MBA KMB108 UNIT 5 (Cyber Crime and Privacy Issues, Cyber Laws, IT ACT 2000)


Security and Ethical Challenges of IT
The Government of India enacted the Information Technology (I.T.) Act with some major objectives to deliver and facilitate lawful electronic, digital, and online transactions, and mitigate cyber-crimes.
Salient Features of I.T Act
The salient features of the I.T Act are as follows −
·        Digital signature has been replaced with electronic signature to make it a more technology neutral act.
·        It elaborates on offenses, penalties, and breaches.
·        It outlines the Justice Dispensation Systems for cyber-crimes.
·        It defines in a new section that cyber cafĂ© is any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.
·        It provides for the constitution of the Cyber Regulations Advisory Committee.
·        It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
·        It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.
Scheme of I.T Act
The following points define the scheme of the I.T. Act −
·        The I.T. Act contains 13 chapters and 90 sections.
·        The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with the amendments to the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 were deleted.
·        It commences with Preliminary aspect in Chapter 1, which deals with the short, title, extent, commencement and application of the Act in Section 1. Section 2 provides Definition.
·        Chapter 2 deals with the authentication of electronic records, digital signatures, electronic signatures, etc.
·        Chapter 11 deals with offences and penalties. A series of offences have been provided along with punishment in this part of The Act.
·        Thereafter the provisions about due diligence, role of intermediaries and some miscellaneous provisions are been stated.
·        The Act is embedded with two schedules. The First Schedule deals with Documents or Transactions to which the Act shall not apply. The Second Schedule deals with electronic signature or electronic authentication technique and procedure. The Third and Fourth Schedule are omitted.
Application of the I.T Act
As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents or transactions specified in First Schedule. Following are the documents or transactions to which the Act shall not apply −
·        Negotiable Instrument (Other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881;
·        power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
·        trust as defined in section 3 of the Indian Trusts Act, 1882;
·        will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition;
·        Any contract for the sale or conveyance of immovable property or any interest in such property;
·        Any such class of documents or transactions as may be notified by the Central Government.
Amendments Brought in the I.T Act
The I.T. Act has brought amendment in four statutes vide section 91-94. These changes have been provided in schedule 1-4.
·        The first schedule contains the amendments in the Penal Code. It has widened the scope of the term "document" to bring within its ambit electronic documents.
·        The second schedule deals with amendments to the India Evidence Act. It pertains to the inclusion of electronic document in the definition of evidence.
·        The third schedule amends the Banker's Books Evidence Act. This amendment brings about change in the definition of "Banker's-book". It includes printouts of data stored in a floppy, disc, tape or any other form of electromagnetic data storage device. Similar change has been brought about in the expression "Certified-copy" to include such printouts within its purview.
·        The fourth schedule amends the Reserve Bank of India Act. It pertains to the regulation of fund transfer through electronic means between the banks or between the banks and other financial institution.

Intermediary Liability
Intermediary, dealing with any specific electronic records, is a person who on behalf of another person accepts, stores or transmits that record or provides any service with respect to that record.
According to the above mentioned definition, it includes the following −
  • Telecom service providers
  • Network service providers
  • Internet service providers
  • Web-hosting service providers
  • Search engines
  • Online payment sites
  • Online auction sites
  • Online market places and cyber cafes
Highlights of the Amended Act
The newly amended act came with following highlights −
  • It stresses on privacy issues and highlights information security.
  • It elaborates Digital Signature.
  • It clarifies rational security practices for corporate.
  • It focuses on the role of Intermediaries.
  • New faces of Cyber Crime were added.


Cyberspace

Cyberspace can be defined as an intricate environment that involves interactions between people, software, and services. It is maintained by the worldwide distribution of information and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups. The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it.

Cyber security

Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System.
The Ministry of Communication and Information Technology under the government of India provides a strategy outline called the National Cybersecurity Policy. The purpose of this government body is to protect the public and private infrastructure from cyber-attacks.

