Know and understand the causes of these safety issues and strategies for preventing them

Safety and Security (Cambridge IGCSE 0417)

1. Syllabus Objective

Know and understand the causes of safety issues that arise when using information and communication technology (ICT) and the strategies for preventing them, as required by the Cambridge IGCSE 0417 syllabus.

2. Physical Safety – 8.1

2.1 Common physical‑safety hazards

  • Trips and falls – unsecured cables, cluttered walkways, loose floor mats.

  • Cuts or bruises – sharp edges on equipment, moving devices.

  • Heavy or unstable equipment – monitors, printers, servers that can tip over.

  • Electrical hazards – electrocution, short‑circuiting, fire (over‑loading sockets, damaged plugs, lack of grounding).

  • Fire risk – overheating of computers, printers, batteries or other ICT equipment.

2.2 Checklist (mirrors syllabus wording)

CheckWhat to look for
CablesAll power and data cables are routed away from walkways, secured with clips or cable‑trays, and have no frayed sections.
OutletsNo more than two high‑power devices per socket; surge protectors are used where necessary.
Equipment stabilityMonitors, printers, scanners and any heavy device are on a stable surface or anchored.
Work‑station layoutClear floor space, adequate lighting, and no obstacles that could cause a trip.
Electrical safetyAll devices are correctly grounded, cords are undamaged, and power strips are not overloaded.

2.3 Practical activity – Risk‑assessment worksheet

Students work in pairs to complete a classroom risk‑assessment sheet (provided by the teacher). They must identify at least five hazards, rate the risk (low/medium/high), and suggest a corrective action. This activity develops AO3 (analyse/evaluate) skills.

3. Electrical & Fire Hazards

  • Use surge protectors and never overload sockets.

  • Inspect cords regularly; replace any that are frayed or damaged.

  • Ensure all equipment is correctly grounded.

  • Maintain adequate ventilation around ICT equipment; clean dust from fans, vents and filters on a regular schedule.

  • Install and maintain smoke detectors and appropriate fire‑extinguishers (CO₂ or dry‑powder for electrical fires).

4. Ergonomic & Health Problems

  • Adjust chair height so feet rest flat on the floor and knees are at ~90°.

  • Position the monitor so the top of the screen is at eye level and about an arm’s length away.

  • Keep the keyboard and mouse at a comfortable height; use wrist rests if needed.

  • Apply the 20‑20‑20 rule: every 20 minutes look at something ≥20 feet away for at least 20 seconds.

  • Take short breaks (≈5 minutes) each hour to stretch and rest the eyes.

5. Data Loss – 8.3 (part a)

  • Accidental deletion – user error or mistaken bulk‑delete.

  • Hardware failure – hard‑disk crash, SSD failure, corrupted media.

  • Media loss – misplaced USB sticks, external drives, CDs/DVDs.

Prevention

  • Implement automated, regular backups – both local (external drives) and cloud‑based.

  • Use reliable storage media and test restore procedures at least quarterly.

  • Apply version control for critical documents and keep separate copies of important files.

6. Malware Infection – 8.3 (part b)

  • Viruses, worms, ransomware, spyware, ad‑ware, trojans.

Prevention

  • Install reputable antivirus/anti‑malware software and keep definitions up‑to‑date.

  • Apply all OS and application patches promptly (regular patch‑management).

  • Restrict software installation to authorised personnel only.

7. Unauthorised Access & Threats – 8.3 (part b)

7.1 Threats (what can go wrong)

ThreatTypical example
Hacking / brute‑force attacksAttempting to guess passwords to gain admin rights.
Phishing, smishing, vishingFake email asking for login details.
Insider threatEmployee copies confidential data onto a USB stick.
Social engineering (shoulder surfing, key‑logging)Someone watches a user type a password.
Pharming & card‑fraudRedirecting users to a counterfeit banking site.

7.2 Protective Controls (what we do about it)

ControlHow it mitigates the threat
Strong password policyReduces success of brute‑force attacks.
Multi‑factor authentication (MFA)Even if a password is stolen, an additional factor is required.
Principle of least privilegeLimits damage from insider or compromised accounts.
Firewalls (hardware/software)Filters unwanted inbound/outbound traffic.
Security awareness trainingHelps users recognise phishing, shoulder surfing, etc.
Digital certificates & SSL/TLSEnsures the identity of web services and encrypts data in transit.
Biometric controls (where appropriate)Provides an additional, hard‑to‑replicate factor.

