Cyber Security Risk Rating The Egan-Jones Cyber Security ...
11519424 Excellent Presentation on Cyber Security
Transcript of 11519424 Excellent Presentation on Cyber Security
Presentation on Cyber Security
AnInitiative by
www.computerscienceexpertise.com
By: Dheeraj Mehrotra
CYBER SPACE:
The Global Room Today
A science fiction writer coined the useful term "cyberspace" in 1982. But the territory in question, the electronic frontier, is about a hundred and thirty years old. Cyberspace is the "place" where a telephone conversation appears to occur. Not inside your actual phone, the plastic device on your desk. This "place“ is not "real," but it is serious, it is earnest. Tens of thousands of people have dedicated their lives to it, to the public service of public communication by wire and electronics. Cyberspace today is a "Net," a "Matrix," international in scope and growing swiftly and steadily. It's growing in size, and wealth, and political importance. People have met there and been married there. There are entire living communities in cyberspace today; chattering, gossipping, planning, conferring and scheming, leaving one another voice-mail and electronic mail, giving one another big weightless chunks of valuable data, both legitimate and illegitimate. They busily pass one another computer software and the occasional festering computer virus.
By: Dheeraj Mehrotra
Legal Framework for Legal Framework for Information TechnologyInformation Technology
- The Need for the Hour- The Need for the Hour
By: Dheeraj Mehrotra
The Bottom Line
The Internet already has triggered challenging questions about the applicability of case precedent and legal models for Internet-mediated communications and commerce. At the macro-level, the Internet affects broad, almost metaphysical concepts like matter, distance, time and space.At the micro-level, it directly impacts how we communicate, educate, entertain and transact business.
By: Dheeraj Mehrotra
DATA SECURITY TOOL
By: Dheeraj Mehrotra
TROJANS: The chief of VIRUSES (Vital Information Resource Under Seize)
Trojans are small programs that effectively give “hackers” remote control over your entire Computer. Some common features with Trojans are as follows:•Open your CD-Rom drive•Capture a screenshot of your computer•Record your key strokes and send them to the “Hacker”•Full Access to all your drives and files•Ability to use your computer as a bridge to do otherhacking related activities.•Disable your keyboard•Disable your mouse…and more!
By: Dheeraj Mehrotra
ULTIMATE PREVENTION: CURE
By: Dheeraj Mehrotra
10 Driving Principles of the New Economy
Matter—law involves the processing of information and the Internet provides a comparatively superior medium for some applications.Space—the Internet transcends distance and provides a major new promotional medium.Time—Internet time moves faster than we’d like.People—brain power and people skills matter particularly in an Internet-mediated world. Growth—the Internet can fuel market expansion.Value—Web pages offer prospective clients access to helpful general information and for existing clients a portal to a some of a firm’s assets.Efficiency—consider whether and how e-mail enhances productivity. Markets—the Internet makes markets more porous and more easily customized.Transactions—with modification, the Internet can provide a medium for commerce.Impulse—the Internet reduces the time between sales pitch and transaction.
By: Dheeraj Mehrotra
DATA SECURITY ON THE WEB???
By: Dheeraj Mehrotra
Technology Trends
The Internet provides a “virtual” medium for communications and commerce that transcends many of the limitations in the physical world.This presents a mixed blessing: the capacity to achieve near parity with competitors located any place, offset by expectations and the complexity in doing business across jurisdictions.We must ascend new learning curves and make sizeable equipment investments to accrue efficiency and productivity gains.
By: Dheeraj Mehrotra
Marketplace Trends
The Internet reduces market entry barriers.It provides a new medium, that can reduce transaction costs and promote “frictionless” commerce.It can eliminate intermediaries that do not add sufficient value (“disintermediation”), but it also can create new opportunities, e.g., content portals, auctioneers and B2B brokers. It reduces comparative and competitive disadvantages based on location alone.It offers the promise of faster,better, smarter, cheaper and more convenient services.
By: Dheeraj Mehrotra
Business in the 21 st Century
All businesses in 21 st century will be more and more knowledge based. IT will be a strong enabler for the businessBusinesses will stick to their core competenciesLogistics will be criticalLayers of management structures will shrinkChanging Business RelationshipsAnd the Cyber Security shall be a concern for all…………………..
By: Dheeraj Mehrotra
How business will bedone in the 21 st Century
Deal with well informed customers with high service standards expectationPaperless Offices and work flow based executionBusiness at any hourVirtual Showrooms and TeleshoppingAnd again the Cyber Security shall be a concern for all………….