Cybersecurity Policy

The cybersecurity policy is a developing mission that caters to the entire field of Information and Communication Technology (ICT) users and providers. It includes −
  • Home users
  • Small, medium, and large Enterprises
  • Government and non-government entities
It serves as an authority framework that defines and guides the activities associated with the security of cyberspace. It allows all sectors and organizations in designing suitable cybersecurity policies to meet their requirements. The policy provides an outline to effectively protect information, information systems and networks.
It gives an understanding into the Government’s approach and strategy for security of cyber space in the country. It also sketches some pointers to allow collaborative working across the public and private sectors to safeguard information and information systems. Therefore, the aim of this policy is to create a cybersecurity framework, which leads to detailed actions and programs to increase the security carriage of cyberspace.

Cyber Crime

The Information Technology Act 2000 or any legislation in the Country does not describe or mention the term Cyber Crime. It can be globally considered as the gloomier face of technology. The only difference between a traditional crime and a cyber-crime is that the cyber-crime involves in a crime related to computers. Let us see the following example to understand it better −
Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the house.
Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer, hacks the computer of Ram and steals the data saved in Ram’s computer without physically touching the computer or entering in Ram’s house.
The I.T. Act, 2000 defines the terms −
·        access in computer network in section 2(a)
·        computer in section 2(i)
·        computer network in section (2j)
·        data in section 2(0)
·        information in section 2(v).
To understand the concept of Cyber Crime, you should know these laws. The object of offence or target in a cyber-crime are either the computer or the data stored in the computer.

Nature of Threat

Among the most serious challenges of the 21st century are the prevailing and possible threats in the sphere of cybersecurity. Threats originate from all kinds of sources, and mark themselves in disruptive activities that target individuals, businesses, national infrastructures, and governments alike. The effects of these threats transmit significant risk for the following −
  • public safety
  • security of nations
  • stability of the globally linked international community
Malicious use of information technology can easily be concealed. It is difficult to determine the origin or the identity of the criminal. Even the motivation for the disruption is not an easy task to find out. Criminals of these activities can only be worked out from the target, the effect, or other circumstantial evidence. Threat actors can operate with considerable freedom from virtually anywhere. The motives for disruption can be anything such as −
  • simply demonstrating technical prowess
  • theft of money or information
  • extension of state conflict, etc.
Criminals, terrorists, and sometimes the State themselves act as the source of these threats. Criminals and hackers use different kinds of malicious tools and approaches. With the criminal activities taking new shapes every day, the possibility for harmful actions propagates.

Enabling People

The lack of information security awareness among users, who could be a simple school going kid, a system administrator, a developer, or even a CEO of a company, leads to a variety of cyber vulnerabilities. The awareness policy classifies the following actions and initiatives for the purpose of user awareness, education, and training −
·        A complete awareness program to be promoted on a national level.
·        A comprehensive training program that can cater to the needs of the national information security (Programs on IT security in schools, colleges, and universities).
·        Enhance the effectiveness of the prevailing information security training programs. Plan domain-specific training programs (e.g., Law Enforcement, Judiciary, E-Governance, etc.)
·        Endorse private-sector support for professional information security certifications.

Information Technology Act

The Government of India enacted The Information Technology Act with some major objectives which are as follows −
·        To deliver lawful recognition for transactions through electronic data interchange (EDI) and other means of electronic communication, commonly referred to as electronic commerce or E-Commerce. The aim was to use replacements of paper-based methods of communication and storage of information.
·        To facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I. T. Act got the President’s assent on June 9, 2000 and it was made effective from October 17, 2000. By adopting this Cyber Legislation, India became the 12th nation in the world to adopt a Cyber Law regime.

Mission and Vision Cybersecurity Program

Mission

The following mission caters to cybersecurity −
·        To safeguard information and information infrastructure in cyberspace.
·        To build capabilities to prevent and respond to cyber threats.
·        To reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation.

