11519424 Excellent Presentation on Cyber Security

Presentation on Cyber Security

AnInitiative by

www.computerscienceexpertise.com

By: Dheeraj Mehrotra

CYBER SPACE:

The Global Room Today

A science fiction writer coined the useful term "cyberspace" in 1982. But the territory in question, the electronic frontier, is about a hundred and thirty years old. Cyberspace is the "place" where a telephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk. This "place“ is not "real," but it is serious, it is earnest. Tens of thousands of people have dedicated their lives to it, to the public service of public communication by wire and electronics. Cyberspace today is a "Net," a "Matrix," international in scope and growing swiftly and steadily. It's growing in size, and wealth, and political importance. People have met there and been married there. There are entire living communities in cyberspace today; chattering, gossipping, planning, conferring and scheming, leaving one another voice-mail and electronic mail, giving one another big weightless chunks of valuable data, both legitimate and illegitimate. They busily pass one another computer software and the occasional festering computer virus.


Legal Framework for Legal Framework for Information TechnologyInformation Technology

- The Need for the Hour- The Need for the Hour


The Bottom Line

The Internet already has triggered challenging questions about the applicability of case precedent and legal models for Internet-mediated communications and commerce. At the macro-level, the Internet affects broad, almost metaphysical concepts like matter, distance, time and space.At the micro-level, it directly impacts how we communicate, educate, entertain and transact business.


DATA SECURITY TOOL


TROJANS: The chief of VIRUSES (Vital Information Resource Under Seize)

Trojans are small programs that effectively give “hackers” remote control over your entire Computer. Some common features with Trojans are as follows:•Open your CD-Rom drive•Capture a screenshot of your computer•Record your key strokes and send them to the “Hacker”•Full Access to all your drives and files•Ability to use your computer as a bridge to do otherhacking related activities.•Disable your keyboard•Disable your mouse…and more!


ULTIMATE PREVENTION: CURE


10 Driving Principles of the New Economy

Matter—law involves the processing of information and the Internet provides a comparatively superior medium for some applications.Space—the Internet transcends distance and provides a major new promotional medium.Time—Internet time moves faster than we’d like.People—brain power and people skills matter particularly in an Internet-mediated world. Growth—the Internet can fuel market expansion.Value—Web pages offer prospective clients access to helpful general information and for existing clients a portal to a some of a firm’s assets.Efficiency—consider whether and how e-mail enhances productivity. Markets—the Internet makes markets more porous and more easily customized.Transactions—with modification, the Internet can provide a medium for commerce.Impulse—the Internet reduces the time between sales pitch and transaction.


DATA SECURITY ON THE WEB???


Technology Trends

The Internet provides a “virtual” medium for communications and commerce that transcends many of the limitations in the physical world.This presents a mixed blessing: the capacity to achieve near parity with competitors located any place, offset by expectations and the complexity in doing business across jurisdictions.We must ascend new learning curves and make sizeable equipment investments to accrue efficiency and productivity gains.


Marketplace Trends

The Internet reduces market entry barriers.It provides a new medium, that can reduce transaction costs and promote “frictionless” commerce.It can eliminate intermediaries that do not add sufficient value (“disintermediation”), but it also can create new opportunities, e.g., content portals, auctioneers and B2B brokers. It reduces comparative and competitive disadvantages based on location alone.It offers the promise of faster,better, smarter, cheaper and more convenient services.


Business in the 21 st Century

All businesses in 21 st century will be more and more knowledge based. IT will be a strong enabler for the businessBusinesses will stick to their core competenciesLogistics will be criticalLayers of management structures will shrinkChanging Business RelationshipsAnd the Cyber Security shall be a concern for all…………………..


How business will bedone in the 21 st Century

Deal with well informed customers with high service standards expectationPaperless Offices and work flow based executionBusiness at any hourVirtual Showrooms and TeleshoppingAnd again the Cyber Security shall be a concern for all………….


