RNN BPTT and Gradients

Sure! Here’s a more detailed and structured version of Section 1.1: “What Does Secure Mean?” —
perfect for exam writing, with clear points and definitions:

1.1 What Does "Secure" Mean?

Security in computing refers to protecting valuable digital assets such as hardware, software, data,
and communication channels from unauthorized access, modification, destruction, or misuse.

🔒 Understanding Security through Analogy: Banks vs Computers

🏦 Bank Security (Protecting Money):
In earlier times, banks stored physical cash and jewelry in vaults with guards.

Robberies were hard to prevent due to slow communication and law enforcement response.

Modern banks now use:

CCTV cameras

Alarms

Biometrics (fingerprint, iris, voice)

Digital transactions (credit/debit cards, electronic transfers)

High-security layers: multiple locks, limited access with multiple-party authorization.

🖥️ Computer Security (Protecting Information):

Today, valuable assets include:

Software code

Customer data

Transaction logs

Communication records

Data is stored in:

Memory, hard drives, cloud, or transmitted via networks.

Attacks may come from external hackers, internal employees, or malicious software.

1/14
🧾 Table: Protecting Money vs. Information
Aspect Banks (Money) Computers (Information)

Size & Portability Physical, large, stored in buildings with vaults & Digital, small, stored in chips or drives
guards

Physical Contact Required for cash theft Not needed – data can be stolen remote

Value Generally high Varies – from public to highly sensitive

Access Protection Layers of locks and access control Passwords, encryption, authentication,
firewalls

Incident Slower in the past; faster now with alarms, CCTV Automated alerts, logs, security protoco
Response

🛡️ Key Lessons for Computer Security

Security measures must evolve, just like crime methods have evolved.

Digital assets are often more valuable than physical ones.

Example: A bank's customer data can be more profitable to a hacker than actual cash.

Attackers exploit weaknesses in software, hardware, or human behavior.

⚠️ Principle of the Weakest Point

Just like a robber enters through an open window, a system is only as secure as its weakest
component.

All components (hardware, software, people) must be evaluated for vulnerabilities.

🧠 Goals of Studying Program Security

1. Understand risks related to computing systems.

2. Learn and implement defensive mechanisms (technical, physical, and procedural).

2/14
 3. Recognize the importance of continuous monitoring and vulnerability assessment.

4. Stimulate awareness about emerging threats.

5. Highlight areas requiring research and development for better protection.

💡 Key Terms to Remember

Asset: Anything valuable (data, service, device).

Threat: Potential cause of unwanted incident.

Vulnerability: Weakness that can be exploited.

Attack: Act of exploiting a vulnerability.

Security Control: Mechanism to protect against threats.

Would you like this turned into a 2-mark / 5-mark / 10-mark exam format version or expanded for
next topics like attacks and types of criminals?

Here is a detailed, exam-structured version of Section 1.2: Attacks, ideal for writing in 5- or 10-
mark questions:

1.2 Attacks
Security attacks aim to exploit weaknesses in a system’s design or operation to compromise its
confidentiality, integrity, or availability. To understand attacks, we must first define key concepts.

1.2.1 Vulnerabilities, Threats, Attacks, and Controls

🔹 Vulnerability
A vulnerability is a weakness in the system's design, implementation, or configuration that can
be exploited by a threat to cause harm.

3/14
Examples:

Weak password policies

Unpatched software

Inadequate access control mechanisms

🔹 Threat
A threat is a potential danger that could exploit a vulnerability to cause damage, loss, or
unauthorized access.

Types of threats include:

Malicious users

Malware

Natural disasters (earthquakes, floods)

System malfunctions

🔹 Attack
An attack is an active exploitation of a vulnerability by a threat agent.

Example:
A hacker flooding a server with traffic (DoS attack) to crash it and deny service.

🔹 Control
A control is a defensive mechanism (policy, device, procedure, or technique) that eliminates or
reduces the impact of a vulnerability.

Examples:

Firewalls

Authentication systems

Security patches

4/14
 Encryption

🧩 Relationship Among Concepts

A threat exploits a vulnerability to cause an attack. A control blocks or mitigates that attack.

Analogy (Figure 1.1):

Water behind a cracked wall = threat

Crack = vulnerability

Person plugging the hole = control

Risk = water flooding in (attack)

1.2.2 Types of System Security Threats (Figure 1.2)

Threat Type Description Example

Interruption An asset becomes lost, unavailable, or unusable Hardware failure, data deletion

Interception Unauthorized party gains access to an asset Eavesdropping, wiretapping, sniffing

Modification Unauthorized party alters data Tampering with database values

Fabrication Insertion of fake data or commands by an attacker Fake transactions, spoofed messages

1.2.3 Characteristics of Attacks

A computer system consists of hardware, software, storage media, data, and people.