 

 

Cyber Crime & Cyber Security

The crime that involves and uses computer devices and Internet, is known as cybercrime.
Cybercrime can be committed against an individual or a group; it can also be committed against government and private organizations. It may be intended to harm someone’s reputation, physical harm, or even mental harm.

Cybercrime can cause direct harm or indirect harm to whoever the victim is.
However, the largest threat of cybercrime is on the financial security of an individual as well as the government.
Cybercrime causes loss of billions of USD every year.

Types of Cybercrime

Let us now discuss the major types of cybercrime −

Hacking

It is an illegal practice by which a hacker breaches the computer’s security system of someone for personal interest.

Unwarranted mass-surveillance

Mass surveillance means surveillance of a substantial fraction of a group of people by the authority especially for the security purpose, but if someone does it for personal interest, it is considered as cybercrime.

Child pornography

It is one of the most heinous crimes that is brazenly practiced across the world. Children are sexually abused and videos are being made and uploaded on the Internet.

Child grooming

It is the practice of establishing an emotional connection with a child especially for the purpose of child-trafficking and child prostitution.

Copyright infringement

If someone infringes someone’s protected copyright without permission and publishes that with his own name, is known as copyright infringement.

Money laundering

Illegal possession of money by an individual or an organization is known as money laundering. It typically involves transfers of money through foreign banks and/or legitimate business. In other words, it is the practice of transforming illegitimately earned money into the legitimate financial system.

Cyber-extortion

When a hacker hacks someone’s email server, or computer system and demands money to reinstate the system, it is known as cyber-extortion.

Cyber-terrorism

Normally, when someone hacks government’s security system or intimidates government or such a big organization to advance his political or social objectives by invading the security system through computer networks, it is known as cyber-terrorism.

Cyber Security

Cyber security is a potential activity by which information and other communication systems are protected from and/or defended against the unauthorized use or modification or exploitation or even theft.
Likewise, cyber security is a well-designed technique to protect computers, networks, different programs, personal data, etc., from unauthorized access.
All sorts of data whether it is government, corporate, or personal need high security; however, some of the data, which belongs to the government defense system, banks, defense research and development organization, etc. are highly confidential and even small amount of negligence to these data may cause great damage to the whole nation. Therefore, such data need security at a very high level.

How to Secure Data?

Let us now discuss how to secure data. In order to make your security system strong, you need to pay attention to the following −
  • Security Architecture
  • Network Diagram
  • Security Assessment Procedure
  • Security Policies
  • Risk Management Policy
  • Backup and Restore Procedures
  • Disaster Recovery Plan
  • Risk Assessment Procedures
Once you have a complete blueprint of the points mentioned above, you can put better security system to your data and can also retrieve your data if something goes wrong.



MBA KMB 108 (Computer Applications and Management Information System) Lecture 6


MBA

SUBJECT NAME: Computer Applications and Management Information System

Subject Code: RMB 108

UNIT 1(conceptual frame work)

 Operating System

·        An operating system is a program that acts as an interface between the software and the computer hardware.
·        It is an integrated set of specialized programs used to manage overall resources and operations of the computer.
·        It is a specialized software that controls and monitors the execution of all other programs that reside in the computer, including application programs and other system software.
Operating System

Objectives of Operating System

The objectives of the operating system are −
  • To make the computer system convenient to use in an efficient manner.
  • To hide the details of the hardware resources from the users.
  • To provide users a convenient interface to use the computer system.
  • To act as an intermediary between the hardware and its users, making it easier for the users to access and use other resources.
  • To manage the resources of a computer system.
  • To keep track of who is using which resource, granting resource requests, and mediating conflicting requests from different programs and users.
  • To provide efficient and fair sharing of resources among users and programs.

Characteristics of Operating System

Here is a list of some of the most prominent characteristic features of Operating Systems −
  • Memory Management − Keeps track of the primary memory, i.e. what part of it is in use by whom, what part is not in use, etc. and allocates the memory when a process or program requests it.
  • Processor Management − Allocates the processor (CPU) to a process and deallocates the processor when it is no longer required.
  • Device Management − Keeps track of all the devices. This is also called I/O controller that decides which process gets the device, when, and for how much time.
  • File Management − Allocates and de-allocates the resources and decides who gets the resources.
  • Security − Prevents unauthorized access to programs and data by means of passwords and other similar techniques.
  • Job Accounting − Keeps track of time and resources used by various jobs and/or users.
  • Control Over System Performance − Records delays between the request for a service and from the system.
  • Interaction with the Operators − Interaction may take place via the console of the computer in the form of instructions. The Operating System acknowledges the same, does the corresponding action, and informs the operation by a display screen.
  • Error-detecting Aids − Production of dumps, traces, error messages, and other debugging and error-detecting methods.
  • Coordination Between Other Software and Users − Coordination and assignment of compilers, interpreters, assemblers, and other software to the various users of the computer systems.

Types of Operating System


Operating systems are there from the very first computer generation and they keep evolving with time. In this chapter, we will discuss some of the important types of operating systems which are most commonly used.

1. Batch operating system

The users of a batch operating system do not interact with the computer directly. Each user prepares his job on an off-line device like punch cards and submits it to the computer operator. To speed up processing, jobs with similar needs are batched together and run as a group. The programmers leave their programs with the operator and the operator then sorts the programs with similar requirements into batches.
The problems with Batch Systems are as follows −
  • Lack of interaction between the user and the job.
  • CPU is often idle, because the speed of the mechanical I/O devices is slower than the CPU.
  • Difficult to provide the desired priority.

2. Time-sharing operating systems

Time-sharing is a technique which enables many people, located at various terminals, to use a particular computer system at the same time. Time-sharing or multitasking is a logical extension of multiprogramming. Processor's time which is shared among multiple users simultaneously is termed as time-sharing.
The main difference between Multiprogrammed Batch Systems and Time-Sharing Systems is that in case of Multiprogrammed batch systems, the objective is to maximize processor use, whereas in Time-Sharing Systems, the objective is to minimize response time.
Multiple jobs are executed by the CPU by switching between them, but the switches occur so frequently. Thus, the user can receive an immediate response. For example, in a transaction processing, the processor executes each user program in a short burst or quantum of computation. That is, if n users are present, then each user can get a time quantum. When the user submits the command, the response time is in few seconds at most.
The operating system uses CPU scheduling and multiprogramming to provide each user with a small portion of a time. Computer systems that were designed primarily as batch systems have been modified to time-sharing systems.
Advantages of Timesharing operating systems are as follows −
  • Provides the advantage of quick response.
  • Avoids duplication of software.
  • Reduces CPU idle time.
Disadvantages of Time-sharing operating systems are as follows −
  • Problem of reliability.
  • Question of security and integrity of user programs and data.
  • Problem of data communication.

3.Distributed Operating System

Distributed systems use multiple central processors to serve multiple real-time applications and multiple users. Data processing jobs are distributed among the processors accordingly.
The processors communicate with one another through various communication lines (such as high-speed buses or telephone lines). These are referred as loosely coupled systems or distributed systems. Processors in a distributed system may vary in size and function. These processors are referred as sites, nodes, computers, and so on.
The advantages of distributed systems are as follows −
  • * With resource sharing facility, a user at one site may be able to use the resources available at another.
  • * Speedup the exchange of data with one another via electronic mail.
  • * If one site fails in a distributed system, the remaining sites can potentially continue operating.
  • * Better service to the customers.
  • * Reduction of the load on the host computer.
  • * Reduction of delays in data processing.

4. Network operating System

A Network Operating System runs on a server and provides the server the capability to manage data, users, groups, security, applications, and other networking functions. The primary purpose of the network operating system is to allow shared file and printer access among multiple computers in a network, typically a local area network (LAN), a private network or to other networks.
Examples of network operating systems include Microsoft Windows Server 2003, Microsoft Windows Server 2008, UNIX, Linux, Mac OS X, Novell NetWare, and BSD.
The advantages of network operating systems are as follows −
  • Centralized servers are highly stable.
  • Security is server managed.
  • Upgrades to new technologies and hardware can be easily integrated into the system.
  • Remote access to servers is possible from different locations and types of systems.
The disadvantages of network operating systems are as follows −
  • High cost of buying and running a server.
  • Dependency on a central location for most operations.
  • Regular maintenance and updates are required.

5. Real Time operating System

A real-time system is defined as a data processing system in which the time interval required to process and respond to inputs is so small that it controls the environment. The time taken by the system to respond to an input and display of required updated information is termed as the response time. So in this method, the response time is very less as compared to online processing.
Real-time systems are used when there are rigid time requirements on the operation of a processor or the flow of data and real-time systems can be used as a control device in a dedicated application. A real-time operating system must have well-defined, fixed time constraints, otherwise the system will fail. For example, Scientific experiments, medical imaging systems, industrial control systems, weapon systems, robots, air traffic control systems, etc.
There are two types of real-time operating systems.

Hard real-time systems

Hard real-time systems guarantee that critical tasks complete on time. In hard real-time systems, secondary storage is limited or missing and the data is stored in ROM. In these systems, virtual memory is almost never found.

Soft real-time systems

Soft real-time systems are less restrictive. A critical real-time task gets priority over other tasks and retains the priority until it completes. Soft real-time systems have limited utility than hard real-time systems. For example, multimedia, virtual reality, Advanced Scientific Projects like undersea exploration and planetary rovers, etc

Graphical User Interface (GUI)

GUI is an interface that allows users to interact with different electronic devices using icons and other visual indicators. The graphical user interfaces were created because command line interfaces were quite complicated and it was difficult to learn all the commands in it.
In today’s times, graphical user interfaces are used in many devices such as mobiles, MP3 players, gaming devices, smartphones etc.
The below diagram provides the position of the graphical user interface with respect to the computer system:

Graphical User Interface

Elements in Graphical User Interface
Graphical User Interface makes use of visual elements mostly. These elements define the appearance of the GUI. Some of these are described in detail as follows:
Window
This is the element that displays the information on the screen. It is very easy to manipulate a window. It can be opened or closed with the click of an icon. Moreover, it can be moved to any area by dragging it around.In a multitasking environment, multiple windows can be open at the same time, all of them performing different tasks.
There are multiple types of windows in a graphical user interface, such as container window, browser window, text terminal window, child window, message window etc.
Menu
A menu contains a list a choices and it allows users to select one from them. A menu bar is displayed horizontally across the screen such as pull down menu. When any option is clicked in this menu, then the pull down menu appears.
Another type of menu is the context menu that appears only when the user performs a specific action. An example of this is pressing the right mouse button. When this is done, a menu will appear under the cursor.
Icons
Files, programs, web pages etc. can be represented using a small picture in a graphical user interface. This picture is known as an icon. Using an icon is a fast way to open documents, run programs etc. because clicking on them yields instant access.
Controls
Information in an application can be directly read or influences using the graphical control elements. These are also known as widgets. Normally, widgets are used to display lists of similar items, navigate the system using links, tabs etc. and manipulating data using check boxes, radio boxes etc.
Tabs
A tab is associated with a view pane. It usually contains a text label or a graphical icon. Tabs are sometimes related to widgets and multiple tabs allow users to switch between different widgets. Tabs are used in various web browsers such as Internet Explorer, Firefox, Opera, Safari etc. Multiple web pages can be opened in a web browser and users can switch between them using tabs.

Topic :Software & Types, Subject: Computer Fundamental Notes for CSJM University Kanpur(for different courses like BBA, BCA, etc..)

Software Software refers to the programs, data, and instructions that enable a computer or other digital device to perform specific tasks or...