| Syllabus Block | Key Concepts & Examples (AO1) | Practical Skills (AO2) | Evaluation / Decision‑making (AO3) |
|---|---|---|---|
| 1. Computer Systems | CPU, RAM, storage (HDD/SSD), input & output devices, operating systems. | Identify components in a diagram; install an OS. | Compare advantages of SSD vs. HDD for a school server. |
| 2. Input & Output | Keyboards, mouse, touch screen, scanners, printers, speakers. | Configure a scanner; set up a printer driver. | Assess the suitability of a touchscreen for a maths classroom. |
| 3. Storage & Retrieval | Primary vs. secondary storage, magnetic, optical, flash, cloud. | Organise files using a logical folder hierarchy. | Evaluate cloud‑based backup vs. local backup for data security. |
| 4. Networks | LAN, WAN, Wi‑Fi, topologies, protocols (TCP/IP, HTTP/HTTPS), IP addressing. | Set up a small LAN; assign static IPs. | Analyse the impact of network latency on online gaming. |
| 5. Effects of ICT | Positive/negative social, economic, environmental impacts; digital divide. | Research a case study (e.g., e‑learning during lockdown). | Debate the ethical implications of facial‑recognition surveillance. |
| 6. ICT Applications | Word processing, spreadsheets, databases, presentations, web authoring, multimedia. | Create a formatted report; design a chart in a spreadsheet. | Choose the most appropriate application for managing a school library catalogue. |
| 7. Systems Development Life‑Cycle (SDLC) | Planning, analysis, design, development, testing, implementation, maintenance. | Produce a simple flowchart for a student‑record system. | Critique a given system design for usability issues. |
| 9. Audience & Communication | Identifying audience, purpose, tone; copyright & plagiarism. | Write an email to parents using appropriate tone. | Evaluate the effectiveness of a promotional flyer for a school event. |
| 10. File Management | Naming conventions, folder structures, compression, backup. | Compress a folder using ZIP; restore a backup. | Recommend a file‑naming policy for a collaborative project. |
| 12‑16. Document Production (Images, Layout, Styles, Proof‑reading, Graphs/Charts) | Inserting/resizing images, applying styles, checking spelling/grammar, creating bar/pie charts. | Design a newsletter page with consistent style. | Assess the clarity of a chart that compares exam results. |
| 17‑21. Databases, Spreadsheets, Presentations, Web Authoring | Tables, primary/foreign keys, forms, queries; formulas, functions, sorting; master slides, transitions; HTML/CSS basics. | Build a simple student database; create a budget spreadsheet; produce a 5‑slide presentation; publish a basic website. | Compare the use of formulas vs. built‑in functions for financial calculations. |
| Principle | What It Means | Example in School Context |
|---|---|---|
| Lawful basis | Data may only be collected for a legitimate purpose. | Collecting pupil contact details for emergency notices. |
| Consent | Individuals must agree to the collection/use of their data. | Getting parental permission before publishing a student’s photo on the school website. |
| Need‑to‑know | Only authorised persons may access the data. | Only teachers, not pupils, can view exam‑paper drafts. |
| Right to be forgotten | People can ask for their personal data to be erased. | Removing a former pupil’s email address from the alumni mailing list. |
| Data security | Reasonable steps must be taken to protect data from loss or unauthorised access. | Storing project files on a password‑protected USB drive. |
https://.| Threat | Description (AO1) | Simple Mitigation (AO2) |
|---|---|---|
| Phishing | Fake emails or messages that trick users into giving personal data. | Never enter credentials after clicking an unexpected link; verify the sender’s address. |
| Pharming | Manipulating DNS or hosts files so a legitimate URL leads to a fake site. | Use reputable DNS services; check the certificate details before entering data. |
| Smishing / Vishing | Phishing via SMS (smishing) or voice calls (vishing). | Do not reply with personal details; contact the organisation through an official channel. |
| Malware – Virus | Self‑replicating code that attaches to clean files. | Keep anti‑virus definitions up‑to‑date; avoid downloading from untrusted sites. |
| Malware – Ransomware | Encrypts files and demands payment for the decryption key. | Regularly back up data; disable macro auto‑run in Office apps. |
| Card‑fraud / Online fraud | Unauthorised use of payment details. | Enter card numbers only on HTTPS sites; use virtual card numbers where possible. |
| Hacking / Unauthorised access | Gaining control of a computer or network without permission. | Use firewalls, keep software patched, enable two‑factor authentication. |
| Man‑in‑the‑middle (MITM) | Attacker intercepts communication between client and server. | Verify HTTPS certificates; use VPNs on public Wi‑Fi. |
| Method | How It Works (AO1) | Strengths / Weaknesses (AO2) |
|---|---|---|
| Password / PIN | Something the user knows. | Easy to implement; vulnerable to guessing, theft, or reuse. |
| Biometric (fingerprint, face, iris) | Something the user is. | Hard to copy; may fail with dirty sensors; raises privacy concerns. |
| Smart‑card / NFC tag | Something the user has. | Provides two‑factor security; can be lost or stolen. |
| One‑time password (OTP) via SMS or app | Something the user has for a short time. | Effective for 2‑FA; depends on mobile network or app availability. |
Secure Socket Layer (SSL) – now superseded by Transport Layer Security (TLS) – is a cryptographic protocol that creates an encrypted link between a web server (the “server”) and a web browser (the “client”). The link guarantees:
The handshake occurs before any application data is exchanged. It uses asymmetric encryption to agree on a symmetric session key, then switches to fast symmetric encryption.
