Search CSNewbs

Learn about network forensics, penetration tests and methods of protection including anti-malware, firewalls, encryption and two-factor authentication. Based on the 2020 Eduqas (WJEC) GCSE specification. 3.9: Protection Against Threats Exam Board: Eduqas Specification: 2020 Network Forensics & Penetration Testing What is network forensics? Network forensics is the monitoring of a network to identify unauthorised intrusions . Network forensics is used to record and analyse attacks on a network and to gather other information about how the network is performing. It is important for organisations to identify weaknesses in their networks so that they can fix them and be prepared for any type of attack or malware. Footprinting - Footprinting is one method of evaluating a network’s security . This is when a security team puts itself in the attacker’s shoes by obtaining all publicly available information about the organisation and its network . Footprinting allows the company to discover how much detail a potential attacker could find out about a system. The company can then limit the technical information about its systems that is publicly available . Penetration Tests Penetration tests are carried out as part of ethical hacking. Ethical hacking is when an organisation gives permission to specific 'good ' hackers to try and attack a system so that the weak points can be highlighted and then fixed. The purpose of a penetration test is to review the system's security to find any risks or weaknesses and to fix them . There are four main types of penetration tests : Internal tests are to see how much damage could be done by somebody within the company with a registered account. External tests are for white hat hackers to try and infiltrate a system from outside the company . Blind tests are done with no inside information , to simulate what a real attacker would have to do to infiltrate the system. + Targeted tests are conducted by the company's IT department and the penetration team cooperating together to find faults in the system. Anti-Malware & Firewalls Anti-Malware Software Anti-malware software is used to locate and delete malware, like viruses, on a computer system. The software scans each file on the computer and compares it against a database of known malware . Files with similar features to malware in the database are identified and deleted . There are thousands of known malware, but new forms are created each day by attackers, so anti-malware software must be regularly updated to keep systems secure. Other roles of anti-malware software: Checking all incoming and outgoing emails and their attachments . Checking files as they are downloaded . Scanning the hard drive for viruses and deleting them . Firewall A firewall manages incoming and outgoing network traffic . Each data packet is processed to check whether it should be given access to the network by examining the source and destination address . Unexpected data packets will be filtered out and not accepted to the network. Other roles of a firewall include: Blocking access to insecure / malicious web sites . Blocking certain programs from accessing the internet . Blocking unexpected / unauthorised downloads . Preventing specific users on a network accessing certain files . Other Methods of Protection Double Authentication Also known as two-factor authentication (2FA ), this is a method of confirming someone's identity by requiring two forms of authorisation , such as a password and a pin code sent to a mobile. 4392 Secure Passwords Usernames must be matched with a secure password to minimise the chances of unauthorised users accessing a system. Passwords should contain a mix of uppercase and lowercase letters , punctuation and numbers . Passwords should be of a substantial length (at least 8 characters) and should be regularly changed . ******** User Access Levels Access levels are used to only allow certain users to access and edit particular files. ' Read-Only ' access is when a user can only view a file and is not allowed to change any data . For example, a teacher might set homework instructions as read-only for students to view. ' Read and Write ' access allows a user to read and edit the data in a file. For example, a teacher might set an online workbook as read and write access for students to fill in. It is important to set access levels so that only authorised users can view and change data. The more users who have access to a file, the more likely it is to be compromised. Certain users may also have no access to a file - when they can't view or edit it. Encryption Encryption is the process of scrambling data into an unreadable format so that attackers cannot understand it if intercepted during transmission. The original data (known as plaintext ) is converted to scrambled ciphertext using an encryption key . Only at the correct destination will the encryption key be used to convert the ciphertext back into plaintext to be understood by the receiving computer. A very simple method of encryption is to use the XOR logical operator . XOR is used on the plaintext and key together to create the ciphertext . Using XOR again on the ciphertext and key will reverse the encryption to reveal the plaintext . Encryption using XOR Plaintext = 00110100 Key = 10100110 XOR Ciphertext = 10010010 Decryption using XOR Ciphertext = 10010010 / Key = 10100110 XOR Plaintext = 00110100 Q uesto's Q uestions 3.9 - Protection Against Threats: 1a. What is network forensics ? Why is it important ? [ 3 ] 1b. Explain what is meant by footprinting and why companies do it . [ 2 ] 2. What is an ethical hacker ? [2 ] 3a. Describe the purpose of penetration tests . [2 ] 3b. Describe each type of penetration test . [ 8 ] 4. Describe the purpose of anti-malware software and its different roles . [ 4 ] 5. Describe the purpose of a firewall and its different roles . [ 4 ] 6a. Describe double authentication . [2 ] 6b. State three rules for choosing a strong password . [ 3 ] 7. Describe the three types of access level . [6 ] 8a. Describe the purpose of encryption . [ 2 ] 8b. Explain how encryption works, using the terms plaintext , key and ciphertext . [ 4 ] 3.8 - Cyber Threats Theory Topics 4.1 - Number Systems

