How is data kept secure and accurate, and what laws and ethical duties govern the use of computers and data?
Describe data security threats and protection, encryption, data integrity, and the legislation and ethics governing computer use.
A focused answer to WJEC A-Level Computer Science Unit 1 security and the law, covering threats such as malware and hacking, protection measures, encryption, data integrity, and the relevant legislation and ethics.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
WJEC wants you to describe the threats to data security, the measures that protect against them, how encryption works, what data integrity means, and the legislation and ethical issues around computer use. This dot point rounds off Unit 1 by setting the technical content in its social and legal context. Expect questions on encryption, on naming threats and matching defences, and on the relevant laws, all of which reward concrete, specific answers rather than vague statements.
The answer
Threats to data
Recognising the specific mechanism of each threat matters because the defence depends on it: a worm spreading over a network is countered differently from a user being tricked by a phishing email.
Protection measures
No single measure is enough, so a real system combines technical controls with sensible user behaviour and recovery plans.
Encryption and integrity
Encryption scrambles data using a key into ciphertext that is unreadable without the matching key to decrypt it; intercepted data is then useless to an attacker. Data integrity means keeping data accurate, complete and consistent, supported by validation and verification on entry and by backups against loss or corruption.
Legislation and ethics
Beyond the law, ethical duties cover privacy, honest use of data, accessibility and the wider social impact of computing decisions.
Examples in context
- Example 1. A ransomware attack on a hospital
- Ransomware (a form of malware) encrypts a hospital's files and demands payment. Recent, isolated backups let the hospital restore its data without paying, which is exactly why regular, tested backups are a core protection measure rather than an afterthought.
- Example 2. Why online banking shows a padlock
- When you bank online, the connection is encrypted, so even if traffic is intercepted on a public network it appears as meaningless ciphertext. The padlock icon signals this encryption, a concrete everyday case of encryption protecting confidentiality in transit.
- Example 3. The ethics of facial recognition
- A shop deploying facial recognition must consider data protection law (it is processing personal data) and the ethics of privacy and consent, even where it is technically legal. This shows that responsible computing weighs ethical duty alongside the letter of the law, a balance examiners expect candidates to discuss.
Try this
Q1. State what is needed to read data that has been encrypted. [1 mark]
- Cue. The correct decryption key.
Q2. Name one type of legislation relevant to computer use and state what it protects. [2 marks]
- Cue. For example, data protection legislation, which governs the fair and secure handling of personal data.
Exam-style practice questions
Practice questions written in the style of WJEC exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
WJEC 20184 marksExplain how encryption protects data sent over a network, and explain why encryption alone does not stop data being intercepted.Show worked answer →
Describe what encryption does, then make clear the limit of its protection.
Encryption scrambles the data using a key into ciphertext that is unreadable without the matching key to decrypt it. If the data is intercepted in transit, the interceptor sees only meaningless ciphertext and cannot recover the original without the key, so confidentiality is preserved.
Encryption does not stop interception itself: an attacker can still copy the data as it passes. What encryption does is make the intercepted data useless to them. Protecting against interception entirely would need control of the transmission path, which encryption does not provide.
Markers reward the scrambling-with-a-key description, the point that intercepted ciphertext is unreadable without the key, and the distinction that encryption protects the content but does not prevent interception.
WJEC 20224 marksDescribe two threats to the security of data held on a networked computer and state a protection measure against each.Show worked answer →
Pick two distinct threats and pair each with an appropriate defence.
Threat 1: malware such as a virus that can damage or steal data. Protection: antivirus software kept up to date, plus caution opening attachments.
Threat 2: unauthorised access (hacking) to accounts or data. Protection: strong passwords and access rights, plus a firewall to block unauthorised connections.
Other acceptable pairs include phishing (countered by user awareness) and data loss (countered by regular backups).
Markers reward two genuinely different threats, each paired with a relevant and correct protection measure.
Related dot points
- Describe networks and topologies, transmission media and methods, protocols and the TCP/IP stack, and how the internet works.
A focused answer to WJEC A-Level Computer Science Unit 1 communication, covering LANs and WANs, network topologies, transmission methods, protocols and the TCP/IP stack, packet switching, and how the internet works.
- Describe files, fields and records, relational databases, normalisation, basic SQL, and validation and verification.
A focused answer to WJEC A-Level Computer Science Unit 1 organisation of data, covering files, fields and records, relational databases and keys, normalisation to remove redundancy, basic SQL, and validation and verification.
- Describe systems, application and utility software, the functions of the operating system, translators, and modes of operation.
A focused answer to WJEC A-Level Computer Science Unit 1 software and systems, covering system, application and utility software, operating system functions, compilers, interpreters and assemblers, and modes of operation.
- Represent numbers in binary, hexadecimal and two's complement, perform binary arithmetic, and represent characters, sound and images as binary data.
A focused answer to WJEC A-Level Computer Science Unit 1 data representation, covering binary and hexadecimal, two's complement, binary arithmetic and shifts, and how characters, sound and images are stored as binary.
- Describe the von Neumann architecture, the components of the CPU, the fetch-execute cycle, memory and the storage hierarchy.
A focused answer to WJEC A-Level Computer Science Unit 1 hardware, covering the von Neumann architecture, the CPU components and registers, the fetch-execute cycle, primary and secondary storage, and factors affecting performance.