Presentation on Cyber Security

An Initiative by www.computerscienceexpertise.com

By: Dheeraj Mehrotra

CYBER SPACE:
The Global Room Today
A science fiction writer coined the useful term "cyberspace" in 1982. But the territory in question, the electronic frontier, is about a hundred and thirty years old. Cyberspace is the "place" where a telephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk. This "place is not "real," but it is serious, it is earnest. Tens of thousands of people have dedicated their lives to it, to the public service of public communication by wire and electronics. Cyberspace today is a "Net," a "Matrix," international in scope and growing swiftly and steadily. It's growing in size, and wealth, and political importance. People have met there and been married there. There are entire living communities in cyberspace today; chattering, gossipping, planning, conferring and scheming, leaving one another voice-mail and electronic mail, giving one another big weightless chunks of valuable data, both legitimate and illegitimate. They busily pass one another computer software and the occasional festering computer virus.

By: Dheeraj Mehrotra

Legal Framework for Information Technology - The Need for the Hour

By: Dheeraj Mehrotra

The Bottom Line

The Internet already has triggered challenging questions about the applicability of case precedent and legal models for Internet-mediated communications and commerce. At the macro-level, the Internet affects broad, almost metaphysical concepts like matter, distance, time and space. At the micro-level, it directly impacts how we communicate, educate, entertain and transact business.

By: Dheeraj Mehrotra

DATA SECURITY TOOL

By: Dheeraj Mehrotra

TROJANS: The chief of VIRUSES (Vital Information Resource Under Seize)

Trojans are small programs that effectively give hackers remote control over your entire Computer. Some common features with Trojans are as follows:
Open your CD-Rom drive Capture a screenshot of your computer

Record your key strokes and send them to the Hacker

Full Access to all your drives and files Ability to use your computer as a bridge to do other hacking related activities.

Disable your keyboard

Disable your mouseand more!

By: Dheeraj Mehrotra

ULTIMATE PREVENTION: CURE

By: Dheeraj Mehrotra

10 Driving Principles of the New Economy

Matterlaw involves the processing of information and the Internet provides a comparatively superior medium for some applications. Spacethe Internet transcends distance and provides a major new promotional medium. TimeInternet time moves faster than wed like. Peoplebrain power and people skills matter particularly in an Internetmediated world. Growththe Internet can fuel market expansion. ValueWeb pages offer prospective clients access to helpful general information and for existing clients a portal to a some of a firms assets. Efficiencyconsider whether and how e-mail enhances productivity. Marketsthe Internet makes markets more porous and more easily customized. Transactionswith modification, the Internet can provide a medium for commerce. Impulsethe Internet reduces the time between sales pitch and transaction.
By: Dheeraj Mehrotra

DATA SECURITY ON THE WEB???

By: Dheeraj Mehrotra

Technology Trends
The Internet provides a virtual medium for communications and commerce that transcends many of the limitations in the physical world. This presents a mixed blessing: the capacity to achieve near parity with competitors located any place, offset by expectations and the complexity in doing business across jurisdictions. We must ascend new learning curves and make sizeable equipment investments to accrue efficiency and productivity gains.
By: Dheeraj Mehrotra

Marketplace Trends
The Internet reduces market entry barriers. It provides a new medium, that can reduce transaction costs and promote frictionless commerce. It can eliminate intermediaries that do not add sufficient value (disintermediation), but it also can create new opportunities, e.g., content portals, auctioneers and B2B brokers. It reduces comparative and competitive disadvantages based on location alone. It offers the promise of faster,better, smarter, cheaper and more convenient services.

By: Dheeraj Mehrotra

Business in the 21 st Century

All businesses in 21 st century will be more and more knowledge based. IT will be a strong enabler for the business Businesses will stick to their core competencies Logistics will be critical Layers of management structures will shrink Changing Business Relationships And the Cyber Security shall be a concern for all..
By: Dheeraj Mehrotra

How business will be done in the 21 st Century

Deal with well informed customers with high service standards expectation Paperless Offices and work flow based execution Business at any hour Virtual Showrooms and Teleshopping
And again the Cyber Security shall be a concern for all.
By: Dheeraj Mehrotra

The need for cyber laws

To facilitate e-commerce To curb Cyber crimes. Cyber crimes can have a devastating effect E-Governance

By: Dheeraj Mehrotra

How the Internet Affects the Law

Internet mediation does not necessarily foreclose the application of preexisting laws; something unlawful, regulated or licensed does not become lawful, unregulated and unlicensed simply through Internetmediation. The transborder nature of Internet commerce and communications challenges national sovereignty and the jurisdictional reach of laws and regulations. Technological innovations, coupled with the global reach of the Internet, threaten the viability of laws including ones protecting intellectual property, privacy and consumers.