Learn about the seven steps of the fetch-decode-execute cycle and important registers in the CPU. Based on the 2020 Eduqas (WJEC) GCSE specification. 1.2: The FDE Cycle Exam Board: Eduqas Specification: 2020 The Fetch - Decode - Execute (FDE) cycle is performed by the CPU millions of times every second. This cycle is how the CPU processes data and instructions for each program or service that requires its attention. Important Registers A register is a small storage space for temporary data in the CPU . Each register has a specific role . There are five essential registers used in the FDE cycle : Program Counter (PC) A register that tracks the RAM address of the next instruction to be fetched . Memory Address Register (MAR) A register that tracks the RAM address of the instruction that is to be fetched . Memory Data Register (MDR) The MDR stores the instruction that has been transferred from RAM to the CPU . Current Instruction Register (CIR) A register that stores the instruction that has been fetched from RAM , and is about to be decoded or executed . Accumulator (ACC) The ACC stores the result of mathematical or logical calculations . Fetch - Decode - Execute Cycle The essential idea of the FDE cycle is that instructions are fetched from RAM , to be decoded (understood) and executed (processed) by the CPU . 1. The Program Counter (PC ) register displays the address in RAM of the next instruction to be processed . This value is copied into the Memory Address Register (MAR ). 0054 2. The PC register is increased by 1 . This prepares the CPU for the next instruction to be fetched. 0055 3. The CPU checks the address in RAM which matches the address held in the MAR . 0054 4. The instruction in RAM is transferred to the Memory Data Register (MDR ). 5. The instruction in the MDR is copied into the Current Instruction Register (CIR ). MDR MDR CIR 6. The instruction in the CIR is decoded (understood) and executed (processed). Any result of an execution is stored in the Accumulator (ACC ) register. CIR ACC 7. The cycle repeats by returning to the first step and checking the program counter for the address of the next instruction . Q uesto's Q uestions 1.2 - The Fetch - Decode - Execute (FDE) Cycle: 1 . What is the purpose of the registers ? [1 ] 2 . Describe the purpose of each register : a. The Program Counter (PC) [ 1 ] b. The Memory Address Register (MAR) [ 1 ] c. The Memory Data Register (MDR) [ 1 ] d. The Current Instruction Register (CIR) [ 1 ] e. The Accumulator (ACC) [ 1 ] 3. Draw a diagram of the seven steps of the Fetch - Decode - Execute cycle . [7 ] 1.1 - The CPU 1.3 - Primary Storage Theory Topics

Learn about how to write algorithms, including pseudocode and the different flowchart symbols. Based on the 2020 Eduqas (WJEC) GCSE specification. 8.3: Writing Algorithms Exam Board: Eduqas Specification: 2020 Pseudocode Reminder Generally, pseudocode can be written in any way that is readable and clearly shows its purpose. However, the Eduqas exam board advises that pseudocode for the programming exam should follow the conventions below : Annotation { Write your comment in curly brackets} Define data type price is integer firstname is string Declare a variable's value set price = 100 set firstname = "Marcella" Input / output output "Please enter your first name" input firstname Selection (must have indentation) if firstname = "Steven" then output "Hello" + firstname elif firstname = "Steve" then output "Please use full name" else output "Who are you?" end if Iteration (while loop) while firstname ! = "Steven" output "Guess my name." input firstname repeat Iteration (for loop) for i in range 10 input item next i Define a subroutine Declare Sub1 [Subroutine content indented] End Sub1 Call a subroutine call Sub1 Writing Algorithms In an exam you may be asked to write an algorithm using pseudocode . Previous exams have offered up to 10 marks for a single algorithm . While this may seem daunting, it means you can still gain marks for an incomplete program , so don't leave it blank no matter what! You must decompose the problem and break it down into more manageable chunks . Here's an example question : “A teacher is marking tests. Write an algorithm that allows the teacher to input the number of tests to mark and then the mark of each test. Output the average mark, highest mark and lowest mark. The tests are marked out of 100.” This specific algorithm can be broken down into pre-code and three main parts : Part 0: Declare and assign variables. Part 1: Input the number of tests to mark. Part 2: Input the mark of each test. Part 3: Output the average, lowest and highest marks. Part 0: Variables Read the question carefully and work out the variables you will need in your algorithm. I have highlighted them in blue below: “A teacher is marking tests. Write an algorithm that allows the teacher to input the number of tests to mark and then the mark of each test . Output the average mark , highest mark and lowest mark . The tests are marked out of 100.” There is an additional variable to track as the average mark can only be worked out if we also know the total marks . number_of_tests is integer test_mark is integer average_mark is real highest_mark is integer lowest_mark is integer total is integer number_of_tests = 0 test_mark = 0 average_mark = 0 highest_mark = -1 lowest_mark = 101 total = 0 Before you write the actual program, you must declare the variables you will need and assign values to them. Firstly, declare the data type of each variable . A whole number is an integer and a decimal number is a real . The average must be a real data type because it is the result of division (total ÷ number_of_tests) and could be a decimal number . When assigning values, most numerical variables will be 0 . Most string values would be " " . However this question is a bit more complicated - the highest mark must start as a really low value and the lowest mark must start as a really high value . This is ensure the first mark entered becomes the highest and lowest mark - this will make sense later. Part 1: Input Number of Tests output “Enter the number of tests to mark: ” input number_of_tests After declaring and assigning your variables the next parts will depend on the algorithm you need to write. This example requires the user to input the number of tests . Part 2: Input Each Mark (Loop) for i = 1 to number_of_tests output “Enter