High School Computer Science

Cybersecurity, Ethics and Society网络安全、伦理与社会

Every time you log in, share a file, or post online, you are operating in a digital world shaped by security threats, ethical choices, and societal tradeoffs. This guide covers the full landscape: how attackers exploit systems through malware, phishing, and social engineering; how encryption and authentication defend against them; the safe computing habits that protect your data; the privacy and ethics questions raised by data collection; how intellectual property law and open-source licensing govern software; computing's sweeping effects on jobs, equity, and culture; and the emerging challenges of algorithmic bias, digital accessibility, and environmental sustainability. All seven sections are bilingual and cite the four curricula that assess these topics.每次你登录、共享文件或在线发布内容时,你都在一个由安全威胁(security threats,安全威胁)、伦理选择(ethical choices,伦理选择)和社会权衡构成的数字世界中运作。本指南涵盖全貌:攻击者如何通过恶意软件(malware,恶意软件)、钓鱼(phishing,钓鱼)和社会工程学利用系统;加密(encryption,加密)和身份验证(authentication,身份验证)如何防御攻击;保护数据的安全计算习惯;数据收集引发的隐私(privacy,隐私)和伦理(ethics,伦理)问题;知识产权(intellectual property,知识产权)法律和开源(open source,开源)许可如何管理软件;计算对就业、公平和文化的深远影响;以及算法偏见、数字可访问性(accessibility,可访问性)和环境可持续性(sustainability,可持续性)的新兴挑战。

7 sections7 节内容 US CSTA · AP CSP · ON · BC · ABUS CSTA · AP CSP · ON · BC · AB Ethics · Society · Security伦理 · 社会 · 安全
Read me first先读这里

How to use this guide如何使用本指南

Cybersecurity, ethics, and society topics appear in all four curricula but with very different emphases. AP CSP Big Idea 5 (IOC) is the most structured, with named topics (5.1 through 5.6) and specific skills assessed on the exam. BC Computer Studies 10 is the broadest on social impact — covering digital citizenship, e-waste, conflict minerals, and cultural appropriation. Ontario's ICS3U/ICS4U strand D has a distinctive green-computing emphasis and requires students to engage with professional codes of ethics (ACM/IEEE). Alberta CSE is the weakest on explicit ethics — there is no dedicated cybersecurity or ethics module; the generic basic-competency outcomes are the only hook. The table below shows which sections are most important for your curriculum.网络安全、伦理和社会主题出现在全部四套课程中,但侧重点差异显著。AP CSP 大概念 5(IOC)最为系统,有命名主题(5.1 至 5.6)和考试中评估的具体技能。BC Computer Studies 10 在社会影响方面最为广泛——涵盖数字公民身份、电子废物、冲突矿产和文化挪用。安大略 ICS3U/ICS4U D 单元具有独特的绿色计算重点,要求学生了解专业伦理准则(ACM/IEEE)。阿尔伯塔 CSE 在明确伦理方面最为薄弱——没有专门的网络安全或伦理模块;通用基本能力结果是唯一的联系点。下表显示哪些节对你的课程最重要。

If you are in…如果你在… Focus on these sections重点学习 Defer / lighter可推迟 / 减负 Source依据
🇺🇸 AP CSPAP CSP §1–§7 in full. AP CSP Big Idea 5 (IOC, 21–26% of the exam) maps directly: §1 security/threats = Topic 5.6; §4 privacy/data = Topics 5.5, 5.6; §5 IP/licensing = Topic 5.5; §6 societal impact = Topic 5.1; §7 bias/accessibility = Topics 5.2, 5.3.§1 至 §7 完整学习。AP CSP 大概念 5(IOC,占考试 21–26%)直接对应:§1 安全/威胁 = 主题 5.6;§4 隐私/数据 = 主题 5.5、5.6;§5 知识产权/许可 = 主题 5.5;§6 社会影响 = 主题 5.1;§7 偏见/可访问性 = 主题 5.2、5.3。 Nothing — Big Idea 5 is highly weighted at 21–26% of the AP CSP exam.无 — 大概念 5 在 AP CSP 考试中占比 21–26%,权重较高。 CSTA K-12 and AP CSP — CSTA 3A-IC-24/25/28/29/30; AP CSP IOC Topics 5.1–5.6— CSTA 3A-IC-24/25/28/29/30;AP CSP IOC 主题 5.1–5.6
🇨🇦 ON — ICS3U/ICS4U安大略 — ICS3U/ICS4U §1 (threats/safe computing); §4 (privacy); §5 (IP); §6 (societal impact); §7 (sustainability/e-waste). ICS3U D1 maps to §7 green-computing; ICS4U D2 maps to §4 privacy and §5 IP.§1(威胁/安全计算);§4(隐私);§5(知识产权);§6(社会影响);§7(可持续性/电子废物)。ICS3U D1 对应 §7 绿色计算;ICS4U D2 对应 §4 隐私和 §5 知识产权。 §2 (encryption detail) and §3 (safe computing technical) are lighter for ON students — ON strand D focuses on ethics, not technical security mechanisms.§2(加密细节)和 §3(安全计算技术层面)对安大略学生较轻——安大略 D 单元侧重伦理而非技术安全机制。 ON/BC Computer Studies 11-12 — ICS3U D1, D1.1; ICS4U D2, D2.1, D2.2, D2.3, D3— ICS3U D1、D1.1;ICS4U D2、D2.1、D2.2、D2.3、D3
🇨🇦 BC — CS10BC — CS10 §1 through §7. BC Computer Studies 10 content is the broadest of the four curricula on this topic — it explicitly names malware, ransomware, phishing, copyright, cyberbullying, e-waste, conflict minerals, and digital citizenship. All sections map.§1 至 §7。BC Computer Studies 10 内容在此主题上是四套课程中最广泛的——明确命名了恶意软件、勒索软件、钓鱼、版权、网络欺凌、电子废物、冲突矿产和数字公民身份。所有节均对应。 Nothing — CS10 covers this topic more extensively than any other curriculum at the foundations level.无 — CS10 在基础层面对此主题的覆盖比其他任何课程都更广泛。 ON/BC Computer Studies 11-12 — BC CS10 "computer security risks," "ethical considerations," "digital literacy" Content bullets— BC CS10"计算机安全风险"、"伦理考量"、"数字素养"内容条目
🇨🇦 AB — CSE阿尔伯塔 — CSE §3 (safe computing) and §6 (societal impact) as general-competency anchors. The cross-module outcome 4 ("demonstrate basic competencies … think and solve problems") is the only explicit hook. Treat the full guide as enrichment for AB students.§3(安全计算)和 §6(社会影响)作为通用能力锚点。跨模块结果 4("展示基本能力……思考和解决问题")是唯一的明确联系点。对阿尔伯塔学生将完整指南视为拓展内容。 All sections are enrichment for AB — CSE has no dedicated ethics/cybersecurity module. The content is still valuable; it is just not formally assessed in the CSE cluster.所有节对阿尔伯塔均为拓展——CSE 没有专门的伦理/网络安全模块。内容仍有价值;只是在 CSE 模块中没有正式评估。 Alberta CTS Computing Science — cross-module basic-competency outcome 4; syllabus note: weakest on explicit ethics— 跨模块基本能力结果 4;课纲说明:显性伦理最薄弱

Once you have located your row, use the two cards below for approach and focus.找到所在行后,用下面两张卡片决定学习方向和重点。

!
If you are cramming the night before如果你在临阵磨枪

Memorise: the three threat categories (malware, phishing, social engineering); symmetric vs asymmetric encryption in one sentence each; what MFA is and why it helps; the difference between copyright and open-source licensing; and three societal impacts of computing (digital divide, automation effects, environmental cost). Read every cram-cheat box. Skip the going-deeper subsections.背熟:三类威胁(恶意软件、钓鱼、社会工程学);用一句话分别描述对称与非对称加密;什么是多因素认证(MFA)及其原因;版权与开源许可的区别;以及计算的三个社会影响(数字鸿沟、自动化影响、环境成本)。读每个速记框,跳过深入小节。

*
If you are going for the top mark如果你目标顶分

For AP CSP Big Idea 5, practice Skill 5.C ("Describe the impact of a computing innovation") and 5.E ("Evaluate the use of computing based on legal and ethical factors") with concrete examples from each section. For ON ICS4U D2, be ready to investigate a specific ethical case (phishing, piracy, keystroke logging) and cite ACM/IEEE codes. For BC, know the full spectrum: threats, ethics, sustainability, digital citizenship.对于 AP CSP 大概念 5,用每节的具体例子练习技能 5.C("描述计算创新的影响")和 5.E("根据法律和伦理因素评估计算的使用")。对于安大略 ICS4U D2,准备好调查具体的伦理案例(钓鱼、盗版、键盘记录)并引用 ACM/IEEE 准则。对于 BC,了解完整范围:威胁、伦理、可持续性、数字公民身份。

Alberta syllabus note.阿尔伯塔课纲说明。 Alberta CSE has no dedicated cybersecurity or computing-ethics module in the CSE cluster. Ethics and digital-citizenship content lives in the CTS Enterprise & Innovation (ENS) framework and the generic cross-module competency outcomes. Students taking Alberta CSE courses should treat this guide as valuable enrichment and career-awareness content, not as material tied to a specific module outcome code.阿尔伯塔 CSE 模块中没有专门的网络安全或计算伦理模块。伦理和数字公民内容位于 CTS 企业与创新(ENS)框架和通用跨模块能力结果中。学习阿尔伯塔 CSE 课程的学生应将本指南视为有价值的拓展内容和职业意识培养材料,而非与特定模块结果代码挂钩的内容。
Section 1 · Cybersecurity threats第 1 节 · 网络安全威胁

