with-lower-incomes-make-gains-in-tech-adoption/ft_2021-06-22_ digitaldivideincome_01/; Microsoft, (Access, Excel, Movie Maker, Photos, Windows and Word) are trademarks of the Microsoft group of companies; Apple Mac is a trademark of Apple Inc., registered in the U.S. and other countries and regions. Although every effort has been made to ensure that website addresses are correct at time of going to press, Hodder Education cannot be held responsible for the content of any website mentioned in this book. It is sometimes possible to find a relocated web page by typing in the address of the home page for a website in the URL window of your browser. Hachette UK’s policy is to use papers that are natural, renewable and recyclable products and made from wood grown in well-managed forests and other controlled sources. The logging and manufacturing processes are expected to conform to the environmental regulations of the country of origin. To order, please visit www.hoddereducation.com or contact Customer Service at [email protected]/+44 (0)1235 827827. ISBN: 978 1 0360 0560 3 © Graham Brown and Brian Sargent 2024 First published in 2021 This edition published in 2024 by Hodder Education, An Hachette UK Company Carmelite House 50 Victoria Embankment London EC4Y 0DZ www.hoddereducation.com Impression number 10 9 8 7 6 5 4 3 2 1 Year 2028 2027 2026 2025 2024 All rights reserved. Apart from any use permitted under UK copyright law, no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, or held within any information storage and retrieval system, without permission in writing from the publisher or under licence from the Copyright Licensing Agency Limited. Further details of such licences (for reprographic reproduction) may be obtained from the Copyright Licensing Agency Limited, www.cla.co.uk Cover photo © cookiecutter – stock.adobe.com Illustrations by Barking Dog Art Typeset in India by Aptara Inc Printed in Bosnia and Herzegovina A catalogue record for this title is available from the British Library. 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 3 23/11/23 7:02 AM F-0120 /147/HO02989/work/indd Contents list Introduction v 1 Data processing and information 1 1.1 Data and information 1 1.2 Quality of information 7 1.3 Encryption 10 1.4 Checking the accuracy of data 18 1.5 Data processing 27 2 Hardware and software 49 2.1 Mainframe computers and supercomputers 49 2.2 System software 59 2.3 Utility software 64 2.4 Custom-written software and off-the-shelf software 70 2.5 User interfaces 72 3 Monitoring and control 76 3.1 Monitoring and measurement technologies 76 3.2 Control technologies 82 4 Algorithms and flowcharts 98 4.1 Algorithms 98 4.2 Flowcharts 114 5 eSecurity 120 5.1 Personal data 120 5.2 Malware 130 6 The digital divide 137 6.1 What is the digital divide? 137 6.2 Causes of the digital divide 138 6.3 The effects of the digital divide 140 6.4 Groups affected by the digital divide 146 7 Expert systems 155 7.1 What is an expert system? 155 7.2 Different scenarios where expert systems are used 157 7.3 Chaining 162 iii 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 4 04/12/23 8:07 PM f-0113 /147/HO02989/work/indd 8 Spreadsheets 168 Contents list 8.1 Creating a spreadsheet 169 8.2 Testing a spreadsheet 230 8.3 Using a spreadsheet 234 8.4 Graphs and charts 244 9 Modelling 254 9.1 Modelling 254 9.2 Simulations 268 9.3 Using what-if analysis 272 10 Database and file concepts 276 10.1 Database basics 276 10.2 Normalising data 325 10.3 Creating a data dictionary 330 10.4 File and data management 331 11 Video and audio editing 340 11.1 Video editing 340 11.2 Audio editing 355 Glossary 369 Index 377 Answers can be found at www.hoddereducation.com/CambridgeExtras iv 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 5 23/11/23 7:02 AM F-0120 /147/HO02989/work/indd Introduction INTRODUCTION This textbook has been written to provide the knowledge, understanding and practical skills required by those studying the AS Level content (Topics 1–11) of the Cambridge International AS & A Level Information Technology syllabus (9626) for examination from 2025. Students studying the full A Level will also need to become familiar with the A Level content (Topics 12–21), covered in Hodder Education’s Cambridge International A Level Information Technology. How to use this book This textbook, endorsed by Cambridge International Education, has been designed to make your study of Information Technology as successful and rewarding as possible. Organisation The book comprises 11 chapters, the titles of which correspond exactly with the topics in the syllabus. Each chapter is broken down into sections, which largely reflect the subtopics in the syllabus. Features Each chapter contains a number of features designed to help you effectively navigate the syllabus content. At the start of each chapter, there is a blue box that provides a summary of the content to be covered in that topic. In this chapter you will learn: ★ about the sensors and calibration used in monitoring technologies ★ about the uses of monitoring technologies ★ about the sensors and actuators used in control technologies ★ how to write an algorithm and draw a flowchart. There is also a box that lists the knowledge you should have before beginning to study the chapter. Before starting this chapter you should: ★ be familiar with the terms ‘observation’, ‘interviews’, ‘questionnaires’, ‘central processing unit (CPU)’, ‘chip and PIN’, ‘direct access’, ‘encryption’, ‘file’, ‘key field’, ‘RFID’, ‘sort’, ‘validation’ and ‘verification’. Chapters that require you to do practical work also feature a list of source files that you will need to use. These can be found here: www.hoddereducation.com/cambridgeextras. For this chapter you will need these source files: n TuckShop.csv n Widget.csv v 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 6 23/11/23 7:02 AM F-0120 /147/HO02989/work/indd The practical chapters contain Tasks. The text demonstrates the techniques used INTRODUCTION to carry out the tasks. It provides easy-to-follow step-by-step instructions, so that practical skills are developed alongside the knowledge and understanding. Tasks often include the use of source files that you can download from www.hoddereducation.com/cambridgeextras. Task 8e Open and examine the file Stock.csv. Split this so that both types of stock can be viewed together. Save the spreadsheet as Task_8e. Each chapter also includes Activities to allow you to check your understanding of the concepts covered and practise the skills demonstrated in the Tasks. In the practical chapters, these often require the use of source files from the website. Activity 1a Explain the difference between data and information. Advice and shortcuts for improving your ICT skills are highlighted in Advice boxes. Advice A common error made by people writing algorithms with nested loops is not matching up the number of WHILE statements with the same number of ENDWHILEs. The same error can happen with REPEATs and UNTILs. You must always check this and make sure they are correctly indented. Finally, each chapter ends with practice questions. These practice questions and their sample answers, as well as the activities throughout the book have been written by the authors. Answers to the practice questions and activities and the source files needed for the Student’s Book can be downloaded from www.hoddereducation.com/ cambridgeextras. Practice questions 1 A collection of data could be this: johan, , $, , AND Explain why they are regarded as just items of data. In your explanation give a possible context for each item of data and describe how the items would then become information. 2 A company uses computers to process its payroll, which involves updating a master file. a State what processes must happen before the updating can begin. b Describe how a master file is updated using a transaction file in a payroll system. You may assume that the only transaction being carried out is the calculation of the weekly pay before tax and other deductions. 3 a Name and describe three validation checks other than a presence check. b Explain why a presence check is not necessary for all fields. 