11 A company makes the employee sign a Code of Conduct before he is allowed to start

work.

(i) What is a Code of Conduct?

...................................................................................................................................

...................................................................................................................................

...................................................................................................................................
(2 marks)

(ii) Why does the company have a Code of Conduct rather than just expecting
employees to obey the law?

...................................................................................................................................

...................................................................................................................................

...................................................................................................................................

...................................................................................................................................

...................................................................................................................................
(2 mark)

1 (i) Rules that an employee must follow//a member of an

organisation is bound by; NE agreement
R Laws alone instead of rules
Usually a (written) document/contract;
Contents of a code (may) not be legal requirement;
Breaking rules could result in disciplinary action/possibility of
losing job;
2
MAX 2

(ii) To set out points of good practice for employees//set out rules
that are not legal requirements;
To ensure employees are aware of legal requirements//as
employees may not know what the law is;
To relate legal requirements to the work that the employee does;
To make clear consequences of breaking the rules if mark not
already awarded in b(i)
A to exonerate the company if law is broken
MAX 2 2
2 (a) A student has been asked to explain the difference between security and integrity of
data. Give an example for each of two different types of failure of security and give
two different reasons for a failure of integrity which the student might use to
demonstrate the difference between the meaning of these two terms.

(i) Examples of a failure of security.

1 .................................................................................................................................

....................................................................................................................................

2 .................................................................................................................................

....................................................................................................................................
(2 marks)

(ii) Reasons for failure of integrity.

1 .................................................................................................................................

....................................................................................................................................

2 .................................................................................................................................

....................................................................................................................................
(2 marks)

(b) For each of the types of security problems you have given in part (a) (i), describe
a practice that a school or college might implement to protect students’ personal
data. Your two practices must be different.

1 .................................................................................................................................

....................................................................................................................................

....................................................................................................................................

2 .................................................................................................................................

....................................................................................................................................

....................................................................................................................................
(4 marks)
(a) (i) Security: 1 mark for each of 2 examples of different types of security
failure MAX 2 marks
Unauthorised access to data;
Unauthorised / deliberate corruption / loss / alteration of
data/software;
Theft of / damage to hardware;
Accidental destruction of data by hardware failure /operator error;
Loss of data through natural hazards e.g. fire, flood, earthquake;

(ii) Integrity: 1 mark for each of 2 reasons MAX 2 marks

Error on data entry;
Insufficient validation checks;
Virus corrupting file;
Program error corrupting a file or data;
Transmission errors;
(Duplicated) info. not fully updated;
(b) (ii) Up to two marks for practice relevant to a school / college for each type
of security problems given in (a)(i)
MAX 4 marks
Unauthorised access to data
Encrypt data;
only give key to certain people;
/Password protect;
change passwords regularly / password policy for ‘strong’ passwords;
/ Use relevant;
access rights;
/ Keep administration and academic networks;
separate;
/ Install firewall;
and regularly update it;
/ Described physical protection of system / data / workstations;;
(marked in spirit of above)

Unauthorised / deliberate deletion / loss of data

/Virus checker;
kept up to date;
/Regular backups;
kept securely;
plus relevant items from unauthorised access if not already given

Accidental destruction by hardware failure / operator error

/ Require confirmation;
of any editing / deletion;
/Regular backups; (if not already given)
kept securely;

Natural hazards
Regular backups; (if not already given)
kept securely;
/Uninterrupted power supply;
To allow systems to close down safely;

Theft of / damage to hardware

/ Described physical protection of system / data / workstations;;
(marked in spirit of above)
3 The new Head of Computing at a secondary school wishes to review the backup and restore
strategies for the school’s computer system. The purpose of these strategies is to reduce to an
acceptable level, the disruption caused by a system crash or by deliberate or accidental data
loss caused by a computer user. The system covers the school’s administration and students’
work.

(a) For each of the following, suggest a suitable backup strategy. Your suggestions should
all be different.

Hint: You might consider who should be responsible, how often it should take place
and/or a suitable medium to use.

(i) AS level Computer Science students’ coursework.

....................................................................................................................................

....................................................................................................................................
(2 marks)

(ii) Data from day-to-day school administration.

....................................................................................................................................

....................................................................................................................................
(2 marks)

(iii) Application software for any part of the system.

....................................................................................................................................

....................................................................................................................................
(2 marks)
3 backing up policies

(a) For each of i, ii and iii,

1 mark for up to 2 points to max:

(i) students back up their own work;

after each session; A every week
flash memory / DVD-RW / CD-RW/DVD-R/CD-R
/to home computer or Internet ;

(ii) data backed up over-night;

automatically;
on external hard drive, DVD-R, DVD-RW,
store backup in safe place;
System administrator responsible;

(iii) Have software on CD_Rom / DVD-R, DVD-RW;

Keep master copy in safe place;
Have one back-up copy;
IT technician / head of department responsible;

(b) if not given in (a)

Backups stored away from computer/ in safe place;
A number of tapes used in rotation /Grandfather father son system used;
Restore operation checked;
Make sure strategy is written down;
Make sure staff / students are aware of the procedures which affect them;
A one administrative consideration
1 mark for each relevant and appropriate point to max
4 A company stores all its data in an on-line information retrieval system. Some of this data is
personal data about the employees; some of it is confidential data about the business. All staff
have authorised access to those parts of the system which they need to carry out their job role.