the test mark: ” input test_ mark For part 2 we need the teacher to enter each test’s mark . This is best done as a loop as we do not know how many tests the teacher has to mark until they have typed it in (part 1). All code within the loop must be indented . if test_mark > highest_mark then highest_mark = test_mark endif if test_mark < lowest_mark then lowest_mark = test_mark endif We also need to work out what the highest and lowest marks are. This must be done within the loop as the test marks are entered. The test mark is compared to the current highest and lowest marks . If it is higher than the current highest mark it becomes the new highest mark . If it is lower than the current lowest mark it becomes the new lowest mark . This is why we set the highest_mark and lowest_mark to extreme values at the start - so the first mark entered becomes the new highest and lowest . total = total + test_mark next i The final steps of part 2 are to update the total marks and to close the loop . The total is increased by the test mark that has been entered. The ‘next i ’ command states that the current iteration has ended . The indentation has now stopped. Part 3: Outputs average_mark = total / number_of_tests output “The average mark is:” , average_mark output “The highest mark is:” , highest_mark output “The lowest mark is:” , lowest_mark Before the average can be output, it must be calculated by dividing the total by the number of tests . Then the average , highest and lowest marks can be output . Full Answer number_of_tests is integer test_mark is integer average_mark is real highest_mark is integer lowest_mark is integer total is integer number_of_tests = 0 test_mark = 0 average_mark = 0 highest_mark = -1 lowest_mark = 101 total = 0 output “Enter the number of tests to mark: ” input number_of_tests for i = 1 to number_of_tests output “Enter the test mark: ” input test_ mark if test_mark > highest_mark then highest_mark = test_mark endif if test_mark < lowest_mark then lowest_mark = test_mark endif total = total + test_mark next i average_mark = total / number_of_tests output “The average mark is:” , average_mark output “The highest mark is:” , highest_mark output “The lowest mark is:” , lowest_mark This example is slightly more complicated than some of the recent previous exam questions for writing algorithms. Remember to decompose the problem by identifying the variables you need first. Q uesto's Q uestions 8.3 - Writing Algorithms: 1. A violin player performs a piece of music 8 times . They record a score out of 5 how well they think they performed after each attempt. Write an algorithm using pseudocode that allows the violinist to enter the 8 scores and displays the highest score , lowest score and average score . An example score is 3.7. [10 ] 2. A cyclist wants a program to be made that allows them to enter how many laps of a circuit they have made and the time in seconds for each lap . For example they may enter 3 laps, with times of 20.3 , 23.4 and 19.8 seconds . The program should output the quickest lap time , slowest lap time , total amount of time spent cycling and the average lap time . Create an algorithm using pseudocode for this scenario. [10 ] 8.2 - Understanding Algorithms Theory Topics 8.4 - Sorting & Searching

Learn about the eight roles of an operating system including CPU management, security, managing interrupts and the user interface. Based on the 2020 Eduqas (WJEC) GCSE specification. 6.1: Operating Systems Exam Board: Eduqas Specification: 2020 What is an Operating System? An operating system (OS ) is software that helps to manage the resources of a computer system . There are eight main roles of an operating system: Manage the CPU A critical role of the OS is to manage the CPU so that applications and processes can be run efficiently . The CPU is effectively managed by performing three further roles: Manage Memory (RAM) The OS reserves memory space in RAM for stored programs to be copied into. The FDE cycle is executed continuously to carry out the instructions. The OS also ensures that programs are appropriately managed so that data is stored in correct memory locations and not corrupted . Manage Interrupts A interrupt is an alert signal sent to the CPU when an application or hardware device requires immediate attention . The OS must efficiently manage interrupts so that a problem can be dealt with quickly if one occurs. Manage Multi-Tasking The OS manages tasks so instructions can be executed by the CPU in turn - this is called scheduling . The OS prevents processes from interfering with others and crashing. Tasks should appear to run simultaneously even though only one process can be executed at a time. Manage Backing Store The backing store is another term for secondary storage devices such as the magnetic hard disk drive , optical drives or solid state memory sticks. The OS ensures data is stored correctly and can be efficiently retrieved from the backing store. Files are organised in a hierarchical (logical) structure . Manage Peripherals A peripheral is an external device connected to a computer system to input or output data . The OS manages the receiving of data from input devices (such as a keyboard or mouse) and the transfer of data to output devices (such as a monitor or speaker). Manage Security The OS allows users to create, manage and delete accounts with different permissions. It also permits multiple users to log in and change passwords . Antivirus and firewall software is managed by the OS as well as some data encryption processes. Manage the User Interface The final function of an operating system is to provide a user interface , allowing a human to interact with the computer system . The way in which a user can navigate a computer system is known as human-computer interaction ( HCI ). Graphical User Interface (GUI) The most common type of user interface is a graphical user interface (GUI ) which can be presented in the following ways: Icons are displayed to represent shortcuts to applications and files. Multiple windows can be opened at the same time and switched between. A folder and file system is displayed and manipulated allowing for copying , searching , sorting and deleting data. The interface can be customised , such as changing font sizes and the desktop background . The taskbar