What is Cyber Security and why is it important in the context of the internet?

Cyber Security refers to the practice of protecting systems, networks, and programs from digital attacks. These cyber attacks are usually aimed at accessing, changing, or destroying sensitive information, extorting money from users, or interrupting normal business processes. In the context of the internet, Cyber Security is crucial because it helps protect personal data, maintain privacy, and ensure the integrity and availability of information. This is particularly important for students studying Cambridge IGCSE Computer Science, as understanding these concepts is essential for navigating and utilizing the internet safely.

What are some common types of cyber threats that students should be aware of?

Students should be aware of several common types of cyber threats, including malware, phishing, and ransomware. Malware is malicious software designed to harm or exploit any programmable device or network. Phishing involves tricking individuals into providing sensitive information by pretending to be a trustworthy source. Ransomware is a type of malware that threatens to publish the victim's data or block access to it unless a ransom is paid. Understanding these threats is vital for students, especially those studying the Cambridge IGCSE Computer Science curriculum, to protect themselves online.

How can students protect their personal information online?

Students can protect their personal information online by using strong, unique passwords for different accounts, enabling two-factor authentication, and being cautious about the information they share on social media. Additionally, they should regularly update their software to protect against vulnerabilities and be wary of suspicious emails or links. These practices are part of good Cyber Security hygiene, which is an important aspect of the Cambridge IGCSE Computer Science syllabus under the topic of 'The internet and its uses'.

What role does encryption play in Cyber Security?

Encryption is a method used to protect data by converting it into a code to prevent unauthorized access. It plays a crucial role in Cyber Security by ensuring that even if data is intercepted, it cannot be read without the correct decryption key. This is particularly important for securing sensitive information transmitted over the internet, such as financial transactions and personal communications. Understanding encryption is a key component of the Cambridge IGCSE Computer Science curriculum, as it helps students appreciate how data privacy and security are maintained online.

Why is it important for students to learn about Cyber Security in the Cambridge IGCSE Computer Science course?

Learning about Cyber Security is important for students in the Cambridge IGCSE Computer Science course because it equips them with the knowledge and skills to protect themselves and their data in an increasingly digital world. As the internet becomes more integral to daily life, understanding how to safeguard against cyber threats is essential. This knowledge not only helps students stay safe online but also prepares them for future careers in technology, where Cyber Security is a critical concern.

Why is "Calling all malware 'a virus'" a common mistake in Cyber Security?

Why it happens: 'Virus' is the most familiar term. How to avoid it: Virus = ONE specific type. Malware is the umbrella; viruses, worms, trojans, ransomware are separate types with different mechanisms and defences. Use the right term. Source: 0478 Examiner Reports 2022-2024

Why is "Believing a firewall stops malware once it's already on the device" a common mistake in Cyber Security?

Why it happens: Vague mental model of 'security software'. How to avoid it: Firewall = NETWORK filter (incoming/outgoing connections). Anti-malware = file/process scanner on the device. Two different jobs; you need both.

Why is "Saying 'use HTTPS' as a defence against malware" a common mistake in Cyber Security?

Why it happens: Students lump all 'security' answers together. How to avoid it: HTTPS encrypts traffic in TRANSIT — defends against data interception, NOT malware. Match the defence to the threat.

Why is "Using 'phishing' and 'pharming' interchangeably" a common mistake in Cyber Security?

Why it happens: Similar names. How to avoid it: Phishing: USER clicks a fake link in an email. Pharming: DNS is compromised; typed URL goes to a fake site without any clicking. Different attack, different defence.

The internet and its usesCambridge IGCSE Computer Science (0478)

Cyber Security

Work through the notes, try the practice questions, then take the quiz. The report tells you exactly what to revise next.

PreviousNext

Learn this Topic

Start with the slides for the quick version, then go deeper with the full study notes.

Short Study Notes in the form of Slides

Read the notes first. If the method in a worked example clicks, you're ready for the questions.

Page 1 / 0

Detailed Study Notes

Full prose, callouts and a recap — built for A* mastery, not just a quick scan.

Take these study notes with you

Download a branded PDF — full prose, callouts, recap and memorise list for Cyber Security, ready to print or save offline.

