Protecting digital systems 2 (Edexcel GCSE Computer Science): Revision Notes
Protecting digital systems 2
Understanding digital protection needs
Organisations need to safeguard their systems and data from various threats that could cause serious problems. These threats come in many forms - from natural disasters like floods or fires, to technical failures when equipment breaks down, and even from people who might accidentally or deliberately cause damage to systems.
The key is having multiple layers of protection so that if one method fails, others can step in to keep the organisation running smoothly.
Modern cybersecurity follows the principle of "defence in depth" - using multiple overlapping security measures rather than relying on a single protection method. This approach significantly reduces the risk of system compromise.
Backup and recovery procedures
What are backup and recovery?
Backup means creating a copy of important data and storing it somewhere safe - usually on a different device, in a different location, or even in the cloud. Think of it like making photocopies of your homework and keeping them in different places in case you lose the original.
Recovery is what happens when something goes wrong. It's the process of getting your data and systems back to working order using those backup copies you made earlier. Recovery plans often include practical steps like moving staff to different locations if their usual office is unavailable.
Types of backup methods
There are two main approaches to backing up data:
Full backup creates a complete copy of everything, whether it's changed recently or not. It's like copying your entire phone to a backup drive - every photo, app, and message gets copied. This takes longer and uses more storage space, but it means you have everything in one place.
Incremental backup is smarter - it only copies files that are new or have been changed since the last backup. This is much faster and uses less storage, but recovery can be more complicated because you might need multiple backup sets to fully restore everything.
Many organisations use automated backup systems that run regularly without human intervention, ensuring data is always being protected. This removes the human element that could lead to forgotten or inconsistent backups.
RAID technology
RAID is a clever technical solution that uses multiple hard discs working together. When data is written to one disc, it's automatically copied to a second disc at the same time. If one disc fails, the system can immediately switch to using the working disc without any interruption to users.
This provides instant protection against hardware failures, though it doesn't protect against other threats like fires, theft, or malicious damage.
Remember that RAID is NOT a substitute for regular backups. RAID protects against hardware failure but won't help if data is accidentally deleted, corrupted by malware, or destroyed by disasters affecting the entire system.
Acceptable use policy (AUP)
What is an AUP?
An Acceptable Use Policy is a document that clearly explains the rules about how people should behave when using an organisation's computer systems and networks. It's like a code of conduct specifically for technology use.
The main purpose is to protect against social engineering - this is when criminals try to trick people into doing things that could compromise security, like giving away passwords or clicking malicious links.
Examples of appropriate behaviour
Examples of Good Security Practices:
An AUP typically encourages users to:
- Always log off or lock their screen when leaving a computer unattended
- Use strong, unique passwords and never share them with others
- Be cautious when opening email attachments, especially from unknown senders
- Report any suspicious activity immediately
Examples of inappropriate behaviour
Security Risks to Avoid:
The policy also clearly states what users should NOT do:
- Installing software downloaded from random websites
- Plugging unknown USB sticks or memory devices into work computers
- Sharing confidential company information through personal email or phone calls
- Taking company data away from the premises without proper authorisation
- Using social media or entertainment sites during work hours
Making the AUP effective
For an AUP to work properly, users must sign a copy to show they've read it and agree to follow the rules. Organisations often provide training sessions to help people understand why these rules exist and how to follow them correctly.
Having an AUP helps organisations meet their legal responsibilities for protecting personal data. When users understand the risks of hacking and social engineering, they're much more likely to recognise when someone is trying to trick them into revealing sensitive information.
Regular refresher training is essential because social engineering tactics constantly evolve. What worked to fool users last year might be completely different from current threats.
Real-world impact
Well-implemented protection measures don't just prevent technical problems - they help organisations maintain trust with their customers and avoid expensive legal issues. When data is properly backed up and users follow security policies, businesses can continue operating even when unexpected problems occur.
Key Points to Remember:
- Backup regularly: Both full and incremental backups have their place in a good protection strategy
- RAID provides instant failover: Multiple discs working together prevent single points of failure
- AUPs combat social engineering: Clear rules help users recognise and avoid security tricks
- Training is essential: Users need to understand both what to do and why it matters
- Multiple protection layers: No single method is perfect, so use several approaches together