- Describe security risks relevant to an information system
- Explain the possible impact of each risk
- Write N4 evidence that names and describes, not just names
- I can name a relevant security risk
- I can describe how the risk could affect the system or users
- I can connect the risk to my Bike Scotland database/webpage
Relevant Security Risks
A one-word risk is not enough for N4. The answer must say what could happen to the system or users.
National 4 Outcome 2.3 asks you to describe relevant security risks. A one-word answer such as "virus" is not enough. You need to say what the risk is and what harm it could cause to the information system or users.
| Risk | Description | Possible impact |
|---|---|---|
| Malware/virus | Harmful software infects a computer or website files | Files could be damaged, deleted or spread to users |
| Hacking/unauthorised access | Someone gets into the database or website without permission | They could change prices, steal data or delete records |
| Weak passwords | Passwords are easy to guess or shared | Accounts and database tools could be accessed by the wrong person |
| Data loss | Files are lost because of deletion, corruption or device failure | The shop may lose bike records, webpages or images unless backups exist |
N4 Evidence Task
Practical Task 1 - Describe one relevant security risk
Choose one risk that is relevant to your Bike Scotland information system. Use this structure:
- Name the risk.
- Describe what the risk means.
- Describe how it could affect the database, webpage or users.
A stronger answer can describe two risks, but one clear relevant risk is enough for the standard.
- Names one relevant security risk (N4 O2.3)
- Describes the risk in simple terms (N4 O2.3)
- Describes the possible impact on the information system or its users (N4 O2.3)
- "Virus." This names a risk but does not describe it.
- "Hackers are bad." This is too vague and does not say what could happen.
- "The computer could break." This might be a reliability problem, but it is not clearly a security risk unless you explain data loss or unauthorised access.
Use the word "because" in your evidence. It usually forces you to describe the impact: "Weak passwords are a risk because someone could access DataGrip and change bike prices without permission."
Task Set
1. Which answer describes a risk rather than only naming it? TYPE 1
2. Which risk is most relevant if someone guesses the database password? TYPE 1
3. Write your final N4 security risk answer. TYPE 3 N4
Assessment standard covered: N4 O2.3. This directly targets the QVSR issue where responses name risks but do not describe them.