Cyber Security Study Notes — Cambridge IGCSE Computer Science 0478 (2026-2028 syllabus)

Threats and defences. The threat catalogue: brute force, DDoS, malware (virus, worm, trojan, ransomware, spyware), phishing, pharming, social engineering, data interception. The defences: firewalls, anti-malware, encryption, biometrics, MFA, SSL/TLS, captcha, anti-phishing tools and user education.

What you’ll learn

Mapped to the Cambridge IGCSE 0478 syllabus (2026-2028).

1.11.1 — Identify common cyber-security threats.
1.11.2 — Distinguish between phishing and pharming.
1.11.3 — Identify types of malware.
1.11.4 — Identify defences against cyber-security threats.
1.11.5 — Match each defence to the threats it mitigates.

The threat catalogue

Brute force, DDoS, malware, phishing/pharming, social engineering, data interception.

Cambridge expects you to know the standard catalogue of cyber threats. Each one has a different mechanism — and a different best defence.

Brute-force attack. The attacker tries every possible password until one works. Mitigated by long, complex passwords, account lockouts after failed attempts, CAPTCHA and MFA.

DDoS (Distributed Denial of Service). A botnet (many compromised devices) floods a target server with traffic, making it unreachable to legitimate users. Mitigated by traffic filtering, rate limiting, anti-DDoS services (Cloudflare, AWS Shield).

Data interception. Capturing data while it's being transmitted (e.g. sniffing on a public Wi-Fi). Mitigated by ENCRYPTION — SSL/TLS, VPN, encrypted file transfers.

Malware. Malicious software in many forms (viruses, worms, trojans, ransomware, spyware). Mitigated by anti-malware software, automatic updates, careful downloading, sandboxing.

Phishing. Fake emails / messages that look legitimate, tricking the user into clicking a link and entering credentials on a fake site. Mitigated by user education, anti-phishing browser extensions, link previews, MFA.

Pharming. DNS or hosts-file compromise that redirects a user to a fake site even when they type the correct URL. Mitigated by anti-malware scanning, DNS over HTTPS, certificate validation, user awareness.

Social engineering. Manipulating people psychologically — impersonating IT staff, urgent fake requests, baiting. Mitigated by user training, verification procedures, zero-trust policies.

Cambridge tip. Mark schemes ask candidates to MATCH each threat to a relevant defence. Memorising the threat list isn't enough — pair each one with its mitigation.

Six big threats: brute force, DDoS, data interception, malware, phishing, pharming, social engineering.
Each has a SPECIFIC defence; matching them is the exam skill.

Malware — the family of malicious software

Virus, worm, trojan, ransomware, spyware — different mechanisms.

Malware is the umbrella term. The 0478 syllabus expects you to identify the main types.

Virus. Attaches itself to a host file or program. Spreads when the host is run, replicating into other files on the same system. Often damages or deletes data.

Worm. Standalone program that spreads automatically across networks WITHOUT needing a host file. Replicates rapidly; can saturate network bandwidth on its own.

Trojan horse. Disguised as legitimate software (a useful tool, a game, an attachment). Doesn't replicate itself — relies on the user installing it. When run, opens a backdoor or steals data.

Ransomware. Encrypts the victim's files using strong cryptography and demands a ransom (usually in cryptocurrency) for the decryption key. High-profile attacks have shut down hospitals, fuel pipelines and city governments.

Spyware. Secretly monitors user activity — keylogging, screenshot capture, microphone/camera access — and exfiltrates data to the attacker. Used for credential theft and corporate espionage.

Adware. Forces unwanted advertising. Less destructive but degrades user experience and can lead to other malware.

Rootkit. Deeply embedded in the operating system; very hard to detect or remove. Used to maintain persistent access after a compromise.

Cambridge tip. Don't lump all malware together as 'a virus'. Mark schemes test each type's specific mechanism.

Virus needs a host; worm spreads independently.
Trojan disguised; relies on user installing it.
Ransomware encrypts + demands payment.
Spyware silently exfiltrates data.

See the full worked example for cyber security →

Phishing vs pharming

Phishing tricks users via messages; pharming compromises DNS.

These two attacks both end with the user on a fake site, but they get there differently.

Phishing.

Attacker sends an email/text/call that LOOKS legitimate ('Your bank account has been suspended — click here to verify').
User clicks the link, which leads to a FAKE site mimicking the real one.
User enters credentials → attacker captures them.

Defence: user education ('look at the URL'), anti-phishing browser tools, hover-to-preview links, MFA, blocking the messages at the email gateway.