allows shortcuts to be pinned for quick access . Menus can be opened from the Start button to display files and shortcuts. System settings can be accessed such as network and hardware options . Q uesto's Q uestions 6.1 - Operating Systems: 1. Describe each role of the operating system : 1. Manage the CPU [ 2 ] 2. Manage memory [ 2 ] 3. Manage interrupts [ 2 ] 4. Manage multi-tasking [ 2 ] 5. Manage backing store [ 2 ] 6. Manage peripherals [ 2 ] 7. Manage security [ 2 ] 8. Manage the user interface [ 2 ] 2. Describe 5 different ways the operating system can provide a graphical user interface (GUI) . [5 ] 3. Describe two advantages and two disadvantages of using the following types of human-computer interaction (HCI) : a. Command-Line interface [ 4 ] b. Touch-Sensitive interface [ 4 ] c. Menu-Driven interface [ 4 ] d. Voice-Driven interface [ 4 ] Command-Line Interface Other types of user interface do exist, such as a command-line interface (CLI ). This type of interface is entirely text-based and requires users to interact with the system by typing commands . This is a complicated process and mistakes could easily accidentally delete data. There are many commands to learn so only experts who have been trained t o learn this interface will be able to efficiently make use of it. Menu-Driven Interface A menu-driven interface displays data in a series of linked menus . Examples include cash machines (ATMs) and old iPods . This type of interface is generally user friendly and easy to use as commands do not need to be memorised. However it can be annoying to find specific data through a large number of menus without a search feature. Touch-Sensitive Interface Another type of user interface is a touch-sensitive interface , used with smartphones and tablets . A human interacts with the device by pressing on a touchscreen , making it very intuitive and suitable for most users without training. Touch-sensitive interfaces may not work with dirty or wet fingers and it will take longer to write text compared to using a keyboard. Voice-Driven Interface A voice-driven interface can be controlled by speaking commands aloud to a listening device. Examples include Amazon's Alexa devices, Apple's Siri technology and Google Home . This interface is intuitive , can be used hands-free and helps to speed up processes . However commands may be misheard or limited in what can be performed. 5.1 - Data Structures Theory Topics 6.2 - Utility Software

Test your understanding of for loops and while loops in Python. Try practice tasks and learn through text and images. Perfect for students learning GCSE Computer Science in UK schools. top Python - Section 6 Practice Tasks Task One: Odd Numbers Use a for loop to print all odd numbers between 50 and 70 . You will need to use three values in the range brackets, including a step . Requirements for full marks: A comment at the start to explain what a for loop is. Use just two lines of code. Example solution: 51 53 55 57 59 61 63 65 67 69 Task Two: Fish Rhyme Use two separate for loops and some additional print lines to output this nursery rhyme: "1, 2, 3, 4, 5, Once I caught a fish alive, 6, 7, 8, 9, 10 then I let it go again" in the format shown . Requirements for full marks: Two for loops and two additional print lines (6 lines total). Example solution: 1 2 3 4 5 Once I caught a fish alive. 6 7 8 9 10 Then I let it go again. Task Three: Username & Password Create a program using a while loop that keeps asking a user to enter a username and a password until they are both correct . It may be easier to use a while True loop . You will need to use the and command in an if statement within the loop. Requirements for full marks: A comment at the start to explain what a while loop is. Example solution: Enter username: Ben43 Enter password: hamster Incorrect, please try again. Enter username: Ben44 Enter password: ben123 Incorrect, please try again. Enter username: Ben43 Enter password: ben123 Correct Correct login. Welcome Ben43 Task Four: Colour or Number Use a while True loop to let the user enter either A , B or C . A lets them guess a secret colour . B lets them guess a secret number . C breaks the loop , ending the program. Example solution: Enter A to guess a colour, B to guess a number, C to quit: A Guess the colour: green Incorrect! Enter A to guess a colour, B to guess a number, C to quit: A Guess the colour: pink Correct! Enter A to guess a colour, B to guess a number, C to quit: B Guess the number: 4 Incorrect! Enter A to guess a colour, B to guess a number, C to quit: C Quitting program... ⬅ 6b - W hile Loops 7a - Procedures ➡

Learn about two methods of representing negative numbers in binary - sign and magnitude and two's complement. Based on the 2020 Eduqas (WJEC) GCSE specification. 4.2: Signed Binary Exam Board: Eduqas Specification: 2020 What are Sign and Magnitude and Two's Complement? Sign and Magnitude and Two's Complement are both methods of writing positive and negative binary values . Sign and Magnitude is simpler but will cause incorrect answers if used in binary calculations . Two's Complement is more complex but will generate correct answers when used in binary calculations . Sign & Magnitude The most significant bit (MSB ) is the largest bit of a binary number - the one furthest to the left . The MSB is the sign - it represents whether the binary value is positive or negative . If the sign is 0 then the binary number is positive . If the sign is 1 then the binary number is negative . The other bits represent the magnitude - the value of the binary number. For an 8-bit binary number , the range is -127 to 127 , because only 7 bits are used to define the magnitude. Sign & Magnitude: Problems Sign and magnitude is not commonly used by computers for two main reasons: Performing binary addition and subtraction (see section 4.3 ) will often cause a wrong result . In the example below, -7 + 3 should equal -4 but the result given is 2. + Sign and magnitude creates two different values for 0 - positive 0 and negative 0 which is incorrect. Two's Complement Two's complement is a method of representing positive and negative binary values. It is used often by computers because binary calculations will work correctly and there is only one value for zero. Two's Complement: Denary to Binary To represent a negative value using two's complement follow these steps: Write out the positive value in binary . Start on the right-hand side and move along, copy all 0s until you get to the first 1 . The first 1 is copied too. After the first 1 invert each value (change to its opposite ). So 0 becomes 1 and 1 becomes 0 . 