Cybersecurity often appears as OCR GCSE 8-mark questions. The winning approach pairs a clear threat with a specific mitigation—repeat 3–4 times with concise explanations and you’re golden.
Common cybersecurity threats
- Malware: Malicious software (e.g., ransomware) that can steal or encrypt data.
- Phishing: Deceptive emails/messages tricking users to reveal credentials.
- Brute-force attacks: Automated password guessing to gain access.
- Data interception (sniffing): Capturing data in transit over insecure networks.
- SQL injection: Injecting malicious queries through unsanitised input to access/alter databases.
Mitigations (pair one-to-one)
- Malware → up-to-date anti-malware, OS patching, least-privilege.
- Phishing → staff training, email filtering, simulated phishing.
- Brute-force → strong policies, account lockout, MFA.
- Interception → HTTPS/TLS, VPNs, secure Wi-Fi configuration.
- SQL injection → input validation, parameterised queries, least-privileged DB accounts.
Model answer structure (8 marks)
Tap to reveal
- Intro: State that organisations face multiple threats; each needs a targeted control.
- Body (×4): Threat → impact → specific mitigation → why it works.
- Close: Emphasise a layered approach (defence-in-depth) and staff awareness.
Exam tips
- Match each threat with a specific control (not generic “use security”).
- Use precise terms: encryption, MFA, parameterised queries, account lockout.
- Explain why the mitigation blocks the threat (one short clause is enough).
Sample 8-mark question
“A shop stores sensitive customer data. Explain four cybersecurity threats they might face and how each could be mitigated.”
Model answer (concise)
- Malware: Could encrypt data (ransomware). Mitigation: updated anti-malware + patching to block known exploits.
- Phishing: Staff might reveal credentials. Mitigation: training + email filtering to detect/flag suspicious senders.
- Brute-force: Attackers guess passwords. Mitigation: strong policies, lockout after failed attempts, MFA.
- Interception: Data sniffed on public Wi-Fi. Mitigation: enforce HTTPS/TLS and VPN for remote access.
Interactive quiz
Test yourself on threats and the best matching mitigations.
Take the Quiz