N4  ·  ISDD  ·  Information System Design & Development

Security Risks

National 4 Computing ScienceLesson ISDD8 of 9Approx 50 minN4-only evidence
Learning intentions
  • Describe security risks relevant to an information system
  • Explain the possible impact of each risk
  • Write N4 evidence that names and describes, not just names
Success criteria
  • I can name a relevant security risk
  • I can describe how the risk could affect the system or users
  • I can connect the risk to my Bike Scotland database/webpage

Relevant Security Risks

National 4 Outcome 2.3 asks you to describe relevant security risks. A one-word answer such as "virus" is not enough. You need to say what the risk is and what harm it could cause to the information system or users.

RiskDescriptionPossible impact
Malware/virusHarmful software infects a computer or website filesFiles could be damaged, deleted or spread to users
Hacking/unauthorised accessSomeone gets into the database or website without permissionThey could change prices, steal data or delete records
Weak passwordsPasswords are easy to guess or sharedAccounts and database tools could be accessed by the wrong person
Data lossFiles are lost because of deletion, corruption or device failureThe shop may lose bike records, webpages or images unless backups exist

N4 Evidence Task

Practical Task 1 - Describe one relevant security risk

Choose one risk that is relevant to your Bike Scotland information system. Use this structure:

  1. Name the risk.
  2. Describe what the risk means.
  3. Describe how it could affect the database, webpage or users.

A stronger answer can describe two risks, but one clear relevant risk is enough for the standard.

N4 evidence checklist
  • Names one relevant security risk (N4 O2.3)
  • Describes the risk in simple terms (N4 O2.3)
  • Describes the possible impact on the information system or its users (N4 O2.3)
Weak answers to avoid
  • "Virus." This names a risk but does not describe it.
  • "Hackers are bad." This is too vague and does not say what could happen.
  • "The computer could break." This might be a reliability problem, but it is not clearly a security risk unless you explain data loss or unauthorised access.
Tip

Use the word "because" in your evidence. It usually forces you to describe the impact: "Weak passwords are a risk because someone could access DataGrip and change bike prices without permission."

Task Set

1. Which answer describes a risk rather than only naming it? TYPE 1

2. Which risk is most relevant if someone guesses the database password? TYPE 1

3. Write your final N4 security risk answer. TYPE 3 N4

One relevant security risk is unauthorised access. This means someone gets into the database or webpage files without permission, for example by guessing a weak password. They could change bike prices, delete records or alter the webpage, so users might see incorrect information.
Teacher notes - Shift+T to hide

Assessment standard covered: N4 O2.3. This directly targets the QVSR issue where responses name risks but do not describe them.