4 A space agency controls rockets to be sent to the moon. Describe how real-time processing would be used by the agency. 5 Describe three different methods used to carry out verification. vi 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 7 30/11/23 7:37 PM elhiddnnew /147/HO02989/work/indd Text colours INTRODUCTION Some words or phrases within the text are printed in red. Definitions of these terms can be found in the glossary at the back of the book. In the practical section, words that appear in blue indicate an action or location found within the software package, for example ‘Select the Home tab.’ In the database sections of the book, words in orange show fieldnames. Words in green show the functions or formulas entered into the cell of a spreadsheet, for example a cell may contain the function =SUM(B2:B12). Assessment The information in this section is taken from the Cambridge International Education syllabus. You should always refer to the appropriate syllabus document for the year of examination to confirm the details and for more information. The syllabus document is available on the Cambridge International Education website at www.cambridgeinternational.org. If you are following the AS Level part of the course, you will take two examination papers: Paper 1 Theory (1 hour 45 minutes); Paper 2 Practical (2 hours 30 minutes). Command words The table below, taken from the syllabus, includes command words used in the assessment for this syllabus. The use of the command word will relate to the subject context. Make sure you are familiar with these. Command word What it means Analyse Examine in detail to show meaning, identify elements and the relationship between them Assess Make an informed judgement Compare Identify/comment on similarities and/or differences Contrast Identify/comment on differences Define Give precise meaning Describe State the points of a topic/give characteristics and main features Discuss Write about issue(s) or topic(s) in depth in a structured way Evaluate Judge or calculate the quality, importance, amount or value of something Explain Set out purposes or reasons/make the relationships between things clear/say why and/or how and support with relevant evidence Identify Name/select/recognise Justify Support a case with evidence/argument State Express in clear terms Suggest Apply knowledge and understanding to situations where there are a range of valid responses in order to make proposals/put forward considerations vii 005603_FM_CAIE_AS_Level_IT_BP_i-viii.indd Page 8 30/11/23 7:40 PM elhiddnnew /147/HO02989/work/indd Notes for teachers INTRODUCTION Key concepts These are the essential ideas that help learners to develop a deep understanding of the subject and to make links between the different topics. Although teachers are likely to have these in mind at all times when they are teaching the syllabus, the following icons are included in the textbook at points where the key concepts relate to the text (note that not all of these key concepts are relevant to the AS Level course and some will only feature in the A Level book). Hardware and software Hardware and software interact with each other in an IT system. It is important to understand how these work and how they work together with each other and with us in our environment. Networks Computer systems can be connected together to form networks allowing them to share data and resources. The central role networks play in the internet, mobile and wireless applications and cloud computing has rapidly increased the demand for network capacity and performance. The internet The internet is a global communications network. It uses standardised communications protocols to allow computers worldwide to connect and share information in many different forms. The impact of the internet on our lives is profound. While the services the internet supports can provide huge benefits to society they have also introduced issues, for example security of data. System life cycle Information systems are developed within a planned cycle of stages. They cover the initial development of the system and continue through to its scheduled updating or redevelopment. New technologies As the information industry changes so rapidly, it is important to keep track of new and emerging technologies and consider how they might affect everyday life. Additional support The Cambridge International AS Level Information Technology Skills Workbook is a write-in resource designed to be used throughout the course. It provides students with extra opportunities to test their understanding of the knowledge and skills required by the syllabus. viii 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 1 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd 1 Data processing and information 1.1 Data and information In this chapter you will learn: ★ what is meant by the terms ‘data’ and ★ about the methods and uses of validation and ‘information’ and about their use verification ★ what is meant by the terms ‘direct’ and ★ about the methods and uses of different ‘indirect’ data and about their uses and sources methods of processing (batch, online, real-time) ★ what is meant by ‘quality of information’ ★ how to write a simple algorithm. ★ what is meant by ‘encryption’, why it is needed, and about the methods and uses of encryption and protocols Before starting this chapter you should: ★ be familiar with the terms ‘observation’, ‘interviews’, ‘questionnaires’, ‘central processing unit (CPU)’, ‘chip and PIN’, ‘direct access’, ‘encryption’, ‘file’, ‘key field’, ‘RFID’, ‘sort’, ‘validation’ and ‘verification’. 1.1 Data and information Before we consider data processing, we need to define the term data. To be completely accurate, the word ‘data’ is the plural of ‘datum’, a single piece of data. Often, however, we use data in both the singular and the plural senses. It seems awkward to say ‘the data are incorrect’ so we tend to say ‘the data is incorrect’. When we use the word ‘data’, it can mean many different things. A lot of people frequently confuse the terms ‘data’ and ‘information’. For the purposes of this course we will consider data to be what is usually known as ‘raw’ data. Data can take several forms; it can be characters, symbols, images, audio clips, video clips and so on, none of which, on their own, have any meaning. It is important for you to learn what the term information means when we use it in information technology. Information is data that has been given meaning, which often results from the processing of data, sometimes by a computer. The processed data can then be given a context and have meaning. The difference between data and information is that data has no meaning, whereas information is data which has been given meaning. Here are some examples: Sets of data: 110053, 641609, 160012, 390072, 382397, 141186 01432 01223 01955 01384 01253 01284 01905 01227 01832 01902 01981 01926 01597 σωρFma 1 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 2 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd These are sets of data which do not have a meaning until they are put into 1 context. If we are told that 110053, 641609, 160012, 390072, 382397 and 141186 are all postal codes in India (a context), the first set of data becomes information as it now has meaning. Similarly, if you are informed that 01432, 01223, 01955, 01384, 01253, 01284, 01905, 01227, 01832, 01902, 01981, 01926 and 01597 are telephone area dialling codes in the UK, they can now be read in context and we can understand them, as they now have a meaning. 1 Data processing and information The final set of data seems to be letters of the Greek alphabet apart from F, m and a, which are letters in the Latin alphabet. However, if we are told that the context is mathematical, scientific or engineering formulas, we can see that they all represent a different variable: σ represents standard deviation, ω represents angular velocity, ρ is density, F is force, m is mass and a is acceleration. They each now have meaning. 