Cybersecurity Threats网络安全威胁

Three threat categories — know all three cold.三类威胁 — 完全掌握这三类。
  • Malware恶意软件 — malicious software designed to damage, disrupt, or gain unauthorized access. Subtypes: virus (attaches to files and self-replicates), worm (spreads across networks without a host file), Trojan (disguises itself as legitimate software), ransomware (encrypts victim data and demands payment), spyware (records activity without consent). BC CS10 names malware, Trojans, viruses, phishing scams, identity fraud, and ransomware verbatim.— 旨在破坏、干扰或获取未授权访问权限的恶意软件(malware)。子类型:病毒(附着于文件并自我复制)、蠕虫(无需宿主文件在网络中传播)、木马(伪装成合法软件)、勒索软件(加密受害者数据并索取赎金)、间谍软件(未经同意记录活动)。BC CS10 原文命名了恶意软件、木马、病毒、钓鱼诈骗、身份欺诈和勒索软件。
  • Phishing钓鱼 — fraudulent attempts to obtain sensitive information (passwords, credit card numbers) by impersonating a trusted entity via email, SMS, or a fake website. Spear phishing targets a specific individual using personalised details; pharming redirects DNS to a fake site. Ontario ICS4U D2.1 lists phishing as an example ethical issue.— 通过冒充可信实体(电子邮件、短信或虚假网站)获取敏感信息(密码、信用卡号)的欺诈行为(phishing,钓鱼)。鱼叉式钓鱼利用个人化细节针对特定个人;域欺骗将 DNS 重定向到虚假网站。安大略 ICS4U D2.1 将钓鱼列为伦理问题示例。
  • Social engineering社会工程学 — manipulating people into revealing confidential information or taking actions that compromise security, by exploiting trust, authority, urgency, or fear rather than technical exploits. Examples: pretexting (fabricating a scenario), baiting (leaving an infected USB drive), tailgating (following someone through a secure door). CSTA 3A-NI-05 says: "Give examples to illustrate how sensitive data can be affected by malware and other attacks."— 通过利用信任、权威、紧迫感或恐惧(而非技术漏洞)来操纵人们泄露机密信息或采取危害安全的行动(social engineering,社会工程学)。示例:借口攻击(捏造场景)、诱骗(留下受感染的 USB 驱动器)、尾随(跟随他人通过安全门)。CSTA 3A-NI-05 要求:"举例说明敏感数据如何受到恶意软件和其他攻击的影响。"
Key distinction: malware exploits software vulnerabilities; social engineering exploits human vulnerabilities. Both are addressed in the threat model because the weakest link is often the user, not the code.关键区别:恶意软件利用软件漏洞;社会工程学利用人类漏洞。两者都纳入威胁模型,因为最薄弱的环节往往是用户,而非代码。
!
Scenario Analysis · Identifying the attack type场景分析 · 识别攻击类型

Read each scenario and identify the threat category (malware, phishing, social engineering).阅读每个场景并识别威胁类别(恶意软件、钓鱼、社会工程学)。

Scenario A.场景 A。 You receive an email that looks like it is from your bank, asking you to "verify your account" by clicking a link and entering your password. The link goes to a site that looks identical to your bank but has a slightly different URL.你收到一封看起来来自你的银行的电子邮件,要求你通过点击链接并输入密码来"验证账户"。该链接指向一个看起来与你的银行相同但 URL 略有不同的网站。

Threat type: Phishing.威胁类型:钓鱼。 The attacker impersonates a trusted entity (the bank) to steal credentials. The fake URL is the tell-tale sign. Defence: inspect URLs carefully; go directly to the bank's site rather than clicking email links.攻击者冒充可信实体(银行)来窃取凭据。虚假 URL 是识别信号。防御:仔细检查 URL;直接访问银行网站而非点击电子邮件链接。

Scenario B.场景 B。 Someone downloads a free game from an unofficial site. When they run it, their files become encrypted and a message demands payment to restore them.有人从非官方网站下载了一款免费游戏。运行后,他们的文件被加密,并出现一条消息要求付款以恢复文件。

Threat type: Malware (ransomware).威胁类型:恶意软件(勒索软件)。 The game was a Trojan that delivered ransomware. Defence: download software only from trusted sources; maintain backups.该游戏是一个传递勒索软件的木马。防御:仅从可信来源下载软件;保持备份。

Scenario C.场景 C。 A caller claims to be from IT support and tells an employee their account has been compromised. They ask the employee to read out their password so IT can "fix" the problem immediately.一名来电者自称来自 IT 支持,告诉员工其账户已被入侵。他们要求员工读出密码,以便 IT 可以立即"修复"问题。

Threat type: Social engineering (pretexting).威胁类型:社会工程学(借口攻击)。 No malware is needed — the attacker exploits authority and urgency. Legitimate IT support will never ask for a password. Defence: verify identities through official channels; never share passwords verbally.不需要恶意软件——攻击者利用权威和紧迫感。合法的 IT 支持永远不会要求提供密码。防御:通过官方渠道验证身份;切勿口头分享密码。

Which type of malware encrypts a victim's files and demands payment to restore access?哪种恶意软件类型会加密受害者的文件并要求付款以恢复访问权限?
§1 · Q1
Virus病毒
Worm蠕虫
Ransomware勒索软件
Spyware间谍软件
Ransomware encrypts victim data and demands payment (a ransom) for the decryption key. It is often delivered via Trojans or phishing emails. BC CS10 names ransomware verbatim in its security risks content.勒索软件加密受害者数据并要求支付赎金以获取解密密钥。它通常通过木马或钓鱼电子邮件传递。BC CS10 在其安全风险内容中原文命名了勒索软件。
Virus = self-replicates by attaching to files. Worm = spreads across networks without a host file. Spyware = records activity silently. Ransomware = encrypts and demands payment.病毒 = 通过附着于文件自我复制。蠕虫 = 无需宿主文件在网络中传播。间谍软件 = 悄悄记录活动。勒索软件 = 加密并要求付款。
An attacker leaves an infected USB drive in a company parking lot, hoping an employee will plug it in. What attack category does this fall under?攻击者在公司停车场留下一个受感染的 USB 驱动器,希望员工将其插入电脑。这属于哪种攻击类别?
§1 · Q2
Phishing钓鱼
Social engineering (baiting)社会工程学(诱骗)
Malware (worm)恶意软件(蠕虫)
Ransomware勒索软件
Baiting is a social engineering technique that exploits curiosity: the attacker provides a physical lure (the USB drive). The USB may contain malware, but the attack vector is social engineering, not a technical exploit against software.诱骗是一种利用好奇心的社会工程学技术:攻击者提供物理诱饵(USB 驱动器)。USB 可能包含恶意软件,但攻击向量是社会工程学,而非针对软件的技术漏洞利用。
Phishing is email/web impersonation. Worms spread automatically. This is social engineering (baiting) because it exploits human curiosity, not a software vulnerability.钓鱼是电子邮件/网页冒充。蠕虫自动传播。这是社会工程学(诱骗),因为它利用人类好奇心,而非软件漏洞。
Going deeper — threat actors and the attack surface深入 — 威胁行为者和攻击面

CSTA 3A-NI-06 says: "Recommend security measures to address various scenarios based on factors such as efficiency, feasibility, and ethical impacts." Understanding who attacks and why is the first step in choosing proportionate defences. Threat actors range from opportunistic script-kiddies running pre-built malware kits, to organised criminal groups monetising ransomware, to state-sponsored actors conducting espionage. The attack surface is the sum of all the different points where an attacker could try to enter or extract data: network ports, software interfaces, physical hardware, and most importantly, people. Reducing the attack surface means keeping software patched, disabling unused services, and training users to recognise social engineering — because the human is consistently the easiest point of entry. BC Computer Studies 10 Curricular Competency "Examine how cultural beliefs, values, and ethical positions affect the development and use of technologies" applies here: norms around sharing passwords, downloading software, and clicking email links are cultural, not purely technical.CSTA 3A-NI-06 要求:"根据效率、可行性和伦理影响等因素,推荐针对各种场景的安全措施。"了解谁在攻击以及原因是选择适当防御措施的第一步。威胁行为者范围从运行预建恶意软件套件的机会主义脚本小子,到将勒索软件货币化的有组织犯罪团伙,再到进行间谍活动的国家支持行为者。攻击面是攻击者可能尝试进入或提取数据的所有不同点的总和:网络端口、软件接口、物理硬件,以及最重要的——人。减少攻击面意味着保持软件补丁更新、禁用未使用的服务,以及培训用户识别社会工程学——因为人类始终是最容易进入的点。BC Computer Studies 10 课程能力"检查文化信仰、价值观和伦理立场如何影响技术的开发和使用"在这里适用:关于共享密码、下载软件和点击电子邮件链接的规范是文化性的,而非纯粹技术性的。

Section 2 · Encryption and authentication第 2 节 · 加密与身份验证

Encryption and Authentication加密与身份验证

Two encryption models — know the difference cold.两种加密模型 — 熟记区别。
  • Symmetric encryption对称加密 — the same key is used to encrypt and decrypt. Fast; suitable for large data (e.g., encrypting a hard drive with AES). Problem: how do you share the key securely in the first place?— 使用相同的密钥进行加密和解密。速度快;适合大数据(如使用 AES 加密硬盘)。问题:如何在一开始就安全地共享密钥?
  • Asymmetric encryption非对称加密 — uses a mathematically linked key pair: a public key (shareable with anyone) and a private key (kept secret). Anything encrypted with the public key can only be decrypted with the private key. Used in HTTPS (TLS), email signing, and SSH. Slower than symmetric; typically used to exchange a symmetric session key.— 使用数学上关联的密钥对:公钥(可与任何人共享)和私钥(保密)。用公钥加密的任何内容只能用私钥解密(asymmetric encryption,非对称加密)。用于 HTTPS(TLS)、电子邮件签名和 SSH。比对称加密慢;通常用于交换对称会话密钥。
  • Authentication身份验证 — proving you are who you claim to be. Three factors: something you know (password, PIN), something you have (phone, hardware token), something you are (fingerprint, face). Multi-factor authentication (MFA) combines at least two factors, dramatically reducing the impact of a stolen password. CSTA 3A-NI-07: "Compare various security measures, considering tradeoffs between the usability and security of a computing system."— 证明你就是你所声称的人。三个因素:你知道的东西(密码、PIN)、你拥有的东西(手机、硬件令牌)、你本身的特征(指纹、面部)。多因素认证(MFA,多因素认证)结合至少两个因素,大大降低了密码被盗的影响。CSTA 3A-NI-07:"比较各种安全措施,考虑计算系统可用性和安全性之间的权衡。"
The key insight for exams: encryption protects data at rest (stored) and in transit (being sent). HTTPS encrypts web traffic. A strong password alone is not MFA — MFA requires a second independent factor.考试关键洞察:加密保护静态数据(已存储)和传输中数据(正在发送)。HTTPS 加密 Web 流量。单独使用强密码不是 MFA——MFA 需要第二个独立因素。
EX
Concept Illustration · The padlock analogy for asymmetric encryption概念说明 · 非对称加密的挂锁类比

Asymmetric encryption is often compared to a padlock system. Imagine Alice wants to receive secret messages from anyone.非对称加密通常与挂锁系统相比较。想象 Alice 想从任何人那里接收秘密消息。

