What is the difference between a virus and a worm?

A virus is a type of malware that attaches itself to a legitimate program or file and requires user action (like opening an infected email attachment) to spread. A worm, on the other hand, is self-replicating and spreads automatically across networks without needing a host file. Both can cause damage, but worms are particularly dangerous because they can propagate rapidly without any user intervention.

How does a firewall protect a network?

A firewall acts as a barrier between a trusted internal network and untrusted external networks (like the internet). It examines incoming and outgoing data packets based on a set of security rules. For example, it can block traffic from suspicious IP addresses or prevent certain types of connections (e.g., unauthorised remote access). Firewalls can be hardware-based, software-based, or a combination of both.

What is social engineering and how can it be prevented?

Social engineering is the psychological manipulation of people to trick them into divulging confidential information or performing actions that compromise security. Common examples include phishing emails that appear to be from a trusted source, or pretexting where an attacker pretends to be someone else (e.g., IT support). Prevention involves training users to recognise suspicious requests, verifying identities through other channels, and implementing policies like never sharing passwords via email.

Why is encryption important for cyber security?

Encryption converts readable data (plaintext) into an unreadable format (ciphertext) using an algorithm and a key. Only someone with the correct key can decrypt it. This ensures confidentiality, so even if data is intercepted during transmission or stolen from a device, it cannot be understood. Encryption is crucial for protecting sensitive information like credit card numbers, personal messages, and login credentials.

What is a denial-of-service (DoS) attack?

A DoS attack aims to make a computer or network resource unavailable to its intended users by overwhelming it with a flood of illegitimate requests. For example, a server might receive so many connection requests that it cannot respond to legitimate users, causing a crash or slowdown. A distributed DoS (DDoS) attack uses multiple compromised systems (a botnet) to launch the attack, making it harder to stop. Prevention includes using firewalls, traffic filtering, and rate limiting.

How do I revise cyber security for the AQA GCSE exam?

Start by learning the definitions and examples of each type of attack and prevention method. Create flashcards for key terms like malware, phishing, and encryption. Practice explaining how each measure works in a given scenario—for instance, 'A company wants to protect customer data; recommend and justify two methods.' Past paper questions are invaluable; focus on the 'explain' and 'evaluate' command words. Finally, stay updated with real-world cyber security news to see how concepts apply in practice.

Cyber security

AQA

GCSE

This topic covers the various technical and procedural methods used to detect and prevent cyber security threats. It focuses on practical security measures such as biometric authentication, password systems, CAPTCHA, email identity verification, and the role of automatic software updates in maintaining system integrity.

Objectives

Exam Tips

Pitfalls

Key Terms

Mark Points

Subtopics in this area

Methods to detect and prevent cyber security threats

Cyber security threats

Social engineering

Malicious code (malware)

Fundamentals of cyber security

Topic Overview

Cyber security is the practice of protecting computer systems, networks, and data from digital attacks, theft, and damage. In the AQA GCSE Computer Science syllabus, this topic covers the range of threats that can compromise the confidentiality, integrity, and availability of information, as well as the methods used to defend against them. Understanding cyber security is essential because our reliance on digital systems means that a single breach can have devastating consequences for individuals, businesses, and even national infrastructure.

The topic is divided into two main areas: identifying common forms of cyber attacks (such as malware, phishing, and denial-of-service attacks) and implementing appropriate prevention measures (like firewalls, encryption, and access controls). Students must also understand the motivations behind attacks—whether for financial gain, espionage, or disruption—and the legal and ethical implications of cyber security. This knowledge not only helps you answer exam questions but also equips you with practical skills for staying safe online.

Cyber security fits into the wider subject of Computer Science by linking to topics like networks, data representation, and ethical issues. It demonstrates how theoretical concepts (e.g., encryption algorithms) are applied in real-world scenarios. In the exam, you will be expected to explain how specific security measures work and evaluate their effectiveness, often in the context of a given scenario. Mastering this topic will also help you appreciate the ongoing arms race between attackers and defenders in the digital world.