1.1.1 Data processing On a computer, data is stored as a sequence of binary digits (bits) in the form of ones and zeros. We will discuss bits later in this chapter, when we look at parity checks. We can store data on a fixed or removeable media such as hard-disk drive, solid-state drive, DVDs, SD cards, memory sticks or in R AM. Data is usually processed for a particular purpose, often so that it can be analysed. The computer processing involved uses different operations to produce new data from the source data. You will, perhaps, have met this in previous practical work you have done, where you may have been given source files, including.csv files. You may have been asked to open these in a spreadsheet and add formulas. This is the processing of that data so that it then has meaning. To sum up, data is input, stored, and processed by a computer, for output as usable information. Later in this chapter we will look at different types of processing. Activity 1a Explain the difference between data and information. 1.1.2 Direct and indirect data Direct data is data that is collected for a specific purpose or task and is used for that purpose and that purpose only. It is often referred to as ‘original source data’. Examples of sources of direct data are questionnaires, interviews, observation, and data logging. Indirect data is data that is obtained from a third party and used for a different purpose to that which it was originally collected for and which is not necessarily related to the current task. Examples of sources of indirect data are the electoral register and businesses collecting personal information for use by other organisations (third parties). Direct data sources Direct data sources are sources that provide the data gatherer with original data. We will consider four such sources. 2 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 3 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd Questionnaires A questionnaire consists of a set of questions, usually on a specific subject or issue. The questions are designed to gather data from those people being questioned. A questionnaire can be a mixture of what are called closed 1 questions (where you have to choose one or more answers from those provided) and open-ended questions (questions where you can write in your answers in more detail). Questionnaires are easy to distribute, complete and collect as most people are familiar with the process. They can be completed on paper or on computer. 1.1 Data and information Interviews An interview is a formal meeting, usually between two people, where one of them, the interviewer, asks questions, and the other person, the interviewee, answers those questions. Interviews are used to collect data about a topic and can be structured or unstructured. Structured interviews are similar to a questionnaire, whereby the same questions are asked in the same order for each interviewee and with a choice of answers. Unstructured interviews can be different for each interviewee, particularly as they give them the opportunity to expand on their answers. There is usually no pre-set list of answers in an unstructured interview. Observation Observation is a method of data collection in which the data collectors watch what happens in a given situation. The observer collects data by seeing for themselves what happens, rather than depending on the answers from interviewees or the accuracy of completed questionnaires. The collected data is then recorded and analysed. An activity could be for students to decide whether traffic lights are needed at a road junction to allow the smooth flow of traffic. Observation could consist of watching and counting the number of cars passing through the junction. It might also involve watching the traffic at the junction and timing how long it takes for a certain number of vehicles to pass. Data logging Data logging means using a computer and sensors to collect data. The data is then analysed, saved and the results are output, often in the form of graphs and charts. Data logging systems can gather and display data as an event happens. The data is usually collected over a period of time, either continuously or at regular intervals, in order to observe particular trends. It involves recording data from one or more sensors and the analysis usually requires special software. Data logging is commonly used in scientific experiments, in monitoring systems where there is the need to collect information faster than a human possibly could, in hazardous circumstances such as volcanoes and nuclear reactors, and in cases where accuracy is essential. Examples of the types of information a data logging system can collect include temperatures, sound frequencies, light intensities, electrical currents, and pressure. Uses of direct data An example of a use of direct data could be planning the alteration of a bus route. A committee of residents on a new housing development, just outside a local village, wants a bus company to re-route the bus service from the local village to the town centre so that residents on the new development are able to get to the town centre more easily. It will, however, involve the bus route 3 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 4 23/11/23 12:25 PM f-0117 /147/HO02989/work/indd running through open countryside near the village. In order to persuade the 1 bus company to change the bus route, the committee will need to collect some original data to present to them. This data will include: » How long it takes to walk from the new development to the existing bus routes. » The number of passengers who use the existing route. » The number of passengers who would use the new route. » The effect the villagers think the changed route would have on their daily 1 Data processing and information lives. Here are some examples of how data could be collected. » How long it takes to walk from the new development to the existing bus routes. Original data could be collected by actually walking from various points in the new development and timing how long it would take. This might not be practical if several points on the new development have to be considered, given the time it would take to measure all the possible walking times. This could be considered to be a form of observation. » The number of passengers who use the existing route. The suggested method to be used is a data-logger. Sensors fitted around the door of each bus could be used to count the numbers of passengers boarding and getting off at each stop. From these it can be calculated how many passengers are on the bus at any point along its route. The data would be fed back to a data-logger or a tablet computer. » The number of passengers who would use the new route. In order to save time, questionnaires could be used. People living on the new development would be asked to complete the questionnaires. The completed questionnaires could then be transferred to a computer. Provided that the questionnaires were completed honestly, an accurate assessment of how many passengers would use the new route could be obtained. » The effect the villagers think the changed route would have on their daily lives. In order to ensure completely honest responses, face-to-face interviews would be best. The disadvantages of interviews are the length of time the process would take and the potential difficulties of transferring the responses into a format that a computer could deal with. However, because the interviewer can add follow- up questions, the answers would be more accurate. Indirect data sources Indirect data sources are third-party sources that the data gatherer can obtain data from. We will consider five such sources. Weather data In Chapter 2, we will see how supercomputers are used to help with forecasting the weather. In the UK, the meteorological office (Met Office) has many weather stations around the country. Many different weather variables are recorded using computerised weather stations. This data is collected by the Met Office for use 4 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 5 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd in weather forecasting. Because these weather stations belong to the Met Office 1 and the data is collected