Pharming.

Attacker compromises DNS (or the user's local hosts file, or the local DNS resolver via cache poisoning).
The user types the correct URL (e.g. bankofengland.com).
Their browser is redirected to a FAKE site with the same URL.
User enters credentials → attacker captures them.

Pharming is more dangerous BECAUSE it bypasses the standard advice ('don't click suspicious links'). Defence: anti-malware scanning of hosts files, secure DNS (DNSSEC, DNS-over-HTTPS), checking HTTPS certificates carefully.

Cambridge tip. Mark scheme expects students to differentiate by MECHANISM (user clicks vs DNS compromise) AND by required user action (clicking required vs no clicking required).

Phishing: fake message → user clicks → fake site.
Pharming: DNS compromised → typed URL → fake site.
Pharming bypasses 'don't click suspicious links' advice.

See the full worked example for cyber security →

Defences and which threats each blocks

Match the defence to the threat — that's what mark schemes test.

Firewall. Software or hardware that filters incoming and outgoing network traffic against rules. Blocks unauthorised connections. Defends against intrusion attempts, brute-force probing, some DDoS, and unauthorised data exfiltration.

Anti-malware (anti-virus) software. Scans files and processes for known malware signatures and suspicious behaviour. Quarantines or removes infections. Defends against viruses, worms, trojans, ransomware and spyware. Must be regularly updated to recognise new threats.

SSL / TLS encryption. Encrypts data in transit. Defends against data interception. The basis of HTTPS.

MFA (Multi-Factor Authentication). Requires a password PLUS something else (a code from your phone, a fingerprint, a hardware key). Defends against brute-force, leaked passwords, and phishing where credentials are captured.

Biometrics. Fingerprint, face, iris recognition. Often used as one factor of MFA. Hard to share or replicate. Defends against password theft and casual unauthorised access.

Automatic updates. Patches security holes as soon as they're fixed. Defends against malware that exploits known vulnerabilities and against many forms of intrusion.

CAPTCHA. Distinguishes humans from bots. Defends against brute-force and automated form-spam attacks.

Anti-phishing browser extensions / spam filters. Catch suspicious messages and links before the user sees them. Defend against phishing.

Strong password policies. Long, complex, unique passwords (typically managed in a password manager). Defends against brute force and credential stuffing.

User education. The single highest-leverage defence. Most successful attacks involve a person being tricked rather than a piece of software being broken.

Cambridge tip. Mark scheme structure for 'identify defences' is usually: NAME the defence + STATE the threat it mitigates. Both halves are needed for full marks.

Firewall — network filtering.
Anti-malware — file/process scanning.
TLS — in-transit encryption.
MFA / biometrics — password-only attack defence.
User education — high-leverage cross-cutting defence.

See the full worked example for cyber security →

How it’s examined

Cyber security appears on every Paper 1. Most-tested questions: identify malware types (6-8 marks), phishing vs pharming (4-6 marks), defences for given threats (6-8 marks). Examiner reports flag the all-malware-is-a-virus error and the phishing/pharming confusion as the most common mistakes.

Sources: Cambridge IGCSE Computer Science 0478 syllabus (2026-2028); 0478 Examiner Reports 2022-2024; 0478/12 May/Jun 2024 question paper and mark scheme. Last reviewed 2026-05-09.

Master this Topic

Worked examples, formulae, definitions and the mistakes examiners flag — everything you need to push from a pass to an A*.

Take this whole topic with you

Download a branded revision sheet — worked examples, formulae, definitions and common mistakes for Cyber Security, ready to print or save as PDF.

Step-by-step worked examples — Cyber Security

Step-by-step solutions to past-paper-style questions on cyber security, written exactly the way a tutor would explain them at the board.