1. 2. 3. Two's Complement: Binary to Denary To convert a binary number to denary using two's complement you must remember that the MSB is a negative value . Just add the numbers with 1 together to work out the denary value . Q uesto's Q uestions 4.2 - Signed Binary: Sign & Magnitude 1. Using sign and magnitude , convert the following values to denary : a. 00011101 b. 11100011 c. 10110110 d. 01001111 [1 each ] 2. Using sign and magnitude , convert the following values to binary : a. 83 b. -13 c. -102 d. -24 [1 each ] 3. Describe two problems when using sign and magnitude . [ 4 ] 4. Using sign and magnitude , the range of numbers that can be represented in 6 bits is from - 31 to + 31 . State the range of numbers that can be represented using sign and magnitude in the following bits: a. 8 bits b. 4 bits [1 each ] Two's Complement 1. Using two's complement , convert the following values to binary : a. -20 b. -49 c. -87 d. -113 [2 each ] 2. Using two's complement , convert the following values to denary : a. 10110010 b. 11101110 c. 01101011 d. 10011111 [2 each ] Watch the video to learn how sign and magnitude is used to represent negative numbers in binary . Watch the video to learn how two's complement is used to represent negative numbers in binary . Watch on YouTube Watch on YouTube 4.1 - Number Systems Theory Topics 4.3 - Binary Calculations

Learn how to create your own web page in HTML. The guide features 10 easy to follow steps from setting up the basic tags to adding images, videos and more pages. When you see the checklist icon, complete the task in order to make your own HTML web page. HTML Guide 1. Setting up the web page 2. Essential tags 3. Text tags 4. Hyperlinks 5. Images 6. Organisation tags 7. Head tags 8. Videos 9. Colours & Fonts 10. More pages Watch on YouTube: These steps will show you how to make a HTML fanpage so get thinking of an appropriate topic - maybe your favourite book, movie or sports team? Download Notepad++ at home

Learn about the risks of storing and processing data, including accidental deletion and hacking. Based on the 2016 OCR Cambridge Technicals Level 3 IT specification for Unit 2 (Global Information). 6.2 - Risks Exam Board: OCR Specification: 2016 - Unit 2 Unauthorised Access to Data As part of the security principle of confidentiality , data should only be viewed by individuals with the authorisation to do so. There are two main reasons why data may be viewed by someone who shouldn't - espionage and poor information management . Espionage is the act of collecting data so that it can be used against an organisation - such as a competitor acquiring information about their rival's product before it is launched publicly. If a company has poor information management strategies in place and data is insecurely stored or too many people have access to sensitive information then it is more likely to be viewed by unauthorised persons. Not only would competitors benefit from unauthorised access, but the Data Protection Act (2018 ) would also be broken if personal data was accessed . Accidental Loss of Data Data loss refers to information being irretrievably lost - not just a copy of the file but the original version too so it cannot be accessed in any format . One reason for accidental data loss is equipment failure or a technical error that leads to data corruption , such as a database crash or hard drive failure. Human error is another reason for accidental data loss as an employee might accidentally delete a file or discard an important paper document without realising. If data is accidentally lost then it could mean that hours of data entry and collection will have been for nothing and might delay dependent processes such as analysis and trend recognition. Also, if it was personal data that was lost then the security principle of availability has been broken and the Data Protection Act ( 2018 ) has been breached . Intentional Destruction of Data This is the act of purposely damaging an organisation by deleting or denying access to data . Examples include viruses that corrupt data so that it can no longer be used and targeted malicious attacks such as DDOS (distributed denial of service) attacks or ransomware . Ransomware encrypts files so that they can only be accessed again when certain criteria have been met, usually the affected group having to pay an extortionate fee . When data is intentionally deleted the organisation in question can respond by replacing the data and any infected computer systems / devices or by ignoring the loss and not making the breach public - but having to re-collect / re-analyse the data. Data destruction will usually lead to a loss of reputation as customers won't want to have their information stored in a system they see as unreliable and insufficiently protected . This loss of reputation could lead to customer loss and a decrease in profits . If the loss is ignored and unreported then it could result in a huge loss of trust when it is eventually revealed - like Yahoo who only confirmed a massive data breach that happened in 2013, two years later in 2016. This breach affected all 3,000,000,000 Yahoo accounts and is the largest data breach in the history of the internet. Intentional Tampering with Data This is when data is changed and no longer accurate . This could occur through fraudulent activity such as hacking to change information displayed on a webpage. An example is if a student or a teacher changed exam answers for a better grade. A business example is if a company tampered with financial data to display larger profits and smaller losses than real figures, to boost investment or please stakeholders. If data tampering is found out then it can result in a loss of reputation as that organisation cannot be trusted to report data accurately . If personal data has been altered then the security principle of integrity will have been broken as the data is no longer accurate . Data security methods and protection systems will also need to be reviewed if data has been tampered with, especially if it was an external individual that accessed and changed the data. Employees that tamper with data will be fired and may face legal action . Q uesto's Q uestions 6.2 - Risks: 1. Describe two effects on an organisation for each of the four identified risks . [8 ] 2. Research at least one real-life example for each risk above and describe the consequences of that example, such as the Yahoo data breach. [12 ] 6.1 - Security Principles Topic List 6.3 - Impacts

