Security and Privacy - Computing (7155) - GCE O-Level

Welcome to Security and Privacy!

In this chapter, we are going to explore how to keep our digital lives safe. Since we’ve already learned how computers connect to each other in a network, it’s time to learn how to protect the data moving across those connections. Whether you are a tech pro or just starting out, these notes will help you master the essentials of staying safe online.

1. Security vs. Privacy: What’s the Difference?

People often use these words interchangeably, but in Computing, they mean different things. Think of it like a house:

Security is like the locks on your doors and the alarm system. It is the protection of data from being stolen, corrupted, or destroyed. It focuses on how we enforce protection.

Privacy is like the curtains on your windows. It is about your right to keep your personal information to yourself and decide who gets to see it. It focuses on what kind of data is being protected (like your name, address, or medical records).

Quick Review:

• Security: Protecting the system (the "how").
• Privacy: Protecting the personal information (the "what").

2. Threats to Our Data

Data isn't just at risk from hackers; sometimes, it’s just down to us! Let's look at how data can be threatened.

Human Actions (Section 4.3.2)

Humans are often the "weakest link" in security. We can cause data corruption (making data unusable) or exposure (letting private info leak) through:

• Physical means: Accidentally spilling a drink on a hard drive or losing a USB thumb drive.
• Non-physical means: Accidentally deleting an important file or setting a very weak password like "123456".

Malware and Digital Scams

Adware: This is software that installs itself without your knowledge and constantly shows unwanted advertisements (like annoying pop-ups). It’s usually more of a nuisance than a direct attack, but it definitely invades your privacy.

Spyware: Much more dangerous! This software secretly collects your personal information (like your passwords or credit card numbers) and sends it to an attacker without you ever knowing.

Phishing: Think of this like "fishing" for information. Attackers send fake emails or create fake websites that look exactly like a real bank or social media site to trick you into typing in your login details.

Pharming: This is even sneakier. It intercepts your request to go to a real website and redirects you to a fake, malicious one—even if you typed the correct web address! It’s like someone changing the road signs so you end up at a fake "bank" instead of the real one.

Did you know?

Cookies are not usually "bad." They are small files used by websites to track your browsing history so they can remember your login or what’s in your shopping cart. However, they can be a privacy threat because they track your habits across many different sites!

Key Takeaway: Security threats can be technical (Pharming) or psychological (Phishing), while human error is just as dangerous.

3. Our Digital Defences

Don't worry if all those threats seem scary! We have powerful tools to fight back.

Anti-malware Programs

These act like a digital immune system. They prevent malware from running in the first place and remove any malicious software that might already be on your computer.

Firewalls

A firewall is like a security guard standing at the entrance of your network. It can be hardware (a physical device) or software (a program). It monitors packets (chunks of data) and uses a set of rules to decide which packets are allowed to enter or leave your computer and which should be blocked.

Encryption

Encryption is the process of scrambling data into a "secret code." If an attacker steals encrypted data, it looks like meaningless gibberish. The only way to read it is by using a secret key to turn it back into its original form.

The Law: PDPA

In Singapore, we have the Personal Data Protection Act (PDPA). This law protects your privacy by requiring organisations to:

1. Seek Consent: They must ask you before they collect your data.
2. Disclose Purpose: They must tell you why they need your data.
3. Retention Limit: They can only keep your data for as long as they actually need it for that purpose.

Memory Aid: The "CPR" of PDPA

To remember what the PDPA requires, think CPR:
• Consent (Ask first)
• Purpose (Explain why)
• Retention (Don't keep it forever)

4. Good Computing Practices

The best way to stay safe is to develop good habits. Here is how you can mitigate (reduce) the threats we discussed:

• Against Phishing: Always check the sender's email address and never click suspicious links.
• Against Spyware/Adware: Only download software from official sources and use an ad-blocker.
• Against Pharming: Use a reliable Internet Service Provider and check for "https" in the URL.
• Against Human Actions: Use strong, unique passwords and always back up your data to a different location.

Quick Review: Which tool fights which threat?

• Firewalls are great at blocking unauthorized packets from hackers.
• Anti-malware is the best defence against Spyware and Adware.
• Encryption ensures that even if a human error leads to data exposure, the data cannot be read.
• PDPA legally stops companies from misusing your private info.

Key Takeaway: No single tool is perfect. We stay safe by using a combination of technology (firewalls, encryption), laws (PDPA), and smart personal habits!

* The content provided by thinka is generated by AI and may not always be accurate or up-to-date. Please use it as a supplementary resource and verify with official materials.