The need for cyber laws

To facilitate e-commerceTo curb Cyber crimes. Cyber crimes can have a devastating effectE-Governance


How the Internet Affects the Law

Internet mediation does not necessarily foreclose the application of preexisting laws; something unlawful, regulated or licensed does not become lawful, unregulated and unlicensed simply through Internet-mediation. The transborder nature of Internet commerce and communications challenges national sovereignty and the jurisdictional reach of laws and regulations.Technological innovations, coupled with the global reach of the Internet, threaten the viability of laws including ones protecting intellectual property, privacy and consumers.


What is Cyberlaw ?

Cyberlaw is a generic term which refers to all the legal and regulatory aspects of Information Technology in the Cyber space

Anything related to or concerning any activity of netizens and others, within Cyberspace comes within the the ambit of Cyberlaw

A vibrant and effective regulatory mechanism is crucial for the success of e-Commerce


INDIAN SCENARIO: A Layman’s View of Cyber Security


The Information Technology Act 2000

India is the 13th country to pass legislation on Information Technology.

The I.T. Act received the President’s sanction on 9th June, 2000.The I.T. Act is effective from 17th October, 2000.


Salient Features of I.T Act

Computer data accorded legal sanctity Certifying Authorities for Digital Signature

established Digital Signature recognised Cyber crimes to invite tough penalties E-Governance


Salient features of I.T.Act

Police Authorities given powers of enforcement

Appellate authorities set up


Legal recognition for electronic records

An electronic data will be considered as a valid evidence in the court of law.

The following conditions have to be satisfied: The information contained in the data is accessible for

subsequent use or reference. The electronic record is retained or reproducible in the

format in which it was originally generated, sent or received

Facilitate identification of the origin, date and time of despatch or receipt of such electronic record.


Digital CertificateDigital Certificate

A Digital Certificate is an “electronic card” that establishes one’s credentials when doing business or other transactions on the web.

Issuing AuthorityIssuing Authority Certifying Authority is a person to whom a

license has been granted to issue a Digital Certificate which is used to create public-private key pairs and digital signatures.


Eligibility criteria for Eligibility criteria for Certifying AuthoritiesCertifying Authorities

An individual being a citizen of India, who has a capital of Rs 5 crores in his business or profession

A company with a paid up capital of Rs 5 crores and net worth not less than Rs 50 crores and with a foreign holding of not more than 49 %

A firm with capital of all partners exceeding 5 crores and net worth exceeding Rs 50 croresBy: Dheeraj Mehrotra

Certifying AuthoritiesCertifying Authorities

Certifying Authority to be monitored by the Controller of Certifying Authorities.

Duties, rights and responsibilities specified in the rules


Digital Signature A digital signature is a digital code that can be

attached to an electronically transmitted message to uniquely identify the stranger.

Unlike a handwritten signature, a digital signature binds the content of a message to the signer in such a way that if even one bit in the message changes enroute, the signature will not verify at the other end.


Authentication of Digital Signatures

Any subscriber (a person in whose name digital signature is issued)may authenticate an electronic record by affixing his digital signature

A Digital Signature is secure if it has the following attributes : Unique to subscriber affixing it Capable of identifying such subscriber Created in an manner or using means under the

exclusive control of the subscriber


Duties of the subscriber

Subscriber to generate the key pair by using the prescribed security procedure

Subscriber to exercise reasonable care to retain control over the private key

Cannot refute a document to which his signature is affixed as not sent by him using his private key


Revocation of Digital Signature Certificate

Upon request made by a subscriber Upon the death by a subscriber Upon dissolution of firm or company Requirements for issuance of digital

signature not fulfilled by subscriber


Cyber Crimes

What is Cyber Crime? All activities done with

criminal intent in Cyber space. These could beeither the criminal activities in the conventional sense or could beactivities, newly evolved with growth of new medium.


Major Cybercrimes

Unauthorised access to a computer system Unauthorised access to data or information Introduces or causes to introduce viruses Tampering with computer source documents Cause Damage to Computer system or causes any

disruption Denies access to any person authorised to access

the computer system Spread of viruses


Major Cybercrimes

Uses or down loads un-licensed software Hacking Publishing obscene information Breach of confidentiality and privacy Cyber Squatting Spread of viruses


CYBERLAWS FOR E-COMMERCE

• Cybercrimes are on the increase.

