OCR IT National Level 2
4. Cyber-security and Legislation
4.3 Prevention Measures
Embedded Files
Overview
Prevention Measures
Prevention measures are steps taken to protect data and systems from damage, loss, or attacks. These measures can be physical, logical, or involve secure destruction of data.Β
Physical measures protect the hardware itself. Examples include biometric devices, keypads, RFID access cards, and secure backups.Β
Logical measures protect the data and software. These include using strong passwords, encryption, antivirus software, firewalls, and access rights. Both physical and logical measures often work together to keep systems safe.
Sometimes, data needs to be completely removed so that no one can recover it. This is called secure destruction of data. Methods include data erasure, data sanitisation, magnetic wiping, and physically destroying storage devices.
Using a mix of these measures helps keep information safe from hackers, malware, or accidents. Knowing how and when to use them is an important skill for anyone working with IT systems.
What You Need to Learn
Prevention Measures
Prevention Measures
π‘ Physical Measures
π‘ Physical Measures
Biometric devices β Use fingerprints, facial recognition, or iris scans to allow access.
Firewalls β Hardware barriers to block unauthorised network access.
Keypads β Require a code or PIN to unlock a device or room.
Radio frequency identification (RFID) β Uses smart cards or tags to control access.
Secure backups β Store copies of data safely in another location.
π» Logical Measures
π» Logical Measures
Access rights and permissions β Control who can view or change files.
Anti-virus / malware software β Detect and remove harmful programs.
Two-factor authentication (2FA) β Adds a second step to confirm identity.
Encryption β Scrambles data so only authorised people can read it.
Firewalls β Software that blocks unauthorised access.
Secure backups β Keep safe copies of data in case of loss.
Usernames and passwords β Unique logins to protect accounts.
π Secure Destruction of Data
π Secure Destruction of Data
Data erasure β Permanently removes files from storage.
Data sanitisation β Cleans storage to remove all traces of data.
Magnetic wipe β Uses magnets to remove data from hard drives.
sical destruction β Breaks or shreds storage devices so data cannot be recovered.
Technology in the news
Technology in the news
In May 2025, schools in Edinburgh were hit by a phishing attack.Β
Students couldnβt access Teams or OneNote for revision, and everyone had to reset passwords, even on a Saturday! No data was stolen, but it wasted valuable exam prep time.
Cyber-attacks can happen anywhere, schools, hospitals, even gaming accounts and they can disrupt lives fast.
Discussion question: If someone causes disruption without stealing data, should it still be treated as a serious crime? What do you think is a fair consequence?
Page updated
Google Sites
Report abuse