You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Cyber security is one of the most important topics in modern computing. This lesson introduces the fundamental concepts you need for your GCSE Computer Science exam, covering what cyber security is, why it matters, and the key terminology you will encounter throughout this unit.
Cyber security is the practice of protecting computer systems, networks, programs and data from unauthorised access, damage, theft or disruption. It covers the technologies, policies and procedures that organisations and individuals use to keep digital information safe.
Every organisation that uses computers — from schools to hospitals, banks to governments — must think carefully about cyber security. A successful cyber attack can lead to:
Exam Tip: When asked to explain why cyber security is important, always provide at least two distinct consequences. The mark scheme rewards breadth — mention financial loss and reputational damage, for example, rather than giving two versions of the same point.
The CIA triad is the foundation of cyber security. It describes three goals that every security system tries to achieve:
| Principle | Meaning | Example |
|---|---|---|
| Confidentiality | Only authorised people can access the data | Encrypting patient records so only doctors and nurses can read them |
| Integrity | Data is accurate and has not been tampered with | Using checksums to verify that a downloaded file has not been altered |
| Availability | Systems and data are accessible when needed | Keeping a backup server running so that a website stays online during a hardware failure |
A successful cyber attack typically compromises one or more of these principles:
These three terms appear frequently in exam questions. Make sure you can define each one precisely.
Risk = Threat x Vulnerability x Impact
A system with many vulnerabilities and high-value data faces a greater risk than a system with few vulnerabilities and no sensitive data.
Understanding the different types of attacker — and their motivations — is a key part of the GCSE specification.
| Attacker Type | Motivation | Example |
|---|---|---|
| Black-hat hackers | Personal gain, financial theft, causing disruption | Stealing credit card details from an online retailer |
| White-hat hackers | Improving security (authorised, ethical) | A company hiring a penetration tester to find weaknesses |
| Grey-hat hackers | Finding vulnerabilities without permission but without malicious intent | Reporting a bug to a company after accessing their system without authorisation |
| Hacktivists | Political or social protest | The Anonymous group targeting websites to protest censorship |
| Nation states | Espionage, sabotage, political advantage | The Stuxnet worm targeting Iranian nuclear facilities |
| Script kiddies | Curiosity, showing off | A teenager using downloaded tools to disrupt a gaming server |
| Insiders | Revenge, financial gain, carelessness | An employee copying customer data to a USB drive before leaving |
| Organised crime | Large-scale financial gain | Criminal gangs running ransomware-as-a-service operations |
| Feature | Internal Threat | External Threat |
|---|---|---|
| Who | Employees, contractors, volunteers | Hackers, criminal groups, nation states |
| Access | Already have some authorised access | Must gain access first |
| Detection | Harder — actions may appear legitimate | Easier — may trigger security alerts |
| Examples | Accidental data leak, deliberate sabotage | Phishing attack, brute-force login attempt |
Internal threats are particularly dangerous because insiders already operate within the organisation's defences. A well-meaning employee who clicks a phishing link can cause just as much damage as a deliberate attacker.
Cyber security features in every major GCSE Computer Science specification (AQA, OCR, Edexcel). You are expected to:
The remaining lessons in this unit will cover each of these areas in detail, building on the foundations established here.
| Term | Definition |
|---|---|
| Cyber security | Protecting systems, networks and data from unauthorised access or damage |
| CIA triad | Confidentiality, Integrity, Availability — the three goals of security |
| Threat | Anything that could cause harm to a system |
| Vulnerability | A weakness that a threat could exploit |
| Risk | The likelihood and impact of a threat exploiting a vulnerability |
| Black-hat hacker | A malicious attacker who breaks into systems illegally |
| White-hat hacker | An ethical hacker who tests systems with permission |
| Hacktivist | An attacker motivated by political or social causes |
| Script kiddie | An unskilled person who uses existing tools to launch attacks |
| Insider threat | A threat from someone within the organisation |
This introductory lesson underpins every topic that follows on the AQA GCSE Computer Science specification. To build a strong mental map, it is worth surveying — in overview — the full range of threats, defensive measures and legal controls you will study in later lessons. The sections below summarise the landscape so you can place each new concept into context as you meet it.