By: Dheeraj Mehrotra
The need for cyber laws
To facilitate e-commerceTo curb Cyber crimes. Cyber crimes can have a devastating effectE-Governance
By: Dheeraj Mehrotra
How the Internet Affects the Law
Internet mediation does not necessarily foreclose the application of preexisting laws; something unlawful, regulated or licensed does not become lawful, unregulated and unlicensed simply through Internet-mediation. The transborder nature of Internet commerce and communications challenges national sovereignty and the jurisdictional reach of laws and regulations.Technological innovations, coupled with the global reach of the Internet, threaten the viability of laws including ones protecting intellectual property, privacy and consumers.
By: Dheeraj Mehrotra
What is Cyberlaw ?
Cyberlaw is a generic term which refers to all the legal and regulatory aspects of Information Technology in the Cyber space
Anything related to or concerning any activity of netizens and others, within Cyberspace comes within the the ambit of Cyberlaw
A vibrant and effective regulatory mechanism is crucial for the success of e-Commerce
By: Dheeraj Mehrotra
INDIAN SCENARIO: A Layman’s View of Cyber Security
By: Dheeraj Mehrotra
The Information Technology Act 2000
India is the 13th country to pass legislation on Information Technology.
The I.T. Act received the President’s sanction on 9th June, 2000.The I.T. Act is effective from 17th October, 2000.
By: Dheeraj Mehrotra
Salient Features of I.T Act
Computer data accorded legal sanctity Certifying Authorities for Digital Signature
established Digital Signature recognised Cyber crimes to invite tough penalties E-Governance
By: Dheeraj Mehrotra
Salient features of I.T.Act
Police Authorities given powers of enforcement
Appellate authorities set up
By: Dheeraj Mehrotra
Legal recognition for electronic records
An electronic data will be considered as a valid evidence in the court of law.
The following conditions have to be satisfied: The information contained in the data is accessible for
subsequent use or reference. The electronic record is retained or reproducible in the
format in which it was originally generated, sent or received
Facilitate identification of the origin, date and time of despatch or receipt of such electronic record.
By: Dheeraj Mehrotra
Digital CertificateDigital Certificate
A Digital Certificate is an “electronic card” that establishes one’s credentials when doing business or other transactions on the web.
Issuing AuthorityIssuing Authority Certifying Authority is a person to whom a
license has been granted to issue a Digital Certificate which is used to create public-private key pairs and digital signatures.
By: Dheeraj Mehrotra
Eligibility criteria for Eligibility criteria for Certifying AuthoritiesCertifying Authorities
An individual being a citizen of India, who has a capital of Rs 5 crores in his business or profession
A company with a paid up capital of Rs 5 crores and net worth not less than Rs 50 crores and with a foreign holding of not more than 49 %
A firm with capital of all partners exceeding 5 crores and net worth exceeding Rs 50 croresBy: Dheeraj Mehrotra
Certifying AuthoritiesCertifying Authorities
Certifying Authority to be monitored by the Controller of Certifying Authorities.
Duties, rights and responsibilities specified in the rules
By: Dheeraj Mehrotra
Digital Signature A digital signature is a digital code that can be
attached to an electronically transmitted message to uniquely identify the stranger.
Unlike a handwritten signature, a digital signature binds the content of a message to the signer in such a way that if even one bit in the message changes enroute, the signature will not verify at the other end.
By: Dheeraj Mehrotra
Authentication of Digital Signatures
Any subscriber (a person in whose name digital signature is issued)may authenticate an electronic record by affixing his digital signature
A Digital Signature is secure if it has the following attributes : Unique to subscriber affixing it Capable of identifying such subscriber Created in an manner or using means under the
exclusive control of the subscriber
By: Dheeraj Mehrotra
Duties of the subscriber
Subscriber to generate the key pair by using the prescribed security procedure
Subscriber to exercise reasonable care to retain control over the private key
Cannot refute a document to which his signature is affixed as not sent by him using his private key
By: Dheeraj Mehrotra
Revocation of Digital Signature Certificate
Upon request made by a subscriber Upon the death by a subscriber Upon dissolution of firm or company Requirements for issuance of digital
signature not fulfilled by subscriber
By: Dheeraj Mehrotra
Cyber Crimes
What is Cyber Crime? All activities done with
criminal intent in Cyber space. These could beeither the criminal activities in the conventional sense or could beactivities, newly evolved with growth of new medium.