1Identify malware types (8 marks)
Extended• Adapted from 0478/12 May/Jun 2024 Q9• malware
Question
Identify and describe FOUR types of malware. (8 marks)
Step-by-step solution
1. Step 1
  Virus (2 marks). Malicious code that ATTACHES itself to a host file or program. Spreads when the host is run, replicating into other files. Often damages or deletes data.
2. Step 2
  Worm (2 marks). A standalone program that SPREADS automatically across networks WITHOUT needing a host file. Replicates rapidly and can saturate bandwidth.
3. Step 3
  Trojan (2 marks). Disguised as legitimate software (e.g. a useful tool or game). When run, opens a backdoor or steals data. Doesn't replicate itself — relies on user installation.
4. Step 4
  Ransomware (2 marks). Encrypts the victim's files and demands a ransom (typically in cryptocurrency) in exchange for the decryption key.
Answer
Virus (attaches to hosts), worm (self-spreading across networks), trojan (disguised), ransomware (encrypts and demands payment). Other valid: spyware (keylogging / data exfiltration), adware (forced ads), rootkit (deep OS-level control).
2Distinguish phishing and pharming (6 marks)
Extended• phishing, pharming
Question
Describe phishing and pharming, identifying TWO differences between them. (6 marks)
Step-by-step solution
1. Step 1
  Phishing (2 marks). The attacker sends fraudulent COMMUNICATIONS (typically emails or texts) that appear to come from a legitimate source, tricking the user into clicking a link and entering credentials on a fake site.
2. Step 2
  Pharming (2 marks). The attacker compromises DNS (or hosts files) so that even when a user types the correct URL, their browser is redirected to a fake site. Doesn't require the user to click anything malicious.
3. Step 3
  Two differences (2 marks). (a) Phishing requires user ACTION (click); pharming doesn't. (b) Phishing relies on convincing fake messages; pharming relies on compromised DNS / hosts records — much harder for users to detect.
Answer
Phishing: fake messages → click → fake site. Pharming: DNS compromise → typed URL goes to fake site. Pharming bypasses 'don't click suspicious links' advice.
3Identify defences against cyber-security threats (6 marks)
Core• defence
Question
Identify THREE defences against cyber-security threats and explain what each protects against. (6 marks)
Step-by-step solution
1. Step 1
  Firewall (2 marks). Filters incoming and outgoing network traffic against rules. Blocks unauthorised connections — defence against intrusion, brute-force, some DDoS, and unauthorised data exfiltration.
2. Step 2
  Anti-malware software (2 marks). Scans files and processes for known malware signatures and suspicious behaviour. Defends against viruses, worms, trojans, ransomware, spyware. Must be regularly updated.
3. Step 3
  Multi-factor authentication / biometrics (2 marks). Requires more than one form of authentication (password + code from app, or fingerprint, or face). Protects against compromised passwords, brute-force, phishing.
Answer
Firewall, anti-malware, MFA / biometrics. Other valid: SSL/TLS encryption, automatic updates, captcha, password rules, user education / awareness, anti-phishing browser extensions.

Key Definitions and Keywords — Cyber Security

Definitions to memorise and the exact keywords mark schemes credit for cyber security answers — sharpened from recent examiner reports for the 2026 0478 sitting.

Brute-force attack
Examiner keyword
An attack that tries every possible combination of characters (e.g. for passwords) until the correct one is found. Defended against by long, complex passwords, account lockouts and CAPTCHA.
DDoS (Distributed Denial of Service)
Examiner keyword
An attack where many compromised devices (a botnet) flood a target with traffic, making it unreachable to legitimate users.
Data interception
Examiner keyword
Capturing data while it is being transmitted — e.g. on an unsecured Wi-Fi network. Defended against by encryption (SSL/TLS).
Phishing
Examiner keyword
Sending fraudulent emails or texts that look legitimate, designed to trick the user into clicking a link and entering credentials on a fake site.
Pharming
Examiner keyword
Redirecting a user to a fake site by altering DNS records or local hosts files — even when the user types the correct URL.
Social engineering
Examiner keyword
Manipulating people psychologically to give up credentials or take harmful actions (impersonating IT staff, urgent fake requests).
Malware
Examiner keyword
Malicious software. Umbrella term for viruses, worms, trojans, ransomware, spyware, adware, rootkits.
Virus
Examiner keyword
Malware that ATTACHES to a host file or program and spreads when the host is run.
Worm
Examiner keyword
A standalone malware program that spreads across networks AUTOMATICALLY, without needing a host or user action.
Trojan horse
Examiner keyword
Malware DISGUISED as legitimate software. Doesn't replicate itself; relies on the user installing it.
Ransomware
Examiner keyword
Malware that ENCRYPTS the victim's files and demands payment in exchange for the decryption key.
Spyware
Examiner keyword
Malware that secretly monitors user activity (keystrokes, screenshots) and exfiltrates the data to an attacker.
Firewall
Examiner keyword
Hardware or software that filters traffic based on rules. Blocks unauthorised connections and known-bad sources.
MFA (Multi-Factor Authentication)
Examiner keyword
Requires more than one form of authentication: typically something you KNOW (password) plus something you HAVE (phone code) or something you ARE (biometric).
SSL / TLS
Examiner keyword
Protocols that encrypt data sent over a network. The basis for HTTPS. Uses asymmetric crypto for the handshake, symmetric for bulk traffic.

