Level 2 Cambridge Technical in IT

Similar documents
Unit 2 Essentials of cyber security

Unit 3 Cyber security

A practical guide to IT security

Cambridge Technicals , Mark Scheme for January 2017

Cambridge Technicals , Mark Scheme for January 2018

Cambridge Technicals IT. Mark Scheme for June Unit 2: Global Information. Level 3 Cambridge Technical in IT

Your security on click Jobs

Cambridge Technicals IT. Mark Scheme for January Unit 2: Global information

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

NEN The Education Network


PS 176 Removable Media Policy

Digital Health Cyber Security Centre

The Learner can: 1.1 Describe the common types of security breach that can affect the organisation, such as:

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.

Quick recap on ing Security Recap on where to find things on Belvidere website & a look at the Belvidere Facebook page

ECDL / ICDL IT Security. Syllabus Version 2.0

FAQ. Usually appear to be sent from official address

PUPIL ICT ACCEPTABLE USE POLICY

Mark Scheme (Final) Summer BTEC Level 1/Level 2 First in Information and Creative Technology. UNIT 1: The Online World 20560_E08

Review Kaspersky Internet Security - multi-device 2015 online software downloader ]

CERTIFIED SECURE COMPUTER USER COURSE OUTLINE

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

Identity Theft Prevention Policy

Nine Steps to Smart Security for Small Businesses

Course Outline (version 2)

Quick Heal Total Security Multi-Device (Mac) Simple, fast and seamless protection for Mac.

Best Practices Guide to Electronic Banking

Personal Cybersecurity

What is Zemana AntiLogger?

SECURE USE OF IT Syllabus Version 2.0

CLICK TO EDIT MASTER TITLE STYLE Fraud Overview and Mitigation Strategies

How Cyber-Criminals Steal and Profit from your Data

Data Communication. Chapter # 5: Networking Threats. By: William Stalling

Discount Kaspersky PURE 3.0 internet download software for windows 8 ]

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Getting over Ransomware - Plan your Strategy for more Advanced Threats

Cybersecurity The Evolving Landscape

Thursday 12 January 2017 Afternoon Time allowed: 1 hour

Cyber security tips and self-assessment for business

BCS Level 4 Certificate in Cyber Security Introduction QAN 603/0830/8

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

The Cyber War on Small Business

Octopus Online Service Safety Guide

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Date Approved: Board of Directors on 7 July 2016

Service Provider View of Cyber Security. July 2017

KSI/KAI Cyber Security Policy / Procedures For Registered Reps

Security Principles for Stratos. Part no. 667/UE/31701/004

Levels 1 and 2 Award INFORMATION TECHNOLOGY

Internet of Things Toolkit for Small and Medium Businesses

Web Cash Fraud Prevention Best Practices

Achieving PCI Compliance: Long and Short Term Strategies

Cybersecurity For The Small Business & Home User ( Geared toward Windows, but relevant to Apple )

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

Quick Heal Mobile Security. Anti-Theft Security. Real-Time Protection. Safe Online Banking & Shopping.

Discussion Ppt To work on completing questions you need your book and exercise copies

Employee Security Awareness Training

STUDENT ACCEPTABLE USE OF IT SYSTEMS POLICY

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

BEST PRACTICES FOR PERSONAL Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Mobile Working Policy

Quick Heal Total Security for Android. Anti-Theft Security. Web Security. Backup. Real-Time Protection. Safe Online Banking & Shopping.

Kaspersky Small Office Security 5. Product presentation

Quick Heal Mobile Security. Free protection for your Android phone against virus attacks, unwanted calls, and theft.

STUDENT ICT ACCEPTABLE USE POLICY

Merchant Guide to PCI DSS

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Quick Heal Total Security for Mac. Simple, fast and seamless protection for Mac.

716 West Ave Austin, TX USA

Mark Scheme (Results) Summer 2010

Regulation P & GLBA Training

Online Security and Safety Protect Your Computer - and Yourself!

Cyber Essentials Questionnaire Guidance

Treasury Services Group Number Treasury Management Officer

Project 2020: Preparing Your Organization for Future Threats Today

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Train employees to avoid inadvertent cyber security breaches

Checklist: Credit Union Information Security and Privacy Policies

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

Cyber Security Basics. Presented by Darrel Karbginsky

Information Security Controls Policy

REPORTING INFORMATION SECURITY INCIDENTS

Online Threats. This include human using them!