By: Dheeraj Mehrotra

What is Cyberlaw ?
Cyberlaw is a generic term which refers to all the legal and regulatory aspects of Information Technology in the Cyber space
Anything related to or concerning any activity of netizens and others, within Cyberspace comes within the the ambit of Cyberlaw A vibrant and effective regulatory mechanism is crucial for the success of e-Commerce
By: Dheeraj Mehrotra

INDIAN SCENARIO: A Laymans View of Cyber Security

By: Dheeraj Mehrotra

The Information Technology Act 2000

India is the 13th country to pass legislation on Information Technology.

The I.T. Act received the Presidents sanction on 9th June, 2000.The I.T. Act is effective from 17th October, 2000.

By: Dheeraj Mehrotra

Salient Features of I.T Act

Computer data accorded legal sanctity Certifying Authorities for Digital Signature established Digital Signature recognised Cyber crimes to invite tough penalties E-Governance

By: Dheeraj Mehrotra

Salient features of I.T.Act

Police Authorities given powers of enforcement Appellate authorities set up

By: Dheeraj Mehrotra

Legal recognition for electronic records

An electronic data will be considered as a valid evidence in the court of law. The following conditions have to be satisfied: The information contained in the data is accessible for subsequent use or reference. The electronic record is retained or reproducible in the format in which it was originally generated, sent or received Facilitate identification of the origin, date and time of despatch or receipt of such electronic record.
By: Dheeraj Mehrotra

Digital Certificate
A Digital Certificate is an electronic card that establishes ones credentials when doing business or other transactions on the web.

Issuing Authority
Certifying Authority is a person to whom a license has been granted to issue a Digital Certificate which is used to create publicprivate key pairs and digital signatures.
By: Dheeraj Mehrotra

Eligibility criteria for Certifying Authorities

An individual being a citizen of India, who has a capital of Rs 5 crores in his business or profession A company with a paid up capital of Rs 5 crores and net worth not less than Rs 50 crores and with a foreign holding of not more than 49 % A firm with capital of all partners exceeding 5 crores and net worth exceeding Rs 50 crores By: Dheeraj Mehrotra

Certifying Authorities
Certifying Authority to be monitored by the Controller of Certifying Authorities. Duties, rights and responsibilities specified in the rules

By: Dheeraj Mehrotra

Digital Signature
A digital signature is a digital code that can be attached to an electronically transmitted message to uniquely identify the stranger. Unlike a handwritten signature, a digital signature binds the content of a message to the signer in such a way that if even one bit in the message changes enroute, the signature will not verify at the other end.
By: Dheeraj Mehrotra

Authentication of Digital Signatures

Any subscriber (a person in whose name digital signature is issued)may authenticate an electronic record by affixing his digital signature A Digital Signature is secure if it has the following attributes :
Unique to subscriber affixing it Capable of identifying such subscriber Created in an manner or using means under the exclusive control of the subscriber
By: Dheeraj Mehrotra

Duties of the subscriber

Subscriber to generate the key pair by using the prescribed security procedure Subscriber to exercise reasonable care to retain control over the private key Cannot refute a document to which his signature is affixed as not sent by him using his private key
By: Dheeraj Mehrotra

Revocation of Digital Signature Certificate

Upon request made by a subscriber Upon the death by a subscriber Upon dissolution of firm or company Requirements for issuance of digital signature not fulfilled by subscriber

By: Dheeraj Mehrotra

Cyber Crimes
What is Cyber Crime? All activities done with
criminal intent in Cyber space. These could be either the criminal activities in the conventional sense or could be activities, newly evolved with growth of new medium.
By: Dheeraj Mehrotra

Major Cybercrimes

Unauthorised access to a computer system Unauthorised access to data or information Introduces or causes to introduce viruses Tampering with computer source documents Cause Damage to Computer system or causes any disruption Denies access to any person authorised to access the computer system Spread of viruses
By: Dheeraj Mehrotra