solely for the purpose of weather forecasting, it can be considered to be direct data. If, however, a construction company purchases the data, it becomes indirect data. This is because designing the construction of a building is not the purpose the original weather data was collected for. Electoral register The electoral register, also referred to as the electoral roll, is an example of an indirect data source. It is a list of adults who are entitled to vote in an 1.1 Data and information election. Some countries have an ‘open’ version of the register which can be purchased and used for any purpose. Electoral registers are used in countries such as the USA, the UK, Australia, New Zealand, and many others. They contain information such as name, address, age and other personal details, although individuals are often allowed to remove some details from the open version. In many countries, the full register can only be used for limited purposes specified by the law in that country. The personal data in the register must always be processed in a way that complies with the country’s data protection laws. Businesses collecting data from third parties Businesses collect a great deal of personal information from third parties, such as their customers, when they sell them a product. Whenever they buy something online, customers have to enter personal information or they have already done this on a previous visit to that business’s website. It is often the case that they agree to the business sharing this with other organisations. Another development, in this regard, has been the emergence of data brokers. These are companies that collect and analyse some of an individual’s most sensitive personal information and sell it to each other and to advertisers and other organisations without the individual’s knowledge. They usually gather it by following people’s internet, social media, and mobile phone activity. Research from textbooks, journals and websites Indirect sources also include research from textbooks, journals and websites. These are the main sources that students tend to use when they are researching information on a particular subject. The students have not collected the information themselves but are relying on information others have collected and analysed. Because they did not collect the information directly from the authors’ sources, these are regarded as indirect sources. Census We will learn more about censuses in Chapter 2. A population census is usually carried out by a government to determine the number of people in a country and information is collected about them. Everybody has to provide data to the government, usually in the form of a questionnaire. When the government uses the data to plan and run public services, it could be considered to be a direct source. However, the main uses of census data are for others who did not collect the information directly, such as businesses, voluntary organisations and academics. The census also provides a lot of information for genealogists, historians and family tree enthusiasts. Without the census, the lives and lifestyles of our ancestors would remain undocumented, making historical research much more difficult. When used by organisations and people other than the government, a census is considered to be an indirect source. 5 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 6 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd Uses of indirect data 1 A construction company can use weather data to design buildings capable of withstanding climate change. It is vital that buildings can withstand the effect of high winds and temperatures. Apart from elections and other government purposes, the electoral register can only be used to select individuals for jury service or by credit reference agencies. These agencies are allowed to buy the full register to help them check the names and addresses of people applying for credit. They are also allowed to use the register to carry out identity checks in an attempt to deal with money laundering. It is a criminal offence for anyone to 1 Data processing and information supply or use the register for anything else. The open register, however, can have various uses; businesses can use it to perform identity checks on their customers, charities often use it for fundraising purposes, debt-collection agencies use it to track down people who owe money. Whenever the address of an individual is required, a business could use the open register to check it. Businesses which collect personal information often use it to create mailing lists that they then sell to other organisations, which are then able to send emails or even brochures through the post. Apart from the uses of census data to create family trees, there are many other uses of such data. Police forces can use census statistics to know where to concentrate their crime prevention efforts. For example, they can see the areas where there are lots of people over 65 years old. Older residents often experience a high number of burglars tricking homeowners into letting them in by claiming they are from utility companies. Police officers giving crime prevention advice can concentrate their efforts in these areas. Census statistics are also essential to local voluntary organisations to understand the local communities they are working in. They provide data such as age, race, gender, ethnicity, languages spoken and household structures. These examples are not the only type of indirect data source. Any organisation that provides data or information to the general public for use by them can be said to be an indirect source. In the bus route example described above, an indirect source could be used to provide some of the required information. For instance, the timetable of the current bus service could be used by the committee to work out the number of passengers using the route by seeing how many times the bus runs during the day. However, this would not be very accurate, as the buses may not carry a full load of passengers each time and this is clearly not the purpose for which the data was intended. Another scenario could be studying pollution in rivers. Direct data sources could be used, of course; questionnaires could be handed out to local landowners and residents in houses near to the river, asking about the effects on them of the pollution, and they could also be interviewed. Computers with sensors could be used to collect data from the river. However, indirect data sources could also be used; documents may have been published by government departments showing pollution data for the area and there may be environmental campaigners who have also published data related to pollution in the area. 6 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 7 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd 1.1.3 Advantages and disadvantages of direct and indirect data Here is a table showing the advantages and disadvantages of direct data when 1 compared to indirect data. Notice how each paragraph contains comparisons: ▼ Table 1.1 Advantages and disadvantages of direct and indirect data Advantages of direct data Disadvantages of direct data We know how reliable direct data is since Because of time and cash restraints, the sample or group size may be small 1.2 Quality of information we know where it originated. Where data whereas indirect data sources tend to provide larger sets of data that would is required from a whole group of people, use up less time and money than using direct data collection with a larger we can ensure that a representative sample size. cross-section of that group is sampled. The person collecting the data may not be able to gain physical access to With indirect data sources we may not particular groups of people (perhaps for geographical reasons), whereas the use know where the data originated and it of indirect data sources allows data from such groups to be gathered. could be that the source is only a small In addition, using a direct data source could be problematic if the people section of that group, rather than a being interviewed are not available, thus reducing sample size, whereas