| Step | Message | Purpose |
|---|---|---|
| 1 | ClientHello | Client proposes TLS version, supported cipher suites, and sends random data (ClientRandom). |
| 2 | ServerHello | Server selects TLS version and cipher suite; sends its random data (ServerRandom) and its digital certificate. |
| 3 | Certificate verification | Client checks the certificate’s CA signature, expiry date, and that the domain name matches. |
| 4 | ClientKeyExchange (pre‑master secret) | Client creates a random pre‑master secret, encrypts it with the server’s public key, and sends it. |
| 5 | Key generation | Both sides compute the same symmetric session keys from the pre‑master secret, ClientRandom, and ServerRandom. |
| 6 | Finished (client) | Client sends a hash of all handshake messages, encrypted with the newly created session key, to confirm integrity. |
| 7 | Finished (server) | Server replies with its own encrypted hash, completing the handshake. |
Fix: Disable these versions; use TLS 1.2 or TLS 1.3 only.
Fix: Configure servers to allow only strong ciphers such as AES‑256‑GCM or ChaCha20‑Poly1305.
Fix: Ensure browsers/clients check the CA signature, expiry, revocation status, and that the domain matches the certificate.
Fix: Update OpenSSL libraries; re‑issue certificates if private keys may have been exposed.
https:// rather than http://.| Topic | AO1 (Knowledge) | AO2 (Application) | AO3 (Evaluation) |
|---|---|---|---|
| Personal data & legal principles | Define personal data; list the four Data Protection Act principles. | Identify which principle applies to a given school scenario. | Evaluate the effectiveness of a school’s data‑handling policy. |
| Threats & mitigation | Describe phishing, pharming, smishing, malware types, MITM. | Choose appropriate protective tools for a given threat. | Assess the risk of using public Wi‑Fi without a VPN. |
| Authentication methods | Explain password, biometric, smart‑card, OTP. | Match a method to a security requirement (e.g., high‑value transaction). | Compare the suitability of biometric vs. 2‑FA for a school login system. |
| SSL/TLS handshake | List the handshake steps; define asymmetric & symmetric encryption. | Interpret a simplified handshake diagram. | Critique the security of using TLS 1.0 for an online exam platform. |
| Vulnerabilities & best practice | Identify outdated protocols and weak ciphers. | Configure a web server to disable SSL 3.0 and enable TLS 1.3. | Recommend a policy for certificate renewal and revocation checking. |
A school website currently supports only TLS 1.0. Explain why this is a security risk and describe two steps the school IT officer should take to improve the site’s security.
Two‑factor authentication (2‑FA) is introduced for the school’s virtual learning environment. Evaluate the advantages and possible drawbacks of this measure for students and staff.
Define the term “digital certificate” and state the role of a Certificate Authority (CA) in the SSL/TLS process.
You receive an email that appears to be from your bank asking you to confirm your account details via a link. Using the “safe‑online checklist”, list three actions you should take before responding.
SSL/TLS creates a secure, encrypted link between a client computer and a server. The handshake uses asymmetric cryptography to exchange a secret pre‑master value, from which both parties derive a fast symmetric session key. All subsequent data is encrypted with this key, ensuring confidentiality, integrity, and authentication. Understanding SSL/TLS, together with the broader ICT concepts – personal data protection, common threats, authentication methods, and the full range of syllabus topics – equips students to use technology safely, evaluate security measures critically, and meet the demands of the Cambridge IGCSE/A‑Level ICT examinations.
Your generous donation helps us continue providing free Cambridge IGCSE & A-Level resources, past papers, syllabus notes, revision questions, and high-quality online tutoring to students across Kenya.