Major Cybercrimes
Uses or down loads un-licensed software Hacking Publishing obscene information Breach of confidentiality and privacy Cyber Squatting Spread of viruses

By: Dheeraj Mehrotra

CYBERLAWS FOR E-COMMERCE

Cybercrimes are on the increase. Cybercrimes can be said to be of three categories : Cybercrime against property Cybercrime against persons Cybercrime against nations
By: Dheeraj Mehrotra

Electronic Governance
Filing of forms, application or other documents in any government office in the electronic form as per the manner prescribed is given legal sanctity

By: Dheeraj Mehrotra

Special Provisions for ISPs

Service Providers considered as intermediaries ISPs Internet Service Providers to maintain log of all their customers and the sites they have visited. For this special software is required to be installed. Such data to be produced on demand by ISPs to any enquiry officer
By: Dheeraj Mehrotra

THE INFORMATION TECHNOLOGY ACT, 2000

India enacted its first law, namely, the Information Technology Act, 2000 on 17th May, 2000. The said law received the assent of the President on 9th June, 2000 and it was finally implemented on 17th October, 2000.
By: Dheeraj Mehrotra

I T ACT,2000- OBJECTS
Aims to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication commonly referred to as electronic commerce which involve the alternatives to paper based methods of communication and storage of information.
By: Dheeraj Mehrotra

I T ACT,2000- OBJECTS
To facilitate electronic filing of documents with Government agencies . To amend four laws of the country, The Indian Penal Code, The Indian Evidence Act, 1872, The Bankers Book Evidence Act, 1881 and The Reserve Bank of India Act, 1934.
By: Dheeraj Mehrotra

DIGITAL SIGNATURE NECESSARY FOR E-COMMERCE

Once digital signatures come in, there will be great enabling factors in boosting up authenticity of electronic records and contracts and would further in turn boost up the e-commerce scenario in our country.
By: Dheeraj Mehrotra

CYBERCRIME AND IT ACT

IT Act defines various cyber crimes. Cyber offences have been declared as penal offences punishable with imprisonment and fine. These include hacking , damage to computer source code, publishing in an electronic form any information which is lascivious, breach of privacy and confidentiality and publishing digital signatures false in certain particulars. By: Dheeraj Mehrotra

Machinery created for implementation of the Act

Powers of Police Officers and Other Officers Establishment of Cyber Appellate Tribunal

By: Dheeraj Mehrotra

Conclusions: Observatory facts at a glance

The Internet (and in particular the World Wide Web) already has begun to change how we communicate and engage in commerce. However, the we is not inclusive: a Digital Divide separates people with the finances, computer literacy skills and interest and those lacking one or more of these prerequisites. We need to understand the risks and rewards of Internet use. Legislators, regulators and judges must recognize how Internet-mediation parallels older media, but also how it creates new challenges and questions to existing models.
By: Dheeraj Mehrotra

DRACONIAN POWERS OF POLICE

Draconian powers given to a DSP Nowhere in the world do be find a parallel of such a wide and unrestricted power being given to any officer for the purpose of investigating and preventing the commission of a cyber crime.
By: Dheeraj Mehrotra

DRACONIAN POWERS OF POLICE

After all, the power given by the IT Act to the said DSP includes the power to " enter any public place and search and arrest without warrant any person found therein who is reasonably suspected or having committed or of committing or of being about to commit any offence under this Act." The said power given without any restrictions of any kind whatsoever.
By: Dheeraj Mehrotra

INTERCEPTION OF INFORMATION
Any agency of the government can intercept any information transmitted through any computer resource if the same is necessary in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence.
By: Dheeraj Mehrotra

INTERCEPTION OF INFORMATION
This is one provision which is likely to be misused No standards or provisions have been laid down by the IT Act, which define any conditions detailed above. Gross violation of individual freedom and that aforesaid conditions are unreasonable.
By: Dheeraj Mehrotra

LIABILITY OF NETWORK SERVICE PROVIDERS

The normal principle laid down by the IT Act, 2000 is that the ISPs are liable for any third party information and data made available by them. Section79 talks of liability of network service providers for all third party data and information made available by them on their service.
By: Dheeraj Mehrotra

HACKING
Hacking has been made a penal offence punishable with imprisonment and fine. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking
By: Dheeraj Mehrotra

