Threat Spotter
Define cyber security like the mark scheme wants — then spot the weakness in real scenarios and learn what penetration testing is for.
Revise this, the fun way
Play it interactively, earn XP and build a streak — free.
Start revising freeWhat you'll cover
Threat Spotter 🕵️
Systems get attacked because they leave a door open. Your job on this case: know what **cyber security** actually means, learn the everyday weaknesses attackers exploit, and spot them in real situations. First, the definition — because it is worth easy marks if you state it precisely.
What is cyber security? 🛡️
**Cyber security** is the processes and practices designed to **protect** computer systems, networks and **data** from **attack, damage or unauthorised access**. The mark-winning idea is simple: *protecting systems and data from threats*. Vague answers like "keeping computers safe" throw the mark away.
Define it precisely
For one mark, which is the best definition of **cyber security**?
- Protecting computer systems and data from attack or unauthorised access
- A type of antivirus software you install
- Keeping computers safe
- Choosing strong passwords
Where the doors are left open ⚠️
Most breaches exploit ordinary, avoidable weaknesses. The four you must know: • **Weak and default passwords** — easily guessed, or never changed from the factory setting. • **Misconfigured access rights** — people can reach data they should not. • **Removable media** — USB sticks that carry malware in, or data out. • **Unpatched / outdated software** — known security holes left unfixed.
Why is each a risk?
- Weak / default passwords
- Misconfigured access rights
- Removable media
- Unpatched software
- Easily guessed, letting attackers log straight in
- Users can reach data they should not
- Can carry malware in, or sensitive data out
- Known security holes are left open
Now spot them 🔍
Exam questions describe a situation and ask you to **name the weakness**. The trick is to match the story to one of the four you just learned. Try a few.
Spot the weakness: the USB
Staff routinely bring in USB sticks from home to move work files between office PCs. Which weakness is that?
- Removable media
- Weak passwords
- Unpatched software
Spot the weakness: the router
A company's Wi-Fi router still uses the login it shipped with: username "admin", password "admin". Which weakness is that?
- Default passwords
- Misconfigured access rights
- Removable media
Spot the weaknesses
A firm gives every new hire access to ALL folders including payroll, and its PCs run software the vendor stopped updating two years ago. Pick the TWO weaknesses shown.
- Misconfigured access rights
- Unpatched / outdated software
- Removable media
- Weak passwords
Testing your own defences 🧪
How does an organisation find these weaknesses before criminals do? **Penetration testing** (pen testing). Testers deliberately **simulate an attack** on the system — probing it the way a real attacker would — to **find the vulnerabilities**, so they can be fixed before they are exploited for real.
Say what it does
Penetration testing simulates an _____ on a system to find its _____ before a real attacker can exploit them.
Why do it?
What is the main **purpose** of penetration testing?
- To find and fix vulnerabilities before attackers exploit them
- To make the network run faster
- To back up important data
- To train new members of staff
In the exam 🎯
Case closed. Grade-9 habits for cyber security fundamentals: • **Define precisely** — cyber security = protecting systems and data from attack / unauthorised access. • Know the **four common weaknesses**: weak/default passwords, misconfigured access rights, removable media, unpatched software — and match a scenario to the right one. • **Penetration testing** = simulate an attack to find vulnerabilities before real attackers do.