A list of programming topics including HTML, Greenfoot, Python. All Programming Topics Python HTML Greenfoot Assembly Language App Inventor 2

This page contains topics from the 2016 Eduqas / WJEC that are not included in the 2020 Eduqas / WJEC specification. Topics from the 2016 Eduqas Specification This page contains information from the 2016 Eduqas specification that was removed for the 2020 specification. Quick Links: Buses & Instruction Sets (RISC & CISC) Protocols (IMAP & POP3) Network Devices (Gateway) Human-Computer Interaction (Command-Line Interface, Touch-Sensitive Interface, Menu-Driven Interface, Voice-Driven Interface) Cyber Attacks (Dictionary Attack, Buffer Overflow, Human Weakness) Software Protection (Secure by Design, Too Many Permissions, Scripting Restrictions, Validation with Parameters) Data Policies (Acceptable Use Policy, Disaster Recovery, Cookies) Environmental Issues (Tips to Reduce Waste, Positive Impacts of Technology) Object Oriented Programming (Greenfoot and Java) Programming Topics (Assembly Language, HTML, Greenfoot) Buses Buses & Instruction Sets Buses Data is transferred within a computer system along pathways called buses . There are three types of bus: Address Bus Data Bus Control Bus Sends a memory address of where data is stored. The address is sent from the CPU to RAM in the FDE cycle. Transfers data between components. Data is sent both ways . Sends control signals from the control unit to other components of the system. Status signals are sent back to the CPU. An instruction set is a list of all the instructions that a CPU can process as part of the FDE cycle . CPUs can have different sets of instructions that they can perform based on their function. The two most common instruction sets are the simpler RISC (Reduced Instruction Set Computer ) and more complicated CISC (Complex Instruction Set Computer ). Instruction Sets Reduced Instruction Set Computer (RISC) Complex Instruction Set Computer (CISC) Complexity RISC has fewer instructions than CISC and is therefore slower for carrying out complex commands but quick for basic tasks . CISC has more complex instructions available and can therefore perform complicated tasks . Cost RISC is generally cheaper to mass produce because less circuitry is required for the smaller instruction set. CISC CPUs are generally more expensive because they require more circuitry to operate. Power RISC CPUs are designed to use less power and run without dedicated cooling systems (like fans) so that they can be used in devices like smartphones . Because CISC CPUs require more circuitry this means that they generate more heat and may require a fan . CISC CPUs therefore are commonly used in desktop computers . Clock Speed RISC CPUs run at lower clock speeds than CISC CPUs. They can perform simpler tasks more quickly than CISC, but are generally not used to carry out complex instructions . CISC CPUs run at higher clock speeds than RISC CPUs. They can perform complex tasks more quickly than RISC. Protocols Protocols POP3 ( Post Office Protocol 3 ) and IMAP (Internet Message Access Protocol ) are both protocols for receiving and storing emails from a mail server. Gateway Network Devices Gateway A gateway joins together two networks that use different base protocols . For example, a gateway could link together a LAN to a WAN . HCI Human - Computer Interaction Command-Line Interface Touch-Sensitive Interface Other types of user interface do exist, such as a command-line interface (CLI ). This type of interface is entirely text-based and requires users to interact with the system by typing commands . This is a complicated process and mistakes could easily accidentally delete data. There are many commands to learn so only experts who have been trained t o learn this interface will be able to efficiently make use of it. Another type of user interface is a touch-sensitive interface , used with smartphones and tablets . A human interacts with the device by pressing on a touchscreen , making it very intuitive and suitable for most users without training. Touch-sensitive interfaces may not work with dirty or wet fingers and it will take longer to write text compared to using a keyboard. Menu-Driven Interface A menu-driven interface displays data in a series of linked menus . Examples include cash machines (ATMs) and old iPods . This type of interface is generally user friendly and easy to use as commands do not need to be memorised. However it can be annoying to find specific data through a large number of menus without a search feature. Voice-Driven Interface A voice-driven interface can be controlled by speaking commands aloud to a listening device. Examples include Amazon's Alexa devices, Apple's Siri technology and Google Home . This interface is intuitive , can be used hands-free and helps to speed up processes . However commands may be misheard or limited in what can be performed. Cyber Attacks Cyber Attacks Dictionary Password Attack This uses a file containing every word in the dictionary and cycles through them all. This method is relatively easy to program but will only break the simplest passwords . Buffer Overflow Attack A buffer is a temporary storage location . A buffer overflow attack causes a program to try to store more data in a buffer than it can hold which can lead to adjacent memory locations being overwritten . An attacker can use the buffer overflow to insert malicious code to change data or steal confidential data . Human Weakness The biggest weakness in online security is often not the systems in place but carelessness or mistakes made by humans . Social engineering means to trick others into revealing their personal data by posing as a trusted source . For example, impersonating an IT technician via email and asking to send a username and password. Humans can