How do we protect personal data and stay safe online against threats like malware and phishing?
Topic 5.6 Safe Computing: personal data is collected and stored by computing systems, and safe computing uses authentication, encryption and awareness of threats such as malware and phishing to protect it.
A focused answer to AP CSP Topic 5.6, covering how personal data is collected and tracked, privacy risks, authentication and strong passwords, multi-factor authentication, encryption (symmetric and public key), and common threats such as malware and phishing, with practical safeguards.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this topic is asking
The College Board (Topic 5.6) wants you to understand safe computing: how personal data is collected and stored, the privacy risks involved, and the techniques that protect data and users. You need to know about authentication (passwords, multi-factor), encryption (symmetric and public key), and common threats such as malware and phishing, plus the practical steps users and developers take to stay safe.
Personal data and privacy risk
Authentication
Encryption
Encryption is what protects data in transit (for example secure web connections) and at rest, so that intercepted data is unreadable without the key.
Common threats
- Malware is software designed to damage or gain unauthorised access to a system (viruses, worms, ransomware, spyware). It often arrives through downloads or attachments.
- Phishing tricks users into revealing sensitive information by impersonating a trustworthy source, such as a fake email or website.
Users defend themselves by being cautious with links and attachments, verifying senders and web addresses, using strong passwords and MFA, and keeping software updated.
Try this
Q1. What extra protection does multi-factor authentication provide over a password alone? [2 points]
- Cue. It requires a second factor (something you have, like a phone code) in addition to the password, so a stolen password alone is not enough to log in.
Q2. State the difference between symmetric and public key encryption. [2 points]
- Cue. Symmetric uses a single shared key for both encryption and decryption; public key uses a public key to encrypt and a separate private key to decrypt, so the private key is never shared.
Exam-style practice questions
Practice questions written in the style of College Board exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
AP 2022 (style)1 marksMultiple choice. Which of the following best describes public key encryption?
(A) A single secret key is shared between sender and receiver to both encrypt and decrypt.
(B) A public key encrypts data and a different, private key decrypts it, so the private key never needs to be shared.
(C) Data is compressed so it cannot be read.
(D) Passwords are stored in plain text for convenience.
Show worked answer →
The answer is (B).
Public key encryption uses a pair of keys: a freely shared public key to encrypt, and a secret private key, kept by the recipient, to decrypt. Because only the public key is shared, the private key never travels and stays secret. (A) describes symmetric encryption, which uses one shared key. (C) compression is not encryption. (D) is the opposite of safe practice.
Markers reward distinguishing public key encryption (a public/private key pair) from symmetric encryption (one shared key).
AP 2021 (style)2 marksFree response (short). Explain what phishing is and describe one way a user can protect themselves against it.
Show worked answer →
A 2-point question on a common threat and its mitigation.
Point 1 (what): Phishing is an attempt to trick a user into revealing sensitive information (passwords, financial details) by pretending to be a trustworthy source, for example a fake email or website that looks legitimate.
Point 2 (protection): A user can protect themselves by not clicking suspicious links, checking the sender and web address carefully, not entering credentials on unverified sites, and using multi-factor authentication so a stolen password alone is not enough. Any valid protection earns the second mark.
Related dot points
- Topic 5.5 Legal and Ethical Concerns: computing raises legal and ethical issues including intellectual property, licensing, plagiarism, privacy and the responsible use and sharing of material and data.
A focused answer to AP CSP Topic 5.5, covering intellectual property and copyright, open-source and Creative Commons licensing, plagiarism, the ethics of using others' work, privacy of personal data, and the legal and ethical responsibilities of creators and users.
- Topic 5.1 Beneficial and Harmful Effects: computing innovations have both beneficial and harmful effects on society, economy and culture, and effects may be intended or unintended.
A focused answer to AP CSP Topic 5.1, covering how a single computing innovation can have both beneficial and harmful effects, intended versus unintended consequences, effects on individuals and society, and how to analyze an innovation's impact for the exam.
- Topic 4.1 The Internet: the Internet is a network of networks that moves data in packets using protocols such as IP and TCP, with addressing, routing and standards enabling scalable communication.
A focused answer to AP CSP Topic 4.1, covering the Internet as a network of networks, IP addresses, packets and packet switching, protocols (IP, TCP, HTTP, DNS), bandwidth and latency, redundancy in routing, and why open standards enable scalability.
- Topic 4.2 Fault Tolerance: a system is fault tolerant if it continues to operate when some components fail; redundancy (multiple paths or copies) is the main way networks achieve fault tolerance.
A focused answer to AP CSP Topic 4.2, covering what fault tolerance means, how redundancy of paths and data provides it, why the Internet is fault tolerant, the difference between a fault-tolerant and a non-redundant system, and the costs of redundancy.
- Topic 5.3 Computing Bias: computing innovations can reflect existing human biases through biased data or design choices, and bias can be embedded intentionally or unintentionally.
A focused answer to AP CSP Topic 5.3, covering how bias enters computing systems through biased data and design, intentional versus unintentional bias, real effects on people, why biased data produces biased outputs, and how bias can be identified and reduced.
Sources & how we know this
- AP Computer Science Principles Course and Exam Description — College Board (2025)