explain: make justification, give recommendation
Q3: ensure you have 6 points for 6 points (write 7 points if not sure)
Q4 struct: 1. intro: point map 2. paragraphs: main point, real world example, justification/analysis(link back to prompt) 3. ending: recommend shit
角度: - hacker, organization, patient - comprehensivity VS risk - privacy, fame, non-disruption of service, permission - external threat, insider threat, - before(detection/info gather/permission), process(penetration/social engineer), after(recovery/report)
zero day
security posture assessment/risk assessment
mass use of legacy system - historical bugs/
zero-trust: never trust user input
buffer overflow
cookie
web 1.0: 网页代替图书馆,分享信息/图书查询 web 2.0: 所有人都是writer,cookie作为身份识别出现,实现登录系统(断开连接保留用户登录) -> cookie作为用户输入可以注入
数据和指令无法区分
经典谷歌: 1. web robot爬虫获取 + 网站价值,得到搜索结果rank 2. 发送结果 -> 敏感数据需要隔离,医疗内外网隔离
Assessing the ==privacy of sensitive patient information== is key to building trust in healthcare, and protecting data from unauthorized access or disclosure. Regulatory frameworks such as the Health Insurance Portability and Accountability Act (HIPAA) in the US and the General Data Protection Regulation (GDPR) in the EU strictly enforce the ethical handling of patient data, ensuring privacy as the priority of healthcare organisations. If these organisations fail to ensure the privacy of patients, they can face legal consequences imposed by the abovementioned frameworks.
审计“Audit Report”
系统取证System forensics方法: - honeypot - attack time + tool fingerprint - log inspection -
技术+法律的路线?
深度搜索+出题,做题后批改
资料: - https://github.com/d-prieto/2026IBComputerScienceCaseStudy - https://quizlet.com/pt/1050913382/case-study-2026-flash-cards/?new - https://quizlet.com/it/1049390507/ib-computer-science-case-study-2026-an-ethical-approach-to-hacking-flash-cards/ - https://www.ncsc.gov.uk/guidance/penetration-testing - https://www.ibm.com/think/topics/penetration-testing - https://www.w3schools.com/cybersecurity/cybersecurity_prenetration_testing.php - https://www.youtube.com/watch?si=5DNhQppaOaDxmHAR&t=739&v=HDy_sYYw5PE&feature=youtu.be - https://nexus.ingroupe.com/what-is-vulnerability-testing/ - https://www.vaadata.com/blog/cybersecurity-osint-methodology-tools-and-techniques/ - https://www.bitsight.com/learn/cti/osint-framework - https://www.youtube.com/watch?v=HDy_sYYw5PE&t=739s - https://www.w3schools.com/cybersecurity/cybersecurity_incident_response.php - https://whitehacklabs.com/blog/what-are-the-ethics-of-penetration-testing/ - https://www.hackthebox.com/blog/ethics-of-ethical-hacking-a-pentesting-teams-guide-checklist
tip: 打开思路,
HW
https://github.com/d-prieto/2026IBComputerScienceCaseStudy/blob/main/Investigation%20questions.md
Questions 1(a) Identify two reasons why MedTechPro Hospital is a high-value target for cyberattacks. [2] 1(b) Define the term penetration testing in the context of cybersecurity. [2] 2(a) Explain how open-source intelligence (OSINT) can assist during the intelligence gathering phase of PTES. [4] 2(b) Explain how ethical and operational constraints must be considered when performing penetration tests in a hospital. [4] 3 Describe the key steps in vulnerability analysis and exploitation (automated tools + manual techniques). [6] 4 Discuss why maintaining ethical & professional standards is critical at MedTechPro Hospital (privacy, non-disruption, reporting, consequences). [12]
markscheme:
![[_resources/026da4c4e698736b7e39a1148b56ecdf.jpg]]