Information Security : Benild Joseph


Published on

Session on "Information Security" by Benild Joseph - Limca Book Record Holder | Ethical Hacker | Information Security Consultant | Speaker | Author | Corporate Trainer

Published in: Technology

Information Security : Benild Joseph

  2. 2. Main topic’s are listed below .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions & cyber threats Copyrights and Patents 7 6 5 4 3 2 1
  3. 3. Main topic’s are listed below .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1✓
  4. 4. Information security: Introduction Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
  5. 5. Information security: Introduction (conts… ) Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. For the individual, information security has a significant effect on privacy, which is viewed very differently in different cultures. The field of information security has grown and evolved significantly in recent years. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics science, etc.
  6. 6. Information security: History The end of the 20th century and early years of the 21st century saw rapid advancements in telecommunications, computing hardware and software, and data encryption. The availability of smaller, more powerful and less expensive computing equipment made electronic data processing within the reach of small business and the home user. These computers quickly became interconnected through a network generically called the Internet or World Wide Web. The rapid growth and widespread use of electronic data processing and electronic business conducted through the Internet, along with numerous occurrences of international terrorism, fueled the need for better methods of protecting the computers and the information they store, process and transmit. The academic disciplines of computer security, information security and information assurance emerged along with numerous professional organizations - all sharing the common goals of ensuring the security and reliability of information systems
  7. 7. Information security: Basic Principles Key concept: For over twenty years, information security has held confidentiality, integrity and availability (known as the CIA triad) to be the core principles of information security. IIn 2002, Donn Parker proposed an alternative model for the classic CIA triad that he called the six atomic elements of information. The elements are confidentiality, possession, integrity, authenticity, availability, and utility.
  8. 8. 3 Core Principles Information security: Basic Principles Your own footer Your Logo Safeguarding the accuracy and completeness of information and processing methods IntegrityConfidentiality Ensuring that authorized users have access to information and associated assets when required Availability Ensuring that information is accessible only to those authorized to have access 321
  9. 9. Information security: Risk Management The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization Risk is the likelihood that something bad will happen that causes harm to an informational asset (or the loss of the asset). A vulnerability is a weakness that could be used to endanger or cause harm to an informational asset. A threat is anything (man made or act of nature) that has the potential to cause harm. A risk assessment is carried out by a team of people who have knowledge of specific areas of the business. Membership of the team may vary over time as different parts of the business are assessed. The assessment may use a subjective qualitative analysis based on informed opinion, or where reliable dollar figures and historical information is available, the analysis may use quantitative analysis.
  10. 10. Information security: Risk Management The research has shown that the most vulnerable point in most information systems is the human user, operator, designer, or other human The ISO/IEC 27002:2005 Code of practice for information security management recommends the following be examined during a risk assessment: •security policy, •organization of information security, •asset management, •human resources security, •physical and environmental security, •communications and operations management, •access control, •development and maintenance, •information security incident management, •regulatory compliance.
  11. 11. Information security: Risk Management In broad terms the risk management process consists of: 1. Identification of assets and estimating their value. Include: people, buildings, hardware, software, data (electronic, print, other), supplies. 2. Conduct a threat assessment. Include: Acts of nature, acts of war, accidents, malicious acts originating from inside or outside the organization. 3. Conduct a vulnerability assessment, and for each vulnerability, calculate the probability that it will be exploited. Evaluate policies, procedures, standards, training, physical security, quality control, technical security. 4. Calculate the impact that each threat would have on each asset. Use qualitative analysis or quantitative analysis. 5. Identify, select and implement appropriate controls. Provide a proportional response. Consider productivity, cost effectiveness, and value of the asset. 6. Evaluate the effectiveness of the control measures. Ensure the controls provide the required cost effective protection without discernible loss of productivity.
  12. 12. Information security: Controls When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls. 1) Administrative Administrative controls consist of approved written policies, procedures, standards and guidelines. Laws and regulations created by government bodies are also a type of administrative control because they inform the business. Some industry sectors have policies, procedures, standards and guidelines that must be followed - the Payment Card Industry (PCI) Data Security Standard required by Visa and Master Card is such an example. Other examples of administrative controls include the corporate security policy, password policy, hiring policies, and disciplinary policies. 2) Logical Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. For example: passwords, network and host based firewalls, network intrusion detection systems, access control lists, and data encryption are logical controls. An important logical control that is frequently overlooked is the principle of least privilege.
  13. 13. Information security: Controls 3) Physical Physical controls monitor and control the environment of the work place and computing facilities. They also monitor and control access to and from such facilities. For example: doors, locks, heating and air conditioning, smoke and fire alarms, fire suppression systems, cameras, barricades, fencing, security guards, cable locks, etc. Separating the network and work place into functional areas are also physical controls.