Key Concepts

Core ideas you must understand for this topic

→Malware: Malicious software including viruses, worms, trojans, ransomware, and spyware. Each type has a different method of infection and purpose, such as deleting files, stealing data, or encrypting files for ransom.
→Social engineering: Manipulating people into revealing confidential information. Phishing (fake emails), vishing (phone calls), and shoulder surfing are common examples. These attacks exploit human psychology rather than technical vulnerabilities.
→Network threats: Denial-of-service (DoS) attacks flood a server with traffic to make it unavailable, while brute-force attacks try many passwords to gain access. Understanding how these work helps in designing defences like rate limiting and strong password policies.
→Prevention methods: Firewalls monitor and control incoming/outgoing network traffic, encryption scrambles data so only authorised parties can read it, and access controls (like passwords and biometrics) restrict who can use a system. Regular software updates patch known vulnerabilities.
→Penetration testing: Authorised simulated attacks to identify weaknesses. This is a proactive security measure that helps organisations fix flaws before real attackers exploit them.

What You Need to Demonstrate

Key skills and knowledge for this topic

Biometric measures (e.g., fingerprint or facial recognition) for mobile devices
Password systems as a primary authentication method
Use of CAPTCHA to distinguish human users from automated bots
Email confirmations to verify user identity and account ownership
Automatic software updates to patch vulnerabilities and prevent exploitation
Definition of cyber security as protecting systems from attack, damage, or unauthorised access
Explanation of social engineering techniques including blagging, phishing, and shouldering
Identification of malware types: computer virus, trojan, and spyware

Marking Points

Key points examiners look for in your answers

Biometric measures (e.g., fingerprint or facial recognition) for mobile devices
Password systems as a primary authentication method
Use of CAPTCHA to distinguish human users from automated bots
Email confirmations to verify user identity and account ownership
Automatic software updates to patch vulnerabilities and prevent exploitation
Definition of cyber security as protecting systems from attack, damage, or unauthorised access
Explanation of social engineering techniques including blagging, phishing, and shouldering
Identification of malware types: computer virus, trojan, and spyware
Explanation of technical threats: pharming, weak/default passwords, misconfigured access rights, removable media, and unpatched/outdated software
Definition and purpose of penetration testing
Distinction between white-box (insider) and black-box (external) penetration testing
Definition of social engineering as the art of manipulating people to give up confidential information
Explanation of blagging (pretexting) as creating an invented scenario to gain information
Explanation of phishing as fraudulently obtaining private information via email or SMS
Explanation of shouldering (shoulder surfing) as observing private information over someone's shoulder
Identification of protection methods against social engineering
Definition of malware as an umbrella term for hostile or intrusive software
Description of a computer virus
Description of a trojan
Description of spyware
Methods for protection against malware
Definition of cyber security as processes, practices and technologies
Purpose of cyber security to protect networks, computers, programs and data
Protection against attack, damage or unauthorised access

Examiner Tips

Expert advice for maximising your marks

💡Be prepared to explain how each measure contributes to overall system security
💡Focus on the practical application of these measures in real-world scenarios like mobile device security
💡Ensure you can distinguish between authentication methods and verification methods
💡Ensure you can define social engineering clearly as the manipulation of people to divulge confidential information
💡Be prepared to provide examples of how to protect against specific threats like phishing or malware
💡When describing penetration testing, focus on the 'why' (to identify vulnerabilities) rather than just the 'how'
💡Use precise terminology when describing malware types
💡Ensure you can define social engineering clearly as the manipulation of people rather than just a computer-based attack
💡Use the specific terminology provided in the specification (blagging, phishing, shouldering) when describing scenarios
💡Be prepared to explain how to protect against these threats in a real-world context
💡When describing a cyber attack, always mention both the method (e.g., phishing email) and the impact (e.g., stolen login credentials). This shows you understand the cause and effect, which is often required for higher marks.
💡For prevention methods, be specific. Instead of saying 'use a firewall', explain how it works (e.g., 'a firewall filters incoming and outgoing traffic based on a set of rules, blocking unauthorised access'). This demonstrates deeper knowledge.
💡In evaluation questions, consider the trade-offs. For example, while encryption improves security, it can slow down data transmission and requires key management. Discussing pros and cons shows critical thinking.