Any of these components can be targeted by attackers.

Often, organizations underestimate the value of their computing resources (e.g., customer
data).

Attackers may exploit these weak points to gain profit, cause disruption, or steal
identity/data.

5/14
1.2.4 Method, Opportunity, and Motive (MOM)
For a successful attack, a malicious actor needs the following:

Component Description

Method Knowledge, skills, tools, and resources to perform the attack

Opportunity Access to the system and time to carry out the attack

Motive A reason or incentive (e.g., financial gain, revenge, activism)

✅ Summary for Exam

A vulnerability is a system flaw.

A threat is a potential danger.

An attack is the actual exploitation of a vulnerability.

A control is a safeguard to prevent or mitigate attacks.

Common threats include interruption, interception, modification, and fabrication.

An attacker needs method, opportunity, and motive to execute an attack.

Would you like the next topic — "1.3 Types of Attackers / Computer Criminals" — summarized in a
similar format?

Here’s a detailed, structured, and exam-oriented explanation of Section 1.3: The Meaning of
Computer Security along with its key subtopics: CIA Triad, Vulnerabilities, and Asset-Based
Weaknesses.

📘 1.3 The Meaning of Computer Security

Computer security is the process of protecting computer systems and digital assets (hardware,
software, and data) from unauthorized access, modification, or destruction, ensuring systems
operate reliably and securely.

6/14
🎯 Security Goals: The CIA Triad
1.🔐 Confidentiality
Ensures that information is accessible only to authorized users.

Prevents disclosure of sensitive data (e.g., passwords, personal data).

Includes access control, encryption, and user authentication.

Exam tip: Also called privacy or secrecy.

Example: A user's banking details must be visible only to them and their bank, not third
parties.

2. 🧾 Integrity
Ensures data is accurate, complete, and not tampered with.

Protects against unauthorized modification during transmission or storage.

Techniques: checksums, hashes (e.g., SHA-256), digital signatures.

Threats: Man-in-the-middle (MITM) attacks, malware modification.

Example: A hacker intercepting and altering exam results violates integrity.

3. 🟢 Availability
Ensures that authorized users can access data and services when needed.

Protected against system crashes, DoS (Denial of Service) attacks, or resource exhaustion.

Controls: backups, load balancers, disaster recovery plans.

Example: If a government website is down during an emergency, it violates availability.

⚖️ Balancing the CIA Goals

Goals can conflict: e.g., Strict confidentiality controls may reduce availability.

Security must find an optimal balance between restricting access and ensuring usability.

7/14
⚠️ Vulnerabilities in Computing Systems
A vulnerability is a flaw or weakness that could be exploited to compromise security goals. These
may exist in:

💻 Hardware Vulnerabilities
Physical tampering: damage, theft, device replacement.

Environmental threats: fire, water, smoke, power surges, static.

Remote access flaws: attackers can elevate privileges or control systems.

Example: Attacker overheats or floods the server room.

🧠 Software Vulnerabilities
Bugs in code or design errors exploited by attackers.

CodeRed worm (2001) exploited IIS vulnerability, infecting 300,000+ systems.

Types:

Software Deletion: Accidental erasure due to poor configuration management.

Software Modification:

Logic Bomb: Code that activates on specific triggers.

Trojan Horse: Malicious code hidden inside harmless-looking software.

Virus: Self-replicating code modifying other programs.

Trapdoor (Backdoor): Undocumented entry point for attackers.

Information Leaks: Sensitive data exposure.

Software Theft: Unauthorized copying/distribution of licensed software.

📂 Data Vulnerabilities
Confidentiality Risks:

8/14
 Unauthorized access, disclosure, or theft of sensitive data.

Controls: encryption, access controls, secure data disposal.

Integrity Risks:

Data corruption via transmission or internal error.

Controls: hash functions, version control, backups.

Availability Risks:

DoS attacks, server crashes, deletion of critical files.

Controls: fault tolerance, disaster recovery plans.

Principle of Adequate Protection: Data must be protected in proportion to its value and
lifecycle.

🔐 Data Confidentiality Guidelines

Encrypt sensitive files.

Restrict access using the “need to know” principle.

Physically protect documents/devices.

Securely dispose of obsolete data (shredding, wiping).

Limit sensitive data collection to only what’s needed.

🔄 Data Integrity Controls

Use cryptographic checksums and digital signatures.

Employ strict access control policies.

Document system maintenance activities.

Maintain reliable backup systems and disaster recovery plans.

🌐 Network and Access Control

🌍 Network Security
9/14
 Prevents misuse and ensures safe data transmission.

Includes firewalls, intrusion detection systems (IDS), anti-virus, VPNs, and encryption protocols
(SSL/TLS).

🔑 Access Control
Controls who can view, use, or manage system resources.

