You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Cyber security is one of the most important topics in modern computing. This lesson introduces the fundamental concepts you need for your GCSE Computer Science exam, covering what cyber security is, why it matters, and the key terminology you will encounter throughout this unit.
Cyber security is the practice of protecting computer systems, networks, programs and data from unauthorised access, damage, theft or disruption. It covers the technologies, policies and procedures that organisations and individuals use to keep digital information safe.
Every organisation that uses computers — from schools to hospitals, banks to governments — must think carefully about cyber security. A successful cyber attack can lead to:
Exam Tip: When asked to explain why cyber security is important, always provide at least two distinct consequences. The mark scheme rewards breadth — mention financial loss and reputational damage, for example, rather than giving two versions of the same point.
The CIA triad is the foundation of cyber security. It describes three goals that every security system tries to achieve:
| Principle | Meaning | Example |
|---|---|---|
| Confidentiality | Only authorised people can access the data | Encrypting patient records so only doctors and nurses can read them |
| Integrity | Data is accurate and has not been tampered with | Using checksums to verify that a downloaded file has not been altered |
| Availability | Systems and data are accessible when needed | Keeping a backup server running so that a website stays online during a hardware failure |
A successful cyber attack typically compromises one or more of these principles:
These three terms appear frequently in exam questions. Make sure you can define each one precisely.
Risk = Threat x Vulnerability x Impact
A system with many vulnerabilities and high-value data faces a greater risk than a system with few vulnerabilities and no sensitive data.
Understanding the different types of attacker — and their motivations — is a key part of the GCSE specification.
| Attacker Type | Motivation | Example |
|---|---|---|
| Black-hat hackers | Personal gain, financial theft, causing disruption | Stealing credit card details from an online retailer |
| White-hat hackers | Improving security (authorised, ethical) | A company hiring a penetration tester to find weaknesses |
| Grey-hat hackers | Finding vulnerabilities without permission but without malicious intent | Reporting a bug to a company after accessing their system without authorisation |
| Hacktivists | Political or social protest | The Anonymous group targeting websites to protest censorship |
| Nation states | Espionage, sabotage, political advantage | The Stuxnet worm targeting Iranian nuclear facilities |
| Script kiddies | Curiosity, showing off | A teenager using downloaded tools to disrupt a gaming server |
| Insiders | Revenge, financial gain, carelessness | An employee copying customer data to a USB drive before leaving |
| Organised crime | Large-scale financial gain | Criminal gangs running ransomware-as-a-service operations |
| Feature | Internal Threat | External Threat |
|---|---|---|
| Who | Employees, contractors, volunteers | Hackers, criminal groups, nation states |
| Access | Already have some authorised access | Must gain access first |
| Detection | Harder — actions may appear legitimate | Easier — may trigger security alerts |
| Examples | Accidental data leak, deliberate sabotage | Phishing attack, brute-force login attempt |
Internal threats are particularly dangerous because insiders already operate within the organisation's defences. A well-meaning employee who clicks a phishing link can cause just as much damage as a deliberate attacker.
Cyber security features in every major GCSE Computer Science specification (AQA, OCR, Edexcel). You are expected to:
The remaining lessons in this unit will cover each of these areas in detail, building on the foundations established here.
| Term | Definition |
|---|---|
| Cyber security | Protecting systems, networks and data from unauthorised access or damage |
| CIA triad | Confidentiality, Integrity, Availability — the three goals of security |
| Threat | Anything that could cause harm to a system |
| Vulnerability | A weakness that a threat could exploit |
| Risk | The likelihood and impact of a threat exploiting a vulnerability |
| Black-hat hacker | A malicious attacker who breaks into systems illegally |
| White-hat hacker | An ethical hacker who tests systems with permission |
| Hacktivist | An attacker motivated by political or social causes |
| Script kiddie | An unskilled person who uses existing tools to launch attacks |
| Insider threat | A threat from someone within the organisation |