1. SECURITY AND
LEGAL ASPECTS
OF IT
FYUP Commerce
Section - A
Group Members – Anish (69)
Namit (65)
Prithvi (60)
Ishan (49)
Riya (71)
2. Contents
CYBER CRIME
CYBER LAW IN INDIA
CYBER SECURITY
INITIATIVES TAKEN BY THE
GOVERNMENT FOR PROMOTING
CYBER SECURITY
3. • No
definition specified in the Information
Technology Act, 2000 or any other legislation
• All criminal activities done using computers, the
Internet, cyber space and the worldwide web(WWW)
• Any offence in which a computer is used is a ‘cyber
crime’.
5. Cyber crimes punishable by law
1. Hacking
• Unauthorised attempts to bypass the security
mechanisms of an information system to gain
access to programmes, data and network
resources.
• Punishment under IT (Amendment) Act, 2008:
imprisonment upto three years or fine, upto five
lakh rupees or both.
6. 2. Data Theft
• Without permission of the owner, an attempt is
made to download, copy or extract any data or
information, from a computer system, network
or any removable storage medium.
3. Spreading Viruses or Worms
• Viruses are harmful programmes which can
send a person’s data to a third party, delete data
on a computer, mess up the system and render
it unusable, install unwanted files on the
system, etc.
7. 4. Identity Theft
• A form of fraud in which a person pretends to be
someone else by assuming the other person’s identity
• Undertaken to access resources or obtain credit and
other benefits in the victim’s name
5. E-mail spoofing
• A technique used by hackers to send mails in which
sender’s address and other parts of the email are altered.
• This method is used to disguise the
actual email address from which phishing
and spam messages are sent
• Motive: to trick users into providing
personal and confidential information
8.
9. Cyber Law
Cyber Law is the law governing
cyber space. Cyber space is a
very wide term and includes
computers, networks, software,
data storage devices.
Law holds the rules of conduct :
That have been approved by the government,
which are in force over a certain territory, and
which must be obeyed by all persons on that
territory.
10. Need For Cyber Law
Cyberspace is an limitless dimension that is
impossible to govern and regulate using
conventional law.
Cyberspace is absolutely open for participation
by all.
11. A software source code worth crores of rupees
or a movie can be pirated across the globe
within hours of their release.
Hence, to stop this type of crime and to govern
the cyber space, various cyber laws were made.
12. CYBER LAWS
IN
INDIA
• The Information Technology
Act, 2000
• The Information Technology
(Amendment) Act, 2008
13. The Information Technology Act (2000)
The primary source of cyber law in India is the
Information Technology Act, 2000 (IT Act) which
came into force on 17 October 2000.
The primary purpose of the Act is to provide
legal recognition to electronic commerce and to
facilitate the filing of electronic records with the
Government.
14. The IT act also penalizes various cyber
crimes
and provides strict punishments
(imprisonment terms upto 10 years and
compensation up to Rs.1 crore).
Information Technology (Certifying
Authority) Regulations, 2001 came into
force on 9 July 2001. They provide further
technical standards and procedures to be used
by a Certifying Authority.
15. The Information Technology
(Amendment) Act, 2008
The Government of India has brought major amendments to
ITA-2000 in form of the Information Technology Amendment Act,
2008.
ITAA 2008 (Information Technology Amendment Act 2008) as
the new version of Information Technology Act 2000 is often
referred has provided additional focus on Information Security.
It has added several new sections on offences including Cyber
Terrorism and Data Protection.
A set of Rules relating to Sensitive Personal Information and
Reasonable Security Practices (mentioned in section 43A of the
ITAA, 2008) was released in April 2011.
16.
17. Cyber security is a branch of computer security
specifically related to the Internet.
It's objective is to establish rules and measure to
use against attacks over the Internet.
18. Defend us from critical attacks.
Browse the safe website.
Internet security process all the incoming and
outgoing data on our computer.
Security will defend from hacks and virus.
The security developers will update their database
every week once. Hence the new virus also deleted.
19. 1.Install OS/Software Updates
2.Run Anti-virus Software
3. Prevent Identity Theft
4. Protect Passwords
5. Avoid Spyware/Adware
6. Turn on Personal Firewalls
7. Back up Important Files
20. Physically secure your computer by using security
cables and locking doors and windows in the dorms
and off-campus housing.
Avoid leaving your laptop unsupervised and in plain
view in the library or coffee house, or in your car, dorm
room or home.
Set up a user account and password to prevent
unauthorized access to your computer files.
20
22. Protect Your Credit Cards and Bank
Accounts
• This is a common area of fraud for everyone from sole
proprietors to employee-based firms. Start by separating
your personal banking and credit cards from your
business accounts – this will ensure fraudsters don’t get
their hands on your money. Separating your accounts will
also make it easier to track your business expenses and
report deductions on your tax return.
• Make sure you use your card wisely. Don’t hand over
your plastic or your card number to employees or
companies with which you don’t have a familiar
relationship. Switch to online bill pay or make sure you
store paper bills securely
23. Secure Your IT Infrastructure
• Every business owner should invest in a firewall
as well as anti-virus, malware and spyware
detection software. Backing-up is also a must
and will make it a lot easier for you to continue
working in the event of a cyber attack
24. Have a Password Policy
• Another easy step you can take to protect your
IT systems is to institute a password policy.