The specification groups cyber threats into a small number of recurring categories. Examiners expect you to recognise each category, name at least two specific examples within it, and explain one realistic defensive countermeasure.
| Category | Specific examples you must know | Primary vulnerability exploited |
|---|---|---|
| Malicious code (malware) | Virus, worm, trojan, ransomware, spyware | Unpatched software, weak user habits |
| Social engineering | Phishing, pretexting, blagging, shouldering | Human trust, urgency, authority bias |
| Brute-force access | Password guessing, dictionary attacks | Weak, short or reused passwords |
| Denial of service | DoS, DDoS using a botnet | Finite server/network capacity |
| Data interception | Packet sniffing, rogue Wi-Fi hotspots | Unencrypted traffic on a network |
| SQL injection (concept) | Malicious input sent to a web form | Unvalidated input reaching the database layer |
Register note: throughout this course, attacks are examined analytically so that you can design defences. We do not supply operational instructions for performing attacks; our focus is recognition, explanation and prevention.
A virus requires a user to open an infected host file before its payload executes. A worm is self-propagating across networks and needs no user interaction. A trojan is disguised as legitimate software and typically installs a backdoor. Ransomware encrypts files and demands payment, often in cryptocurrency. Spyware (including keyloggers) silently exfiltrates keystrokes, credentials and personal data. Later lessons dissect each in detail; for now, note that each exploits a different vector — email attachment, drive-by download, infected USB, or an unpatched network service.
Social engineering targets people rather than code. Phishing uses fraudulent bulk messages; pretexting invents a plausible scenario (for example, an attacker pretending to be from IT support); blagging is the UK term for obtaining information under false pretences by exploiting trust; shouldering (shoulder surfing) is the direct observation of a victim entering a PIN or password. All four exploit cognitive shortcuts, not technical flaws, which is why security awareness training is so important.
A brute-force attack systematically tries every possible password until one works; attackers prefer dictionary attacks against predictable passwords. A denial-of-service attack overwhelms a server so legitimate users cannot connect; a distributed version (DDoS) uses a botnet. Data interception (often through an unencrypted public Wi-Fi hotspot) captures packets in transit; without encryption, credentials and personal data are exposed.
Every prevention measure on the AQA specification addresses one or more of the threats above. Learn them as a toolkit and be ready to match the right defence to a given scenario.
| Measure | What it does | Primary threats it mitigates |
|---|---|---|
| Strong passwords | Long, mixed-character secrets resist guessing | Brute force, dictionary attacks |
| Multi-factor authentication (MFA) | Requires a second factor (for example a TOTP code) | Phishing, credential theft |
| Firewalls | Filter packets by IP, port and protocol | Unauthorised access, worms |
| Anti-malware software | Detects malicious code by signature, heuristic and behaviour | Viruses, trojans, ransomware |
| Network policies | Rules governing acceptable use, passwords, and access | Insider misuse, human error |
| Encryption | Converts plaintext to ciphertext to preserve confidentiality | Data interception, theft of stored data |
| User-access controls | Principle of least privilege, permission sets | Insider threats, compromised accounts |
| Automatic software updates | Apply security patches promptly | Worms, ransomware, zero-day follow-ons |
| Backups | Clean offline copies of data | Ransomware, accidental loss |
| Penetration testing | Authorised simulated attacks by white-hat testers | Unknown vulnerabilities, misconfigurations |
A hash produced by a cryptographic function such as SHA-256 is not reversible; salting (adding a unique random value before hashing) defeats rainbow-table attacks on stored password hashes. You will revisit these in the Encryption and Authentication lessons.
The UK's Computer Misuse Act 1990 turns unauthorised computer activity into a criminal offence, irrespective of whether any data is damaged. The Act's core offences are:
Ethical (white-hat) security testing remains lawful only where written authorisation has been granted and a clear scope agreed. Without that authorisation, identical technical activity is a criminal offence.
Exam-style question: A small online retailer stores customer details in a database. Identify one cyber security threat the retailer faces and explain one measure they could take to reduce the risk. (4 marks)
Grades 3–4 response: The retailer could be hacked. They should use a password and install antivirus software so that the hackers cannot get in and steal the customer details.
Grades 5–6 response: One threat is a brute-force attack, where an attacker tries many passwords until they guess a correct one. The retailer should enforce strong passwords and an account lockout after a small number of failed attempts, so that an automated attack cannot succeed.
Grades 7–9 response: One significant threat is a brute-force attack against the administrator account, which represents a high-value vector because a successful compromise breaks all three elements of the CIA triad. The retailer should require a minimum 12-character password combined with multi-factor authentication (MFA), and store credentials as salted hashes rather than plaintext. Salting defeats precomputed rainbow tables, while MFA means that even if a payload captures a password through social engineering, the second factor blocks the login. Together these controls harden the system against credential-focused attackers without relying on a single point of failure.
AQA alignment: This content is aligned with AQA GCSE Computer Science (8525) specification — specifically section 3.6.3 Network security / 3.7 Cyber security (identifying/preventing cyber security threats, social engineering, malicious code, detection/prevention, Computer Misuse Act). Assessed on Paper 2.