What is the fundamental difference between Data Security and Data Integrity?

Data Security focuses on preventing unauthorized access or theft of data. Data Integrity focuses on ensuring that the data remains accurate, complete, and unaltered during its storage or transfer.

How does Symmetric Encryption differ from Asymmetric Encryption regarding key management?

Symmetric encryption uses a single secret key that must be shared between parties, creating a distribution risk. Asymmetric encryption uses a public key for encryption and a private key for decryption, meaning the secret key never needs to be shared.

What is the difference between a Hardware Firewall and a Software Firewall?

A hardware firewall is a physical device that protects an entire network by filtering traffic at the entry point. A software firewall is a program installed on a specific computer that monitors traffic for that individual device.

Why is it a mistake to assume that Anti-virus software provides complete protection against hackers?

Anti-virus software primarily detects and removes malicious files (malware) based on known signatures. It does not necessarily block active network intrusions or social engineering attacks, which require firewalls and user education.

What is the common misconception regarding Encryption and data loss?

Many believe encryption prevents data from being deleted or corrupted. In reality, encryption only protects the confidentiality of data; it does not stop a hacker from deleting the encrypted files or hardware failure from destroying them.

What error occurs when a user relies solely on a single authentication factor like a password?

Relying on one factor creates a single point of failure; if the password is stolen via phishing or a data breach, the account is fully compromised. Multi-factor authentication (e.g., adding biometrics) ensures security even if one factor is known.

What are Biometrics in the context of system security?

Biometrics are automated methods of recognizing a person based on unique physiological characteristics. Examples include fingerprints, facial recognition, and retina scans, which are used to provide highly secure authentication.

Define a Digital Signature and its two primary functions.

A digital signature is a mathematical technique used to validate the authenticity and integrity of a message. Its two functions are to prove the identity of the sender and to ensure the content has not been changed since it was signed.

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It establishes a barrier between a trusted network and an untrusted network.

What is the purpose of Anti-spyware software?

Anti-spyware is designed to detect and remove programs that secretly record a user's activities, such as keystrokes or browsing habits. It prevents sensitive information like passwords from being sent to third parties without the user's knowledge.

Security measures | Cambridge International Examinations AS-Level Computer Science

Revision Notes

AS-Level

Cambridge International Examinations

Computer Science

6. Security, Privacy & Data Integrity

Security measures

Summary

Security measures encompass a multi-layered approach to protecting data through authentication, network defenses, and software-level safeguards. By distinguishing between security, privacy, and integrity, organizations can implement specific technical controls like encryption, firewalls, and access rights to mitigate risks from unauthorized access and malicious software.

1. Definition & Core Concepts

Data Security: This refers to the collective set of processes and technologies used to protect data from unauthorized access, theft, or malicious attacks. It focuses primarily on preventing breaches and ensuring that only legitimate users can interact with the system.
Data Privacy: Privacy is centered on the legal and ethical rights of the user regarding how their personal information is collected, stored, and shared. It requires that data usage is transparent, fair, and performed only with the explicit consent of the individual.
Data Integrity: This concept ensures that data remains accurate, complete, and consistent throughout its entire lifecycle. Measures for integrity are designed to detect and prevent unauthorized or accidental modifications during storage or transmission.

2. Authentication & Access Control

User Accounts and Passwords: These serve as the primary gateway for system access, ensuring that resources are restricted to authorized individuals. Passwords should be stored as encrypted or hashed values in databases so that even if the database is compromised, the actual plain-text passwords remain hidden.
Biometrics: This authentication method uses unique physical characteristics, such as fingerprints, iris patterns, or voice recognition, to verify identity. Because these traits are difficult to replicate or steal, biometrics provide a significantly higher level of security than traditional knowledge-based systems.
Digital Signatures: A digital signature acts as an electronic 'stamp' that verifies the identity of the sender and ensures the document has not been altered. It provides both authentication (proving who sent it) and integrity (proving it is unchanged).
Access Rights: These are permissions assigned to users based on their specific roles or security clearances within an organization. Common levels include 'Full Access' for administrators, 'Read-only' for general viewing, and 'No Access' for restricted sensitive files.

3. Network & Software Defenses

A diagram showing a firewall acting as a barrier between the internet and an internal network, filtering traffic.

4. Encryption Methodologies

5. Key Distinctions

6. Exam Strategy & Tips