8. Privacy & Data‑Protection Legislation – 8.3 (part c)

8.1 Why legislation exists

Data‑protection laws ensure that personal data is processed lawfully, fairly and transparently. They protect individuals from unauthorised use, limit how long data can be kept, and require organisations to keep data secure. This reduces the risk of privacy breaches, identity theft and loss of public trust.

8.2 Core principles (GDPR‑style) with everyday ICT examples

PrincipleEveryday ICT example
Lawfulness, fairness & transparencyProviding a clear privacy notice when students register for an online learning platform.
Purpose limitationCollecting student email addresses only for class communication, not for marketing.
Data minimisationStoring only the name and grade of a pupil, not unnecessary medical details.
AccuracyRegularly updating contact details in the school database.
Storage limitationDeleting archived project files after the end of the school year.
Integrity & confidentialityEncrypting exam results before sending them to parents.
AccountabilityKeeping a log of who accessed student records and when.
Rights of the data subjectAllowing a pupil to request a copy of their stored personal data.

8.3 Technical safeguards

  • Encryption at rest (e.g., AES‑256 for USB drives) and in transit (TLS/SSL).

  • Access controls – role‑based permissions, audit logs.

  • Regular backups stored securely and tested for restoration.

9. e‑Safety – 8.2

9.1 Mapping syllabus sub‑points to practical advice

Syllabus sub‑pointKey safe‑internet practice
Internet useBrowse only approved sites; use HTTPS; avoid downloading from unknown sources; enable pop‑up blockers.
EmailCheck sender address; never open unexpected attachments; verify links before clicking; report suspicious mail.
Social mediaSet profiles to “private”; think before posting; use strong passwords; recognise social‑engineering attempts.
Online gamingLimit daily playtime; use parental controls; keep gaming accounts protected with strong passwords and MFA; beware of in‑game scams and “loot‑box” purchases.

9.2 Case‑study activity (AO2/AO3)

Scenario: Emma receives an email that appears to be from her school’s IT department. It says, “Your account will be locked unless you verify your password now.” The email contains a link that looks legitimate.

Task for students:

  1. Identify at least three red‑flags in the email (e.g., urgent language, mismatched URL, unknown sender).

  2. Explain why clicking the link could be dangerous (phishing, credential theft).

  3. Suggest the correct action Emma should take (report to teacher/IT, do not click, verify via official channel).

10. Legal & Ethical Considerations (Sections 9.1 & 9.2)

  • Copyright – Only use software, images, music and video that you have a licence for; give proper attribution where required.

  • Software piracy is illegal and can lead to fines, loss of data integrity, and security vulnerabilities.

  • Audience appreciation – Tailor digital content to the needs, expectations and cultural background of the intended audience.

  • Data‑protection legislation – Process personal data in line with the principles listed in section 8.2.

11. Recommended Safety Procedures (AO1)

  1. Carry out a comprehensive ICT risk assessment at least once a year (include physical, electrical, ergonomic and security risks).

  2. Develop, display and review a written ICT safety policy; ensure it covers physical safety, e‑safety, data protection and emergency procedures.

  3. Provide induction training for new users and refresher sessions for existing staff covering:

    • Physical safety and ergonomics

    • Backup and recovery

    • Malware protection and patch management

    • Strong passwords, MFA and least‑privilege access

    • e‑Safety guidelines and reporting procedures

  4. Maintain an incident‑reporting system for accidents, near‑misses, security breaches and e‑Safety incidents.

  5. Schedule routine maintenance checks for hardware, software, power supplies and physical infrastructure.

  6. Test backup and recovery processes quarterly; verify that restores are successful.

  7. Review and update security measures (firewalls, antivirus, password policies) whenever new threats emerge.

  8. Run periodic e‑Safety awareness campaigns (e.g., “Think Before You Click”, “Spot the Phish”).

12. Summary Checklist (Quick self‑audit)

  • Are workstations ergonomically set up (chair, monitor, keyboard, lighting)?

  • Are cables secured, outlets not overloaded, and heavy equipment stable?

  • Is antivirus/anti‑malware software active and up‑to‑date?

  • Are strong passwords and multi‑factor authentication in use?

  • Is data regularly backed up, stored securely and tested for restoration?

  • Are fire safety devices (smoke detectors, extinguishers) functional and inspected?

  • Is staff trained on safe ICT practices, e‑Safety and data‑protection legislation?

  • Are firewalls, digital certificates and encryption deployed where required?

  • Is there a clear, written policy for internet, email, social‑media and online gaming use?

Suggested diagram: Flowchart showing the relationship between causes of safety issues, preventive strategies, and outcomes (reduced risk, improved productivity).