using cross-section of the whole group. This is indirect data sources allows the sample size to be greater, resulting in increased often referred to as sampling bias. confidence in the results produced. The person collecting the data can use It may not be possible to gather original data due to the time of year; methods to gather specific data even if for example summer rainfall data may be needed but at the time of the the required data is obscure, whereas with data-gathering, it is winter. With indirect data, historical weather data is indirect data sources this type of data available irrespective of the time of year. may never have been collected before. The data collector or gatherer only needs To gather data from a specific sample would take a lot longer than it would to collect as much or as little data as with indirect data. In addition, by the time all the required data has been necessary compared to indirect data collected it may possibly be out of date so an indirect data source could sources, where the original purpose for have been used. which data was collected may be quite Indirect data may be of a higher quality as it might have already been different to the purpose for which it is collated and grouped into meaningful categories whereas with direct data needed now. Irrelevant data may need to sources, questionnaire answers can sometimes be difficult to read and be removed. the transcripts of interviews take time to read in order to create the data source. Once the data has been collected it Compared to indirect data sources, the collection of data may be more may be useful to other organisations expensive than using an indirect data source as people may have to be and there may be opportunities to sell paid to collect it. Extra cost may be incurred as special equipment has to the data to them, reducing the expense be bought, such as data-loggers and computers with sensors, or purchasing of collection. With indirect data this the paper for questionnaires, whereas this would not be needed using an opportunity will probably not arise as indirect source. There are, however, still costs involved when using indirect organisations can go direct to the source data sources, such as the travelling expenses and time taken to go to the themselves. source, which can be fairly expensive but not as expensive as using direct data sources. Activity 1b 1 Explain why observation is considered to be a direct data source. 2 Give two differences between indirect data and direct data. 1.2 Quality of information Measuring the quality of information is sometimes based on the value which the user places on the information collected. As such it could be argued that the judgement regarding the quality of information is fairly subjective, that is, 7 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 8 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd it depends on the user and such judgements can vary between users. However, 1 many experts do suggest that these judgements can be objective if based on factors which are believed to affect the quality of information. Poor quality data can lead to serious consequences. Poor data may give a distorted view of business dealings, which can then lead to a business making poor decisions. Customers can be put off dealing with businesses that give poor service due to inaccurate data, causing the business to get a poor reputation. With poor quality data it can be difficult for companies to have accurate knowledge of their current performance and sales trends, which makes it hard 1 Data processing and information for them to identify worthwhile future opportunities. One example can be seen in the data provided by a hospital in the UK, which resulted in it being temporarily closed down, until it was realised that the death rate data provided had been incorrect and it was actually significantly lower. Meanwhile, in the USA, incorrectly addressed mail costs the postal service a substantial amount of money and time to process correctly. Some of the factors that affect the quality of information are described here. 1.2.1 Factors that affect the quality of information Accuracy As far as possible, information should be free from errors and mistakes. The accuracy of information often depends on the accuracy of the collected data before it is processed. If the original data is inaccurate then the resulting information will also be inaccurate. In order to make sure the information is accurate, a lot of time needs to be given to the collection and checking of the data. Mistakes can easily occur. Consider a simple stock check. If it is carried out manually, a quantity of 62 could easily be copied down as 26 if the digits were accidentally transposed. This information is now inaccurate. More careful checking of the data might have prevented this. We will look at methods of checking the accuracy of data, such as verification and validation, later in this chapter. It is easy to see how errors might occur during the data collection process. When using a direct data source, if we have not made the questions clear then the people answering the questionnaires or being interviewed may not understand them. We need to make sure that questions are clearly phrased and are unambiguous, otherwise they might lead interviewees into providing the answers that they think the interviewer is expecting. This can lead to the same response being given by everyone, even though the question is open-ended. If the questions are too open-ended, it could be difficult to quantify the responses. It is often a good idea to include multiple-choice questions where the respondent chooses an answer from those provided. These can be quantified quite easily. It is important, however, to include a sufficient number of alternative answers. Other reasons why the information derived from a study might be inaccurate are that the sample chosen is not representative of the whole group or that the data collector makes some errors when collecting or when entering the data into a computer. If sensors are being used, these must be calibrated before use and must be properly connected to the computer. In addition, the computer system needs to be set up correctly so that the readings are interpreted correctly. Relevance When judging the quality of information, we need to consider the data that is being collected. Relevance is an important factor because there has to be a good reason why that particular set of data is being collected. Data captured should be 8 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 9 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd relevant to the purposes for which it is to be used. It must meet the requirements 1 of the user. The question needs to be asked is the data really needed or is it being collected just for the sake of it. The relevance of data matters because the collection of irrelevant data will entail a waste of time as well as money. There are a number of ways in which the data may or may not be relevant to the user’s needs. It could be too detailed or concentrate too much on one aspect. On the other hand, it might be too general, covering more aspects of the task than is necessary. It may relate to geographical areas that are not really part of the study. Where the study is meant to be about pollution in a local area, for 1.2 Quality of information example, data from other parts of the country would not be relevant. When looking for relevant information, it is important to be clear about what the information needs are for each specific search. It is also necessary to be clear about the search strategy: what the user wants and does not want to find and therefore what the user needs to look for. In an academic study, it is important to select academic sources. Business sources or sources which appear to have a vested interest should be ignored. Having selected the sources, it is important to select the relevant information within them. Consider a school situation. You need to study a tremendous amount of information to prepare for your exams. How would you feel if your teachers chose to spend several lessons talking about