NEED FOR COMPLIANCE WITH IT ACT,2000

All companies doing e-commerce need to ensure that they comply with the mandatory requirements of compliance under the I T Act and the I T Rules.
By: Dheeraj Mehrotra

I T SECURITY POLICY
Companies must have a detailed I T Security Policy in tune with the mandatory specific provisions of the IT Act and IT Rules. This is absolutely essential in order to enable any company to take benefit of the provisions of the I T Act in case of any dispute in the coming times.
By: Dheeraj Mehrotra

SEARCH ENGINE ISSUES

In case, if your website has a search facility or a search engine, specific declaration about the same needs to be given on the homepage. Express disclaiming statements need to be given that search engine is only spidering the web for the requested query on the basis of the relevant technology and that the website, owners and administrators are not liable in any manner whatsoever in any event or for any cause whatsoever for the search results.
By: Dheeraj Mehrotra

LINKING
Websites should have specific linking policy in case they provide links. The said policy should specifically state the crux of understanding or agreement with linking websites and other consequent benefits.

By: Dheeraj Mehrotra

SECURITY
Security issues are of immense importance in Cyberlaw. Crucial issues of Security are addressed in the IT Act, 2000 and IT Rules, 2000
By: Dheeraj Mehrotra

FACTORS FOR CONSIDERATION FOR BUYERS AND SELLERS

Buyers and sellers need to know the identity of the person with whom they are interacting. The content of the terms to be agreed upon between parties have to be crystal clear and without doubt.
By: Dheeraj Mehrotra

DISPUTE RESOLUTION
There must be a clarity of thought process on the mechanism for dispute resolution, should a dispute realize. This may be in the form of either online arbitration or arbitration in the actual world.
By: Dheeraj Mehrotra

INDIAN CYBERLAW DOES NOT TALK ABOUT

DATA PROTECTION RIGHT TO INFORMATION ONLINE INTELLECTUAL PROPERTY RIGHTS PRIVACY CONFIDENTIALITY E-TAXATION DOMAIN NAMES ISSUES
By: Dheeraj Mehrotra

NEED FOR EDUCATION

Need for educating employees about potential cybercrimes and how to escape harassment arising from the said offences. Cybercrime to be investigated only by a police officer not below the rank of the Deputy Superintendent of Police.
By: Dheeraj Mehrotra

CONCLUSION
The IT Act, 2000 is the first step forward.The other steps have to follow. However, the government has to be quick in responding to the challenges raised by the constantly changing technologies. Just as time does not wait for anyone, so does Internet. The time to act is right now.
By: Dheeraj Mehrotra

Let us all analyse the fact that the e-Commerce Success

Will depend on

Information Technology and knowledge based industries Physical logistics Smart Commercial Chain Cyber laws and Digital Law enforcement Cheaper Hardware, Software and Internet People with e-vision and common sense
By: Dheeraj Mehrotra

What is needed today is

Launch Nation wide information security campaign: Information on cyber security related aspects is the concern of all the computer network / Internet users. Thus, the Government should take appropriate steps to inform the public about cyber security in a well-organised manner. This could be done by organising workshops / trainings, regular discussions / talks on TV during prime time, publishing articles etc. in the leading newspapers on cyber security and counter security aspects.

By: Dheeraj Mehrotra

What is needed today as already in practice is

Develop cyber security related curriculum for IT course: This will
include identification of the cyber security courses which could be offered as part of IT education both in the formal and non-formal education sector. To identify the cyber security related course areas such as:Fundamentals of Cyber Security; Cyber Security Techniques and Mechanisms; Cyber Security Protocols, Threats and Defenses; E-business Security and Information Assurance etc. , a subgroup could be formed. The subgroup could include members from Academic Institutes - IITs, IISc etc.; Research institutes / labs - DRDO, ISRO, BARC, TIFR etc; Industry WIPRO, INFOSYS, SCL etc.; certification agencies like STQC; and other leading computer organisations like CDAC etc. While developing the overall curriculum, Sub-group will take into consideration the HR requirements as projected by the Working Group.

By: Dheeraj Mehrotra

Let us all come together to prevent Cyber Crime, as

TOGETHER WE CAN.

Thankyou for the kind support.

www.computerscienceexpertise.com
wishes you all a QUALITY OF WORK LIFE AHEAD.
By: Dheeraj Mehrotra