DoRevision Sign up free

Threat Spotter

Define cyber security like the mark scheme wants — then spot the weakness in real scenarios and learn what penetration testing is for.

⏱️ 7 min 🎯 13 activities Teachers Not yet rated Students Not yet rated

Revise this, the fun way

Play it interactively, earn XP and build a streak — free.

Start revising free

What you'll cover

Threat Spotter 🕵️

Systems get attacked because they leave a door open. Your job on this case: know what **cyber security** actually means, learn the everyday weaknesses attackers exploit, and spot them in real situations. First, the definition — because it is worth easy marks if you state it precisely.

What is cyber security? 🛡️

**Cyber security** is the processes and practices designed to **protect** computer systems, networks and **data** from **attack, damage or unauthorised access**. The mark-winning idea is simple: *protecting systems and data from threats*. Vague answers like "keeping computers safe" throw the mark away.

Define it precisely

For one mark, which is the best definition of **cyber security**?

  • Protecting computer systems and data from attack or unauthorised access
  • A type of antivirus software you install
  • Keeping computers safe
  • Choosing strong passwords

Where the doors are left open ⚠️

Most breaches exploit ordinary, avoidable weaknesses. The four you must know: • **Weak and default passwords** — easily guessed, or never changed from the factory setting. • **Misconfigured access rights** — people can reach data they should not. • **Removable media** — USB sticks that carry malware in, or data out. • **Unpatched / outdated software** — known security holes left unfixed.

Why is each a risk?

  • Weak / default passwords
  • Misconfigured access rights
  • Removable media
  • Unpatched software
  • Easily guessed, letting attackers log straight in
  • Users can reach data they should not
  • Can carry malware in, or sensitive data out
  • Known security holes are left open

Now spot them 🔍

Exam questions describe a situation and ask you to **name the weakness**. The trick is to match the story to one of the four you just learned. Try a few.

Spot the weakness: the USB

Staff routinely bring in USB sticks from home to move work files between office PCs. Which weakness is that?

  • Removable media
  • Weak passwords
  • Unpatched software

Spot the weakness: the router

A company's Wi-Fi router still uses the login it shipped with: username "admin", password "admin". Which weakness is that?

  • Default passwords
  • Misconfigured access rights
  • Removable media

Spot the weaknesses

A firm gives every new hire access to ALL folders including payroll, and its PCs run software the vendor stopped updating two years ago. Pick the TWO weaknesses shown.

  • Misconfigured access rights
  • Unpatched / outdated software
  • Removable media
  • Weak passwords

Testing your own defences 🧪

How does an organisation find these weaknesses before criminals do? **Penetration testing** (pen testing). Testers deliberately **simulate an attack** on the system — probing it the way a real attacker would — to **find the vulnerabilities**, so they can be fixed before they are exploited for real.

Say what it does

Penetration testing simulates an _____ on a system to find its _____ before a real attacker can exploit them.

attack weaknesses upgrade backup

Why do it?

What is the main **purpose** of penetration testing?

  • To find and fix vulnerabilities before attackers exploit them
  • To make the network run faster
  • To back up important data
  • To train new members of staff

In the exam 🎯

Case closed. Grade-9 habits for cyber security fundamentals: • **Define precisely** — cyber security = protecting systems and data from attack / unauthorised access. • Know the **four common weaknesses**: weak/default passwords, misconfigured access rights, removable media, unpatched software — and match a scenario to the right one. • **Penetration testing** = simulate an attack to find vulnerabilities before real attackers do.