This set of notes covers everything required for the Cambridge IGCSE ICT (0417) syllabus on e‑Safety – Data protection & personal data and Security of data – Threats, prevention and mitigation. It explains the legal framework for data protection, the main threats to data, the technical and procedural controls that can be used, and the steps to follow when an incident occurs.
| Type of data | Definition | School‑related example | Non‑school example |
|---|---|---|---|
| Personal data | Any information that can identify a living individual | Student name, pupil ID, school email, home address | Customer name and contact details in an online shop |
| Sensitive data | Special‑category data that requires higher protection (e.g., health, ethnicity, religious belief) | Medical history, special educational needs, religious affiliation | Patient medical records, employee health information |
For each threat the table below lists the definition, typical technical indicators (what students should be able to recognise), delivery method, typical effects and at least two preventive measures.
| Threat | Definition & Typical Technical Indicators | Delivery Method | Typical Effects | Common Prevention Measures |
|---|---|---|---|---|
| Hacking | Unauthorised access to a system or network. Indicators: use of default admin passwords, unpatched services (e.g., SMB v1), open ports, suspicious login from unknown IP. | Network, remote desktop, web‑application | Loss of confidentiality, data alteration, reputational damage, financial loss. | Strong, unique passwords + password manager; regular OS & application patching; firewalls; IDS/IPS; least‑privilege accounts. |
| Phishing | Deceptive email or web page that pretends to be from a trusted source to steal credentials. Indicators: mismatched URLs, urgent language, miss‑spelled domain, spoofed logos. | Email, web link | Identity theft, unauthorised transactions, compromise of corporate accounts. | Email‑filtering & anti‑phishing software; user education on checking sender & URLs; DMARC/DKIM/SPF records for school domains. |
| Pharming | Redirects users from a legitimate site to a fraudulent one without their knowledge. Indicators: DNS records changed, hosts‑file entries altered, HTTPS certificate mismatch. | DNS manipulation, compromised hosts file | Mass credential theft, financial fraud. | Secure DNS (DNSSEC); keep hosts file read‑only; enforce HTTPS with valid certificates; regular anti‑malware scans. |
| Smishing | Phishing via SMS text messages. Indicators: short URL, unknown short‑code, request for personal data. | SMS (mobile phone) | Identity theft, unauthorised account access. | Do not click links in texts; verify requests via official website or phone number; install mobile anti‑phishing apps. |
| Vishing | Voice phishing – fraudulent phone call pretending to be a trusted organisation. Indicators: caller asks for passwords, uses urgent/authority tone, caller ID spoofed. | Telephone (landline or mobile) | Direct financial loss, data compromise. | Never give personal details on unsolicited calls; call‑back verification using official numbers; staff training on social‑engineering. |
| Social‑media social‑engineering | Fake friend requests, impersonated profiles or direct messages that lure users into revealing information. Indicators: newly created profile with few friends, urgent request for help, link to a “survey”. | Social‑media platforms (e.g., Instagram, TikTok) | Credential theft, bullying, reputational damage. | Privacy‑settings review; educate pupils to verify friend requests; avoid clicking unknown links; report fake accounts. |
| Insider threat / Accidental data loss | Data is disclosed, altered or destroyed by a trusted user, either deliberately or by mistake. Indicators: email sent to wrong address, use of removable media without encryption, excessive access rights. | Internal email, USB drives, cloud sharing | Loss of confidentiality, breach of GDPR principles, financial penalties. | Least‑privilege access; data‑loss‑prevention (DLP) tools; staff training; clear data‑handling policies. |
| Viruses | Malicious programmes that attach to legitimate files and execute when the file is opened. Indicators: unexpected file size increase, suspicious executable attached to documents. | Email attachment, removable media, downloaded file | Data corruption, system slowdown, loss of productivity. | Up‑to‑date antivirus/anti‑malware; disable autorun on removable media; avoid opening unknown attachments. |
