BTEC Level 3 National in
Information Technology:
Unit 11
Learner Workbook 1
Learning Aim A:
Cyber security threats, system vulnerabilities and
security protection methods
Learner name
Tutor name
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 1
Unit 11: Cyber Security and Incident Management
,DISCLAIMER
This learner workbook is designed to give learners an introduction to the content listed under the
essential content section within the specification for BTEC NQF IT Level 3 Unit 11 (Cyber Security
and Incident Management.) Learners must cover all specified content before the assessment.
Tutors need to ensure that this learner workbook is used in conjunction with the following
documents which can be found on the Pearson website:
• Unit specification
• Instructions for Conducting External Assessments (ICEA)
• Unit 11 Sample Assessment Materials (SAMs)
• Unit 11 Sample Marked Learner Work (SMLW)
• Unit 11 Scheme of work
• Unit 11 Delivery guide
• Unit 11 Scheme of work
• Unit 11 Administrative guide
• Unit 11 Templates
• Any other new/updated documentation relevant to this unit
The information in this learner workbook is considered to be correct at the date of publication.
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 2
Unit 11: Cyber Security and Incident Management
,Start of Learning Aim A Review
Confidence
Topic Checklist Item
Low Medium High
I know the causes of sabotage and theft and the methods
that can be used to reduce them.
I know the causes of unauthorised access and the
Topic 1
methods that can be used to reduce them.
Internal
I know the causes of unsafe working practices and the
Threats
methods that can be used to reduce them.
I know the causes of accidental loss, disclosure of data
and methods that can be used to reduce them.
I know the meaning of malware, the different types and
how they can threaten the security of a computer system.
I know the meaning of a virus, the different types and
Topic 2 how they can threaten the security of a computer system.
External I know the meaning of hacking, the different types and
Threats how they can threaten the security of a computer system.
I know the meaning of social-engineering, the different
types and how they can threaten the security of a
computer system.
I know what operation loss means and how this impacts
an organisation.
Topic 3 I know what financial loss means and how this impacts an
Impacts of organisation.
Credible I know what reputation loss means and how this impacts
Threats an organisation.
I know what intellectual property loss means and how this
impacts an organisation.
I know why a network may become vulnerable and how
to reduce these vulnerabilities.
I know why an organisation may become vulnerable and
how to reduce these vulnerabilities.
I know why software may become vulnerable and how to
reduce these vulnerabilities.
Topic 4 I know why operating systems may and how to reduce
System these vulnerabilities.
Vulnerabilities I know why mobile/portable devices may become
vulnerable and how to reduce these vulnerabilities.
I know why cloud computing may become vulnerable and
how to reduce these vulnerabilities.
I know what an attack vector is and how to reduce these
vulnerabilities.
I know where to find information on the latest hardware
and software threats.
Continued on the next page…..
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 3
Unit 11: Cyber Security and Incident Management
,Start of Learning Aim A Review Continued…
Confidence
Topic Checklist Item
Low Medium High
I know the requirements under the Data Protection Act 1998
to keep data safe.
I know the definitions of illegal practices under the Computer
Topic 5 Misuse Act 1990.
Legal I know the requirements to allow companies to monitor
Responsibilities employees under the Telecommunications Regulations 2000.
I know the requirements under the Fraud Act 2006 to deal
with fraud.
I know the duties of employers and employees under the
Health & Safety at Work Act 1974.
I know the different uses and effectiveness of locks/card
entry systems.
I know the different uses and effectiveness of biometrics.
I know the different uses and effectiveness of CCTV/alarm
Topic 6
systems.
Physical
I know the different uses and effectiveness of security
Security staff/guards.
I know the different types of backups, why they are used.
I know the difference between on-site and off-site backups
and why they are used.
I know the use of and effectiveness of antivirus software.
I know why antivirus software makes use of signatures and
Topic 7
heuristics.
Antivirus and
I know the use of and effectiveness of firewalls.
Firewalls
I know different filtering techniques used by firewall
software.
I know what is meant by the term user authentication.
I know the different types of user authentication and how
Topic 8 effectively they secure data.
Authentication I know what is meant by the term access control.
& Access
I know different types of access control.
Controls
I know different access controls that can be used and how
effectively they secure IT systems.
I know what is meant by the term encryption.
Topic 9 I know the different uses of encryption.
Encryption I know the different methods of encryption.
I know how effectively encryption methods keep data safe.
I know why wireless networks are more vulnerable to
attacks.
Topic 10 I know what is meant by the term MAC address filtering and
Protecting SSID and how effectively they secure a wireless network.
Wireless I know different methods of wireless encryption and how
Networks effectively they secure a wireless network.
I know what should be considered when designing a network
to reduce the risks of attacks.