aspects of the subject that they found really interesting? You may find that it was very interesting, but it probably would not be very relevant to what you need to pass your course. Age How old information is can affect its quality. As well as being accurate and relevant, information needs to be up-to-date. Most information tends to change over time and inaccurate results can arise from information which has not been updated regularly. This could apply, for example, to personal information in a database being left unchanged. Someone could get married and have a baby. If the original information was used, which had the person as single with no dependants, this would produce inaccurate results if the person was applying for a loan. This is because people who are married with children tend to be viewed as being more responsible and more likely to keep up with repayments. This inaccurate information would also affect a retailer’s targeted advertising if it wanted to sell baby products to such customers, as the person would not appear on its list of targets. The age of information is important, because information that is not up-to-date can lead to people making the wrong decisions. In turn, that costs organisations time, money, and therefore, profits. Level of detail For information to be useful, it needs to have the right amount of detail. Sometimes, it is possible for the information to have too much detail, making it difficult to extract the information you really want. Information should be in a form that is short enough to allow for its examination and use. There should be no extraneous information. For example, it is usual to summarise statistical data and produce this information either in the form of a table or using a chart. Most people would consider a chart to be more concise than data in tables, as there is little or no unnecessary information in a chart. A balance has to be struck between the level of detail and conciseness. Suppose a car company director wants to see a summary of the sales figures of all car models for the last year. The information with the correct level of detail would be a graph showing the overall figures for each month. If the director was given figures showing the sales of each model every day of the previous 12 months in the form of a large report, this would be 9 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 10 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd seen as the wrong level of detail because it is not a summary. It is important to 1 understand what the user needs when they ask you for specific information. On the other hand, the information might not have enough detail, meaning that you do not get an overall view of the problem. This links closely to the issue of the completeness of the information, which we will look at next. Completeness of the information In order for information to be of high quality it needs to be complete. To be complete, information must deal with all the relevant parts of a problem. If it is 1 Data processing and information incomplete, there will be gaps in the information and it will be very difficult to use to solve a particular problem or choose a certain course of action. Discovering and collecting the extra information in order to remove these gaps may result in improving the quality of the information, but can prove to be time-consuming. Therefore, if the information is not complete, a decision has to be made: either that it is complete enough to make a decision about a problem or that additional data needs to be collected to complete the information. Consider the car company director mentioned above who wants to see a summary of the sales figures for the last year. If the director was given figures showing the sales for the first six months, this would be incomplete. If the director was shown the figures for only the best-selling models, this would be incomplete. It is important to understand what the user needs when they ask you for specific information. To sum up, completeness is as necessary as accuracy when inputting data into a database. Activity 1c 1 List two factors that affect the quality of information. 2 Briefly describe what is meant by the quality of information. 1.3 Encryption 1.3.1 The need for encryption Whenever you send personal information across the internet, whether it is credit card information or personal details, there is a risk that it can be intercepted. Once it is intercepted the information can be changed or used for purposes such as identity theft, cyber-fraud, or ransomed off. If it is information regarding a company’s secrets, it could be sold by hackers to rival companies. If, however, the information is intercepted but it is unreadable or cannot be understood, it becomes useless to the hacker or interceptor. Too many companies or individuals become victims of hackers taking advantage of readily available usernames and passwords. No matter how vigilant we are regarding the security of our computer systems, hackers will always find a way of getting into them, but if they cannot decipher the information, it will mean the act of hacking is not worthwhile. This is where encryption comes in. Encryption keeps much of our personal data private and secure, often without us realising it. It prevents hackers from reading and understanding our personal communications and protects us when we bank and shop. Data is scrambled or jumbled up so that it is completely unreadable. This prevents hackers understanding the data, as all they see is a random selection of letters, numbers and symbols. Encryption is a way of scrambling data so that only authorised people can understand the information. It is the process of converting information into a 10 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 11 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd code which is impossible to understand. This process is used whether the data is 1 being transmitted across the internet or is just being stored. It does not prevent cyber criminals intercepting sensitive information, but it does prevent them from understanding it. Technically, it is the process of converting plaintext to ciphertext. It is not just personal computers that are affected; businesses and commercial organisations are also liable to be affected by hacking activities. Employing data encryption is a safe way for companies to protect their confidential information and their reputation with their clients, since the benefits of encryption do not 1.3 Encryption just apply to the use of the internet. Information should also be encrypted on computers, hard-disk drives, pen drives and portable devices, whether they be laptops, tablets, or smartphones. The misuse of the data on these devices will be prevented, should the device be hacked, lost, or stolen. 1.3.2 Methods of encryption Encryption is the name given to converting data into a code by scrambling it, with the resulting symbols appearing to be all jumbled up. The algorithms (we will be looking at the topic of algorithms in much more detail in Chapter 4) which are used to convert the data are so complex that even the most dedicated hacker with plenty of time to spare and hacking software to help them would be extremely unlikely to discover the meaning of the data. Encrypted data is often called ciphertext, whereas data before it is encrypted is called plaintext. The way that encryption works is that the computer sending the message uses an encryption key to encode the data. The receiving computer has a corresponding decryption key that can translate it back again. The process of decryption here is basically reversing the encryption. A key is just a collection of bits, often randomly generated by a computer. The greater the length of the key, the more effective the encryption. Many systems use 128-bit keys which gives 2128 different combinations. It has been estimated that it would take a really powerful computer 1018 (1 000 000 000 000 000 000 [one quintillion]) years to go through all the different combinations. Modern encryption uses 256- bit keys which would take very much longer to crack. As you can imagine, this makes this form of encryption virtually impossible to crack. The key is used in conjunction with an algorithm to create the ciphertext. Plaintext Ciphertext Plaintext Encryption Fhk*$r Decryption This is a test algorithm tldbh6 algorithm This is a test message 0)qARt message which is to be encrypted. + B!