Back to Information Communication Technology
KASNEB · FoundationInformation Communication TechnologyBETA — flag if wrong

Cyber Security

This topic addresses the importance of cyber security, common threats, and protective measures.

3objectives
3revision lessons
12practice questions

What you’ll learn

Aligned to the KASNEB Information Communication Technology syllabus.

Understanding Cyber Security and Its Importance

BETA — flag if wrongAI 93

Cyber security refers to the practice of protecting systems, networks, and programs from digital attacks. These attacks typically aim to access, change, or destroy sensitive information; extort money from users; or disrupt normal business processes. As businesses in Kenya increasingly rely on digital platforms for operations, the relevance of cyber security has escalated. The rise of mobile money platforms like M-Pesa and the growing e-commerce sector have made organizations vulnerable to cyber threats.

Effective cyber security measures are essential for safeguarding personal and financial data, ensuring compliance with regulations such as the Data Protection Act, 2019, and maintaining consumer trust. Organizations must implement a comprehensive cyber security strategy that includes risk assessment, employee training, and the deployment of advanced security technologies to mitigate potential risks. Additionally, staying updated with the latest cyber threats and vulnerabilities is crucial for enhancing an organization's security posture.

Key points

  • Cyber security protects systems and data from digital attacks.
  • In Kenya, reliance on digital platforms increases cyber threats.
  • Effective measures safeguard personal and financial information.
  • Compliance with laws like the Data Protection Act is essential.
  • Employee training is critical for maintaining security.

More on this topic

CF16.6.B Identifying common cyber threats and vulnerabilitiesBETA — flag if wrongAI 100
Cyber threats and vulnerabilities are critical concerns for organizations in Kenya and globally. Understanding these threats is essential for developing effective security measures. Here are some common cyber threats:

1. Malware: This includes viruses, worms, and ransomware that can damage or disrupt systems. Malware often infiltrates systems through email attachments or malicious downloads.

2. Phishing: Attackers use deceptive emails or messages to trick individuals into revealing sensitive information, such as passwords or bank details. Phishing attacks can be highly targeted (spear phishing) or broad (bulk phishing).

3. Denial of Service (DoS): A DoS attack aims to make a service unavailable by overwhelming it with traffic. This can disrupt business operations and lead to financial losses.

4. Insider Threats: Employees or contractors may intentionally or unintentionally compromise security. This can include data theft or accidental exposure of sensitive information.

5. Unpatched Software: Vulnerabilities in software that are not regularly updated can be exploited by attackers. Organizations must ensure that all software is up-to-date to mitigate this risk.

6. Weak Passwords: Using easily guessable passwords can lead to unauthorized access. Organizations should enforce strong password policies and encourage the use of multi-factor authentication.

By identifying these threats, organizations can implement appropriate security measures to protect their data and systems.
CF16.6.C Strategies for Protecting Information SystemsBETA — flag if wrongAI 100
To safeguard information systems, organizations must implement a comprehensive cybersecurity strategy. Here are key strategies:

1. Access Control: Limit access to sensitive information through role-based access controls (RBAC). Ensure only authorized personnel can access critical systems and data. Implement strong password policies and change passwords regularly.

2. Data Encryption: Encrypt sensitive data both in transit and at rest. This ensures that even if data is intercepted, it remains unreadable without the decryption key.

3. Regular Software Updates: Keep all software, including operating systems and applications, updated to protect against vulnerabilities. Apply patches and updates as soon as they are available.

4. Firewalls and Intrusion Detection Systems: Utilize firewalls to block unauthorized access to networks. Implement intrusion detection systems (IDS) to monitor network traffic for suspicious activities and respond to potential threats.

5. Employee Training and Awareness: Conduct regular training sessions for employees on cybersecurity best practices. Educate them about phishing attacks, social engineering, and safe internet usage to minimize human error.

6. Incident Response Plan: Develop and maintain an incident response plan to quickly address and mitigate the impact of security breaches. This plan should outline roles, responsibilities, and procedures for responding to various types of incidents.

By integrating these strategies, organizations can significantly enhance their cybersecurity posture and protect their information systems from potential threats.

Sample KASNEB-style questions

3 of 12 questions. Beta-flagged questions are AI-drafted and pending CPA review — flag anything that looks wrong.

Q1 · MCQ · easyBETA — flag if wrongAI 100

Which of the following best defines cyber security?

  • A.A) Protection of computer systems from theft or damage
  • B.B) Measures taken to secure data and networks from cyber threats✓ correct
  • C.C) Software designed to protect against malware attacks
  • D.D) The practice of using firewalls only
Q2 · MCQ · mediumBETA — flag if wrongAI 93

What is a primary goal of cyber security?

  • A.A) To increase internet speed
  • B.B) To ensure the confidentiality, integrity, and availability of data✓ correct
  • C.C) To promote software development
  • D.D) To reduce hardware costs
Q3 · SHORT ANSWER · mediumBETA — flag if wrongAI 94

Explain THREE types of cyber threats that organizations face. (6 marks)

Model answer

1. Malware: Malicious software designed to harm or exploit any programmable device, service, or network. It includes viruses, worms, and ransomware, which can disrupt operations and compromise sensitive data. 2. Phishing: A technique used by cybercriminals to trick individuals into providing sensitive information by masquerading as a trustworthy entity in electronic communications. 3. Denial-of-Service (DoS) Attacks: These attacks aim to make a service unavailable by overwhelming it with traffic, thus preventing legitimate users from accessing the service.

Practice the full question bank with the AI tutor

12 questions on this topic alone. Get feedback after every attempt; the tutor re-explains what you got wrong. Beta access is free.

Reserve beta access

Common questions

Define cyber security and its relevance.

Cyber security protects systems and data from digital attacks.

Identify common cyber threats and vulnerabilities.

Malware includes viruses, worms, and ransomware.

Outline strategies for protecting information systems.

Implement role-based access controls to limit data access.

More from Information Communication Technology

Introduction to Information Communication Technology

Topic 1

Hardware and Software

Topic 2

Data Management

Topic 3

Networking

Topic 4

Internet and Web Technologies

Topic 5

Software Development

Topic 7

Internet and Web TechnologiesSoftware Development

AI tutor for the full CPA pathway

Information Communication Technology is one of 18 CPA papers covered. Beta access is free; KES 1,500/month at launch.

See the full CPA pathway →