What are the main security risks to a computer system, how do we guard against them, and what does the law say?
Security risks and precautions: common threats to a computer system, the precautions of encryption, passwords and biometrics, and the legal protection of the Computer Misuse Act.
An SQA National 5 Computing Science answer on security risks and precautions, covering common threats to a computer system such as viruses and hacking, the precautions of encryption, strong passwords and biometrics, and how the Computer Misuse Act makes unauthorised access to computer systems illegal.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this key area is asking
The SQA wants you to know the common security risks to a computer system, the precautions used to guard against them (including encryption and biometrics), and how the Computer Misuse Act protects computer systems in law.
Security risks
These risks have real consequences: malware can delete or corrupt files, hacking can expose private data, and stolen data can be misused. Recognising the risk is the first step; the second is choosing a precaution that genuinely addresses it.
Precautions
The key skill is matching a precaution to a risk. Against malware, use anti-virus software and avoid suspicious downloads. Against unauthorised access, use strong passwords and biometrics. Against interception or theft of data, use encryption so the data is useless to anyone without the key.
Encryption in a little more detail
Encryption is the precaution that protects the data itself rather than just controlling access. This is why sensitive information sent over the internet, or stored on a portable device, is usually encrypted: even if someone gets hold of it, it is meaningless without the key.
The Computer Misuse Act
The Act is the legal backstop behind all the technical precautions: even when a system is well protected, the law adds a deterrent by making the act of breaking in a crime in itself. National 5 expects you to know that unauthorised access to a computer system is illegal under this Act.
Why this key area matters
Security is part of designing and running real systems responsibly. Technical precautions (passwords, biometrics, anti-virus, encryption) reduce the chance of an attack succeeding, and the law (the Computer Misuse Act) deters attacks and punishes those that happen. Together they protect the privacy and integrity of data, which links to the legal and security implications examined across the Information system design and development area.
How this key area is examined
Questions ask you to describe security risks and suggest precautions, explain what encryption does, or state what the Computer Misuse Act makes illegal. Always pair a precaution with the risk it addresses, mention the key when describing encryption, and remember that the Act makes unauthorised access a criminal offence. These marks reward precise, matched answers rather than long lists.
For the official course specification
The SQA publishes the full National 5 Computing Science course specification, specimen question papers and coursework tasks at sqa.org.uk. Always revise from the current specification and SQA past papers, because question style and terminology are board-specific.
Exam-style practice questions
Practice questions written in the style of SQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
SQA N5 style4 marksDescribe two security risks to a computer system and a suitable precaution against each.Show worked answer →
Up to four marks: two risks, each with a matching precaution.
Risk 1: malware such as a virus, which can damage files or steal data. Precaution: install and update anti-virus (security) software and avoid opening suspicious attachments.
Risk 2: unauthorised access (hacking), where someone gets into the system without permission. Precaution: use strong passwords, and add biometrics or two-factor authentication.
Markers reward a genuine risk paired with a precaution that actually addresses it. Listing two risks but no precautions, or a precaution that does not match the risk, would not gain full marks.
SQA N5 style3 marksExplain what encryption does and why the Computer Misuse Act is important for computer security.Show worked answer →
Two marks for encryption and one for the law.
Encryption scrambles data using a key so that it cannot be understood by anyone who intercepts it; only someone with the correct key can turn it back into readable form. This keeps data private even if it is stolen or intercepted.
The Computer Misuse Act makes it a criminal offence to access a computer system or data without permission, so it deters and punishes hacking and unauthorised access.
Markers reward saying encryption scrambles data so only an authorised key holder can read it, and that the Act makes unauthorised access illegal.
Related dot points
- Data representation in a computer system: storing positive integers, real numbers and characters in binary, and the units used to measure storage from the bit upwards.
An SQA National 5 Computing Science answer on data representation in computer systems, covering how positive integers, real numbers (floating point) and characters are stored in binary, the meaning of bit and byte, and the units of storage scaling up through kilobyte, megabyte, gigabyte and terabyte.
- Computer architecture: the role of the processor, memory and the buses that connect them; and the environmental impact of the manufacture, use and disposal of computer systems.
An SQA National 5 Computing Science answer on computer architecture and environmental impact, covering the role of the processor (with its registers and arithmetic logic unit and control unit), main memory, and the address and data buses, and the environmental impact of manufacturing, running and disposing of computer systems.
- SQL implementation: searching and sorting with SELECT, FROM, WHERE and ORDER BY, and changing data with INSERT, UPDATE and DELETE, then testing and evaluating the database.
An SQA National 5 Computing Science answer on implementing a database in SQL, covering how to search and sort records using SELECT, FROM, WHERE and ORDER BY, how to add, change and remove data with INSERT, UPDATE and DELETE, and how to test and evaluate that the database meets its requirements.
- JavaScript and media: adding interactivity with event-driven JavaScript (such as onmouseover, onmouseout and onclick), and using media files with appropriate standard file formats and compression, then testing and evaluating the website.
An SQA National 5 Computing Science answer on JavaScript and media, covering how event-driven JavaScript adds interactivity using events such as onmouseover, onmouseout and onclick, how media files (graphics, audio and video) use standard file formats and compression to manage file size, and how a website is tested and evaluated.
- The iterative software development process: analysis, design, implementation, testing, documentation and evaluation, and why the process is iterative rather than strictly linear.
An SQA National 5 Computing Science answer on the software development process, covering the six stages of analysis, design, implementation, testing, documentation and evaluation, what is produced at each stage, and why the process is iterative so that developers loop back to earlier stages when problems are found.