Common Mistakes and Misconceptions — Cyber Security

The traps other students keep falling into on cyber security questions — taken from recent Cambridge IGCSE 0478 examiner reports and mark schemes — and how to avoid them.

✕Calling all malware 'a virus'
0478 Examiner Reports 2022-2024
Why it happens
'Virus' is the most familiar term.
How to avoid it
Virus = ONE specific type. Malware is the umbrella; viruses, worms, trojans, ransomware are separate types with different mechanisms and defences. Use the right term.
✕Believing a firewall stops malware once it's already on the device
Why it happens
Vague mental model of 'security software'.
How to avoid it
Firewall = NETWORK filter (incoming/outgoing connections). Anti-malware = file/process scanner on the device. Two different jobs; you need both.
✕Saying 'use HTTPS' as a defence against malware
Why it happens
Students lump all 'security' answers together.
How to avoid it
HTTPS encrypts traffic in TRANSIT — defends against data interception, NOT malware. Match the defence to the threat.
✕Using 'phishing' and 'pharming' interchangeably
Why it happens
Similar names.
How to avoid it
Phishing: USER clicks a fake link in an email. Pharming: DNS is compromised; typed URL goes to a fake site without any clicking. Different attack, different defence.

Practice questions

Exam-style questions with step-by-step worked solutions. Try one before checking the method.

Past paper style quiz

Get a report showing which sub-topics you've nailed and which ones still need work.

Cyber Security — frequently asked questions

The things students keep getting wrong in this sub-topic, answered.

The internet and its usesCambridge IGCSE Computer Science (0478)

Cyber Security

Work through the notes, try the practice questions, then take the quiz. The report tells you exactly what to revise next.

PreviousNext

Learn this Topic

Start with the slides for the quick version, then go deeper with the full study notes.

Short Study Notes in the form of Slides

Read the notes first. If the method in a worked example clicks, you're ready for the questions.

Page 1 / 0

Detailed Study Notes

Full prose, callouts and a recap — built for A* mastery, not just a quick scan.

Take these study notes with you

Download a branded PDF — full prose, callouts, recap and memorise list for Cyber Security, ready to print or save offline.

Cyber Security Study Notes — Cambridge IGCSE Computer Science 0478 (2026-2028 syllabus)

What you’ll learn

Mapped to the Cambridge IGCSE 0478 syllabus (2026-2028).

1.11.1 — Identify common cyber-security threats.
1.11.2 — Distinguish between phishing and pharming.
1.11.3 — Identify types of malware.
1.11.4 — Identify defences against cyber-security threats.
1.11.5 — Match each defence to the threats it mitigates.

The threat catalogue

Brute force, DDoS, malware, phishing/pharming, social engineering, data interception.

Cambridge expects you to know the standard catalogue of cyber threats. Each one has a different mechanism — and a different best defence.

Brute-force attack. The attacker tries every possible password until one works. Mitigated by long, complex passwords, account lockouts after failed attempts, CAPTCHA and MFA.

Data interception. Capturing data while it's being transmitted (e.g. sniffing on a public Wi-Fi). Mitigated by ENCRYPTION — SSL/TLS, VPN, encrypted file transfers.

Malware. Malicious software in many forms (viruses, worms, trojans, ransomware, spyware). Mitigated by anti-malware software, automatic updates, careful downloading, sandboxing.

Social engineering. Manipulating people psychologically — impersonating IT staff, urgent fake requests, baiting. Mitigated by user training, verification procedures, zero-trust policies.

Cambridge tip. Mark schemes ask candidates to MATCH each threat to a relevant defence. Memorising the threat list isn't enough — pair each one with its mitigation.

Six big threats: brute force, DDoS, data interception, malware, phishing, pharming, social engineering.
Each has a SPECIFIC defence; matching them is the exam skill.