• Make sure you and your employees change them
regularly (every 60 to 90 days is good rule)
• Set rules that ensure passwords are complex (i.e.
contain one upper case letter, one number and
must be a minimum of eight characters)
• Use different passwords for different online and
system accounts
25. Educate Your Staff
• Employees are perhaps your biggest point of
vulnerability when it comes to fraud, but they are
also your first line of defense. Hold regular training
sessions on basic security threats (online and off)
and prevention measures – both for new hires and
seasoned staff. Enforce the training by instituting
policies that guide employees on the proper use and
handling of company confidential information,
including financial data, personnel and customer
information.
26. INITIATIVES TAKEN BY THE
GOVERNMENT FOR
PROMOTING CYBER SECURITY
India has started many good initiatives
and formulated far reaching policies in
the field of cyber security. However,
their actual implementation is still
missing and thereby making all these
efforts futile. For instance, the Cyber
Security Policy and The National
Security Policy of India have been
declared but their actual
implementation in the cyber field is
still missing. As a result, the cyber
security of India is at great peril.
27. As noted earlier, the need for Cyber Security has been
increasingly evident in the past 2-3 years. In this regard, Mr.
Gulshan Rai was appointed as India’s first ever National Cyber
Security Coordinator in May, 2013.
The defence of cyberspace necessarily involves the forging of
effective partnerships between the public organisations charged
with ensuring the security of cyberspace and those who manage
the use of this space by myriad users like government
departments, banks, infrastructure, manufacturing and service
enterprises and individual citizens.
28. Following are the initiatives taken
by the government -:
NATIONAL CYBER SECURITY
POLICY 2013 :With an aim to monitor and
protect information and strengthen defences from cyber
attacks, the National Cyber Security Policy 2013 was
released on July 2, 2013 by the Government of India.
The policy calls for effective public and private
partnership and collaborative engagements through
technical and operational cooperation. The stress on
public-private partnership is critical to tackling cyber
threats through proactive measures and adoption of best
practices besides creating a think tank for cyber security
evolution in future.
29. • Another strategy which has been emphasized is the promotion
of research and development in cyber security. Research and
development of trustworthy systems and their testing,
collaboration with industry and academia, setting up of ‘Centre
of Excellence’ in areas of strategic importance from the point of
view of cyber and R&D on cutting edge security technologies,
are the hallmarks of this strategy laid down in the policy.
• The policy also calls for developing human resource through
education and training programmes, establishing cyber security
training infrastructure through public private partnership and to
establish institutional mechanisms for capacity building for law
enforcement agencies. Creating a workforce of 500,000
professionals trained in cyber security in the next 5 years is also
envisaged in the policy through skill development and training.
30. Existing Counter Cyber Security Initiatives
1. National Informatics Centre (NIC) - A premier organisation
providing network backbone and e-governance support to the
Central Government, State Governments, Union Territories,
Districts and other Governments bodies. It provides wide range
of information and communication technology services
including nation wide communication. Network for
decentralized planning improvement in Government services
and wider transparency of national and local governments.
2. Indian Computer Emergency Response Team (Cert-In)- Cert-In
is the most important constituent of India's cyber community.
Its mandate states, 'ensure security of cyber space in the country
by enhancing the security communications and information
infrastructure, through proactive action and effective
collaboration aimed at security incident prevention and
response and security assurance'.
31. 3.
a)
b)
c)
d)
Indo-US Cyber Security Forum (IUSCSF) - Under this forum
(set up in 2001) high power delegations from both side met and
several initiatives were announced. Highlights are :Setting up an India Information Sharing and Analysis Centre
(ISAC) for better cooperation in anti hacking measures.
Ongoing cooperation between India's Standardization Testing
and Quality Certification (STQC) and the US National Institute
of Standards and Technology (NIST) would be expanded to
new areas.
The R&D group will work on the hard problems of cyber
security. Cyber forensics and anti spasm research.
Chalked the way for intensifying bilateral cooperation to
control cyber crime - between the two countries.
32. Alliances of Cyber Security with other Nations
to fight the cause as a global economy : With the
increasing proliferation of information and communication
technologies (ICTs) and the growing opportunity for real-time
borderless exchange, cyber security is a complex transnational
issue that requires global cooperation for ensuring a safe
Internet. According to a 2011 Norton study, threats to
cyberspace have increased dramatically in the past year afflicting
431 million adult victims globally – or 14 adults victims every
second, one million cybercrime victims every day. In this regard,
it can be mentioned that in addition to India’s ties with US, India
also has ties for cyber security with China and South Korea (
confirmed on Jan 17, 2014 ).
33. • Cyber Security in
India is still in its
infancy. Global
Awareness and the
need for such a
cause has been
identified. With the
number of Internet
users increasing day
by day, it is evident
that India lags in
providing cyber
security to it’s
internet users.
34. Group Members – Namit (65)
Anish (69)
Riya (71)
Prithvi (60)
Ishan (49)