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 4
Unit 11: Cyber Security and Incident Management
, Introduction
What is Cyber Security?
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 5
Unit 11: Cyber Security and Incident Management
,Introduction
What is cyber security?
1. In your own words describe what is meant by the term ‘cyber-attack.’ (PASS)
A cyber-attack is a cybercriminal attack that uses one or more computers to target a single or
numerous computers or networks. A cyber assault can be used to intentionally disable machines,
steal data, or launch additional attacks from a compromised computer. To conduct a cyber-attack,
cybercriminals utilise a range of tactics, like malware, phishing, ransomware, and denial of service
etc.
2. Explain the different reasons why organisations should keep data safe. (PASS)
To meet compliance requirements, to prevent breaches that hurt businesses, to prevent breaches
that hurt data subjects / individuals, to maintain and improve brand value, to strengthen and grow
business, to support ethics, to maintain public, investor and customer trust, to support your
customers’ wishes, to be a competitive differentiator and gain a competitive advantage, to increase
physical safety, to build customer loyalty, to support innovation.
3. Describe what is meant by the following types of attack. (PASS)
Type Explanation
Hacker A hacker is a person who solves a technological problem by using computer,
networking, or other abilities. Anyone who utilises their skills to obtain
unauthorised access to systems or networks in order to conduct crimes is
referred to as a hacker. A hacker may, for example, take information in order
to harm individuals through identity theft or knock down a system and, in many
cases, hold it hostage in exchange for a ransom.
Insider Any person with or without authorised access to or knowledge of an
organisation's resources, such as staff, facilities, information, equipment,
networks, and systems, is considered an insider.
Script kiddie A person who, due to a lack of ability in writing their own computer scripts or
codes, hacks into computers using existing computer scripts or codes.
Scammer/Phisher Phishing is a type of social engineering assault in which cyber thieves deceive
victims into revealing personal information or installing malware on their
device. The person who commits this crime is called a Phiser.
4. Describe what is meant by the following motivations for an attack. (PASS)
Type Explanation
Espionage
Public good Type your answer here.
Score settling Type your answer here.
Public good Type your answer here.
Thrill Type your answer here.
Fraud Type your answer here.
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 6
Unit 11: Cyber Security and Incident Management
, 5. In your own words describe what is meant by the term ‘cyber security.’ (PASS)
Type your answer here.
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 7
Unit 11: Cyber Security and Incident Management
, Topic 1
Internal Threats
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 8
Unit 11: Cyber Security and Incident Management
,Topic 1: Internal Threats
Topic 1: Topic Objectives:
• Pass - Describe what is meant by different internal threats.
• Merit - Describe the different methods that organisations could use to reduce the risks
caused by internal threats.
• Distinction - Evaluate how effectively these security methods reduce the risks caused by
internal threats.
Topic 1: Specification Coverage:
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 9
Unit 11: Cyber Security and Incident Management
, Topic 1: Introductory Task:
Lookup the word ‘Disgruntled.’
Think of an experience you have had with a company where you became disgruntled (e.g. having to
wait 40 minutes in a restaurant for your food to be served).
Describe how this made you feel and how your attitude towards the company changed. (PASS)
I ordered food in McDonalds once and they took the payment. My order serial number was showing
on the digital board but soon it disappeared, they did not even call my name to collect my order.
When I went to the till and complaint about it the employees started targeting me instead of looking
into it. I was extremely annoyed with their judgmental behaviour, and it showed negative
appearance from the restaurant.
Topic 1: Deeper Learning Activities:
Sabotage and theft
1. Describe what is meant by the term ‘sabotage’ in the context of a computer network.
(PASS)
Computer Sabotage causes the hardware or the data on the system to be destroyed or damaged.
Because the computer is not used to carry out the destruction, this sort of computer crime
resembles classical sabotage. If computer-assisted security mechanisms must be defeated, or if the
system is managed to cause harm to itself, sabotage may take some expertise.
2. Describe what is meant by the term ‘theft’ in the context of a computer network. (PASS)
The act of taking digital information from an unknown victim's computers, servers, or electronic
devices with the goal to jeopardise privacy or get personal information is known as data theft.
Financial information, such as credit card numbers or bank accounts, to personal information, such
as social security numbers, drivers licence numbers, and medical data, are all examples of
information. Data theft was formerly solely a problem for huge corporations and organisations, but
it is now a rising problem for individual computer users.
3. Research an organisation that has experienced employee sabotage or theft.
Describe:
• Which employee was responsible
• Why the employee carried out the attack
• The impacts the attack had on the organisation (MERIT)
Tesla sabotage
Specification: BTEC NQF Level 3 Diploma / Extended Diploma in IT Page 10
Unit 11: Cyber Security and Incident Management
