Unit 12.2A · Term 2

Protect Data from Unauthorized Access

Unauthorized access means someone gains entry to data or systems without permission. Protection involves controlling who can access what, through authentication, access rights, and physical security.

Learning Objectives

12.1.2.3 Protect data from unauthorized access

Conceptual Anchor

The Hotel Analogy

A hotel gives you a key card (password) that only opens YOUR room. Staff have a master key (admin access). Guests can't enter the kitchen (access rights). Security cameras (audit logs) record who goes where.

Rules & Theory

Authentication Methods

Method	Category	Examples
Something you know	Knowledge	Password, PIN, security question
Something you have	Possession	Smart card, phone (2FA code), security token
Something you are	Biometric	Fingerprint, face scan, iris scan

Multi-Factor Authentication (MFA)

Combining 2+ categories (e.g., password + phone code) dramatically increases security. Even if your password is stolen, the attacker still needs your phone.

Access Control Methods

Method	How It Works
User accounts & passwords	Each user has unique credentials; password policy (length, complexity)
Access rights / permissions	Set read/write/execute per user or group (e.g., students can read but not edit)
User levels (roles)	Admin, teacher, student — each level has different permissions
Encryption of stored data	Even if accessed, data is unreadable without decryption key
Audit logs	Record who accessed what and when — helps detect suspicious activity
Automatic lock / timeout	System locks after period of inactivity

Strong Password Guidelines

Rule	Example
At least 8–12 characters	✓ `MyD0g$Run5`
Mix uppercase, lowercase, numbers, symbols	✓ `P@ssw0rd!23`
Don't use personal info	✗ `Ali2008`, `almaty123`
Don't reuse across sites	Use a password manager
Change regularly	Every 90 days for sensitive systems

Common Pitfalls

Password ≠ Full Security

A strong password alone is not enough. Social engineering (phishing), keyloggers, and shoulder surfing can all bypass passwords. Always use MFA when available.

Tasks

Remember

Name the 3 categories of authentication and give an example of each.

Apply

Design an access control system for a school network with 3 user levels (admin, teacher, student). What permissions would each level have?

Analyze

Why is MFA more secure than a single password? What are the drawbacks of MFA?

Self-Check Quiz

Q1: What are the 3 categories of authentication?

Something you know (password), something you have (phone/token), something you are (biometric).

Q2: What is the purpose of access rights?

To control what each user can do (read, write, execute, delete) — preventing unauthorized changes or viewing of data.

Q3: What is an audit log?

A record of who accessed what data, when, and what they did — used to detect and investigate suspicious activity.