accidentally compromise data by downloading malicious files or being unsafe online, like using the same password for multiple different accounts. Attackers can access unauthorised information in person by shoulder surfing and watching them as they enter sensitive data such as a PIN or password. Software Protection Software Protection The following methods of protection are considered in the design, testing and creation stages of developing software . Secure by Design This method puts security as the most important concept when creating and designing software . By focusing on security when designing software there should be less need for later updates and patches and attacks are less likely to succeed . Too Many Permissions Apps require permission to use device features (such as the camera or microphone of a smartphone) when they are downloaded. Programmers should only request permission for features that the software requires . Some malicious apps steal data or spy on users - and the worst part is that you've given permission for it to do it! Users can avoid suspicious apps by reading reviews, checking there are no unnecessary permission requests , only downloading the software you need / will use and uninstall apps if permissions change . Scripting Restrictions A script is a set of instructions executed on a website. For example, Facebook uses a JavaScript script to post a status and another to read your private messages. The Same Origin Policy (SOP) is a security precaution that prevents websites from using scripts on other sites that you have open . For example, if you are using JavaScript to post a status on Facebook then visit an infected site, that site can't also use JavaScript to access your Facebook data, because even though they both use JavaScript, they are from a different origin . Without SOP an infected website could access personal data or infect a computer with malware by maliciously using the same scripts as other websites you have used . Programmers should set scripting restrictions when creating websites. Validation with Parameters A parameter is a measure that is used when validating data , it is usually a range or limit. For example, the parameters of a length check may be whether the data is between 1 and 10 characters . Programmers must ensure validation is used on websites with suitable parameters to prevent attacks such as an SQL injection. Data Policies Data Policies Data policies are written documents that clearly define how data should be managed in an organisation. It is important that all employees stick to these policies and requirements so that data is kept safe and can be replaced if lost or corrupted. The following methods are examples of common data policies. Acceptable Use Policy (AUP) Workplaces and schools often require people to sign an acceptable use policy (AUP) before being allowed to use the network. It is a list of rules and expected behaviour that users must follow when using the computer systems. Typical rules include: Which websites are off-limits (such as social media or gambling sites), Download permissions (such as who can download and install software) Email communication (such as appropriate language). Punishments if rules of the AUP are broken. The AUP is sometimes known as a Code of Conduct . This is an example of a formal code of practice , with written rules and clear expectations . An informal code of practice would not be officially written down , such as personal habits and preferences (e.g. email layout or desk organisation). Disaster Recovery With important data often stored on a computer network, it is absolutely vital that a detailed and effective disaster recovery policy is in place in the event of data being lost due to an unexpected disaster. Disasters include natural disasters (e.g. fire, flood, lightning), hardware failure (e.g. power supply unit failing), software failure (e.g. virus damage) and malicious damage (e.g. hacking). There are three clear parts to a disaster recovery policy: Before the disaster: All of the possible risks should be analysed to spot if there are any weaknesses in preparation. Preventative measures should be taken after the analysis, such as making rooms flood-proof or storing important data at a different location . Staff training should take place to inform employees what should happen in the event of a disaster. During the disaster: The staff response is very important – employees should follow their training and ensure that data is protected and appropriate measures are put in place. Contingency plans should be implemented while the disaster is taking place, such as uploading recent data to cloud storage or securing backups in a safe room and using alternative equipment until the disaster is over. After the disaster: Recovery measures should be followed, such as using backups to repopulate computer systems. Replacement hardware needs to be purchased for equipment that is corrupted or destroyed. Software needs to be reinstalled on the new hardware. Disaster recovery policies should also be updated and improved . Cookies A cookie is a small piece of data that is stored by websites when you visit them. They allow the website to identify the user and are often used to speed up processes , such as: Automatic login (by saving account details) Save items into a basket (such as pizza delivery sites) Display adverts related to your previous search terms . Although they can be used to save time, some argue that cookies can be intrusive and store too much information. Environmental Issues Environmental Issues Tips to Reduce Waste Turn off computers , monitors and other connected devices when not in use . Adjust power options to help minimise power consumption. Devices with the Energy Star sticker use between 30% and 70% less electricity than usual. Repair older devices rather than throwing them away. Ink jet printers use up to 95% less energy than laser jets. Think twice about printing paper, don't waste ink and remember to recycle paper . Positive Environmental Impacts Communication advancements (such as video messengers) reduces pollution as people do not have to travel to speak to each other. This is especially beneficial in business - workers can talk from the office and do not need to catch a plane to speak. Smart devices can monitor usage and