Step 1 — Alice publishes her public key.步骤 1 — Alice 发布她的公钥。 The public key is like an open padlock Alice hands out freely. Anyone can snap it shut (encrypt a message). Alice keeps the private key (the key that opens the padlock).公钥就像 Alice 自由分发的开放式挂锁。任何人都可以将其锁上(加密消息)。Alice 保留私钥(打开挂锁的钥匙)。

Step 2 — Bob writes a message and locks it with Alice's public key.步骤 2 — Bob 写一条消息并用 Alice 的公钥锁上。 Even Bob cannot open the locked box — once locked with Alice's public key, only Alice's private key can open it.即使是 Bob 也无法打开锁着的盒子——一旦用 Alice 的公钥锁上,只有 Alice 的私钥才能打开。

Step 3 — Alice decrypts with her private key.步骤 3 — Alice 用她的私钥解密。 Only Alice can read the message. Eavesdroppers who intercept the encrypted message see only ciphertext — meaningless without the private key.只有 Alice 才能阅读消息。截获加密消息的窃听者只看到密文——没有私钥毫无意义。

Why HTTPS uses both types.为什么 HTTPS 同时使用两种类型。 Asymmetric encryption solves the key-sharing problem: browser and server use asymmetric crypto to agree on a symmetric session key securely. All subsequent data is encrypted with the faster symmetric key. This hybrid approach is how TLS (the protocol behind HTTPS) works.非对称加密解决了密钥共享问题:浏览器和服务器使用非对称加密来安全地协商一个对称会话密钥。所有后续数据都用更快的对称密钥加密。这种混合方式就是 TLS(HTTPS 背后的协议)的工作原理。

Which encryption type uses the same key for both encrypting and decrypting data?哪种加密类型使用相同的密钥进行数据的加密和解密?
§2 · Q1
Symmetric encryption对称加密
Asymmetric encryption非对称加密
Multi-factor authentication多因素认证
Hashing哈希
Symmetric encryption uses one shared key for both operations. It is fast but requires a secure way to share the key. Examples: AES, DES. Contrast with asymmetric, which uses a key pair (public + private).对称加密使用一个共享密钥进行两种操作。速度快,但需要安全的密钥共享方式。示例:AES、DES。与使用密钥对(公钥+私钥)的非对称加密对比。
Symmetric = same key for encrypt and decrypt. Asymmetric = public key encrypts, private key decrypts. MFA is authentication, not encryption. Hashing is one-way transformation, not encryption.对称 = 加密和解密使用相同密钥。非对称 = 公钥加密,私钥解密。MFA 是身份验证,不是加密。哈希是单向转换,不是加密。
A user logs in with a password and then receives a six-digit code on their phone that they must also enter. What security measure is this?用户用密码登录,然后在手机上收到一个六位数代码,也必须输入。这是什么安全措施?
§2 · Q2
Symmetric encryption对称加密
Public key infrastructure公钥基础设施
Multi-factor authentication (MFA)多因素认证(MFA)
Phishing defence防钓鱼
MFA combines at least two authentication factors. Here: something you know (password) + something you have (the phone receiving the code). Even if an attacker steals the password, they cannot log in without also having the phone.MFA 结合至少两个认证因素。这里:你知道的东西(密码)+你拥有的东西(接收代码的手机)。即使攻击者窃取了密码,没有手机也无法登录。
This describes MFA (two independent factors: password + phone code). Encryption protects data in transit/at rest; it is not what verifies identity at login.这描述的是 MFA(两个独立因素:密码 + 手机代码)。加密保护传输中/静态数据;它不是在登录时验证身份的方式。
Going deeper — passwords, hashing, and salting深入 — 密码、哈希与加盐

Websites do not (should not) store passwords in plaintext. Instead, they store a hash — the output of a one-way function that converts the password into a fixed-length string (e.g., SHA-256 produces a 256-bit output). When you log in, the site hashes your input and compares it to the stored hash; the original password is never stored. The problem: if two users have the same password, they produce the same hash, making it easy for an attacker with the hash database to use precomputed "rainbow tables." The solution is salting: add a unique random string (the salt) to each password before hashing, making each stored hash unique even for identical passwords. CSTA 3A-NI-07 on security tradeoffs and CSTA 3B-NI-04 ("Compare ways software developers protect devices and information from unauthorized access") cover this design tradeoff. Ontario ICS4U D2.1 lists "sharing passwords" as an ethical issue — understanding why plaintext password storage is negligent is the flip side of that ethics question.网站不应(也不应该)以明文存储密码。相反,它们存储哈希值——一种将密码转换为固定长度字符串的单向函数的输出(如 SHA-256 产生 256 位输出)。登录时,网站对你的输入进行哈希并与存储的哈希进行比较;原始密码从不存储。问题:如果两个用户有相同的密码,它们产生相同的哈希,使得拥有哈希数据库的攻击者可以使用预先计算的"彩虹表"。解决方案是加盐:在哈希之前向每个密码添加唯一的随机字符串(盐),使每个存储的哈希唯一,即使对于相同的密码也是如此。CSTA 3A-NI-07 关于安全权衡和 CSTA 3B-NI-04("比较软件开发人员保护设备和信息免受未授权访问的方式")涵盖了这种设计权衡。安大略 ICS4U D2.1 将"共享密码"列为伦理问题——理解为什么明文密码存储是疏忽大意,是这个伦理问题的另一面。

Section 3 · Safe computing practices第 3 节 · 安全计算实践

Safe Computing Practices安全计算实践

The essential personal-security checklist — know all six.基本个人安全清单 — 掌握全部六项。
  • Strong, unique passwords强且唯一的密码 — at least 12 characters, mixing letters, numbers, and symbols. Never reuse a password across sites. Use a password manager to generate and store them.— 至少 12 个字符,混合字母、数字和符号。不要在各网站之间重复使用密码。使用密码管理器生成和存储密码。
  • Software updates and patches软件更新和补丁 — most malware exploits known, patched vulnerabilities. Keeping OS, browsers, and apps updated closes these holes. BC CS10 names "software updates, patches" verbatim in its preventive maintenance content.— 大多数恶意软件利用已知的、已修补的漏洞。保持操作系统、浏览器和应用程序更新可以关闭这些漏洞。BC CS10 在其预防性维护内容中原文命名了"软件更新、补丁"。
  • Backups备份 — the 3-2-1 rule: 3 copies of your data, on 2 different media, with 1 copy offsite (or in cloud storage). Backups are the primary defence against ransomware.— 3-2-1 规则:数据的 3 个副本,存储在 2 种不同介质上,其中 1 个副本在异地(或云存储中)。备份是对抗勒索软件的主要防御手段。
  • HTTPS and secure connectionsHTTPS 和安全连接 — always look for the padlock icon and https:// in the URL bar. HTTPS encrypts data in transit using TLS, preventing eavesdropping on public Wi-Fi.— 始终检查 URL 栏中的挂锁图标和 https://。HTTPS 使用 TLS 加密传输中的数据,防止在公共 Wi-Fi 上被窃听。
  • Think before you click点击前先思考 — hover over links to preview the actual URL. Verify sender email addresses. Be sceptical of unexpected attachments. Most phishing attacks succeed only because users click without checking.— 悬停在链接上预览实际 URL。验证发件人电子邮件地址。对意外附件保持怀疑。大多数钓鱼攻击成功仅仅是因为用户未经检查就点击了。
  • Privacy settings and minimal disclosure隐私设置和最少披露 — review app permissions; disable location, microphone, and camera access for apps that do not need them. Share only the minimum information required for a service.— 审查应用程序权限;禁用不需要位置、麦克风和摄像头访问的应用程序的这些权限。仅共享服务所需的最少信息。
CSTA 3A-NI-08: "Explain tradeoffs when selecting and implementing cybersecurity recommendations." Every security measure has a usability cost — knowing the tradeoff is part of the skill.CSTA 3A-NI-08:"解释在选择和实施网络安全建议时的权衡。"每项安全措施都有可用性成本——了解权衡是技能的一部分。
SC
Scenario · Safe or unsafe? Evaluate each decision场景 · 安全还是不安全?评估每个决策

AP CSP Skill 5.E says: "Evaluate the use of computing based on legal and ethical factors." Apply the same evaluative lens to security decisions.AP CSP 技能 5.E 要求:"根据法律和伦理因素评估计算的使用。"将同样的评估视角应用于安全决策。

Decision 1:决策 1: Using the same password ("password123") for your email, social media, and bank. Unsafe. A single breach exposes all three accounts. This is called credential stuffing — attackers take a leaked username/password pair and try it on many sites. Fix: unique password per site, stored in a password manager.对电子邮件、社交媒体和银行使用相同的密码("password123")。不安全。单次泄露会暴露所有三个账户。这称为凭据填充——攻击者获取泄露的用户名/密码对并在许多网站上尝试。修复:每个网站使用唯一密码,存储在密码管理器中。

Decision 2:决策 2: Connecting to a coffee shop's free Wi-Fi and accessing your online banking without a VPN. Risky. Public Wi-Fi is often unencrypted; a nearby attacker could perform a man-in-the-middle attack. HTTPS mitigates this significantly, but a VPN adds an extra layer of protection. Fix: use banking apps over cellular, or use a VPN on public Wi-Fi.连接到咖啡店的免费 Wi-Fi 并在没有 VPN 的情况下访问网上银行。有风险。公共 Wi-Fi 通常未加密;附近的攻击者可能执行中间人攻击。HTTPS 大大缓解了这一问题,但 VPN 增加了额外的保护层。修复:通过蜂窝网络使用银行应用程序,或在公共 Wi-Fi 上使用 VPN。

Decision 3:决策 3: Enabling automatic OS updates on your laptop. Safe and recommended. Automatic updates apply security patches promptly, closing vulnerabilities before attackers can exploit them. The usability tradeoff is occasional restarts; the security benefit far outweighs this inconvenience.在笔记本电脑上启用操作系统自动更新。安全且推荐。自动更新及时应用安全补丁,在攻击者利用漏洞之前关闭漏洞。可用性权衡是偶尔需要重启;安全收益远大于这种不便。