WHAT IS CORPORATE ACCOUNT TAKEOVER? HOW DOES IT HAPPEN?

Built without compromise for users who want it all

General Data Protection Regulation policy (exams) 2017/18

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

Cyber Criminal Methods & Prevention Techniques. By

Altius IT Policy Collection

Evolution of Spear Phishing. White Paper

PRACTICING SAFE COMPUTING AT HOME

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Breach Notification Form

PCI Compliance: It's Required, and It's Good for Your Business

Transcription:

Level 2 Cambridge Technical in IT Unit 2: Essentials of cyber security Sample assessment material Time: 1 hour This test is a computer based test and will be completed using Surpass on OCR Secure Assess portal. This sample assessment material illustrates the styles and types of questions that make up this test, along with its associated mark scheme. A practice test will be available on the OCR Secure Assess portal. There will not be a paper test available for this qualification. INFORMATION FOR CANDIDATES The total mark for this paper is 45. The marks for each question are shown in brackets [ ].

Answer all the questions. 1a. Identify one possible target of a cyber security attack. [1] 1b. Identify two purposes of cyber security. 1. 2. [2] 1c. Some of the data stored in an accounts spreadsheet has been deliberately changed. Identify the type of cyber security incident that has occurred. [1] 1d. Many organisations use the cloud to store files and folders. Identify one reason why files and folders stored in the cloud should be kept secure.... [1]

2a A delivery company holds details of its customers in a database. The company has recently been the target of a cyber-attack on its customer database. During the attack, some of the data held in the customer database was deliberately removed. Identify the type of cyber-attack that occurred. [1] 2b. Describe two impacts of this cyber-attack on the delivery company. 1.. 2. [4] 2c. In a further attack, some of the customers of the delivery company have been sent an email asking them to click a link to view delivery details of an order. (i) Which type of cyber attacker would use this method? [1] (ii) Identify and describe the type of threat that has occurred during this cyber-attack...... [3] 2d. Legislation could be used to prosecute these cyber attackers. Identify one act of legislation that could be used to prosecute these cyber attackers. [1] 2e. Following the cyber-attacks, it has been recommended that the delivery company review its organisational policy on access management.

Describe two ways in which access management could be used to increase the safety of data held in the customer database. 1.... 2....... [4]

3a Progress Pets is an online shop that is run from the owner s home. The broadband connection is provided wirelessly through a router. The router provides the broadband access for the family and does not require a password to join. Orders from the online shop are placed via email with the order form as an attachment. The order form includes the customer contact and payment details as well as details of the goods they wish to order.. The website could be used as a platform by cyber attackers. Describe the following types of cyber attacker and for each provide an example of how they could exploit the website. Phisher... Example. Scammer....... Example. [6] 3b. Data theft is one type of cyber security incident that might affect Progress Pets Identify two other types of cyber security incidents that might affect it. 1. 2... [2] 4a(i). To increase the level of cyber security and reduce vulnerabilities, different measures can be taken by Progress Pets. Identify one possible vulnerability of the Progress Pets website.... [1]

4a(ii). Describe how using a password to access the wireless router will increase the level of cyber security for Progress Pets...... [2] 4b(i). Identify two other logical protection measures which could be implemented and explain how these could be used by the owner of Progress Pets. 1. 2... [4] 4b(ii).Identify one physical protection measure that could be implemented and explain how this could be used by the owner of Progress Pets........ [2]

5. Discuss the impacts on customers of Progress Pets if their order forms were hacked.... [9]

SPECIMEN Sample Assessment Material L2 CAMBRIDGE TECHNICALS IN IT Unit 2 Essentials of cyber security MARK SCHEME Duration: 1 hour MAXIMUM MARK 45 SPECIMEN Version: 1 Date: August 2016 This document consists of 6 pages OCR 2016 1

Level 2 Cambridge Technical in IT Mark Scheme SPECIMEN Question Answer Marks Guidance 1 a Individual (1) Data / information (1) 1 One from list Equipment (1) Organisation (1) b To protect information / data (1) To keep information / data confidential (1) To maintain the integrity of information / data (1) To maintain the availability of information / data (1) 2 Two from list c Data modification 1 Correct answer only d To prevent them from being accessed by unauthorised users. (1) 1 One from list 2 a Data destruction (1) Data theft (1) 1 One from list b Loss of reputation and trust from customers (1) who feel the company cannot be trusted with their personal details (1) Customer decrease (1) as customers begin to use alternative companies that have good security 4 Two from list OCR 2016 2

