Skip to main content

About this free course

Download this course

Share this free course

Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

2.6 Cyber security and the law

Check what you’ve learned about cyber security and the law by completing this activity.

Activity 1 The law

Timing: Allow about 5 minutes

Q1. Consider a scenario:

A hacker steals the customer database of an organisation by exploiting a well-known vulnerability in their computer systems. This vulnerability hadn’t been fixed by the organisation despite the IT department being aware that there was a patch to fix the problem.

In the UK, under which of the following laws would the organisation have committed an offence?

a. 

Computer Misuse Act


b. 

Data Protection Act


c. 

RIPA


d. 

Fraud Act


The correct answer is b.

b. 

Yes, in failing to patch their software against a known vulnerability, the organisation has not taken adequate measures to secure the personal data of customers and therefore failed to meet its obligations under DPA.


Q2. Thinking about the same scenario:

A hacker steals the customer database of an organisation by exploiting a well-known vulnerability in their computer systems. This vulnerability hadn’t been fixed by the organisation despite the IT department being aware that there was a patch to fix the problem.

In the UK, under which of the following laws would the hacker have committed an offence?

a. 

Computer Misuse Act


b. 

Data Protection Act


c. 

RIPA


d. 

Fraud Act


The correct answer is a.

a. 

Yes, by gaining unauthorised access to a computer system the hacker would have committed an offence under this act.

You may find 7.2 Laws and computers useful.


Next, you’ll think about European laws and consider laws that apply in other countries.