By: Dheeraj Mehrotra
Major Cybercrimes
Unauthorised access to a computer system Unauthorised access to data or information Introduces or causes to introduce viruses Tampering with computer source documents Cause Damage to Computer system or causes any
disruption Denies access to any person authorised to access
the computer system Spread of viruses
By: Dheeraj Mehrotra
Major Cybercrimes
Uses or down loads un-licensed software Hacking Publishing obscene information Breach of confidentiality and privacy Cyber Squatting Spread of viruses
By: Dheeraj Mehrotra
CYBERLAWS FOR E-COMMERCE
• Cybercrimes are on the increase.
• Cybercrimes can be said to be of three categories : Cybercrime against propertyCybercrime against persons Cybercrime against nations
By: Dheeraj Mehrotra
Electronic Governance
Filing of forms, application or other documents in any government office in the electronic form as per the manner prescribed is given legal sanctity
By: Dheeraj Mehrotra
Special Provisions for ISPs
Service Providers considered as intermediaries ISPs – Internet Service Providers to maintain
log of all their customers and the sites they have visited. For this special software is required to be installed.
Such data to be produced on demand by ISPs to any enquiry officer
By: Dheeraj Mehrotra
THE INFORMATION TECHNOLOGY ACT,
2000
India enacted its first law, namely, the Information Technology Act, 2000 on 17th May, 2000. The said law received the assent of the President on 9th June, 2000 and it was finally implemented on 17th October, 2000.
By: Dheeraj Mehrotra
I T ACT,2000- OBJECTSAims to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication commonly referred to as electronic commerce which involve the alternatives to paper based methods of communication and storage of information.
By: Dheeraj Mehrotra
I T ACT,2000- OBJECTS
To facilitate electronic filing of documents with Government agencies .To amend four laws of the country, The Indian Penal Code, The Indian Evidence Act, 1872, The Bankers Book Evidence Act, 1881 and The Reserve Bank of India Act, 1934.
By: Dheeraj Mehrotra
DIGITAL SIGNATURE NECESSARY FOR
E-COMMERCE
Once digital signatures come in, there will be great enabling factors in boosting up authenticity of electronic records and contracts and would further in turn boost up the e-commerce scenario in our country.
By: Dheeraj Mehrotra
CYBERCRIME AND IT ACT
• IT Act defines various cyber crimes. • Cyber offences have been declared
as penal offences punishable with imprisonment and fine.
• These include hacking , damage to computer source code, publishing in an electronic form any information which is lascivious, breach of privacy and confidentiality and publishing digital signatures false in certain particulars.
By: Dheeraj Mehrotra
Machinery created for implementation of the Act
Powers of Police Officers and Other Officers
Establishment of Cyber Appellate Tribunal
By: Dheeraj Mehrotra
Conclusions: Observatory facts at a glance
The Internet (and in particular the World Wide Web) already has begun to change how we communicate and engage in commerce.However, the “we” is not inclusive: a Digital Divide separates people with the finances, computer literacy skills and interest and those lacking one or more of these prerequisites.We need to understand the risks and rewards of Internet use. Legislators, regulators and judges must recognize how Internet-mediation parallels older media, but also how it creates new challenges and questions to existing models.
By: Dheeraj Mehrotra
DRACONIAN POWERS OF POLICE
•Draconian powers given to a DSP
•Nowhere in the world do be find a parallel of such a wide and unrestricted power being given to any officer for the purpose of investigating and preventing the commission of a cyber crime. By: Dheeraj Mehrotra
DRACONIAN POWERS OF POLICE
• After all, the power given by the IT Act to the said DSP includes the power to " enter any public place and search and arrest without warrant any person found therein who is reasonably suspected or having committed or of committing or of being about to commit any offence under this Act."
• The said power given without any restrictions of any kind whatsoever.
By: Dheeraj Mehrotra
INTERCEPTION OF INFORMATION
• Any agency of the government can intercept any information transmitted through any computer resource if the same is necessary in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence.
By: Dheeraj Mehrotra
INTERCEPTION OF INFORMATION
•This is one provision which is likely to be misused
•No standards or provisions have been laid down by the IT Act, which define any conditions detailed above.
•Gross violation of individual freedom and that aforesaid conditions are unreasonable.By: Dheeraj Mehrotra
LIABILITY OF NETWORK SERVICE
PROVIDERS• The normal principle laid down by
the IT Act, 2000 is that the ISPs are liable for any third party information and data made available by them.
• Section79 talks of liability of network service providers for all third party data and information made available by them on their service.
