You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Introduction to Cyber Security
Introduction to Cyber Security
Cyber security is one of the most important topics in modern computing. This lesson introduces the fundamental concepts you need for your GCSE Computer Science exam, covering what cyber security is, why it matters, and the key terminology you will encounter throughout this unit.
What Is Cyber Security?
Cyber security is the practice of protecting computer systems, networks, programs and data from unauthorised access, damage, theft or disruption. It covers the technologies, policies and procedures that organisations and individuals use to keep digital information safe.
Every organisation that uses computers — from schools to hospitals, banks to governments — must think carefully about cyber security. A successful cyber attack can lead to:
- Financial loss — stolen money, ransom payments, regulatory fines
- Data breaches — personal information such as names, addresses and passwords exposed
- Reputational damage — customers and the public lose trust
- Service disruption — websites go offline, systems stop working, operations grind to a halt
Exam Tip: When asked to explain why cyber security is important, always provide at least two distinct consequences. The mark scheme rewards breadth — mention financial loss and reputational damage, for example, rather than giving two versions of the same point.
The CIA Triad
The CIA triad is the foundation of cyber security. It describes three goals that every security system tries to achieve:
| Principle | Meaning | Example |
|---|---|---|
| Confidentiality | Only authorised people can access the data | Encrypting patient records so only doctors and nurses can read them |
| Integrity | Data is accurate and has not been tampered with | Using checksums to verify that a downloaded file has not been altered |
| Availability | Systems and data are accessible when needed | Keeping a backup server running so that a website stays online during a hardware failure |
A successful cyber attack typically compromises one or more of these principles:
- A data breach breaks confidentiality
- An attacker modifying records breaks integrity
- A denial-of-service (DoS) attack breaks availability
Threats, Vulnerabilities and Risks
These three terms appear frequently in exam questions. Make sure you can define each one precisely.
- Threat — anything that has the potential to cause harm to a system (e.g. a hacker, a virus, a natural disaster)
- Vulnerability — a weakness in a system that a threat could exploit (e.g. unpatched software, a weak password, an unlocked server room)
- Risk — the likelihood that a threat will exploit a vulnerability and the impact it would have
Risk = Threat x Vulnerability x Impact
A system with many vulnerabilities and high-value data faces a greater risk than a system with few vulnerabilities and no sensitive data.
Who Carries Out Cyber Attacks?
Understanding the different types of attacker — and their motivations — is a key part of the GCSE specification.
| Attacker Type | Motivation | Example |
|---|---|---|
| Black-hat hackers | Personal gain, financial theft, causing disruption | Stealing credit card details from an online retailer |
| White-hat hackers | Improving security (authorised, ethical) | A company hiring a penetration tester to find weaknesses |
| Grey-hat hackers | Finding vulnerabilities without permission but without malicious intent | Reporting a bug to a company after accessing their system without authorisation |
| Hacktivists | Political or social protest | The Anonymous group targeting websites to protest censorship |
| Nation states | Espionage, sabotage, political advantage | The Stuxnet worm targeting Iranian nuclear facilities |
| Script kiddies | Curiosity, showing off | A teenager using downloaded tools to disrupt a gaming server |
| Insiders | Revenge, financial gain, carelessness | An employee copying customer data to a USB drive before leaving |
| Organised crime | Large-scale financial gain | Criminal gangs running ransomware-as-a-service operations |
Internal vs External Threats
| Feature | Internal Threat | External Threat |
|---|---|---|
| Who | Employees, contractors, volunteers | Hackers, criminal groups, nation states |
| Access | Already have some authorised access | Must gain access first |
| Detection | Harder — actions may appear legitimate | Easier — may trigger security alerts |
| Examples | Accidental data leak, deliberate sabotage | Phishing attack, brute-force login attempt |
Internal threats are particularly dangerous because insiders already operate within the organisation's defences. A well-meaning employee who clicks a phishing link can cause just as much damage as a deliberate attacker.
Why Cyber Security Matters for GCSE
Cyber security features in every major GCSE Computer Science specification (AQA, OCR, Edexcel). You are expected to:
- Identify different types of cyber threats
- Explain how attacks work and why they succeed
- Evaluate the effectiveness of different prevention methods
- Discuss the legal and ethical implications of cyber security
The remaining lessons in this unit will cover each of these areas in detail, building on the foundations established here.
Key Terms Summary
| Term | Definition |
|---|---|
| Cyber security | Protecting systems, networks and data from unauthorised access or damage |
| CIA triad | Confidentiality, Integrity, Availability — the three goals of security |
| Threat | Anything that could cause harm to a system |
| Vulnerability | A weakness that a threat could exploit |
| Risk | The likelihood and impact of a threat exploiting a vulnerability |
| Black-hat hacker | A malicious attacker who breaks into systems illegally |
| White-hat hacker | An ethical hacker who tests systems with permission |
| Hacktivist | An attacker motivated by political or social causes |
| Script kiddie | An unskilled person who uses existing tools to launch attacks |
| Insider threat | A threat from someone within the organisation |