reduce energy waste - such as smart air conditioners and home security systems. Collaboration software (such as cloud-based technology and Google Docs) allows experts to work together and share data. The internet and research databases allows scientists to study the environment more efficiently. Documents can be viewed on a screen rather than printed out - books and newspaper articles can be read on kindles / tablets saving paper and ink . New materials and more environmentally-friendly processes have been developed thanks to increased technology and research. Object Oriented Programming Object-Oriented Programming (OOP) Java is an example of object-oriented programming (OOP) where a programmer is able to code objects that can be visually placed onto a background. Greenfoot is an IDE for Java . Superclass A class from which other 'subclasses' will inherit characteristics ; e.g. hippos, crocodiles and polar bears will inherit properties from the Animals superclass. Object A single object from a class ; e.g. one crocodile object from the Crocodile class. Class A set of objects which share the same properties ; e.g. all PolarBears will behave in a similar way. Comment Two / symbols will allow you to write a comment to explain the code . Method A series of instructions that an object will follow . The act() method will loop in Greenfoot when the play button is pressed. Programming Programming Topics Variable Scope & Lifetime The scope of a variable refers to the parts of the program where the variable can be viewed and used , e.g. a variable with global scope can be accessed anywhere in the program . The lifetime of a variable is the amount of time the variable is stored in memory and therefore can be used , e.g. local variables can only be accessed throughout the subroutine they are created in. Programming Languages: Assembly Language HTML Greenfoot Theory Topics

Learn about sorting algorithms - merge and bubble sort - and searching algorithms - linear and bubble search. Based on the 2020 Eduqas (WJEC) GCSE specification. 8.4: Sorting & Searching Algorithms Exam Board: Eduqas Specification: 2020 Merge Sort Merge sort is a sorting algorithm based on the idea of ‘divide and conquer ’. A merge sort divides a list into half , again and again until each data item is separate . Then the items are combined in the same way as they were divided , but now in the correct order . When the individual lists are all merged together as one list again, then the data is in order and the algorithm will end . Bubble Sort This algorithm is based on the comparison of adjacent data elements . Data elements are swapped if they are not in the correct order . A bubble sort is not suitable for large sets of data. Linear Search A linear search is the most simple search algorithm. Each data item is searched in order from the first value to the last as if they were all laid out in a line . The list does not have to be in any order before it is searched . This search is also known as a sequential search because the list is searched in a sequence from start to end. For large lists , this search is not very efficient . Binary Search A binary search is a much more efficient searching algorithm as it generally searches through fewer data and is often much quicker - especially for large data sets. In a binary search, the middle point of the data is selected with each iteration and many data items can be ignored. However, the list of data must already be sorted in order before a binary search can take place. Q uesto's Q uestions 8.3 - Searching & Sorting Algorithms: Linear Search Explain step-by-step how the number 8 would be found in the following list using a linear search : 12, 5, 3, 2, 8, 19, 14, 6 [4 ] Binary Search Explain step-by-step how the number 2 would be found in the following list using a binary search : 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 [6 ] Merge Sort Explain step-by-step how a merge sort would sort the following list of numbers: 4, 8, 5, 1, 3, 6, 7, 2 [6 ] Bubble Sort Explain step-by-step how a bubble sort would sort the following list of numbers: 3, 2, 6, 4, 1, 4 [6 ] Watch on YouTube Watch on YouTube Watch on YouTube Watch on YouTube 8.3 - Writing Algorithms Theory Topics 8.5 - Validation & Verification

Learn how pseudocode and flowcharts are written as part of algorithms. This content is based on the 2016 Eduqas / WJEC GCSE Computer Science specification. Algorithms Pseudocode Pseudocode Pseudocode is not a specific programming language but a more general method of describing instructions . It should be unambiguous, and it should not resemble any particular kind of programming language (e.g. Python or Java), so it can theoretically be turned into real code in any language. Generally, pseudocode can be written in any way that is readable and clearly shows its purpose. However, the Eduqas exam board advises that pseudocode for the programming exam should follow the conventions below : Annotation { Write your comment in curly brackets} Define data type price is integer firstname is string Declare a variable's value set price = 100 set firstname = "Marcella" Input / output output "Please enter your first name" input firstname Selection (must have indentation) if firstname = "Steven" then output "Hello" + firstname elif firstname = "Steve" then output "Please use full name" else output "Who are you?" end if Iteration (while loop) while firstname ! = "Steven" output "Guess my name." input firstname repeat Iteration (for loop) for i in range 10 input item next i Define a subroutine Declare Sub1 [Subroutine content indented] End Sub1 Call a subroutine call Sub1 Flowcharts flowchart A flowchart can be used to visually represent an algorithm. The flowchart symbols are: Algorithm Example example Pseudocode {This is a program to see how many items you can buy in a supermarket before you spend over £100} total is integer, itemsentered is integer, itemprice is integer set total = 0 set itemsentered = 0 while total < 100 output "enter the price of the next item" input itemprice total = total + itemprice itemsentered = itemsentered + 1 repeat if itemsentered >= 20 then output "You are on your way to saving money." elif itemsentered => 30 then output "You're a real money saver." else output "Look for better deals next time." end if Stop Flowchart