• Cybercrimes can be said to be of three categories : Cybercrime against propertyCybercrime against persons Cybercrime against nations


Electronic Governance

Filing of forms, application or other documents in any government office in the electronic form as per the manner prescribed is given legal sanctity


Special Provisions for ISPs

Service Providers considered as intermediaries ISPs – Internet Service Providers to maintain

log of all their customers and the sites they have visited. For this special software is required to be installed.

Such data to be produced on demand by ISPs to any enquiry officer


THE INFORMATION TECHNOLOGY ACT,

2000

India enacted its first law, namely, the Information Technology Act, 2000 on 17th May, 2000. The said law received the assent of the President on 9th June, 2000 and it was finally implemented on 17th October, 2000.


I T ACT,2000- OBJECTSAims to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication commonly referred to as electronic commerce which involve the alternatives to paper based methods of communication and storage of information.


I T ACT,2000- OBJECTS

To facilitate electronic filing of documents with Government agencies .To amend four laws of the country, The Indian Penal Code, The Indian Evidence Act, 1872, The Bankers Book Evidence Act, 1881 and The Reserve Bank of India Act, 1934.


DIGITAL SIGNATURE NECESSARY FOR

E-COMMERCE

Once digital signatures come in, there will be great enabling factors in boosting up authenticity of electronic records and contracts and would further in turn boost up the e-commerce scenario in our country.


CYBERCRIME AND IT ACT

• IT Act defines various cyber crimes. • Cyber offences have been declared

as penal offences punishable with imprisonment and fine.

• These include hacking , damage to computer source code, publishing in an electronic form any information which is lascivious, breach of privacy and confidentiality and publishing digital signatures false in certain particulars.


Machinery created for implementation of the Act

Powers of Police Officers and Other Officers

Establishment of Cyber Appellate Tribunal


Conclusions: Observatory facts at a glance

The Internet (and in particular the World Wide Web) already has begun to change how we communicate and engage in commerce.However, the “we” is not inclusive: a Digital Divide separates people with the finances, computer literacy skills and interest and those lacking one or more of these prerequisites.We need to understand the risks and rewards of Internet use. Legislators, regulators and judges must recognize how Internet-mediation parallels older media, but also how it creates new challenges and questions to existing models.


DRACONIAN POWERS OF POLICE

•Draconian powers given to a DSP

•Nowhere in the world do be find a parallel of such a wide and unrestricted power being given to any officer for the purpose of investigating and preventing the commission of a cyber crime. By: Dheeraj Mehrotra

DRACONIAN POWERS OF POLICE

• After all, the power given by the IT Act to the said DSP includes the power to " enter any public place and search and arrest without warrant any person found therein who is reasonably suspected or having committed or of committing or of being about to commit any offence under this Act."

• The said power given without any restrictions of any kind whatsoever.


INTERCEPTION OF INFORMATION

• Any agency of the government can intercept any information transmitted through any computer resource if the same is necessary in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence.


INTERCEPTION OF INFORMATION

•This is one provision which is likely to be misused

•No standards or provisions have been laid down by the IT Act, which define any conditions detailed above.

•Gross violation of individual freedom and that aforesaid conditions are unreasonable.By: Dheeraj Mehrotra

LIABILITY OF NETWORK SERVICE

PROVIDERS• The normal principle laid down by

the IT Act, 2000 is that the ISPs are liable for any third party information and data made available by them.

• Section79 talks of liability of network service providers for all third party data and information made available by them on their service.


HACKINGHacking has been made a penal offence punishable with imprisonment and fine. “ Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking”


NEED FOR COMPLIANCE WITH IT

ACT,2000

All companies doing e-commerce need to ensure that they comply with the mandatory requirements of compliance under the I T Act and the I T Rules.