Which of the following is the BEST defence against ransomware?以下哪项是对抗勒索软件的最佳防御措施?
§3 · Q1
Using a strong password使用强密码
Enabling HTTPS启用 HTTPS
Turning off your computer when not in use不使用时关闭电脑
Maintaining regular offline backups保持定期离线备份
Ransomware encrypts your files; the attacker demands payment for the decryption key. If you have recent offline backups, you can restore your files without paying. Offline (not cloud-only) backups are critical because some ransomware also encrypts cloud-synced files.勒索软件加密你的文件;攻击者要求支付赎金以获取解密密钥。如果你有最新的离线备份,可以在不付款的情况下恢复文件。离线(而非仅云端)备份至关重要,因为某些勒索软件也会加密云同步文件。
Strong passwords protect accounts, not files already on your machine. HTTPS protects data in transit. Only backups allow recovery after ransomware encrypts your data.强密码保护账户,而非机器上已有的文件。HTTPS 保护传输中的数据。只有备份才能在勒索软件加密数据后进行恢复。
Why is reusing the same password across multiple websites a significant security risk?为什么在多个网站上重复使用相同的密码是一个重大安全风险?
§3 · Q2
It makes the password easier for attackers to guess它使攻击者更容易猜出密码
A breach at one site exposes all accounts using that password (credential stuffing)一个网站的泄露会暴露使用该密码的所有账户(凭据填充)
Websites can see each other's password databases网站可以看到彼此的密码数据库
Reused passwords expire faster重复使用的密码过期更快
Credential stuffing: when one site's database is breached and hashes cracked, attackers try those username/password pairs on other major sites (email, banking). If you reuse passwords, one breach compromises everything. Unique passwords per site limit the blast radius of any single breach.凭据填充:当一个网站的数据库被攻破且哈希被破解时,攻击者在其他主要网站(电子邮件、银行)上尝试这些用户名/密码对。如果你重复使用密码,一次泄露就会危及所有账户。每个网站使用唯一密码可以限制任何单次泄露的影响范围。
The risk is not about guessing difficulty — it is about credential stuffing after a breach. One breached site leads to attacks on all sites where you used the same password.风险不在于猜测难度——而在于泄露后的凭据填充。一个被攻破的网站会导致对你使用相同密码的所有网站的攻击。
Section 4 · Privacy and data ethics第 4 节 · 隐私与数据伦理

Privacy and Data Ethics隐私与数据伦理

Four core concepts — know the distinctions.四个核心概念 — 掌握区别。
  • Personally identifiable information (PII)个人可识别信息(PII) — any data that can identify an individual: name, email, address, phone number, social security number, biometrics. CSTA 3A-IC-29: "Explain the privacy concerns related to the collection and generation of data through automated processes that may not be evident to users."— 可以识别个人的任何数据:姓名、电子邮件、地址、电话号码、社会安全号码、生物特征。CSTA 3A-IC-29:"解释与通过自动化流程收集和生成数据相关的隐私问题,这些问题对用户可能并不明显。"
  • Data collection and informed consent数据收集与知情同意 — users should know what data is collected, why, and how it is used. "Informed consent" means the user genuinely understands the tradeoff, not merely clicked "I agree" on a 50-page terms of service. AP CSP Topic 5.6 covers this under safe computing.— 用户应了解收集了哪些数据、原因和使用方式。"知情同意"意味着用户真正了解权衡,而不仅仅是在 50 页服务条款上点击了"我同意"。AP CSP 主题 5.6 在安全计算下涵盖了这一点。
  • Data minimisation数据最小化 — collect only the data you need for the stated purpose. A weather app needs your location; it does not need your contacts. Ethical data practice means refusing to collect data "just in case."— 仅收集实现既定目的所需的数据。天气应用需要你的位置;它不需要你的联系人。伦理数据实践意味着拒绝"以防万一"地收集数据。
  • Secondary use and data brokers二次使用与数据经纪人 — data collected for one purpose (e.g., a loyalty card purchase history) may be sold to third parties and used for different purposes (targeted advertising, insurance pricing). Data brokers aggregate and sell personal profiles. CSTA 3A-IC-30: "Evaluate the social and economic implications of privacy in the context of safety, law, or ethics."— 为一个目的(如忠诚卡购买历史)收集的数据可能被出售给第三方并用于不同目的(定向广告、保险定价)。数据经纪人聚合并出售个人档案(data brokers,数据经纪人)。CSTA 3A-IC-30:"在安全、法律或伦理的背景下评估隐私的社会和经济影响。"
Ontario ICS4U D2.1 lists as ethical issues (verbatim): "sharing passwords, music and video file downloading, software piracy, keystroke logging, phishing, cyberbullying." Privacy and data ethics underpin the last three of those.安大略 ICS4U D2.1 将以下内容列为伦理问题(原文):"共享密码、下载音乐和视频文件、软件盗版、键盘记录、钓鱼、网络欺凌。"隐私和数据伦理是其中最后三项的基础。
PV
Case Study · What does a free app actually collect?案例研究 · 免费应用实际收集什么?

A free mobile flashlight app asks for permission to access: your location, contacts, microphone, camera, and storage. Evaluate what data collection is proportionate.一款免费的手机手电筒应用请求权限访问:你的位置、联系人、麦克风、摄像头和存储。评估哪些数据收集是合理的。

Proportionate (arguably):合理的(可以说是): Storage access (to save settings). No other permissions are needed for a flashlight.存储访问(保存设置)。手电筒不需要其他任何权限。

Disproportionate:不合理的: Location, contacts, microphone, camera. A flashlight only needs to turn on the LED. Requesting these permissions serves a secondary purpose — selling your data to brokers. This is the "free" business model: you pay with your personal data instead of money.位置、联系人、麦克风、摄像头。手电筒只需要打开 LED。请求这些权限服务于二次目的——将你的数据出售给经纪人。这就是"免费"商业模式:你用个人数据代替金钱付款。

Ethical evaluation (AP CSP Skill 5.E):伦理评估(AP CSP 技能 5.E): The app violates data minimisation principles. A user who clicks "I agree" without reading permissions has not given meaningful informed consent. Regulators such as the GDPR (EU) and PIPEDA (Canada) require that data collection be limited to what is necessary for the service.该应用违反了数据最小化原则。未阅读权限就点击"我同意"的用户没有给予有意义的知情同意。GDPR(欧盟)和 PIPEDA(加拿大)等监管机构要求数据收集仅限于服务所必需的内容。

Safe practice:安全实践: Review app permissions before installing. Deny any permission the app does not logically need. Prefer apps that clearly explain why each permission is required.安装前检查应用权限。拒绝应用逻辑上不需要的任何权限。优先选择清楚说明每个权限需要原因的应用。

Which term describes any data that can be used to identify a specific individual (name, email, biometrics)?哪个术语描述可用于识别特定个人的任何数据(姓名、电子邮件、生物特征)?
§4 · Q1
Personally identifiable information (PII)个人可识别信息(PII)
Metadata元数据
Big data大数据
Ciphertext密文
PII (Personally Identifiable Information) is any data that alone or in combination can identify a specific person. It is the core concept in privacy law and the primary target of data breaches. CSTA 3A-IC-29 focuses on automated collection of PII that users may not be aware of.PII(个人可识别信息)是单独或组合可以识别特定人员的任何数据。它是隐私法的核心概念和数据泄露的主要目标。CSTA 3A-IC-29 侧重于用户可能不知道的 PII 自动收集。
Metadata = data about data (e.g., file creation date). Big data = very large datasets. Ciphertext = encrypted data. PII is the term for identifiable personal information.元数据 = 关于数据的数据(如文件创建日期)。大数据 = 非常大的数据集。密文 = 加密数据。PII 是可识别个人信息的术语。
A company collects customer purchase history for billing, then sells it to advertisers without telling customers. What ethical principle does this violate?一家公司收集客户购买历史用于账单,然后在未告知客户的情况下将其出售给广告商。这违反了什么伦理原则?
§4 · Q2
Encryption policy加密政策
Password complexity rules密码复杂性规则
Data minimisation数据最小化
Informed consent and prohibition on secondary use without consent知情同意和禁止未经同意的二次使用
Informed consent requires that users know and agree to how their data will be used. Selling purchase data to advertisers without disclosure is unauthorized secondary use — the data was collected for billing, not advertising. CSTA 3A-IC-30 evaluates the "social and economic implications of privacy."知情同意要求用户了解并同意其数据的使用方式。未经披露将购买数据出售给广告商是未授权的二次使用——数据是为账单收集的,而非广告。CSTA 3A-IC-30 评估"隐私的社会和经济影响"。
This is about informed consent for data use, not encryption, passwords, or data volume. The violation is using data for a purpose the customer never agreed to.这是关于数据使用的知情同意,而非加密、密码或数据量。违规在于将数据用于客户从未同意的目的。
Going deeper — surveillance, keystroke logging, and professional ethics深入 — 监控、键盘记录与职业伦理

Ontario ICS4U D2.1 includes "keystroke logging" as an example ethical issue. A keylogger records every keystroke a user types — capturing passwords, messages, banking details — without the user's knowledge. It is illegal when installed covertly. ICS4U D2.2 says: "describe the essential elements of a code of ethics for computer programmers (e.g., ACM [Association for Computing Machinery] and IEEE [Institute of Electrical and Electronics Engineers] standards) and explain why there is a need for such a code." The ACM Code of Ethics (2018) includes principles such as "Be honest and trustworthy," "Respect privacy," and "Avoid harm." The IEEE Code of Ethics includes "to protect the privacy of others." These professional codes matter because computing professionals often have access to systems and data that ordinary users do not — the ethical framework is what keeps that privileged access from being abused.安大略 ICS4U D2.1 将"键盘记录"列为伦理问题示例。键盘记录器在用户不知情的情况下记录用户输入的每个按键——捕获密码、消息、银行详细信息。秘密安装时是非法的。ICS4U D2.2 要求:"描述计算机程序员职业道德准则的基本要素(如 ACM [计算机协会] 和 IEEE [电气和电子工程师协会] 标准)并解释为何需要此类准则。"ACM 伦理准则(2018)包括"诚实可信"、"尊重隐私"和"避免伤害"等原则。IEEE 伦理准则包括"保护他人隐私"。这些专业准则之所以重要,是因为计算专业人员通常可以访问普通用户无法访问的系统和数据——伦理框架是防止这种特权访问被滥用的保障。

