Notes › Chapter 6
Chapter 6 · Paper 1
Security, Privacy & Data Integrity
Cyber threats, security countermeasures, encryption, data validation, verification and error-checking techniques.
6.1 Data Security
6.2 Data Integrity
6.1 Data Security
Security vs Privacy vs Integrity
🔒
Data Security
Protection of data from unauthorised access, modification, or loss. Focuses on keeping data safe from attackers.
👁️
Data Privacy
Ensuring data is only seen by those authorised to see it. Focuses on who has the right to access information.
✅
Data Integrity
Ensuring data is accurate, complete and uncorrupted. Focuses on the correctness of the data itself.
📝 Key Distinction for Exams: Security = protection from threats. Privacy = right to control who sees data. Integrity = data is correct and unchanged. These three overlap but are tested separately.
Threats to Data Security
| Threat | Description | Example |
|---|---|---|
| Malware | Software designed to cause harm | Virus, worm, trojan, spyware, ransomware |
| Virus | Self-replicating code that attaches to legitimate files; spreads when file is opened | File infector viruses |
| Worm | Self-replicating malware that spreads across networks without user action | ILOVEYOU worm |
| Trojan Horse | Disguises itself as legitimate software; opens backdoor for attacker | Fake PDF reader with hidden malware |
| Ransomware | Encrypts victim's files; demands payment for decryption key | WannaCry attack |
| Spyware | Secretly monitors user activity and sends data to attacker | Keyloggers recording passwords |
| Phishing | Deceptive emails/sites trick users into revealing credentials | Fake bank login page |
| Brute force attack | Systematically tries all possible passwords until correct one found | Automated password crackers |
| SQL Injection | Malicious SQL code inserted into web form input to manipulate database | OR '1'='1' in login forms |
| DDoS | Distributed Denial of Service — floods server with requests to overwhelm it | Botnet attack on website |
| Shoulder surfing | Physically observing someone enter passwords/PINs | Watching at ATM |
| Social engineering | Manipulating people into giving away confidential information | Impersonating IT helpdesk |
Security Countermeasures
Technical Countermeasures
- Firewall: filters incoming/outgoing network traffic based on rules
- Anti-malware software: detects and removes malicious software
- Encryption: scrambles data so only authorised parties can read it
- Strong passwords: minimum length, mixed characters, no reuse
- Multi-factor authentication (MFA): requires 2+ verification methods
- Access control levels: users only see data they need
- Regular backups: 3-2-1 rule (3 copies, 2 media, 1 offsite)
- Software updates/patches: fix known vulnerabilities
Physical & Organisational Countermeasures
- Physical locks: locked server rooms, cable locks
- Biometric access: fingerprint/retina for server room entry
- CCTV: monitors physical access to hardware
- Staff training: awareness of phishing, social engineering
- Acceptable use policy: rules on how systems can be used
- NDA: employees sign non-disclosure agreements
- Penetration testing: ethical hacking to find vulnerabilities
Firewalls
Firewall
A firewall is a network security system (hardware or software) that monitors and controls incoming and outgoing network traffic based on predefined security rules. It creates a barrier between a trusted internal network and untrusted external networks.
| Firewall Type | How It Works |
|---|---|
| Packet filtering | Inspects each packet's header (IP address, port, protocol). Simple, fast, but cannot inspect content. |
| Stateful inspection | Tracks active connections. More intelligent — knows if packet is part of established session. |
| Proxy firewall | Acts as intermediary. All traffic goes through proxy — hides internal network topology. |
Encryption
Encryption
Encryption transforms plaintext into ciphertext using an algorithm and key, so that unauthorised parties cannot read the data even if they intercept it. Decryption reverses this process using the key.
Encryption Flow
Plaintext
Hello
+🔑
Encrypt
AES/RSA
→
Ciphertext
X7#mP2
+🔑
Decrypt
AES/RSA
→
Plaintext
Hello
Symmetric Encryption
- Same key used for encryption AND decryption
- Fast — good for large amounts of data
- Problem: how to safely share the key?
- Example: AES (Advanced Encryption Standard)
Asymmetric (Public Key) Encryption
- Two keys: public key (encrypt) + private key (decrypt)
- Slower — used for key exchange and small data
- Public key can be shared freely
- Example: RSA, used in HTTPS (SSL/TLS)
HTTPS: Uses asymmetric encryption to exchange a symmetric session key, then symmetric encryption for the actual data transfer. You see a padlock 🔒 in your browser when this is active.
6.2 Data Integrity
Validation vs Verification
Validation
- Checks data is reasonable and sensible
- Done automatically by the program
- Cannot check if data is correct — only plausible
- Example: age must be 0–120
Verification
- Checks data has been entered correctly
- Compares two copies of data
- Cannot check if original data was right
- Example: type password twice, double data entry
Classic exam trap: Validation does NOT check if data is correct — only if it's acceptable. A user entering their birth year as 1850 might pass range check (0–2024) but be clearly wrong in context.
Types of Validation
| Validation Check | What It Tests | Example |
|---|---|---|
| Range check | Value within acceptable min/max | Age: 0 ≤ age ≤ 120 |
| Type check | Data is correct data type | Age must be INTEGER |
| Length check | String is within allowed length | Password: 8–20 characters |
| Format/Pattern check | Data matches expected pattern | Date: DD/MM/YYYY · Email: x@x.x |
| Presence check | Field is not empty/null | Name field cannot be blank |
| Check digit | Final digit validates preceding digits | ISBN, barcode, bank account |
| Lookup check | Value exists in a valid list | Country must be in approved list |
Error Detection: Parity
Parity
A parity bit is an extra bit added to a group of bits to make the total number of 1s either even (even parity) or odd (odd parity). It detects single-bit transmission errors.
Interactive: Parity Check Demo
Click data bits to flip. Parity bit adjusts automatically (even parity):
Data:
| Method | What It Can Detect | Limitation |
|---|---|---|
| Parity bit | Single-bit error | Cannot detect 2-bit errors (both flip → parity still correct) |
| Parity block (2D) | Single-bit error AND locate it | More overhead |
| Checksum | Any change to data block | Cannot locate the error |
| Check digit | Transposition and single-digit errors | Only for numerical sequences |
Checksum
Checksum
A checksum is a value calculated from a block of data (e.g. sum of all byte values modulo 256). It is transmitted with the data. The receiver recalculates the checksum and compares — if different, an error occurred.
Checksum Example
Data bytes: 72, 101, 108, 108, 111 (= "Hello")
Sum = 72+101+108+108+111 = 500
Checksum = 500 MOD 256 = 244
Transmitted: 72 101 108 108 111 [244]
Receiver calculates: sum 500 MOD 256 = 244 ✓ — no error
If byte changed: 72 100 108 108 111 — sum=499, 499 MOD 256=243 ≠ 244 → ERROR
Check Digit
Check Digit
A check digit is the final digit in a code (e.g. ISBN, barcode) calculated from the preceding digits using a specific algorithm. It verifies the whole code is correct, catching common errors like swapped digits or single mistyped digits.
Used in: ISBN-13 (books) · EAN barcodes · Bank sort codes · Credit card numbers (Luhn algorithm) · GTIN product codes