BTEC DIT - Learning Aim B - Cyber Security

What are the reasons a hacker carries out a ‘hack’? - define each briefly

Personal fun/challenge - Some hackers attack systems for the thrill, challenge, or sense of achievement.

Industrial espionage - Businesses steal rivals’ data or plans to gain a competitive advantage.

Financial gain -  Criminals steal money, goods, or use ransomware to earn money illegally.

Personal attack - An individual targets someone or an organisation for revenge or personal reasons.

Disruption - Attackers try to stop organisations from working properly, often using denial-of-service attacks.

Data and information theft - Hackers steal personal or payment data for identity theft or resale.

Define and explain viruses and worms

A virus is a malicious program that attaches itself to other files or software and spreads when those files are opened or shared. It can damage or delete data and slow systems down.

A worm is a self-replicating program that spreads automatically across networks without needing to attach to other files. It often causes network congestion and system slowdowns.

Define and explain trojan horses

A Trojan horse is a malicious program that appears to be safe or useful but actually contains harmful code. Once installed, it can give attackers access to the system, steal data, or damage files — similar to how the ancient Trojan Horse tricked its victims.

Define and explain ransomware

Ransomware is malicious software that locks or encrypts a user’s files or system.

The attacker then demands a ransom payment to restore access.

It often spreads through phishing emails or infected downloads.

Define and explain spyware

Spyware is malicious software that secretly monitors a user’s activity and collects information without their knowledge. It can record keystrokes, track browsing habits, or steal personal data such as passwords and credit card details.

Define and explain rootkit

A rootkit is malicious software designed to hide the presence of other malware and give attackers unauthorised control over a computer. It operates deep in the system, making it hard to detect and remove.

Define and explain spyware

Spyware is software that secretly gathers information about a user without their knowledge. It can monitor activity, record keystrokes, and steal personal data such as passwords or bank details.

Define and explain DDOS and Botnet

A DDoS (Distributed Denial of Service) attack floods a website or server with massive amounts of traffic from many computers, causing it to slow down or crash.

A botnet is a network of infected computers controlled by a hacker.

Botnets are often used to carry out DDoS attacks or spread other malware.

Define and explain shouldering

Shouldering (also called shoulder surfing) is a social engineering technique where someone spies on another person entering private information — such as a PIN, password, or security code — by looking over their shoulder.

Define and explain Phishing

Phishing is a type of online scam where attackers send fake emails, messages, or websites that look genuine to trick people into revealing personal information, such as passwords, bank details, or login credentials.

Define and explain Pharming

Pharming is a cyberattack that redirects users from a legitimate website to a fake one without their knowledge. The goal is to steal sensitive information such as usernames, passwords, or bank details.

Define and explain Man in the middle attacks

A Man-in-the-Middle attack happens when a hacker secretly intercepts and possibly alters communication between two parties. The attacker can steal data, such as login details or financial information, while the victims think they’re communicating directly.

List the six internal threats to data

1. Visiting untrustworthy websites

2. Downloads from the internet

3. Use of portable storage devices

4. Unintended or accidental disclosure of data

5. Stealing or leaking information

6. Overriding of security controls

Define and explain unintentional disclosure of data

Unintentional disclosure of data happens when private or sensitive information is shared by mistake — for example, sending an email to the wrong person or leaving a device unlocked.

Define and explain leaking/stealing of data

Leaking or stealing of data happens when confidential information is taken or exposed without permission.

Define and explain users overriding or breaching security controls

Overriding or breaching security controls happens when users ignore, disable, or bypass security measures — such as turning off firewalls, sharing passwords, or using unauthorised software.

Define and explain the threats caused by portable devices

Portable devices (like USB drives, laptops, or phones) can pose threats if they are lost, stolen, or infected with malware. They can also be used to steal data.

Define and explain the problems caused by internet downloads

Internet downloads can be risky because files may contain viruses, malware, or spyware. Downloading from untrusted websites can also lead to data theft, system damage, or legal issues from pirated content.

Define and explain the problems caused by visiting untrustworthy websites

Visiting untrustworthy websites can expose users to malware, phishing scams, and fake downloads.

Define and explain the damage caused by data loss

If data is deleted, it may be difficult or impossible to retrieve. It may take time and be costly to recreate. Recreating data may be time consuming or impossible.

Define and explain the damage caused by reduction in productivity

Time taken to deal with a security breach and resolve problems it may have caused may mean staff are not working normally, so time is wasted and productivity lost.

Define and explain the damage caused by damage to public image

If a security breach is reported in the media, the organisation’s reputation may be damaged, because it would show that its security measures were not effective and it could not be trusted. It might lose business.

Define and explain the damage caused by downtime

On discovery of a security breach, digital systems affected need to be shut down for investigation. Downtime means they cannot be used for their normal purpose and this may affect the day-to-day running of the organisation.

Define and explain the damage caused by financial loss

Could affect its profits and future success. There may be a cost in resolving issues raised by the attack and the organisation may no longer be able to invest in things which might help the business grow. There may also be a financial loss resulting from damage to its public image.

Define and explain the damage caused by legal action

Where the security breach affects personal data or other organisations, they may take legal action which could lead to fines and or payment of damages to those affected. This would have a financial impact on the organisation.