Common Mistakes

Pitfalls to avoid in your exam answers

Confusing detection methods with prevention methods
Failing to explain how specific measures like CAPTCHA actually prevent automated attacks
Overlooking the importance of automatic updates in patching security vulnerabilities
Confusing the definition of social engineering with general hacking
Failing to distinguish between different types of malware
Misunderstanding the purpose of penetration testing as a malicious act rather than a security measure
Confusing the two types of penetration testing scenarios
Confusing social engineering with technical hacking methods
Failing to distinguish between the specific types of social engineering (blagging, phishing, shouldering)
Providing vague definitions that do not mention the manipulation of people
Misconception: 'A strong password is enough to keep an account secure.' Correction: While strong passwords are important, they are not sufficient. Multi-factor authentication (MFA) adds an extra layer of security, and users must also be wary of phishing attacks that can steal passwords directly.
Misconception: 'Antivirus software can prevent all malware infections.' Correction: Antivirus software detects known malware based on signatures, but it may miss new or polymorphic malware. Regular updates and safe browsing habits are also essential.
Misconception: 'Encryption makes data completely unhackable.' Correction: Encryption protects data in transit and at rest, but it can be broken if the encryption key is weak or stolen. Also, encryption does not protect against attacks that target the endpoint (e.g., keyloggers).

Frequently Asked Questions

Common questions students ask about this topic

Before You Start

Prior knowledge that will help with this topic

•Networks: Understanding of LANs, WANs, IP addresses, and protocols (e.g., TCP/IP) is essential because many cyber attacks target network vulnerabilities.
•Data representation: Knowledge of binary, hexadecimal, and how data is stored helps in understanding encryption and how malware can corrupt files.
•Ethical, legal, and environmental impacts: Familiarity with the Computer Misuse Act and Data Protection Act provides context for why cyber security is legally enforced.

Key Terminology

Essential terms to know

Vulnerability Identification and Penetration Testing
Technical Prevention Measures (Firewalls, Anti-malware, Encryption)
Administrative Controls and User Access Management
Physical Security and Hardware Protection
Malware variants (Viruses, Trojans, Ransomware, Spyware)
Social Engineering (Phishing, Pharming, Shouldering, Blagging)
Technical Exploits (SQL Injection, Brute Force, DoS/DDoS)
Human Vulnerabilities and Network Security Policies
Psychological manipulation and the human element of security
Social engineering techniques: Phishing, Pretexting, Baiting, and Tailgating
Mitigation strategies: Multi-factor authentication (MFA) and security awareness training
Malware classifications and characteristics
Propagation mechanisms and infection vectors
Detection and prevention strategies
Impact on the CIA triad (Confidentiality, Integrity, Availability)
Threat vectors and actor motivations (Social engineering, Malware, Brute-force)
Technical prevention mechanisms (Firewalls, Encryption, Anti-malware)
Administrative and physical controls (Access levels, Network policies)
Vulnerability assessment and management (Penetration testing)

Likely Command Words

How questions on this topic are typically asked

Explain

Describe

Understand

Define

Ready to test yourself?

Practice questions tailored to this topic

Cyber security

Subtopics in this area

Topic Overview

Key Concepts

What You Need to Demonstrate

Marking Points

Examiner Tips

Common Mistakes

Frequently Asked Questions

Before You Start

Key Terminology

Likely Command Words

Ready to test yourself?

Related Topics in AQA GCSE Computer Science

E2E stub concept

Programming

Fundamentals of data representation

Computer systems

Topic Synopsis

Key Concepts & Core Principles

Exam Tips & Revision Strategies

Common Misconceptions & Mistakes to Avoid

Examiner Marking Points

Cyber security

Subtopics in this area

Topic Overview

Key Concepts

What You Need to Demonstrate

Marking Points

Examiner Tips

Common Mistakes

Frequently Asked Questions

What is the difference between a virus and a worm?

How does a firewall protect a network?

What is social engineering and how can it be prevented?

Why is encryption important for cyber security?

What is a denial-of-service (DoS) attack?

How do I revise cyber security for the AQA GCSE exam?

Before You Start

Key Terminology

Likely Command Words

Ready to test yourself?

Related Topics in AQA GCSE Computer Science

E2E stub concept

Programming

Fundamentals of data representation

Computer systems