(a) (i) Describe two distinct steps that should be taken to minimise unauthorised access
by staff to those parts of the system they have no need to access in order to carry
out their job role.

1 .................................................................................................................................

....................................................................................................................................

2 .................................................................................................................................

....................................................................................................................................
(4 marks)

(ii) How could such unauthorised access be detected?

....................................................................................................................................

....................................................................................................................................
(1 mark)

(b) What safeguards should be used to keep the data protected from loss or corruption due to:

(i) Hackers

....................................................................................................................................
(1 mark)
(ii) Viruses

....................................................................................................................................
(1 mark)
(iii) A system failure caused, for example, by a power cut?

....................................................................................................................................
(1 mark)

(c) Describe one further safeguard which needs to be in place to enable the company to get
back into operation swiftly and effectively after a serious problem causing a complete
system failure.

.............................................................................................................................................

.............................................................................................................................................

.............................................................................................................................................
(1 mark)
4 (a) (i) Unauthorised access
password protect sensitive files; 1 mark
//have username & passwords to log on;
/ have username & password / use biometrics to restrict access;
AND change passwords on a regular basis; 1 mark
/ choose passwords that are difficult to guess;
/ do not write passwords down;
/ shut down after (e.g.) 3 attempts at guessing the password;
A and set attributes/permissions/access rights;

//Set attributes/permissions/access rights; 1 mark

AND to restrict access to specific users or groups of user; 1 mark

//Use biometrics /lock doors to rooms where terminals are 1 mark

/employees log off / lock machines when they leave them;
AND to restrict access to sensitive files to certain terminals; 1 mark

// encrypt (sensitive) files; 1 mark

AND only authorised users have (decryption) code/key; 1 mark

(ii) use software that can monitor /log user activity A record, R store
/monitor file changes; 1 mark

(b) (i) data protection

Firewall; 1 mark
A ‘strong’ passwords
A Encrypt data ;

(ii) Use up to date virus checking software; 1 mark

A Regular backups (if not given in iii)

(iii) Regular / automated backups; 1 mark

/Uninterruptible power supply; (so that system can be shut down safely)

(c) restore
a good recovery / restore procedure; A description of this 1 mark
/backup media must be available immediately;
/ availability of alternative hardware;
A Make regular backups if not given in (iii)
A have a contract with an outside recovery service;
5 A manufacturing company uses computers for both the manufacturing process and the tasks
carried out in the offices.

(a) The customer and order files used in the office are regularly backed up, while the data
produced during operation of the manufacturing process is archived.

(i) Describe what is meant by backing up files, giving a reason why the customer and order
files are backed up.

Backing up .........................................................................................................................

...........................................................................................................................................

...........................................................................................................................................

...................................................................................................................................... [2]

Reason ..............................................................................................................................

...................................................................................................................................... [1]

(ii) Describe what is meant by archiving data, giving a reason why the data from the
manufacturing process is archived.

Archiving ...........................................................................................................................

...........................................................................................................................................

...........................................................................................................................................

...................................................................................................................................... [2]

Reason ..............................................................................................................................

...................................................................................................................................... [1]

(b) The workers are paid weekly. Their times at work over the week are collected and the staff file
is updated at the same time as the pay is calculated.
Describe a backing up routine which could be used for the staff file.

...................................................................................................................................................

...................................................................................................................................................

...................................................................................................................................................

...................................................................................................................................................

...................................................................................................................................................

...................................................................................................................................................

...................................................................................................................................................

.............................................................................................................................................. [4]
(a) (i)  Making copy of the data in a file...
 And the file structure
 On a portable medium
 Kept away from originals
 So that if the original is corrupted it can be replaced
(1 per -, max 2) (2)
Customer and order files are very important to the company, so
must be protected (1) [3]

(ii)  Storing the data produced...

 On long term storage
 So that it can be referred to if necessary
(1 per -, max 2) (2)
If the process fails then previous data can be searched for
evidence/Data is available without taking up space on working
storage/data is available for analysis of manufacturing process. (1) [3]

(b) Either:
 Back up copy taken weekly...
 Immediately after updating of staff file
 Multiple copies taken...
 Stored in more than 1 location
 At least one is stored off site
 Mention of incremental back up
6 The encryption of data is widely used in computing.

(a) One application is online banking.

State two other applications where encryption is used.

Describe the reason for encrypting the data for each application.

Application 1

Reason

Application 2

Reason

[4]

(b) Authorisation and authentication are processes designed to protect the computer
system and data.

Give one technique used for each.

Authorisation

Authentication

[2]
6 Possible answers include:

(a) Encryption of email traffic [1]

Email data if intercepted cannot be read [1]

Encryption of passwords // logging-in to “something” [1]

Designed to prevent unauthorised access [1]

Hospital patient records [1]

Will safeguard the privacy/confidentially of data [1]

(b) Authorisation
Different permissions granted to different users [1]
Restricted access to certain data files/directories/physical devices [1]
User IDs [1]
MAX 1

Authentication
Passwords [1]
(Digital) signature // (Digital) certificate [1]
Use of biometric data and methods [1]
MAX 1

[Total: 11]