Types:

1. Physical Access Control: Restricts access to hardware (e.g., server rooms).

2. Logical Access Control: Limits access to networks, files, or applications.

Authentication Techniques:

Passwords, PINs

Biometrics (fingerprint, iris)

Tokens, smart cards

Multifactor Authentication (MFA) for added security

✅ Exam Summary: Key Points

Component Focus

Confidentiality Protects data from unauthorized access

Integrity Maintains accuracy and trustworthiness of data

Availability Ensures systems and data are accessible when needed

Vulnerabilities Weaknesses in hardware, software, or data exploitable by threats

Controls Measures to prevent or mitigate attacks

Access Control Governs who can access what and how

Network Security Prevents intrusion and ensures secure communication

10/14
Would you like this formatted as a 2-page revision sheet or help with a model answer for a 10-
mark question on this topic?

Here's a detailed and exam-oriented summary of Sections 1.4 and 1.5: Computer Criminals and
Methods of Defense. This format is perfect for writing answers in 5- to 10-mark questions.

✅ 1.4 Computer Criminals

Computer criminals are individuals who commit illegal activities involving computer systems or
networks. These crimes include unauthorized access, data theft, system interference, and fraud.

🔹 Types of Computer Criminals

Type Description Examples

Amateurs Inexperienced users who accidentally access unauthorized data or An office worker reading an
resources without malicious intent. user’s email.

Crackers Also called malicious hackers. They intentionally exploit Breaking into systems and
vulnerabilities for fun, challenge, or disruption. sharing exploits on forums

Career Professional cybercriminals who make a living by stealing data, selling Selling stolen credentials,
Criminals information, or performing attacks for financial gain. ransomware attacks.

Terrorists Use computers for propaganda, political disruption, or attacks. Can

use computers as:

- Targets (e.g., DoS attacks on government sites)

- Propaganda tools (websites, blogs)

- Weapons (e.g., launching cyber-attacks on critical infrastructure)

✅ 1.5 Methods of Defense

Security measures aim to prevent, detect, and recover from attacks. The goal is to reduce
vulnerabilities and minimize harm caused by threats.

11/14
🔹 Five Core Security Strategies
1. Prevent – Block attacks before they occur.
E.g., firewalls, access control policies.

2. Deter – Make attacks more difficult or expensive.

E.g., encryption, complex authentication.

3. Deflect – Reduce attractiveness as a target.

E.g., honeypots, fake data to mislead attackers.

4. Detect – Identify and report attacks.

E.g., intrusion detection systems (IDS), logging.

5. Recover – Minimize impact and restore services.

E.g., backups, incident response plans.

🔹 Types of Controls
Control Type Description Examples

Physical Controls Protect hardware and sites physically. Locks, guards, CCTV, fire safety.

Software Controls Embedded in programs to limit unauthorized access. User authentication, secure codin

Hardware Controls Secure hardware-level access or identity verification. TPM chips, biometric scanners.

Encryption Converts data into unreadable form to unauthorized users. AES, RSA, SSL/TLS.

Policies Organizational rules and procedures to enforce security. Password rotation, user training.

🔹 Encryption
Converts data into unreadable format using keys.

Ensures confidentiality, prevents modification and unauthorized reading.

Fundamental to protocols like HTTPS, VPNs.

Note: Improper use of encryption can reduce effectiveness. Use wisely and appropriately.

12/14
🔹 Software Controls
Include development controls (coding/testing standards), OS controls, and internal program
controls.

Aim to ensure software integrity and prevent unauthorized access or execution.

🔹 Hardware Controls
Prevent physical tampering and control access.

Examples include smart cards, hardware locks, and hardware-based encryption devices.

🔹 Policies
Guidelines or rules to ensure proper usage of systems.

Examples:

Change passwords regularly.

Follow ethical usage standards.

Perform regular security training.

🔹 Effectiveness of Controls
Key Principles:

1. Awareness – Users must understand the need for security.

2. Likelihood of Use – Controls must be consistently used to be effective.

3. Principle of Effectiveness – Controls should be usable, relevant, and efficient.

4. Overlapping Controls – Multiple layers of control improve robustness.

5. Periodic Review – Regularly test and update controls to match evolving threats.

13/14
🔹 Principle of the Weakest Link
A system is only as secure as its weakest point.

Attackers will exploit the easiest vulnerability.

All controls, software, hardware, and people must be secured equally.

✅ Exam Summary Table: Defense in Depth

Layer Focus Area Control Examples

Physical Hardware, building Locks, security guards, fire systems

Technical (Logical) Software, OS, applications Passwords, firewalls, IDS, encryption

Administrative Policies, training, legal compliance Password policies, employee onboarding, audit logs

Would you like a sample answer for a 10-mark question on “Methods of Defense in Computer
Security”?

14/14