What are the three methods of password cracking?

Brute-force attack - tries every possible combination until the correct password is found.

Dictionary attack - tests likely passwords from a list of common words, phrases, and leaked passwords.

Rainbow-table attack - uses precomputed tables of hash → password pairs to reverse hashed passwords quickly.

List the rules for creating a good password.

1. Use at least 8–12 characters (longer is better).

2. Include upper and lower case letters, numbers, and symbols.

3. Avoid common words, names, or personal details.

4. Don’t reuse passwords across different accounts.

5. Change passwords regularly or if a breach occurs.

Define pen testing and what they will try to find.

Penetration testing (pen testing) is a controlled, authorised attempt to find weaknesses in a computer system or network. Testers will try to find: 

• Vulnerabilities 

• Weak passwords or access controls.

• Unpatched software

• Ways to gain unauthorised access or steal data.

List and define physical security measures

Locks, cameras, fences, security guards, key cards

Define and explain two factor authentication

Two-factor authentication (2FA) adds an extra layer of security by requiring two different types of identification to access an account:

1. Something you know – e.g. a password or PIN.

2. Something you have or are – e.g. a phone code, fingerprint, or facial recognition.

Define and explain user settings and permissions

User settings and permissions control what actions each user can perform on a system or network.

• Settings customise how an account works.

• Permissions define what users can see, edit, or delete.

Define and explain device hardening

Device hardening means securing a computer or device by reducing its weaknesses.

• Installing updates and patches to fix vulnerabilities.

• Removing unused apps or services.

• Using firewalls and antivirus software.

• Disabling unnecessary ports and features.

Define restricting user privileges and its purpose

Restricting user privileges means limiting what users can do on a system — for example, stopping them from installing software or changing settings.

Explain how interface design can protect data

Good interface design protects data by:

• Preventing user errors with clear layouts and warnings.

• Using confirmation messages before important actions (e.g. deleting files).

• Hiding sensitive information like passwords (e.g. masked input).

• Restricting access with login screens and role-based menus.

Define and give the reason for a firewall

A firewall is a security system that monitors and controls network traffic between a trusted network and the internet. It helps block unauthorised access, filter harmful data, and protect systems from hackers, viruses, and malware.

Explain how a firewall works

1. Traffic arrives/leaves the network or device (incoming or outgoing packets).

2. Firewall reads the packet header (source/destination IP, port, protocol).

3. Rules are checked in order (e.g., allow web port 443; block unknown ports).

4. Stateful check: if it’s part of an existing, valid connection, it’s allowed; if not, continue rule checks.

5. Decision: ALLOW (forward the packet) or BLOCK/DROP (silently discard) — often with a default-deny rule at the end.

6. Log & alert: actions are recorded; suspicious patterns can trigger alerts or auto-blocks.

Define and give the reason for antivirus software

Antivirus software is a program that detects, prevents, and removes malware such as viruses, worms, and trojans. It helps protect systems and data from being damaged, stolen, or corrupted by malicious software.

Explain how antivirus software works

1. Watches files, downloads, emails, and processes as they load/run.

2. Compares items against a database of known malware “fingerprints.”

3. Looks for suspicious code patterns (e.g., self-replicating, obfuscation) to catch new/unknown threats.

4. Monitors actions at runtime (e.g., mass file edits, keylogging, registry changes).

5.  Runs risky files in an isolated space to observe safely.

6. If malicious → block/quarantine; if clean → allow.

7. Quarantined files can be deleted, cleaned, or restored.

Define and give the reason for encryption

Encryption is the process of converting data into a coded form so only authorised users with the correct key can read it. It protects confidential information from being read, stolen, or altered if intercepted or accessed by unauthorised people.

Explain how encryption works

1. Start with readable data (a message/file).

2. Choose algorithm + mode (and generate a key).

3. The algorithm uses the key to turn plaintext into ciphertext (unreadable).

4. Send/store the ciphertext (interceptors can’t understand it).

5. The receiver uses the correct key (same key for symmetric; private key for asymmetric) to turn ciphertext back into plaintext.

Who is responsible for cyber security and policy and how concerns are reported?

Security policies describe how an organisation will secure its information systems. They set out the procedures that staff need to follow so as to keep systems secure and to minimise impacts if there is a security breach. A designated (named) individual will be responsible for each policy. All staff are responsible for reporting breaches.

List different security parameters for: passwords, AUP, device hardening.

Passwords: Minimum length and complexity rules, Regular password changes, Account lockout after failed attempts, Two-factor authentication (2FA).

AUP (Acceptable Use Policy): Defines what users can and cannot do, Covers internet, email, and data usage, Sets rules for reporting security issues, Requires users to agree before access.

Device Hardening: Install security updates and patches, Remove unused software/services, Use firewalls and antivirus, Disable unnecessary ports and accounts.

What is a disaster recovery policy and what should happen after an attack?

A disaster recovery policy is a plan for how an organisation responds to and recovers from major IT failures or cyberattacks.

1. Identify and contain the threat.

2. Restore systems and data from secure backups.

3. Investigate what happened and how.

4. Report the incident if required (e.g., GDPR breach).

5. Review and update security measures to prevent future attacks.