&Dl Ntf8aL + which is to be encrypted. Kwas7 Encryption key Decryption key ▲ Figure 1.1 Encryption There are two main types of encryption. One is called symmetric encryption and the other is asymmetric encryption, which is also referred to as public-key encryption. Symmetric encryption Symmetric encryption, often referred to as ‘secret key encryption’, involves the sending computer, or user, and the receiving computer, or user, having the same 11 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 12 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd key to encrypt and decrypt a message. Although symmetric encryption is a much 1 faster process than asymmetric encryption, there is the problem of the originator of the message making sure the person receiving the message has the same private key. The originator has to send the encryption key to the recipient before they can decrypt the message. This, however, leads to security problems, since this key could be intercepted by anybody and used to decrypt the message. Many companies overcome this problem by using asymmetric encryption to send the secret key but use symmetric encryption to encrypt data. So, with symmetric encryption both sender and recipient have the same secret, private, encryption key which scrambles 1 Data processing and information the original data and unscrambles it back to an understandable format. Asymmetric encryption Asymmetric encryption, sometimes referred to as ‘public-key encryption’, uses two different keys, one public and one private. A public key, which is distributed among many users or computers, is used to encrypt the data. Essentially, this public key is published for anyone to use to encrypt messages. A private key, which is only available to the computers, or users, receiving the message, is used to decrypt the data. When a message is encrypted using the public key, it can be sent across a public channel such as the internet. This is not a problem as the public key cannot be used to decrypt a message that it was used to encrypt. It is incredibly complicated, if not impossible, to guess the private key using the public key and the encrypted message. Basically, any user who needs to send sensitive data over the internet securely, can do so by using the public key to encrypt the data, but the data can only be decrypted by the receiving computer if it has its own private key. Asymmetric encryption is often used to send emails and to digitally sign documents. 1.3.3 Encryption protocols An encryption protocol is the set of rules setting out how the algorithms should be used to secure information. There are several encryption protocols. IPsec (internet protocol security) is one such protocol suite which allows the authentication of computers and encryption of packets of data in order to provide secure encrypted communication between two computers over an internet protocol (IP) network. It is often used in VPNs (virtual private networks). SSH (secure shell) is another encryption protocol used to enable remote logging on to a computer network, securely. SSH is often used to login and perform operations on remote computers, but it can also be used for transferring data from one computer to another. The most popular protocol used when accessing web pages securely is transport layer security (TLS). TLS is an improved version of the secure socket layer (SSL) protocol and has now, more or less, taken over from it, although the term SSL/TLS is still sometimes used to bracket the two protocols together. The purpose of secure sockets layer (SSL)/transport layer security (TLS) Because TLS is a development of SSL, the terms TLS and SSL are sometimes used interchangeably. We will use the term SSL/TLS in this book. The three main purposes of SSL/TLS are to: » enable encryption in order to protect data » make sure that the people/companies exchanging data are who they say they are (authentication) » ensure the integrity of the data to make sure it has not been corrupted or altered. Two other purposes are to: » ensure that a website meets the Payment Card Industry Data Security Standard (PCI DSS) rules. The PCI DSS was set up so that company 12 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 13 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd websites could process bank card payments securely and to help reduce card 1 fraud. This is achieved by setting standards for the storage, transmission and processing of bank card data that businesses deal with. Later versions of TLS are required to meet new standards which have been imposed » improve customer trust. If customers know that a company is using the SSL/ TLS protocol to protect its website, they are more inclined to do business with that company. Many websites use SSL/TLS when encrypting data while it is being sent to and from them. This keeps attackers from accessing that data while it is being 1.3 Encryption transferred. SSL/TLS should be used when storing or sending sensitive data over the internet, such as when completing tax returns, buying goods online, or renewing house and car insurance. Only going to websites which use SSL/ TLS is good practice. The SSL/TLS protocol enables the creation of a secure connection between a web server and a browser. Data that is being transferred to the web server is protected from eavesdroppers (the name given to people who try to intercept internet communications). The SSL/TLS protocol verifies the identity of the server. Any website with an HTTPS address uses SSL/TLS. In order to verify the identity of the server, the protocol makes use of digital certificates, which contain such information as the domain name that the certificate is issued for, which organisation, individual or device it was issued to, the certificate authority (CA) that issued it, the CA’s digital signature, and the public key, as well as other items. Although SSL was replaced by TSL many years ago, these certificates are still referred to as SSL certificates today. As well as keeping the user’s data secure, a website needs a digital certificate in order to verify ownership of the website and also to prevent fraudsters creating a fake version of the website. Valid SSL certificates can only be obtained from a CA. CAs can be private companies or even governments. Before allowing someone to have an SSL certificate, the CA will carry out a number of checks on an applicant and following that, it is the responsibility of the CA to make sure that the company or individual receives a unique certificate. Unfortunately, if hackers are able to break through a CA’s security, they can start issuing bogus certificates to users and will then be in a strong position to crack the user’s encryption. The purpose of Internet Protocol Security (IPsec) IPsec (Internet Protocol Security) is a suite of protocols used to secure data transmitted over a public network. It was added as an extension to the IP layer (explained in more detail in the A Level book). The IPsec protocols were developed in the mid-1990s to provide this security. Devices are authenticated to each other, thereby ensuring data integrity. IP network packets are encrypted so that the data remains confidential. In short, IPsec provides authentication, integrity and confidentiality of data. IPsec commonly includes three protocols. These are the Authentication Header (AH) protocol, the Encapsulating Security Payload (ESP) protocol and the Internet Key Exchange (IKE) protocol. The AH protocol is used to authenticate data packets whereas the ESP protocol both authenticates and encrypts the data packets. The IKE generates security associations (SA) used to negotiate the encryption keys and algorithms which will be used in a session. The purpose of IPsec is to protect confidential data and to provide secure transfer of this data across a public network such as the internet. It is aimed at preventing interception of data by hackers as well as protecting the data being transmitted from being understood. 