Section 5 · Intellectual property and licensing第 5 节 · 知识产权与许可

Intellectual Property and Licensing知识产权与许可

Four IP concepts — know which applies to software.四个知识产权概念 — 了解哪个适用于软件。
  • Copyright版权 — automatic legal protection for original creative works (code, writing, images, music) from the moment of creation. The creator controls copying, distribution, and derivative works. Software is protected by copyright by default. BC CS10 names "copyright and fair use" verbatim.— 从创作时起对原创作品(代码、文章、图像、音乐)的自动法律保护。创作者控制复制、分发和衍生作品。软件默认受版权保护。BC CS10 原文命名了"版权和合理使用"。
  • Fair use / fair dealing合理使用 / 公平交易 — limited exceptions allowing use of copyrighted material without permission for purposes such as education, criticism, commentary, and parody. Fair use (US) and fair dealing (Canada/UK) have different but related rules. In general, you cannot reproduce an entire copyrighted work and call it education.— 允许在未经许可的情况下为教育、批评、评论和模仿等目的使用受版权保护材料的有限例外。合理使用(美国)和公平交易(加拿大/英国)有不同但相关的规则。一般来说,你不能复制整个受版权保护的作品并称之为教育用途。
  • Proprietary (closed-source) software专有(闭源)软件 — the source code is kept secret; users may only use the software under the terms of a licence (often "install on one machine, no redistribution, no modification"). Examples: Microsoft Windows, Adobe Photoshop. Ontario ICS4U D2.1 lists "software piracy" as an ethical issue — piracy means using proprietary software without a valid licence.— 源代码保密;用户只能在许可条款下使用软件(通常是"在一台机器上安装,不得再发行,不得修改")。示例:Microsoft Windows、Adobe Photoshop。安大略 ICS4U D2.1 将"软件盗版"列为伦理问题——盗版意味着在没有有效许可的情况下使用专有软件。
  • Open-source software开源软件 — source code is publicly available; users can read, modify, and distribute it under the terms of an open-source licence. Key licences: MIT (permissive — do almost anything, just credit the author), GPL (copyleft — any derivative must also be open-source), Apache 2.0 (permissive with patent clause). CSTA 3A-IC-28: "Explain the beneficial and harmful effects that intellectual property laws can have on innovation."— 源代码公开可用;用户可以在开源许可条款下阅读、修改和分发它(open source,开源)。主要许可:MIT(宽松——几乎可以做任何事,只需注明作者)、GPL(著佐权——任何衍生作品也必须是开源的)、Apache 2.0(带专利条款的宽松)。CSTA 3A-IC-28:"解释知识产权法律对创新可能产生的有益和有害影响。"
Exam distinction: open-source is not the same as free (as in price) — open-source means the source code is available. Proprietary software can be free-as-in-price (freeware) but still restrict modification and redistribution.考试区别:开源不等同于免费(价格)——开源意味着源代码可用。专有软件可以是免费的(免费软件),但仍然限制修改和再发行。
IP
Comparison · Proprietary vs open-source tradeoffs比较 · 专有与开源的权衡

CSTA 3A-IC-28 asks you to evaluate both beneficial and harmful effects of IP laws on innovation. Both models have real advantages and disadvantages.CSTA 3A-IC-28 要求你评估知识产权法律对创新的有益和有害影响。两种模式都有真实的优势和劣势。

Aspect方面 Proprietary专有 Open Source开源
Who can see the code?谁能看到代码? Only the company仅公司内部 Anyone任何人
Security model安全模型 Security through obscurity (flaws hidden — but so are patches)通过隐蔽实现安全(缺陷隐藏——但补丁也隐藏) Open peer review finds flaws fast; fixes are public too公开同行评审快速发现缺陷;修复也是公开的
Innovation创新 Company controls roadmap; revenue funds R&D公司控制路线图;收入资助研发 Community-driven; forks enable rapid experimentation社区驱动;分支实现快速实验
Cost to user用户成本 Licence fee (or subscription)许可费(或订阅费) Usually free; cost is in support/customisation通常免费;成本在于支持/定制
IP law effect知识产权法律影响 Copyright enables the business model; can stifle competition版权支撑商业模式;可能抑制竞争 Licences use copyright law to enforce openness (copyleft)许可利用版权法强制开放性(著佐权)
A student copies and uses a piece of software without purchasing a licence. What term best describes this action?一名学生在未购买许可的情况下复制并使用一款软件。哪个术语最能描述这种行为?
§5 · Q1
Fair use合理使用
Software piracy软件盗版
Open-source use开源使用
Data minimisation数据最小化
Software piracy is using proprietary software without a valid licence. It violates copyright law. Ontario ICS4U D2.1 lists "software piracy" as an ethical issue for computing students to analyse. Note: using open-source software under its licence is not piracy.软件盗版是在没有有效许可的情况下使用专有软件。这违反了版权法。安大略 ICS4U D2.1 将"软件盗版"列为计算机学生分析的伦理问题。注意:在其许可下使用开源软件不是盗版。
Fair use applies to limited educational/critical use of copyrighted content, not copying whole programs. Open-source software has its own licence permitting use. What's described is software piracy.合理使用适用于对受版权保护内容的有限教育/批评性使用,而非复制整个程序。开源软件有自己的允许使用的许可。所描述的是软件盗版。
Which open-source licence requires that any modified version of the software must also be released under the same open-source terms?哪种开源许可要求软件的任何修改版本也必须在相同的开源条款下发布?
§5 · Q2
MIT licenceMIT 许可
Apache 2.0 licenceApache 2.0 许可
GPL (GNU General Public Licence)GPL(GNU 通用公共许可)
Freeware licence免费软件许可
GPL is a copyleft licence: any derivative work must also be distributed under the GPL. This "viral" property ensures that open-source software stays open. MIT and Apache 2.0 are permissive licences — they allow the code to be used in proprietary products without requiring the result to be open-source.GPL 是一种著佐权许可:任何衍生作品也必须在 GPL 下分发。这种"传染性"属性确保开源软件保持开放。MIT 和 Apache 2.0 是宽松许可——它们允许代码用于专有产品,而无需要求结果是开源的。
MIT = permissive (do almost anything). Apache 2.0 = permissive with patent clause. GPL = copyleft (derivatives must stay open). Freeware = free of charge but not necessarily open-source.MIT = 宽松(几乎可以做任何事)。Apache 2.0 = 带专利条款的宽松。GPL = 著佐权(衍生作品必须保持开放)。免费软件 = 免费但不一定是开源的。
Section 6 · Computing's impact on society第 6 节 · 计算对社会的影响

Computing's Impact on Society计算对社会的影响

Five impact dimensions — know a concrete example for each.五个影响维度 — 每个都了解一个具体例子。
  • Automation and employment自动化与就业 — computing automates repetitive tasks (assembly lines, data entry, customer service bots), eliminating some jobs while creating new ones (ML engineers, data analysts). AP CSP Topic 5.1 "Beneficial and Harmful Effects": the same innovation can benefit some people and harm others.— 计算自动化重复性任务(装配线、数据录入、客服机器人),消除一些工作同时创造新工作(机器学习工程师、数据分析师)。AP CSP 主题 5.1"有益和有害影响":同一创新可以造福某些人同时伤害另一些人。
  • Digital divide数字鸿沟 — the gap between those who have access to computing resources and the internet and those who do not. Affects individuals (rural vs urban, rich vs poor) and nations. AP CSP Topic 5.2: the digital divide can reduce opportunities for those who are on the wrong side of it. BC CS10 names "digital divide" verbatim.— 有计算资源和互联网访问权限与没有访问权限的人之间的差距(digital divide,数字鸿沟)。影响个人(农村与城市、富与穷)和国家。AP CSP 主题 5.2:数字鸿沟可能减少处于不利一侧的人的机会。BC CS10 原文命名了"数字鸿沟"。
  • Global communication and social media全球通信与社交媒体 — computing enables instant global communication, collaborative work across time zones, and social movements. Downside: misinformation spreads at scale; cyberbullying; filter bubbles that reinforce existing beliefs. BC CS10 lists "global communication, social media, e-commerce" as impacts.— 计算实现即时全球通信、跨时区协作工作和社会运动。缺点:错误信息大规模传播;网络欺凌;强化现有信念的过滤泡沫。BC CS10 将"全球通信、社交媒体、电子商务"列为影响。
  • E-commerce and the economy电子商务与经济 — online retail, digital payments, and gig-economy platforms have transformed how goods and services are bought and sold. Winner-takes-all dynamics in tech markets create monopoly risks. CSTA 3A-IC-24: "Evaluate the ways computing impacts personal, ethical, social, economic, and cultural practices."— 网络零售、数字支付和零工经济平台改变了商品和服务的买卖方式。科技市场中的赢者通吃动态创造了垄断风险。CSTA 3A-IC-24:"评估计算影响个人、伦理、社会、经济和文化实践的方式。"
  • Healthcare, science, and public good医疗保健、科学与公共利益 — computing enables genomic sequencing, climate modelling, medical imaging, and drug discovery at speeds impossible without it. These are the clearest beneficial effects. AP CSP Skill 5.C: "Describe the impact of a computing innovation."— 计算以没有它不可能实现的速度实现基因组测序、气候建模、医学成像和药物发现。这些是最明显的有益影响。AP CSP 技能 5.C:"描述计算创新的影响。"
Ontario ICS4U D3 says: "analyse the impact of emerging computer technologies on society and the economy." This entire section maps directly.安大略 ICS4U D3 要求:"分析新兴计算机技术对社会和经济的影响。"本节完全直接对应。
SI
Analysis · Applying AP CSP Skill 5.C to a specific innovation分析 · 将 AP CSP 技能 5.C 应用于具体创新

AP CSP Skill 5.C: "Describe the impact of a computing innovation." Practice format: state the innovation, describe at least one beneficial effect and one harmful effect, and identify who is affected.AP CSP 技能 5.C:"描述计算创新的影响。"练习格式:陈述创新,描述至少一个有益影响和一个有害影响,并识别受影响的人。

Innovation: GPS navigation apps (e.g., Google Maps, Apple Maps).创新:GPS 导航应用(如 Google Maps、Apple Maps)。

Beneficial effects:有益影响: Reduced traffic accidents (real-time routing avoids congestion and dangerous roads). Enabled gig-economy delivery work for people without specialised skills. Made navigation accessible to people with visual impairments (voice-guided turn-by-turn). Reduced fuel consumption through optimal routing.减少交通事故(实时路线规划避免拥堵和危险道路)。为没有专业技能的人提供零工经济送货工作。通过语音引导逐步导航使视力障碍者能够导航。通过优化路线减少燃料消耗。

Harmful effects:有害影响: Tracking: location data collected by the app reveals patterns of movement, religious attendance, political activity, medical appointments — all potentially sensitive. This data may be sold to brokers or subpoenaed by governments. Over-reliance: cognitive atrophy in spatial reasoning as people stop internalising maps. Economic displacement: taxi and local guide industries were disrupted by navigation + ride-sharing apps.跟踪:应用收集的位置数据揭示了移动模式、宗教出勤、政治活动、医疗预约——所有这些都可能敏感。这些数据可能被出售给经纪人或被政府传唤。过度依赖:随着人们停止内化地图,空间推理能力退化。经济置换:出租车和当地导游行业被导航+拼车应用打乱。

