Skip to main content
EnglandComputer Science

AQA GCSE Computer Science 3.6 Cyber security: threats, social engineering, malware and protecting against attacks

A deep-dive AQA GCSE Computer Science guide to area 3.6 Cyber security. Covers cyber threats (vulnerabilities, brute-force and denial-of-service), social engineering (phishing, shouldering, pretexting), malware (viruses, worms, trojans, spyware, ransomware) and the methods used to detect and prevent attacks, with the definitions Paper 2 rewards.

Generated by Claude Opus 4.813 min read3.6

Reviewed by: AI editorial process; not yet individually human-reviewed

Jump to a section
  1. What area 3.6 actually demands
  2. Cyber threats
  3. Social engineering
  4. Malware
  5. Protecting against threats
  6. Check your knowledge

What area 3.6 actually demands

Cyber security covers the threats to computer systems and the methods used to defend against them. It is a definition-heavy area in Paper 2, where the marks reward precise terms and clear distinctions between similar threats. You need to know the kinds of attack, how attackers exploit people through social engineering, the forms of malware, and the layered defences that detect and prevent attacks.

This guide ties together the four dot-point pages for the area.

Cyber threats

The starting point is the difference between a vulnerability (a weakness that could be exploited, such as a weak password) and an attack (the deliberate act of exploiting one). Common attacks include the brute-force attack (trying many passwords until one works) and the denial-of-service (DoS) attack (flooding a system so it cannot serve real users), along with data interception and SQL injection.

Social engineering

Many attacks target people rather than technology. Social engineering tricks people into giving away information or access: phishing uses fake messages from a trusted-looking source, shouldering watches someone enter a password, and pretexting (blagging) invents a believable scenario. People are often the weakest point, so training and awareness matter.

Malware

Malware is malicious software. A virus attaches to a file and spreads when run; a worm spreads itself across a network; a trojan hides inside apparently useful software; spyware secretly records activity such as keystrokes; and ransomware encrypts files and demands payment for the key.

Protecting against threats

Finally, defence combines several methods: penetration testing (authorised attacks to find weaknesses), anti-malware software, firewalls, user access levels, strong passwords, encryption and user training. No single method is enough, so they are layered together.

Check your knowledge

A mix of recall and explanation questions covering area 3.6. Attempt them, then check against the solutions.

  1. State the difference between a vulnerability and an attack. (2 marks)
  2. Describe what a denial-of-service attack does. (2 marks)
  3. State what social engineering is. (2 marks)
  4. Describe what phishing is. (2 marks)
  5. State one difference between a virus and a worm. (2 marks)
  6. Describe how ransomware harms a victim. (2 marks)
  7. State the purpose of penetration testing. (2 marks)
  8. Explain how user access levels improve security. (2 marks)

Sources & how we know this

  • computer-science
  • gcse-aqa
  • aqa-computer-science
  • cyber-security
  • gcse
  • cyber-threats
  • social-engineering
  • malware
  • protection