13 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 14 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd The use of SSL/TLS in client–server communication 1 Transport layer security (TLS) is used for applications that require data to be securely exchanged over a client–server network, such as web browsing sessions and file transfers. Just like IPsec it can enable VPN connections and Voice over IP (VoIP). In order to open an SSL/TLS connection, a client needs to obtain the public key. For our purposes, we can consider the client to be a web user or a web browser and the server to be the website. The public key is found in the server’s digital certificate. From this we can see that the SSL/TLS certificate proves that 1 Data processing and information a client is communicating with the actual server that owns the domain, thereby proving the authenticity of the server. When a browser (client) wants to access a website (server) that is secured by SSL/TLS, the client and the server must carry out an SSL/TLS handshake. A handshake, in IT terms, happens when two devices want to start communicating. One device sends a message to the other device telling it that it wants to set up a communications channel. The two devices then send several messages to each other so they can agree on the rules for communicating (a communications protocol). Handshaking occurs before the transfer of data can take place. With an SSL/TLS handshake, the client sends a message to the server telling it what version of SSL/TLS it uses together with a list of the different ciphersuites (types of encryption) that the client can use. The list of ciphersuites has the client’s preferred type at the top and its least favourite at the bottom. The server responds with a message which contains the ciphersuite it has chosen from the client’s list. The server also shows the client its SSL certificate. The client then carries out a number of checks to make sure that the certificate was issued by a trusted CA and that it is in date and that the server is the legitimate owner of the public and private keys. The client now sends a random string of bits that is used by both the client and the server to calculate the private key. The string itself is encrypted using the server’s public key. Authentication of the client is optional in the process. The client sends the server another message, encrypted using the secret key, telling the server that the client part of the handshake is complete. We will see in more detail in the section on HTTPS how any further transmitted data is encrypted. The use of IPsec in client–server communication IPsec is used for protecting confidential data transmitted across a network, for example, financial transactions, medical records and communications between, and within, businesses. The main use of IPsec, however, is in virtual private networks (VPNs). A VPN creates a secure connection between two computers over the public internet. It is almost as secure as a private internal network such as a LAN. It is used so that employees working from home on a client computer can access confidential files securely from the company’s server as though they were working in the company’s offices. 1.3.4 Uses of encryption Data protection There are many reasons to encrypt data. Companies often store confidential data about their employees, which could include medical records, payroll data, as well as personal data. These need to be encrypted to prevent them becoming public knowledge. An employee in a shared office may not want others to have access to their work which may be stored on a hard disk, so it needs to be encrypted. A company’s head office may wish to share sensitive business plans 14 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 15 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd with other offices using the internet. If the data is encrypted, they do not have 1 to worry about what would happen if it were intercepted. Company employees and individuals may need to take their laptops or other portable devices with them when they travel for work or pleasure. If the device contains sensitive information which is not encrypted, it is possible that the information could be retrieved by a third party if the device is left unattended. As recently as 2018, it was reported that over the previous four years, staff in five UK government departments had lost more than 600 laptops, mobile phones and memory sticks. Fortunately, the data had been encrypted and was 1.3 Encryption therefore protected from prying eyes. Unfortunately, there have been occasions where laptops have been left on trains and the data was unencrypted, causing great embarrassment to the government when this was discovered. There are other situations where encryption should be used. One example is when individuals are emailing each other with information they would want to remain confidential. They need to prevent anybody else from reading and understanding their mail. People use websites for online shopping and online banking. When doing so, the debit/credit card and other bank account details should be encrypted to prevent fraudulent activity taking place. Let us now consider some specific uses of encryption. Systems encryption Systems encryption can be considered to be encryption of the device being used or the file system being used. Device encryption is when the whole device is encrypted such as a laptop. If a laptop is stolen after it has been encrypted the data on it will still be secure. The files can only be accessed if the device is turned on and the owner has logged in to it. Otherwise the encrypted data cannot be understood by anyone without the password or recovery key. Filesystem-level encryption or file-based encryption (FBE), is when individual files or directories are encrypted by the file system itself. This is different to full disk encryption which involves encrypting the whole disk. A description of which follows below. FBE can allow different files to be encrypted using different keys, thereby making it even more difficult for hackers to unencrypt all the data in a system. It does not encrypt metadata such as the time the file was modified or its size. Hard-disk encryption The principle of hard-disk encryption is fairly straightforward. When a file is written to the disk, it is automatically encrypted by specialised software. When a file is read from the disk, the software automatically decrypts it while leaving all other data on the disk encrypted. The encryption and decryption processes are understood by the most frequently used application software such as spreadsheets, databases and word processors. The whole disk is encrypted, including data files, the OS and any other software on the disk. Full (or whole) disk encryption is your protection should the disk be stolen, or just left unattended. So, even if the disk is still in the original computer, or removed and put into another computer, the disk remains encrypted and only the keyholder can make use of its contents. Another benefit of full disk encryption is that it automatically encrypts the data as soon as it is saved to the hard disk. You do not have to do anything, unlike the encryption of files and folders, where you have to individually encrypt them as you go. There are, however, drawbacks to encrypting the whole disk. If an encrypted disk crashes or the OS becomes corrupted, you can lose all your data permanently or, 15 005603_01_CAIE_AS_Level_IT_BP_001-048.indd Page 16 23/11/23 7:11 AM F-0120 /147/HO02989/work/indd at the very least, disk data recovery becomes problematic. It is also important to 1 store encryption keys in a safe place, because as soon as a disk is fully encrypted, no one can make use of any of the data or software without the key. Another drawback can be that booting up the computer can be a slower process. Email encryption When sending emails, it is good practice to encrypt messages so that their content cannot be read by anyone other than the person they are being se