Level 2 Cambridge Technical in IT Mark Scheme SPECIMEN Question Answer Marks Guidance measures in place (1) May have to pay compensation (1) to customers whose details have been removed/ affected (1) c i Phisher (1) 1 Correct answer only c ii Fake / hoax emails (1 st ) One from: The link in the email can link to a fake website (1) that contains malware / virus / (1) Customers can be asked to reveal private / personal details (1) that can then be used for identity theft (1) 3 1 st mark for type of attack, 2 marks for description. To be awarded the description marks, the type of attack must be correct d Computer Misuse Act (1) 1 Correct answer only e User/names (1) could be used to determine the level of access to the database (1) Could be used to determine the actions that can be carried out on the database (1) e.g. read only/write/amend (1) Audit trails (1) could show who accesses the database/what actions were carried out (1) 3 a Phisher: Someone who pretends to be a business / organisation/person (1) to try to get personal 4 Two from list 6 Max two for each description and one for each appropriate example OCR 2016 3

Level 2 Cambridge Technical in IT Mark Scheme SPECIMEN Question Answer Marks Guidance information from someone (1) Example: Pretends to be from the business asking for clarification of payment details for an order (1) Scammer: Someone who sets up a fraudulent website /business (1) that may be very similar to the real website business (1) Example: Could copy the website but have a slightly different web address, giving contact details of the fake business (1) b Data destruction (1) Data manipulation (1) Malware (1) Social engineering/accept examples (1) Unauthorised access (1) 4 a i Hacking (1) DoS (1) Virus (1) a ii When combined with user name (1) the password and user name need to be correct (1) People who do not live at the house / passers-by (1) will not be able to access the connection (1) 2 Two from list 1 One from list 2 One from list OCR 2016 4

Level 2 Cambridge Technical in IT Mark Scheme SPECIMEN Question Answer Marks Guidance b i Anti-virus software (1 st ) to scan all incoming emails/ attachment and move any suspicious files (1) Encryption (1 st ) to ensure that all information and data held on the computer system is kept secure and if intercepted cannot be understood (1) Firewall (1 st ) to control the data that can/cannot enter the system and protect it from threats and attacks (1) Secure backups of data (1 st ) should be carried out regularly with the backup stored away from the system in a safe place (1) 4 Two from list 1 st mark for identification of method, 2 nd mark for explanation Methods must be relevant to context. b ii Locks on doors (1 st ) to keep computer equipment used for Progress Pets secure (1) Device locks (1 st ) to ensure that no-one can use a flash drive/memory stick etc. that may contain a virus (1) 5 Indicative content Personal data is held on the order form, so identity theft may occur Payment details can lead to theft of money if card details are provided Customers may not use the business again as they have no trust in the security Identity theft can lead to, for example, debts being run up passports being issued in error identity being used for criminal activity etc. Credit/debit cards/bank accounts etc. may need to be 2 One from list 1 st mark for identification of method, 2 nd mark for explanation Method must be relevant to context. 9 Levels of response marking approach 7-9 marks Learner has shown a detailed level of understanding by discussing the impacts on the customer(s) of Progress Pets. More than one impact is discussed with the consequence(s) clearly detailed. Relevant and appropriate examples are provided. Specialist terms will be used correctly and appropriately. 4-6 marks Learner has shown a good level of understanding by explaining the impacts on the customer(s) of Progress Pets. Explanations OCR 2016 5

Level 2 Cambridge Technical in IT Mark Scheme SPECIMEN Question Answer Marks Guidance changed, this can take time and cause financial upset /inconvenience Passwords/user names on other websites may need to be changed, this can take time and cause distress/ inconvenience Customers could sue the owner of the online shop for distress and inconvenience caused may focus on the impact(s) or consequence(s) with limited depth in the expansion(s). Some relevant examples are provided although these may not always be appropriate. Specialist terms will be used appropriately and for the most part correctly. 1-3 marks Learner has identified points relevant to the impacts on customers. This may take the form of a bulleted list. Examples, if used, may lack relevance. There will be little, if any, use of specialist terms. Answers may not be relevant to the customers of Progress Pets. 0 marks Nothing worthy of credit. OCR 2016 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback