MBA KMB108 UNIT 5 (Cyber Crime and Privacy Issues, Cyber Laws, IT ACT 2000)


Security and Ethical Challenges of IT
The Government of India enacted the Information Technology (I.T.) Act with some major objectives to deliver and facilitate lawful electronic, digital, and online transactions, and mitigate cyber-crimes.
Salient Features of I.T Act
The salient features of the I.T Act are as follows −
·        Digital signature has been replaced with electronic signature to make it a more technology neutral act.
·        It elaborates on offenses, penalties, and breaches.
·        It outlines the Justice Dispensation Systems for cyber-crimes.
·        It defines in a new section that cyber cafĂ© is any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.
·        It provides for the constitution of the Cyber Regulations Advisory Committee.
·        It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
·        It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.
Scheme of I.T Act
The following points define the scheme of the I.T. Act −
·        The I.T. Act contains 13 chapters and 90 sections.
·        The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with the amendments to the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 were deleted.
·        It commences with Preliminary aspect in Chapter 1, which deals with the short, title, extent, commencement and application of the Act in Section 1. Section 2 provides Definition.
·        Chapter 2 deals with the authentication of electronic records, digital signatures, electronic signatures, etc.
·        Chapter 11 deals with offences and penalties. A series of offences have been provided along with punishment in this part of The Act.
·        Thereafter the provisions about due diligence, role of intermediaries and some miscellaneous provisions are been stated.
·        The Act is embedded with two schedules. The First Schedule deals with Documents or Transactions to which the Act shall not apply. The Second Schedule deals with electronic signature or electronic authentication technique and procedure. The Third and Fourth Schedule are omitted.
Application of the I.T Act
As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents or transactions specified in First Schedule. Following are the documents or transactions to which the Act shall not apply −
·        Negotiable Instrument (Other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881;
·        power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
·        trust as defined in section 3 of the Indian Trusts Act, 1882;
·        will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition;
·        Any contract for the sale or conveyance of immovable property or any interest in such property;
·        Any such class of documents or transactions as may be notified by the Central Government.
Amendments Brought in the I.T Act
The I.T. Act has brought amendment in four statutes vide section 91-94. These changes have been provided in schedule 1-4.
·        The first schedule contains the amendments in the Penal Code. It has widened the scope of the term "document" to bring within its ambit electronic documents.
·        The second schedule deals with amendments to the India Evidence Act. It pertains to the inclusion of electronic document in the definition of evidence.
·        The third schedule amends the Banker's Books Evidence Act. This amendment brings about change in the definition of "Banker's-book". It includes printouts of data stored in a floppy, disc, tape or any other form of electromagnetic data storage device. Similar change has been brought about in the expression "Certified-copy" to include such printouts within its purview.
·        The fourth schedule amends the Reserve Bank of India Act. It pertains to the regulation of fund transfer through electronic means between the banks or between the banks and other financial institution.

Intermediary Liability
Intermediary, dealing with any specific electronic records, is a person who on behalf of another person accepts, stores or transmits that record or provides any service with respect to that record.
According to the above mentioned definition, it includes the following −
  • Telecom service providers
  • Network service providers
  • Internet service providers
  • Web-hosting service providers
  • Search engines
  • Online payment sites
  • Online auction sites
  • Online market places and cyber cafes
Highlights of the Amended Act
The newly amended act came with following highlights −
  • It stresses on privacy issues and highlights information security.
  • It elaborates Digital Signature.
  • It clarifies rational security practices for corporate.
  • It focuses on the role of Intermediaries.
  • New faces of Cyber Crime were added.


Cyberspace

Cyberspace can be defined as an intricate environment that involves interactions between people, software, and services. It is maintained by the worldwide distribution of information and communication technology devices and networks.
With the benefits carried by the technological advancements, the cyberspace today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups. The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it.

Cyber security

Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System.
The Ministry of Communication and Information Technology under the government of India provides a strategy outline called the National Cybersecurity Policy. The purpose of this government body is to protect the public and private infrastructure from cyber-attacks.

Cybersecurity Policy

The cybersecurity policy is a developing mission that caters to the entire field of Information and Communication Technology (ICT) users and providers. It includes −
  • Home users
  • Small, medium, and large Enterprises
  • Government and non-government entities
It serves as an authority framework that defines and guides the activities associated with the security of cyberspace. It allows all sectors and organizations in designing suitable cybersecurity policies to meet their requirements. The policy provides an outline to effectively protect information, information systems and networks.
It gives an understanding into the Government’s approach and strategy for security of cyber space in the country. It also sketches some pointers to allow collaborative working across the public and private sectors to safeguard information and information systems. Therefore, the aim of this policy is to create a cybersecurity framework, which leads to detailed actions and programs to increase the security carriage of cyberspace.

Cyber Crime

The Information Technology Act 2000 or any legislation in the Country does not describe or mention the term Cyber Crime. It can be globally considered as the gloomier face of technology. The only difference between a traditional crime and a cyber-crime is that the cyber-crime involves in a crime related to computers. Let us see the following example to understand it better −
Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the house.
Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer, hacks the computer of Ram and steals the data saved in Ram’s computer without physically touching the computer or entering in Ram’s house.
The I.T. Act, 2000 defines the terms −
·        access in computer network in section 2(a)
·        computer in section 2(i)
·        computer network in section (2j)
·        data in section 2(0)
·        information in section 2(v).
To understand the concept of Cyber Crime, you should know these laws. The object of offence or target in a cyber-crime are either the computer or the data stored in the computer.