By: Dheeraj Mehrotra
HACKINGHacking has been made a penal offence punishable with imprisonment and fine. “ Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking”
By: Dheeraj Mehrotra
NEED FOR COMPLIANCE WITH IT
ACT,2000
All companies doing e-commerce need to ensure that they comply with the mandatory requirements of compliance under the I T Act and the I T Rules.
By: Dheeraj Mehrotra
I T SECURITY POLICY
Companies must have a detailed I T Security Policy in tune with the mandatory specific provisions of the IT Act and IT Rules. This is absolutely essential in order to enable any company to take benefit of the provisions of the I T Act in case of any dispute in the coming times.By: Dheeraj Mehrotra
SEARCH ENGINE ISSUES
In case, if your website has a search facility or a search engine, specific declaration about the same needs to be given on the homepage. Express disclaiming statements need to be given that search engine is only spidering the web for the requested query on the basis of the relevant technology and that the website, owners and administrators are not liable in any manner whatsoever in any event or for any cause whatsoever for the search results.
By: Dheeraj Mehrotra
LINKING
Websites should have specific linking policy in case they provide links. The said policy should specifically state the crux of understanding or agreement with linking websites and other consequent benefits. By: Dheeraj Mehrotra
SECURITY
•Security issues are of immense importance in Cyberlaw.
•Crucial issues of Security are addressed in the IT Act, 2000 and IT Rules, 2000 By: Dheeraj Mehrotra
FACTORS FOR CONSIDERATION FOR BUYERS AND SELLERS
Buyers and sellers need to know the identity of the person with whom they are interacting.The content of the terms to be agreed upon between parties have to be crystal clear and without doubt.
By: Dheeraj Mehrotra
DISPUTE RESOLUTION
There must be a clarity of thought process on the mechanism for dispute resolution, should a dispute realize. This may be in the form of either online arbitration or arbitration in the actual world.
By: Dheeraj Mehrotra
INDIAN CYBERLAW DOES NOT TALK
ABOUT
• DATA PROTECTION• RIGHT TO INFORMATION• ONLINE INTELLECTUAL
PROPERTY RIGHTS• PRIVACY • CONFIDENTIALITY• E-TAXATION• DOMAIN NAMES ISSUES
By: Dheeraj Mehrotra
NEED FOR EDUCATION
•Need for educating employees about potential cybercrimes and how to escape harassment arising from the said offences.
•Cybercrime to be investigated only by a police officer not below the rank of the Deputy Superintendent of Police.
By: Dheeraj Mehrotra
CONCLUSION• The IT Act, 2000 is the first
step forward.The other steps have to follow. However, the government has to be quick in responding to the challenges raised by the constantly changing technologies. Just as time does not wait for anyone, so does Internet. The time to act is right now. By: Dheeraj Mehrotra
Let us all analyse the fact that the e-Commerce Success
Will depend on• Information Technology and knowledge
based industries• Physical logistics• Smart Commercial Chain• Cyber laws and Digital Law enforcement• Cheaper Hardware, Software and Internet• People with e-vision and common sense
By: Dheeraj Mehrotra
Launch Nation wide information security campaign: Information on cyber security related aspects is the concern of all the computer network / Internet users. Thus, the Government should take appropriate steps to inform the public about cyber security in a well-organised manner. This could be done by organising workshops / trainings, regular discussions / talks on TV during prime time, publishing articles etc. in the leading newspapers on cyber security and counter security aspects.
What is needed today is ……………
By: Dheeraj Mehrotra
What is needed today as already in practice is ……………
Develop cyber security related curriculum for IT course: This will include identification of the cyber security courses which could be offered as part of IT education both in the formal and non-formal education sector. To identify the cyber security related course areas such as:-
Fundamentals of Cyber Security; Cyber Security Techniques and Mechanisms; Cyber Security Protocols, Threats and Defenses; E-business Security and Information Assurance etc. , a subgroup could be formed. The subgroup could include members from Academic Institutes - IITs, IISc etc.; Research institutes / labs - DRDO, ISRO, BARC, TIFR etc; Industry - WIPRO, INFOSYS, SCL etc.; certification agencies like STQC; and other leading computer organisations like CDAC etc. While developing the overall curriculum, Sub-group will take into consideration the HR requirements as projected by the Working Group.
By: Dheeraj Mehrotra
Let us all come together to prevent Cyber Crime, as
TOGETHER WE CAN.
Thankyou for the kind support.www.computerscienceexpertise.com
wishes you all a
QUALITY OF WORK LIFE AHEAD.By: Dheeraj Mehrotra