Who is affected:受影响的人: Beneficial to: commuters, delivery workers, people with disabilities, tourists. Harmful to: taxi drivers, privacy-conscious users, people in surveillance-heavy regimes. The harm is not evenly distributed — those with less power to protect their data or change jobs are most vulnerable.受益者:通勤者、送货工人、残障人士、游客。受害者:出租车司机、注重隐私的用户、监控严密国家的人。伤害分布不均——那些保护数据或换工作能力较弱的人最脆弱。

The "digital divide" refers to which of the following?"数字鸿沟"指的是以下哪项?
§6 · Q1
The technical difference between analogue and digital signals模拟信号和数字信号之间的技术差异
The gap between the number of male and female programmers男女程序员数量之间的差距
The gap between those who have access to computing resources and those who do not有计算资源访问权限与没有访问权限的人之间的差距
The split between open-source and proprietary software markets开源和专有软件市场之间的分割
The digital divide is the social and economic inequality between those with access to digital technology (computers, internet) and those without. AP CSP Topic 5.2 covers how this divide can reduce opportunities for those on the wrong side of it. BC CS10 names it verbatim.数字鸿沟是有数字技术(计算机、互联网)访问权限和没有访问权限的人之间的社会经济不平等。AP CSP 主题 5.2 涵盖了这种鸿沟如何减少处于不利一侧的人的机会。BC CS10 原文命名了它。
The digital divide is specifically about unequal access to digital technology, not signal types, gender ratios, or software market splits.数字鸿沟特指对数字技术的不平等访问,而非信号类型、性别比例或软件市场分割。
AP CSP Topic 5.1 focuses on "Beneficial and Harmful Effects." Which of the following best demonstrates that the SAME computing innovation can have both types of effects?AP CSP 主题 5.1 关注"有益和有害影响"。以下哪项最能说明同一计算创新可以同时产生两种影响?
§6 · Q2
GPS apps help commuters navigate safely but collect location data that can be used for surveillanceGPS 应用帮助通勤者安全导航,但收集可用于监控的位置数据
Software updates fix bugs but also introduce new features软件更新修复错误,但也引入新功能
Open-source software is free, but proprietary software costs money开源软件是免费的,但专有软件需要花钱
Encryption protects data in transit and also protects data at rest加密保护传输中的数据,也保护静态数据
GPS navigation has clear beneficial effects (safety, accessibility, efficiency) and clear harmful effects (location surveillance, privacy loss, displacement of taxi drivers). The same technology causing opposite outcomes for different stakeholders is exactly what AP CSP Topic 5.1 assesses.GPS 导航有明显的有益效果(安全、可访问性、效率)和明显的有害效果(位置监控、隐私损失、出租车司机被取代)。同一技术对不同利益相关者产生相反结果,正是 AP CSP 主题 5.1 所评估的内容。
The other options describe trade-offs or choices, not beneficial + harmful effects from the same innovation on different stakeholders. GPS is the clearest example of dual impact.其他选项描述的是权衡或选择,而非同一创新对不同利益相关者的有益+有害影响。GPS 是双重影响最清晰的例子。
Section 7 · Bias, accessibility and sustainability第 7 节 · 偏见、可访问性与可持续性

Bias, Accessibility and Sustainability偏见、可访问性与可持续性

Three emerging challenges — know a concrete example for each.三个新兴挑战 — 每个都了解一个具体例子。
  • Algorithmic bias算法偏见 — when a system produces systematically unfair outcomes for some groups. Causes: biased training data (historical discrimination encoded into data), biased feature selection, lack of diverse development teams. Example: facial recognition systems with higher error rates for darker-skinned faces because training data was predominantly light-skinned. CSTA 3A-IC-25: "Test and refine computational artifacts to reduce bias and equity deficits." AP CSP Topic 5.3: "Computing Bias."— 当系统对某些群体产生系统性不公平结果时(algorithmic bias,算法偏见)。原因:有偏见的训练数据(历史歧视编码进数据)、有偏见的特征选择、缺乏多元化的开发团队。例子:面部识别系统对深色皮肤面孔错误率更高,因为训练数据以浅色皮肤为主。CSTA 3A-IC-25:"测试和改进计算制品以减少偏见和公平赤字。" AP CSP 主题 5.3:"计算偏见。"
  • Accessibility可访问性 — designing computing systems that can be used by people with a wide range of abilities, including those with visual, auditory, motor, or cognitive disabilities. Examples: screen readers (for blindness), captions (for deafness), keyboard navigation (for motor impairment), high-contrast themes (for low vision). BC CS10: "technology to assist people with diverse abilities" and "impacts of technology use on personal health and wellness." CSTA 3A-AP-21: "Evaluate and refine computational artifacts to make them more usable and accessible."— 设计可供各种能力的人使用的计算系统,包括视觉、听觉、运动或认知障碍人士(accessibility,可访问性)。例子:屏幕阅读器(用于盲人)、字幕(用于聋人)、键盘导航(用于运动障碍)、高对比度主题(用于低视力)。BC CS10:"辅助多元能力人群的技术"和"技术使用对个人健康和健康的影响"。CSTA 3A-AP-21:"评估和改进计算制品,使其更易用、更易访问。"
  • Environmental sustainability环境可持续性 — computing has a significant environmental footprint: data centres consume 1–2% of global electricity; cryptocurrency mining is energy-intensive; electronic waste (e-waste) contains toxic materials that pollute when improperly discarded. Green computing strategies include energy-efficient hardware, renewable-powered data centres, extending device lifespans, and responsible e-waste recycling. Ontario ICS3U D1.1 (verbatim): "describe the negative effects of computer use on the environment (e.g., creation of e-waste …) and on human health." BC CS10: "e-waste, recycling, conflict mineral exploitation" and "power consumption, renewable energy, server farms."— 计算具有显著的环境足迹:数据中心消耗全球 1–2% 的电力;加密货币挖矿能源密集;电子废物(e-waste,电子废物)含有有毒物质,不当丢弃会造成污染。绿色计算策略包括节能硬件、使用可再生能源的数据中心、延长设备寿命和负责任的电子废物回收(sustainability,可持续性)。安大略 ICS3U D1.1(原文):"描述计算机使用对环境(如产生电子废物……)和人类健康的负面影响。" BC CS10:"电子废物、回收利用、冲突矿产开采"和"能耗、可再生能源、服务器农场"。
These three challenges are strongly assessed by AP CSP Big Idea 5 (Topics 5.2, 5.3) and by BC CS10's broad sustainability strand. Ontario's D1 emphasis on environmental stewardship is the most explicit sustainability requirement of the four curricula.这三个挑战由 AP CSP 大概念 5(主题 5.2、5.3)和 BC CS10 的广泛可持续性内容强力评估。安大略 D1 对环境管理的强调是四套课程中最明确的可持续性要求。
GC
Concept · Sources of bias in AI systems概念 · AI 系统中偏见的来源

AP CSP Topic 5.3 assesses students' ability to explain how bias enters computing systems and what effects it has. There are three main entry points.AP CSP 主题 5.3 评估学生解释偏见如何进入计算系统及其影响的能力。有三个主要进入点。

1. Biased training data.1. 有偏见的训练数据。 If a hiring algorithm is trained on historical hiring decisions that favoured one demographic, it learns to reproduce that bias. The algorithm is not "biased" in intent, but the pattern in the data encodes the historical discrimination. Example: Amazon's experimental recruiting tool (discontinued 2018) downgraded resumes mentioning "women's" because the male-dominated tech workforce was overrepresented in its training set.如果招聘算法在历史上偏向某一人口群体的招聘决定上进行训练,它就会学会重现这种偏见。算法在意图上并不"有偏见",但数据中的模式编码了历史歧视。例子:亚马逊的实验性招聘工具(2018 年停用)降低了提及"女性"的简历评分,因为以男性为主的技术劳动力在其训练集中过度代表。

2. Biased feature selection.2. 有偏见的特征选择。 Using a proxy variable that correlates with a protected characteristic introduces indirect bias. Example: using ZIP code as a feature in loan approval correlates with race (due to historical redlining), producing racially discriminatory outcomes without ever including race as a variable.使用与受保护特征相关的代理变量会引入间接偏见。例子:在贷款审批中使用邮政编码作为特征与种族相关(由于历史上的红线政策),在从未将种族列为变量的情况下产生种族歧视性结果。

3. Lack of diversity in development teams.3. 开发团队缺乏多样性。 Homogeneous teams may not notice that their product fails specific user groups. Example: early voice-recognition systems trained primarily on male voices performed poorly for women. CSTA 3A-IC-25 says to "test and refine computational artifacts to reduce bias and equity deficits" — the fix is diverse testing panels and representative datasets.同质化团队可能不会注意到其产品对特定用户群体的失败。例子:主要在男性声音上训练的早期语音识别系统对女性表现不佳。CSTA 3A-IC-25 要求"测试和改进计算制品以减少偏见和公平赤字"——解决方案是多样化的测试小组和具有代表性的数据集。

A facial recognition system works accurately for light-skinned faces but has a much higher error rate for dark-skinned faces. This is an example of what?一个面部识别系统对浅色皮肤面孔准确工作,但对深色皮肤面孔错误率高得多。这是什么的例子?
§7 · Q1
A security vulnerability安全漏洞
Algorithmic bias from unrepresentative training data来自非代表性训练数据的算法偏见
A digital divide issue数字鸿沟问题
A copyright violation版权违规
This is algorithmic bias caused by unrepresentative training data. If the training images were predominantly light-skinned, the model learned features that do not generalise to dark-skinned faces. CSTA 3A-IC-25 and AP CSP Topic 5.3 both address this. The fix: more diverse and representative training datasets.这是由非代表性训练数据引起的算法偏见。如果训练图像主要是浅色皮肤,模型就会学习不能泛化到深色皮肤面孔的特征。CSTA 3A-IC-25 和 AP CSP 主题 5.3 都涉及这一问题。解决方案:更多样化和更具代表性的训练数据集。
This is not a security vulnerability or digital divide or copyright issue. It is algorithmic bias — the system systematically underperforms for a specific demographic group due to how it was trained.这不是安全漏洞、数字鸿沟或版权问题。这是算法偏见——系统由于训练方式对特定人口群体系统性地表现不佳。
Ontario ICS3U strand D1 specifically emphasises which environmental concern related to computing?安大略 ICS3U D1 单元特别强调与计算相关的哪个环境问题?
§7 · Q2
Software piracy软件盗版
Algorithmic bias in AIAI 中的算法偏见
Phishing attacks钓鱼攻击
E-waste and the negative environmental effects of computer use电子废物和计算机使用的负面环境影响
Ontario ICS3U D1.1 (verbatim): "describe the negative effects of computer use on the environment (e.g., creation of e-waste …) and on human health." The environmental stewardship theme recurs in every Ontario ICS course and is the most distinctive feature of Ontario's strand D versus the other three curricula.安大略 ICS3U D1.1(原文):"描述计算机使用对环境(如产生电子废物……)和人类健康的负面影响。"环境管理主题在每门安大略 ICS 课程中反复出现,是安大略 D 单元与其他三套课程最显著的区别特征。
Software piracy is in D2 (ethics). Algorithmic bias is not specifically named in Ontario D strand. Phishing is in D2. The D1 theme is specifically environmental sustainability and e-waste.软件盗版在 D2(伦理)中。算法偏见在安大略 D 单元中没有特别命名。钓鱼在 D2 中。D1 主题专门是环境可持续性和电子废物。
Going deeper — green computing and data centre energy深入 — 绿色计算与数据中心能耗