| Worms | Self‑replicating malware that spreads across a network without user interaction. Indicators: sudden network traffic spikes, exploitation of unpatched services (e.g., SMB, RDP). | Network propagation | Network congestion, widespread data loss, denial‑of‑service. | Patch management; network segmentation; intrusion‑prevention systems (IPS). |
| Trojan | Software that appears legitimate but contains hidden malicious functions. Indicators: unsigned installer, unexpected behaviour after installation, additional processes running. | Downloaded software, bundled free apps | Unauthorised access, data theft, system compromise. | Application whitelisting; verify digital signatures; regular anti‑malware scans. |
| Ransomware | Encrypts a victim’s files and demands payment for the decryption key. Indicators: ransom note on desktop, sudden file extension change, use of strong encryption algorithms. | Email attachment, compromised website, exploit kit | Loss of data availability, financial extortion, service disruption. | Regular offline backups (3‑2‑1 rule); keep software patched; restrict macro execution; application control. |
| Spyware | Collects information about a user’s activities without consent. Indicators: unexpected browser redirects, high CPU usage, unknown processes. | Bundled software, drive‑by download | Privacy invasion, data leakage, possible identity theft. | Anti‑spyware tools; install software only from trusted sources; enable browser anti‑tracking settings. |
| Card fraud | Unauthorised use of credit/debit‑card details for purchases or cash withdrawal. Indicators: unfamiliar transactions, skimming device residue, data breach notifications. | Skimming devices, phishing, data breach, malware | Monetary loss, credit‑rating damage, dispute costs. | Chip‑and‑PIN cards; PCI‑DSS compliant payment gateways; regular statement checks; virtual card numbers where available. |
| Threat | Key Characteristics | Typical Effects | Common Prevention Measures |
|---|---|---|---|
| Hacking | Unauthorised system access; exploits weak passwords, default credentials, unpatched services. | Data loss, confidentiality breach, reputational & financial damage. | Strong passwords + manager; regular patching; firewalls; IDS/IPS; least‑privilege accounts. |
| Phishing | Deceptive emails/websites; urgent language, spoofed URLs, mismatched domains. | Identity theft, unauthorised transactions. | Email filtering; user education; DMARC/DKIM/SPF; verify sender before clicking. |
| Pharming | DNS or hosts‑file manipulation; redirects to fraudulent sites. | Mass credential theft, financial fraud. | DNSSEC; read‑only hosts file; enforce HTTPS with valid certificates; anti‑malware scans. |
| Smishing | SMS with malicious links or data‑request. | Identity theft, unauthorised account access. | Do not click links in texts; verify via official channels; mobile anti‑phishing apps. |
| Vishing | Phone call impersonating a trusted organisation; uses authority & urgency. | Financial loss, data compromise. | Never give details on unsolicited calls; call‑back verification; staff training. |
| Social‑media social‑engineering | Fake profiles or messages that lure users into revealing info. | Credential theft, bullying, reputational harm. | Privacy‑settings; educate pupils; avoid unknown links; report fake accounts. |
| Insider threat / accidental loss | Deliberate or accidental disclosure by a trusted user. | Confidentiality breach, GDPR violations. | Least‑privilege access; DLP; clear handling policies; regular training. |
| Viruses | Attach to legitimate files; spread when opened. | Data corruption, system slowdown. | Updated antivirus; disable autorun; avoid unknown attachments. |
| Worms | Self‑replicating; spreads via network vulnerabilities. | Network congestion, data loss, DoS. | Patch management; network segmentation; IPS. |
| Trojan | Masquerades as legitimate software; creates back‑doors. | Unauthorised access, data theft. | Application whitelisting; verify signatures; anti‑malware scans. |
| Ransomware | Encrypts files and demands payment. | Loss of availability, financial extortion. | Regular offline backups (3‑2‑1); patching; restrict macros; application control. |
| Spyware | Collects user activity without consent. | Privacy invasion, data leakage. | Anti‑spyware tools; install only trusted software; browser anti‑tracking. |
| Card fraud | Unauthorised use of card details; data obtained via skimming, phishing, breaches. | Monetary loss, credit‑rating damage. | Chip‑and‑PIN; PCI‑DSS compliant gateways; regular statement checks; virtual card numbers. |
Your generous donation helps us continue providing free Cambridge IGCSE & A-Level resources, past papers, syllabus notes, revision questions, and high-quality online tutoring to students across Kenya.