I T SECURITY POLICY

Companies must have a detailed I T Security Policy in tune with the mandatory specific provisions of the IT Act and IT Rules. This is absolutely essential in order to enable any company to take benefit of the provisions of the I T Act in case of any dispute in the coming times.By: Dheeraj Mehrotra

SEARCH ENGINE ISSUES

In case, if your website has a search facility or a search engine, specific declaration about the same needs to be given on the homepage. Express disclaiming statements need to be given that search engine is only spidering the web for the requested query on the basis of the relevant technology and that the website, owners and administrators are not liable in any manner whatsoever in any event or for any cause whatsoever for the search results.


LINKING

Websites should have specific linking policy in case they provide links. The said policy should specifically state the crux of understanding or agreement with linking websites and other consequent benefits. By: Dheeraj Mehrotra

SECURITY

•Security issues are of immense importance in Cyberlaw.

•Crucial issues of Security are addressed in the IT Act, 2000 and IT Rules, 2000 By: Dheeraj Mehrotra

FACTORS FOR CONSIDERATION FOR BUYERS AND SELLERS

Buyers and sellers need to know the identity of the person with whom they are interacting.The content of the terms to be agreed upon between parties have to be crystal clear and without doubt.


DISPUTE RESOLUTION

There must be a clarity of thought process on the mechanism for dispute resolution, should a dispute realize. This may be in the form of either online arbitration or arbitration in the actual world.


INDIAN CYBERLAW DOES NOT TALK

ABOUT

• DATA PROTECTION• RIGHT TO INFORMATION• ONLINE INTELLECTUAL

PROPERTY RIGHTS• PRIVACY • CONFIDENTIALITY• E-TAXATION• DOMAIN NAMES ISSUES


NEED FOR EDUCATION

•Need for educating employees about potential cybercrimes and how to escape harassment arising from the said offences.

•Cybercrime to be investigated only by a police officer not below the rank of the Deputy Superintendent of Police.


CONCLUSION• The IT Act, 2000 is the first

step forward.The other steps have to follow. However, the government has to be quick in responding to the challenges raised by the constantly changing technologies. Just as time does not wait for anyone, so does Internet. The time to act is right now. By: Dheeraj Mehrotra

Let us all analyse the fact that the e-Commerce Success

Will depend on• Information Technology and knowledge

based industries• Physical logistics• Smart Commercial Chain• Cyber laws and Digital Law enforcement• Cheaper Hardware, Software and Internet• People with e-vision and common sense


Launch Nation wide information security campaign: Information on cyber security related aspects is the concern of all the computer network / Internet users. Thus, the Government should take appropriate steps to inform the public about cyber security in a well-organised manner. This could be done by organising workshops / trainings, regular discussions / talks on TV during prime time, publishing articles etc. in the leading newspapers on cyber security and counter security aspects.

What is needed today is ……………


What is needed today as already in practice is ……………

Develop cyber security related curriculum for IT course: This will include identification of the cyber security courses which could be offered as part of IT education both in the formal and non-formal education sector. To identify the cyber security related course areas such as:-

Fundamentals of Cyber Security; Cyber Security Techniques and Mechanisms; Cyber Security Protocols, Threats and Defenses; E-business Security and Information Assurance etc. , a subgroup could be formed. The subgroup could include members from Academic Institutes - IITs, IISc etc.; Research institutes / labs - DRDO, ISRO, BARC, TIFR etc; Industry - WIPRO, INFOSYS, SCL etc.; certification agencies like STQC; and other leading computer organisations like CDAC etc. While developing the overall curriculum, Sub-group will take into consideration the HR requirements as projected by the Working Group.


Let us all come together to prevent Cyber Crime, as

TOGETHER WE CAN.

Thankyou for the kind support.www.computerscienceexpertise.com

wishes you all a

QUALITY OF WORK LIFE AHEAD.By: Dheeraj Mehrotra

http://www.computerscienceexpertise.com/

11519424 Excellent Presentation on Cyber Security

Documents

Transcript of 11519424 Excellent Presentation on Cyber Security