Nature of Threat

Among the most serious challenges of the 21st century are the prevailing and possible threats in the sphere of cybersecurity. Threats originate from all kinds of sources, and mark themselves in disruptive activities that target individuals, businesses, national infrastructures, and governments alike. The effects of these threats transmit significant risk for the following −
  • public safety
  • security of nations
  • stability of the globally linked international community
Malicious use of information technology can easily be concealed. It is difficult to determine the origin or the identity of the criminal. Even the motivation for the disruption is not an easy task to find out. Criminals of these activities can only be worked out from the target, the effect, or other circumstantial evidence. Threat actors can operate with considerable freedom from virtually anywhere. The motives for disruption can be anything such as −
  • simply demonstrating technical prowess
  • theft of money or information
  • extension of state conflict, etc.
Criminals, terrorists, and sometimes the State themselves act as the source of these threats. Criminals and hackers use different kinds of malicious tools and approaches. With the criminal activities taking new shapes every day, the possibility for harmful actions propagates.

Enabling People

The lack of information security awareness among users, who could be a simple school going kid, a system administrator, a developer, or even a CEO of a company, leads to a variety of cyber vulnerabilities. The awareness policy classifies the following actions and initiatives for the purpose of user awareness, education, and training −
·        A complete awareness program to be promoted on a national level.
·        A comprehensive training program that can cater to the needs of the national information security (Programs on IT security in schools, colleges, and universities).
·        Enhance the effectiveness of the prevailing information security training programs. Plan domain-specific training programs (e.g., Law Enforcement, Judiciary, E-Governance, etc.)
·        Endorse private-sector support for professional information security certifications.

Information Technology Act

The Government of India enacted The Information Technology Act with some major objectives which are as follows −
·        To deliver lawful recognition for transactions through electronic data interchange (EDI) and other means of electronic communication, commonly referred to as electronic commerce or E-Commerce. The aim was to use replacements of paper-based methods of communication and storage of information.
·        To facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I. T. Act got the President’s assent on June 9, 2000 and it was made effective from October 17, 2000. By adopting this Cyber Legislation, India became the 12th nation in the world to adopt a Cyber Law regime.

Mission and Vision Cybersecurity Program

Mission

The following mission caters to cybersecurity −
·        To safeguard information and information infrastructure in cyberspace.
·        To build capabilities to prevent and respond to cyber threats.
·        To reduce vulnerabilities and minimize damage from cyber incidents through a combination of institutional structures, people, processes, technology, and cooperation.

 

 

Cyber Crime & Cyber Security

The crime that involves and uses computer devices and Internet, is known as cybercrime.
Cybercrime can be committed against an individual or a group; it can also be committed against government and private organizations. It may be intended to harm someone’s reputation, physical harm, or even mental harm.

Cybercrime can cause direct harm or indirect harm to whoever the victim is.
However, the largest threat of cybercrime is on the financial security of an individual as well as the government.
Cybercrime causes loss of billions of USD every year.

Types of Cybercrime

Let us now discuss the major types of cybercrime −

Hacking

It is an illegal practice by which a hacker breaches the computer’s security system of someone for personal interest.

Unwarranted mass-surveillance

Mass surveillance means surveillance of a substantial fraction of a group of people by the authority especially for the security purpose, but if someone does it for personal interest, it is considered as cybercrime.

Child pornography

It is one of the most heinous crimes that is brazenly practiced across the world. Children are sexually abused and videos are being made and uploaded on the Internet.

Child grooming

It is the practice of establishing an emotional connection with a child especially for the purpose of child-trafficking and child prostitution.

Copyright infringement

If someone infringes someone’s protected copyright without permission and publishes that with his own name, is known as copyright infringement.

Money laundering

Illegal possession of money by an individual or an organization is known as money laundering. It typically involves transfers of money through foreign banks and/or legitimate business. In other words, it is the practice of transforming illegitimately earned money into the legitimate financial system.

Cyber-extortion

When a hacker hacks someone’s email server, or computer system and demands money to reinstate the system, it is known as cyber-extortion.

Cyber-terrorism

Normally, when someone hacks government’s security system or intimidates government or such a big organization to advance his political or social objectives by invading the security system through computer networks, it is known as cyber-terrorism.

Cyber Security

Cyber security is a potential activity by which information and other communication systems are protected from and/or defended against the unauthorized use or modification or exploitation or even theft.
Likewise, cyber security is a well-designed technique to protect computers, networks, different programs, personal data, etc., from unauthorized access.
All sorts of data whether it is government, corporate, or personal need high security; however, some of the data, which belongs to the government defense system, banks, defense research and development organization, etc. are highly confidential and even small amount of negligence to these data may cause great damage to the whole nation. Therefore, such data need security at a very high level.

How to Secure Data?

Let us now discuss how to secure data. In order to make your security system strong, you need to pay attention to the following −
  • Security Architecture
  • Network Diagram
  • Security Assessment Procedure
  • Security Policies
  • Risk Management Policy
  • Backup and Restore Procedures
  • Disaster Recovery Plan
  • Risk Assessment Procedures
Once you have a complete blueprint of the points mentioned above, you can put better security system to your data and can also retrieve your data if something goes wrong.



Posted by at No comments:
Subscribe to: Posts (Atom)

Topic :Software & Types, Subject: Computer Fundamental Notes for CSJM University Kanpur(for different courses like BBA, BCA, etc..)

Software Software refers to the programs, data, and instructions that enable a computer or other digital device to perform specific tasks or...