BC CS10 Content (verbatim) includes: "power consumption, renewable energy, server farms" under environmental sustainability. Data centres that power the internet and cloud computing are a significant and growing energy consumer. In 2020, global data centres consumed an estimated 200–250 TWh of electricity (roughly 1% of global electricity demand). Cryptocurrency mining, at peak in 2021–2022, consumed electricity comparable to small countries (Bitcoin mining alone was estimated at ~130 TWh/year). Green computing responses include: (1) energy-efficient chip design; (2) data centres powered by renewable energy (e.g., Google claims 100% renewable matching; some use waste heat for district heating); (3) cooling innovations (e.g., Microsoft's Project Natick submerged data centre); (4) on-demand cloud computing that eliminates idle servers; (5) extending device lifespans to reduce e-waste. Ontario ICS3U D1 is distinctive in treating this as assessed curriculum, not just enrichment. BC CS10 Big Idea 2 (verbatim): "Social, ethical, and sustainability issues are influenced by design" — the environmental cost of computing is built into the design choices engineers make.BC CS10 内容(原文)在环境可持续性下包含:"能耗、可再生能源、服务器农场"。驱动互联网和云计算的数据中心是一个重大且不断增长的能源消耗者。2020 年,全球数据中心估计消耗 200–250 太瓦时(TWh)电力(约占全球电力需求的 1%)。加密货币挖矿在 2021–2022 年峰值时消耗的电力相当于小型国家(仅比特币挖矿估计约 130 TWh/年)。绿色计算应对措施包括:(1) 节能芯片设计;(2) 使用可再生能源的数据中心(如谷歌声称 100% 可再生能源匹配;一些使用废热供暖);(3) 冷却创新(如微软的 Project Natick 水下数据中心);(4) 消除闲置服务器的按需云计算;(5) 延长设备寿命以减少电子废物。安大略 ICS3U D1 的独特之处在于将其视为评估课程,而非仅仅是拓展内容。BC CS10 大概念 2(原文):"社会、伦理和可持续性问题受设计影响"——计算的环境成本内置于工程师做出的设计选择中。

Exam Tactics考试策略

Exam Strategy and Common Pitfalls考试策略与常见陷阱

For AP CSP Big Idea 5 questionsAP CSP 大概念 5 题型
  • Skill 5.C: use the impact structure.技能 5.C:使用影响结构。 When asked to "describe the impact of a computing innovation," use this template: Innovation + Beneficial effect + who benefits + Harmful effect + who is harmed. Partial answers score partial marks; only both sides score full marks.当被要求"描述计算创新的影响"时,使用此模板:创新 + 有益影响 + 谁受益 + 有害影响 + 谁受害。部分答案得部分分;两面都答才能得满分。
  • Skill 5.E: cite the specific legal or ethical framework.技能 5.E:引用具体的法律或伦理框架。 Name the concept: "informed consent," "data minimisation," "copyright," "GPL." Vague statements like "it is wrong" score poorly versus "it violates informed consent because the user did not agree to secondary data use."命名概念:"知情同意"、"数据最小化"、"版权"、"GPL"。像"这是错误的"这样的模糊陈述得分很低,而"它违反了知情同意,因为用户没有同意二次数据使用"则得分更高。
  • Topic 5.3 bias: name the source of bias, not just the effect.主题 5.3 偏见:命名偏见的来源,而非仅描述效果。 Good answer: "The system has higher error rates for dark-skinned faces because training data was not representative." Poor answer: "The system is biased." The source (training data, feature selection, team composition) is what examiners are checking for.好答案:"该系统对深色皮肤面孔错误率更高,因为训练数据不具代表性。"差答案:"该系统存在偏见。"来源(训练数据、特征选择、团队构成)是考官检查的内容。
Security and privacy questions (§1-§4)安全和隐私问题(§1-§4)
  • Name the threat type precisely.精确命名威胁类型。 Distinguish malware (software), phishing (deception via email/web), and social engineering (human manipulation). "The attacker sent a fake email" = phishing. "The attacker called and pretended to be IT support" = social engineering.区分恶意软件(软件)、钓鱼(通过电子邮件/网页欺骗)和社会工程学(人类操纵)。"攻击者发送了一封假电子邮件"= 钓鱼。"攻击者打电话假装是 IT 支持"= 社会工程学。
  • Symmetric vs asymmetric: always state the key difference.对称 vs 非对称:始终陈述关键区别。 Symmetric = same key for encrypt and decrypt. Asymmetric = public key encrypts, private key decrypts. HTTPS uses both (asymmetric to exchange a symmetric session key). These are frequently confused on exams.对称 = 加密和解密使用相同密钥。非对称 = 公钥加密,私钥解密。HTTPS 同时使用两者(非对称方式交换对称会话密钥)。这些在考试中经常被混淆。
IP and society questions (§5-§7)知识产权和社会问题(§5-§7)
  • Open-source is not the same as free-of-charge.开源不等于免费。 Open-source means the source code is available. A common exam trap is equating "open source" with "free." Proprietary software can be free-of-charge (freeware) while still restricting modification.开源意味着源代码可用。一个常见的考试陷阱是将"开源"与"免费"等同。专有软件可以免费(免费软件),同时仍然限制修改。
  • For Ontario ICS4U D2 questions: cite ACM/IEEE.对于安大略 ICS4U D2 问题:引用 ACM/IEEE。 When asked about professional ethics codes, name the ACM Code of Ethics (2018) and IEEE Code of Ethics. State a specific principle (e.g., "ACM principle 1.6: Respect privacy"). Vague answers score less than cited principles.当被问及职业伦理准则时,命名 ACM 伦理准则(2018)和 IEEE 伦理准则。陈述具体原则(如"ACM 原则 1.6:尊重隐私")。模糊答案的得分低于引用原则的答案。
Answer hygiene for this unit本单元作答规范
  • Concrete examples always outperform definitions alone.具体例子总是优于单纯的定义。 For every concept, have a real-world example ready: ransomware = WannaCry; digital divide = rural students without broadband; e-waste = old phones containing lead and cadmium. Examples make arguments credible to examiners.对于每个概念,准备一个真实世界的例子:勒索软件 = WannaCry;数字鸿沟 = 没有宽带的农村学生;电子废物 = 含铅和镉的旧手机。例子使论点对考官更有说服力。
  • Avoid "it is bad for privacy." Use the correct term.避免"这对隐私不好"。使用正确的术语。 Say "it violates data minimisation principles" or "it constitutes secondary use without informed consent." Precise vocabulary is what separates a Level 3 answer from a Level 4.说"它违反了数据最小化原则"或"它构成未经知情同意的二次使用"。精确的词汇是区分第 3 级和第 4 级答案的关键。
Active Recall主动复习

Flashcards闪卡

0 / 14 flipped0 / 14 已翻
Ransomware勒索软件
Malware that encrypts victim files and demands payment for the decryption key. Defence: offline backups.加密受害者文件并要求支付解密密钥赎金的恶意软件。防御:离线备份。
Phishing钓鱼
Fraudulent attempt to steal credentials by impersonating a trusted entity via email or fake website. ON ICS4U D2.1 example.通过电子邮件或虚假网站冒充可信实体来窃取凭据的欺诈行为。安大略 ICS4U D2.1 示例。
Social engineering社会工程学
Manipulating people (not software) into revealing information or taking unsafe actions. Exploits trust, authority, urgency.操纵人(而非软件)泄露信息或采取不安全行动。利用信任、权威、紧迫感。
Symmetric vs asymmetric encryption对称 vs 非对称加密
Symmetric = one shared key (encrypt + decrypt). Asymmetric = key pair: public key encrypts, private key decrypts. HTTPS uses both.对称 = 一个共享密钥(加密+解密)。非对称 = 密钥对:公钥加密,私钥解密。HTTPS 同时使用两者。
MFA (Multi-factor authentication)MFA(多因素认证)
Authentication using at least two independent factors: something you know + something you have + something you are.使用至少两个独立因素的身份验证:你知道的 + 你拥有的 + 你本身的特征。
PII个人可识别信息(PII)
Personally Identifiable Information: any data that can identify a specific individual (name, email, biometrics). Primary target of data breaches. CSTA 3A-IC-29.可以识别特定个人的任何数据(姓名、电子邮件、生物特征)。数据泄露的主要目标。CSTA 3A-IC-29。
Informed consent知情同意
User genuinely understanding and agreeing to how their data will be collected, used, and shared. Clicking "I agree" without reading is not meaningful consent.用户真正了解并同意如何收集、使用和共享其数据。未阅读就点击"我同意"不是有意义的同意。
Copyright vs open source版权 vs 开源
Copyright = automatic protection; owner controls copying. Open source = source code available under a licence (MIT = permissive; GPL = copyleft).版权 = 自动保护;所有者控制复制。开源 = 源代码在许可下可用(MIT = 宽松;GPL = 著佐权)。
Software piracy软件盗版
Using proprietary software without a valid licence. Violates copyright law. ON ICS4U D2.1 names this as an ethical issue.在没有有效许可的情况下使用专有软件。违反版权法。安大略 ICS4U D2.1 将其列为伦理问题。
Digital divide数字鸿沟
The gap between those with access to computing resources/internet and those without. AP CSP Topic 5.2. BC CS10 names it verbatim.有计算资源/互联网访问权限与没有访问权限的人之间的差距。AP CSP 主题 5.2。BC CS10 原文命名。
Algorithmic bias算法偏见
Systematically unfair outcomes for some groups, caused by biased training data, biased feature selection, or lack of diverse development teams. AP CSP Topic 5.3.由有偏见的训练数据、有偏见的特征选择或缺乏多元化开发团队导致的对某些群体系统性不公平结果。AP CSP 主题 5.3。
Accessibility in computing计算中的可访问性
Designing systems usable by people with diverse abilities. Examples: screen readers, captions, keyboard navigation, high-contrast themes. CSTA 3A-AP-21.设计可供各种能力人士使用的系统。例子:屏幕阅读器、字幕、键盘导航、高对比度主题。CSTA 3A-AP-21。
E-waste and green computing电子废物与绿色计算
E-waste = discarded electronics with toxic materials. Green computing = energy-efficient design, renewable energy, extending device lifespan. ON ICS3U D1.1.电子废物 = 含有毒材料的废弃电子产品。绿色计算 = 节能设计、可再生能源、延长设备寿命。安大略 ICS3U D1.1。
AP CSP Big Idea 5 (IOC) topicsAP CSP 大概念 5(IOC)主题
5.1 Beneficial and Harmful Effects; 5.2 Digital Divide; 5.3 Computing Bias; 5.5 Legal and Ethical Concerns; 5.6 Safe Computing. Weighted 21-26% of the exam.5.1 有益和有害影响;5.2 数字鸿沟;5.3 计算偏见;5.5 法律和伦理问题;5.6 安全计算。占考试 21-26%。
Mixed Practice综合练习

