Cybersecurity Fundamentals: Threats, Prevention, and Ethical Practices, Study notes of Computer science

An overview of cybersecurity, focusing on identifying and combating threats to it systems and data. It covers both accidental and malicious security threats, emphasizing the importance of protecting devices and data from theft, damage, and unauthorized access. The document also discusses relevant legislation, ethical considerations, and cybersecurity testing methods, offering insights into ethical hacking and security policies. It is a valuable resource for understanding the fundamentals of cybersecurity and its practical applications. (417 characters)

Typology: Study notes

2023/2024

Uploaded on 06/12/2025

paul-brown-11
paul-brown-11 🇬🇧

3 documents

1 / 58

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Level 2 Diploma in Digital and IT Skills
Unit 001
Cybersecurity
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a

Partial preview of the text

Download Cybersecurity Fundamentals: Threats, Prevention, and Ethical Practices and more Study notes Computer science in PDF only on Docsity!

Level 2 Diploma in Digital and IT Skills Unit 001 Cybersecurity

This Unit

Intent This aim of this unit is to investigate the accidental and malicious security threats that exist to IT systems and data. Implementation

  • (^) Identify differences between internal and external threats to IT systems and data
  • (^) Understand why threats change and evolve
  • (^) Recognise how to combat threats Impact Upon completion of this unit, you will be able to understand system vulnerabilities and the tools and techniques used to protect users from risks and potential damage, including loss of data, loss of data integrity and unauthorised access to data.

Unit 001

Cybersecurity

  • (^) Cyber security is how individuals and organisations reduce the risk of cyber-attack.
  • (^) Its core function is to protect the devices we all use (smartphones, laptops, tablets and computers), and the services we access - both online and at work - from theft, damage or other criminal activities."
  • (^) It is also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online." (From National Cyber Security Centre)

What is Cybersecurity?

Cyber security is important because smartphones, computers and the internet are now such a fundamental part of modern life, that it's difficult to imagine how we'd function without them. From online banking and shopping to email and social media, it's more important than ever to take steps that can prevent cybercriminals from getting hold of our accounts, data, and devices.

Why is Cybersecurity Important?

Recap…

Hands up!

  • (^) What could be the consequences of a large attack on UK infrastructure?
  • (^) What can we learn from previous attacks?
  • (^) Can you think of anymore cyber-attacks? Group research activity.

Starting in 1878 – Before the telephone, teenage boys operated the telegraph system. It made sense that they should operate the new telephone system. 2 years after the telephone was invented, they were kicked off. Apart from being unruly, they would intentionally misdirect and disconnect calls just for fun! Military codebreaking 1939-1945 - Turin’s team cracked the Enigma code so able to decode secret messages sent within the German military. The rise of the phone phreaks 1957-1980 - Working out how phone calls were transmitted using the tones emitted by the phone. Out of phreaking evolved the blue box built by Apple founders, Steve Wozniak and Steve Jobs. These boxes could communicate with phone lines. Network penetration 1970-1995 for fun, Kevin Mitnick, managed to hack into some of the most guarded networks in the world. Ever seen the film War Games? The first internet Worm 1988 - Robert Morris was the first person to create a worm and, as a result, was the first person to be convicted of violating the Computer Fraud and Abuse Act. The Stuxnet Worm 2010 - was the first work to cause actual damage to hardware. Discovered in Iran’s Nuclear Power plants where 1/5 of centrifuges were knocked out, causing havoc to Iran’s nuclear programme.

Threats

Evolving Digital Landscapes cont…

Recap…

Hands up!

  • (^) What prevents airline experts being concerned about hacking of jets we travel on?
  • (^) What effects did the attack on the German factory have?
  • (^) What impact can cyber-attacks have on healthcare?

Examples of Common Malware

Viruses - is a piece of coding that replicates itself infecting other code in the computer system. Viruses can also attach themselves to executable code or associate themselves with a file by creating a virus file with the same name but with an .exe extension, thus creating a decoy which carries the virus. Worms - unlike viruses, they don’t attack the host, being self-contained programs that propagate across networks and computers. Worms are often installed through email attachments, sending a copy of themselves to every contact in the infected computer email list. They are commonly used to overload an email server and achieve a denial-of-service attack. Trojans - a program hiding inside a useful program with malicious purposes. Unlike viruses, a trojan doesn’t replicate itself and it is commonly used to establish a backdoor to be exploited by attackers.

Spyware - a type of program installed to collect information about users, their systems or browsing habits, sending the data to a remote user. The attacker can then use the information for blackmailing purposes or download and install other malicious programs from the web. Adware - is unwanted software designed to throw advertisements up on your screen, most often within a web browser. Some security professionals view it as the forerunner of the modern-day PUP (potentially unwanted program). Ransomware - a type of malware that denies access to the victim's data, threatening to publish or delete it unless a ransom is paid. Advanced ransomware uses cryptoviral extortion, encrypting the victim’s data so that it is impossible to decrypt without the decryption key.

Examples of Common Malware cont…

Social Engineering

  • (^) Social engineering uses a range of malware and ransomware to obtain secure information by deception.
  • (^) It can include the collection of passwords, data theft, scams, phishing, pharming, dumpster diving and shoulder surfing.
  • (^) Ransomware is a form of social engineering because it manipulates individuals or organisations into passing on data, information or money.

Ransomware Ransomware: Should paying hacker ransoms be illegal? - BBC News Is Ransomware illegal? Ransomware is illegal. It is obviously a criminal offence to demand a payment in return for the safe return of your property (data, personal information, device functionality). But, is paying a ransom legal? Paying a ransom is mostly legal, although it may depend on where you or your business is located. Some believe that making the payment of a ransom illegal will prevent more businesses and individuals from paying ransoms, so reducing the fuel for ransomware criminals.

https://jamboard.google.com/d/ 11q5Xu8x5AVq49A4jm9NZ79f5QJ-J9MnzMNm9p4WbYlM/edit? usp=sharing Internal Threats.

Internal Threats

Internal Threats Actions of employees or by an authorised user.

  • (^) Accidental threats:
  • damage to physical equipment caused by employee/user.
  • (^) Accidental loss of data/power.
  • (^) Unintentional disclosure of data.
  • (^) Authorised user action
  • Unsafe practices
  • (^) Physical damage, destruction by fire, flood or other disaster
  • (^) The use of external storage devices/media
  • (^) Visiting untrusted websites
  • (^) Downloading/uploading files to/from the internet
  • (^) File-sharing applications.
  • BOYD (Bring your own Device)