Practice Quiz综合测验

A user receives an email that appears to be from their bank, asking them to click a link and enter their password. The link leads to a site with a slightly different URL. What is this attack?用户收到一封看起来来自其银行的电子邮件,要求点击链接并输入密码。该链接指向 URL 略有不同的网站。这是什么攻击?
Q1
Ransomware勒索软件
Social engineering (baiting)社会工程学(诱骗)
Phishing钓鱼
Spyware间谍软件
Phishing impersonates a trusted entity (the bank) via email to steal credentials. The fake URL is the tell-tale sign. Defence: inspect URLs carefully; go directly to the bank's site.钓鱼通过电子邮件冒充可信实体(银行)来窃取凭据。虚假 URL 是识别信号。防御:仔细检查 URL;直接访问银行网站。
Ransomware encrypts files. Baiting leaves physical lures (like USB drives). Spyware records activity silently. Email impersonation = phishing.勒索软件加密文件。诱骗留下物理诱饵(如 USB 驱动器)。间谍软件悄悄记录活动。电子邮件冒充 = 钓鱼。
Which encryption method uses a public key for encryption and a private key for decryption?哪种加密方法使用公钥加密和私钥解密?
Q2
Symmetric encryption对称加密
Asymmetric encryption非对称加密
Hashing哈希
MFAMFA
Asymmetric encryption uses a mathematically linked key pair: public key (shareable) encrypts; private key (secret) decrypts. Used in HTTPS, SSH, email signing. Symmetric uses one shared key for both operations.非对称加密使用数学上关联的密钥对:公钥(可共享)加密;私钥(秘密)解密。用于 HTTPS、SSH、电子邮件签名。对称加密使用一个共享密钥进行两种操作。
Symmetric = one key for both. Asymmetric = key pair (public encrypts, private decrypts). Hashing = one-way, not reversible. MFA = authentication method, not encryption.对称 = 两者使用一个密钥。非对称 = 密钥对(公钥加密,私钥解密)。哈希 = 单向,不可逆。MFA = 身份验证方法,不是加密。
A company's HR system was trained on historical hiring data from a male-dominated industry and now systematically gives women lower scores. What is the root cause?一家公司的人力资源系统在以男性为主的行业的历史招聘数据上进行训练,现在系统性地给女性更低的分数。根本原因是什么?
Q3
A phishing attack on the HR database对人力资源数据库的钓鱼攻击
Lack of encryption on the training data训练数据缺乏加密
Software piracy of the machine learning library机器学习库的软件盗版
Algorithmic bias from biased training data encoding historical discrimination训练数据中编码的历史歧视导致的算法偏见
Algorithmic bias from biased training data. The historical hiring data reflected a biased process; the model learned to reproduce that bias. CSTA 3A-IC-25 and AP CSP Topic 5.3 address this. Fix: more representative training data and diverse evaluation panels.来自有偏见训练数据的算法偏见。历史招聘数据反映了一个有偏见的过程;模型学会了重现这种偏见。CSTA 3A-IC-25 和 AP CSP 主题 5.3 涉及这一问题。解决方案:更具代表性的训练数据和多元化的评估小组。
This is algorithmic bias from training data, not a security attack, encryption failure, or licensing issue. The system discriminates because it learned from discriminatory historical data.这是来自训练数据的算法偏见,而非安全攻击、加密失败或许可问题。系统歧视是因为它从有歧视性的历史数据中学习。
Under the GPL (GNU General Public Licence), if you modify an open-source program and distribute it, what must you do?在 GPL(GNU 通用公共许可)下,如果你修改一个开源程序并分发它,你必须做什么?
Q4
Release your modifications under the same GPL licence在相同的 GPL 许可下发布你的修改
Pay a licensing fee to the original author向原作者支付许可费
Keep your modifications proprietary保持你的修改专有
Register the software with the copyright office向版权局注册软件
GPL is a copyleft licence: any derivative work distributed publicly must also be released under the GPL. This "viral" property ensures open-source software stays open. MIT and Apache 2.0 licences do not require this — they are permissive.GPL 是著佐权许可:任何公开分发的衍生作品也必须在 GPL 下发布。这种"传染性"属性确保开源软件保持开放。MIT 和 Apache 2.0 许可不要求这样做——它们是宽松的。
GPL has no fee. It requires copyleft: derivatives must stay open-source under GPL. You cannot make GPL-derived code proprietary. Registration is not required for copyright protection.GPL 没有费用。它要求著佐权:衍生作品必须在 GPL 下保持开源。你不能将 GPL 派生代码设为专有。版权保护不需要注册。
Ontario ICS3U strand D1 is distinctive for its emphasis on which of the following?安大略 ICS3U D1 单元因强调以下哪项而独具特色?
Q5
Algorithmic efficiency analysis算法效率分析
Object-oriented programming concepts面向对象编程概念
Environmental stewardship and sustainability of computer use计算机使用的环境管理和可持续性
Network protocols and TCP/IP网络协议和 TCP/IP
Ontario ICS3U D1 (verbatim): "describe policies on computer use that promote environmental stewardship and sustainability." D1.1 names e-waste, health effects. This green-computing theme is the most distinctive feature of Ontario's approach compared to the other three curricula in this guide.安大略 ICS3U D1(原文):"描述促进环境管理和可持续性的计算机使用政策。" D1.1 命名了电子废物、健康影响。这一绿色计算主题是安大略方法与本指南其他三套课程相比最显著的特征。
D1 is specifically about environmental sustainability. Algorithm efficiency is in strand C (ICS4U). OOP is in strand A/C. Networks are barely covered in ICS3U/ICS4U.D1 专门关注环境可持续性。算法效率在 C 单元(ICS4U)中。OOP 在 A/C 单元中。ICS3U/ICS4U 几乎不涵盖网络。
CSTA 3A-IC-28 says: "Explain the beneficial and harmful effects that intellectual property laws can have on innovation." Which example best illustrates a HARMFUL effect of IP law on innovation?CSTA 3A-IC-28 说:"解释知识产权法律对创新可能产生的有益和有害影响。"哪个例子最能说明知识产权法律对创新的有害影响?
Q6
A company patents a new algorithm, enabling them to profit from their invention一家公司为新算法申请专利,使他们能够从发明中获利
A broad software patent blocks competitors from using a widely-needed technique for 20 years一项广泛的软件专利阻止竞争对手在 20 年内使用一种广泛需要的技术
Open-source licences use copyright law to keep software open开源许可利用版权法保持软件开放
Copyright protects a programmer's original code from being copied版权保护程序员的原创代码不被复制
Broad or overly aggressive patents can stifle innovation by blocking competitors from implementing fundamental techniques for decades. This is the "harmful effect" that CSTA 3A-IC-28 asks you to evaluate. Options A, C, and D are beneficial effects of IP law.广泛或过于激进的专利可以通过阻止竞争对手实施数十年的基本技术来抑制创新。这是 CSTA 3A-IC-28 要求你评估的"有害影响"。选项 A、C 和 D 是知识产权法律的有益影响。
The question asks for a HARMFUL effect. Profit from patents (A), copyleft (C), and code protection (D) are beneficial effects. Broad patents blocking innovation is the harmful effect.题目询问的是有害影响。从专利获利(A)、著佐权(C)和代码保护(D)是有益影响。阻碍创新的广泛专利是有害影响。
AP CSP Skill 5.C asks you to "describe the impact of a computing innovation." Which answer best demonstrates this skill for GPS navigation apps?AP CSP 技能 5.C 要求你"描述计算创新的影响"。哪个答案最能展示对 GPS 导航应用的这一技能?
Q7
GPS apps use satellite signals to determine locationGPS 应用使用卫星信号确定位置
GPS apps are very popular and used by millions of peopleGPS 应用非常流行,被数百万人使用
GPS apps help people find directions when they are lostGPS 应用帮助人们在迷路时找到方向
GPS apps benefit commuters with real-time routing but collect location data that can be used for surveillance without users' awarenessGPS 应用为通勤者提供实时路线规划带来好处,但在用户不知情的情况下收集可用于监控的位置数据
Skill 5.C requires identifying both beneficial effects (real-time routing helps commuters) AND harmful effects (location surveillance) AND affected groups. Option D does all three. The other options describe how GPS works or its popularity, not its impact.技能 5.C 要求识别有益影响(实时路线规划帮助通勤者)和有害影响(位置监控)以及受影响的群体。选项 D 完成了所有三个方面。其他选项描述 GPS 的工作方式或受欢迎程度,而非其影响。
Skill 5.C requires IMPACT — both beneficial and harmful effects on people. "GPS uses satellites" (A) = how it works. "Very popular" (B) = usage stats. "Helps when lost" (C) = one benefit only. Only D covers both sides of impact.技能 5.C 要求影响——对人的有益和有害影响。"GPS 使用卫星"(A)= 工作方式。"非常流行"(B)= 使用统计。"迷路时帮助"(C)= 仅一个好处。只有 D 涵盖了影响的两面。
Self-check自查

Readiness Checklist准备就绪清单

Tick each item when you can do it cold, without notes, on a first attempt.能在无笔记、首次尝试下完成,再勾选每一项。

0 / 11 mastered已掌握 0 / 11
DINGRUI SCHOLARS

High School Computer Science · Cybersecurity, Ethics and Society · v1高中计算机科学 · 网络安全、伦理与社会 · v1