  14. 14. Information security: Security Classification for Information An important aspect of information security and risk management is recognizing the value of information and defining appropriate procedures and protection requirements for the information. Not all information is equal and so not all information requires the same degree of protection. This requires information to be assigned a security classification. Some factors that influence which classification information should be assigned include how much value that information has to the organization, how old the information is and whether or not the information has become obsolete. Laws and other regulatory requirements are also important considerations when classifying information. The type of information security classification labels selected and used will depend on the nature of the organization, with examples being: In the business sector, labels such as: Public, Sensitive, Private, Confidential. In the government sector, labels such as: Unclassified, Sensitive But Unclassified, Restricted, Confidential, Secret, Top Secret and their non-English equivalents. In cross-sectoral formations, the Traffic Light Protocol, which consists of: White, Green, Amber and Red. The classification of a particular information asset has been assigned should be reviewed periodically to ensure the classification is still appropriate for the information and to ensure the security controls required by the classification are in place.
  15. 15. Information security: Access Control Access to protected information must be restricted to people who are authorized to access the information. The computer programs, and in many cases the computers that process the information, must also be authorized. This requires that mechanisms be in place to control the access to protected information. The sophistication of the access control mechanisms should be in parity with the value of the information being protected - the more sensitive or valuable the information the stronger the control mechanisms need to be. The foundation on which access control mechanisms are built start with identification and authentication. Identification is an assertion of who someone is or what something is. Authentication is the act of verifying a claim of identity. After a program or computer has successfully been identified and authenticated then it must be determined what informational resources they are permitted to access and what actions they will be allowed to perform (run, view, create, delete, or change). This is called authorization. Authorization to access information and other computing services begins with administrative policies and procedures. The policies prescribe what information and computing services can be accessed, by whom, and under what conditions. The access control mechanisms are then configured to enforce these policies.
  16. 16. Information security: Cryptography Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called encryption. Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user, who possesses the cryptographic key, through the process of decryption. Cryptography is used in information security to protect information from unauthorized or accidental disclosure while the information is in transit (either electronically or physically) and while information is in storage. Cryptography provides information security with other useful applications as well including improved authentication methods, message digests, digital signatures, non-repudiation, and encrypted network communications. Older less secure application such as telnet and ftp are slowly being replaced with more secure applications such as ssh that use encrypted network communications. Wireless communications can be encrypted using protocols such as WPA/WPA2 or the older (and less secure) WEP. Wired communications (such as ITU-T are secured using AES for encryption and X.1035 for authentication and key exchange. Software applications such as GnuPG or PGP can be used to encrypt data files and Email.
  17. 17. Information security: Defense in Depth Information security must protect information throughout the life span of the information, from the initial creation of the information on through to the final disposal of the information. The information must be protected while in motion and while at rest. During its life time, information may pass through many different information processing systems and through many different parts of information processing systems. There are many different ways the information and information systems can be threatened. To fully protect the information during its lifetime, each component of the information processing system must have its own protection mechanisms. The building up, layering on and overlapping of security measures is called defense in depth. The strength of any system is no greater than its weakest link. Using a defence in depth strategy, should one defensive measure fail there are other defensive measures in place that continue to provide protection.
  18. 18. Information security: Governance & Change Management The Software Engineering Institute at Carnegie Mellon University, in a publication titled "Governing for Enterprise Security (GES)", defines characteristics of effective security governance. These include: An enterprise-wide issue, Leaders are accountable, Viewed as a business requirement, Risk-based Roles, responsibilities, and segregation of duties defined, Addressed and enforced in policy, Adequate resources committed Staff aware and trained, A development life cycle requirement, Planned, managed, measurable, and measured Reviewed and audited Change management (ITSM) Change management is a formal process for directing and controlling alterations to the information processing environment. This includes alterations to desktop computers, the network, servers and software. The objectives of change management are to reduce the risks posed by changes to the information processing environment and improve the stability and reliability of the processing environment as changes are made. The responsibility of the Change Review Board is to ensure the organizations documented change management procedures are followed. The change management process includes , Requesting ,Approval, Planning, Testing, Scheduling, Communicating, Implementing, Documenting and Post Change Review..
  19. 19. Information security: Business Continuity & Security Standards Business continuity is the mechanism by which an organization continues to operate its critical business units, during planned or unplanned disruptions that affect normal business operations, by invoking planned and managed procedures. Information Security Standards International Organization for Standardization (ISO) is a consortium of national standards institutes from 157 countries with a Central Secretariat in Geneva Switzerland that coordinates the system. The ISO is the world's largest developer of standards. The ISO-15443: "Information technology - Security techniques - A framework for IT security assurance", ISO-27002 (previously ISO-17799): "Information technology - Security techniques - Code of practice for information security management", ISO- 20000: "Information technology - Service management", and ISO-27001: "Information technology - Security techniques - Information security management systems" are of particular interest to information security professionals.
  20. 20. Information security: Conclusion So, Information security is the ongoing process of exercising due care and due diligence to protect information, and information systems, from unauthorized access, use, disclosure, destruction, modification, or disruption or distribution. The never ending process of information security involves ongoing training, assessment, protection, monitoring & detection, incident response & repair, documentation, and review. This makes information security an indispensable part of all the business operations across different domains.
  21. 21. Let’s move to the next topic .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1 ✓
  22. 22. Privacy Issues: Introduction Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm. Privacy is broader than security and includes the concepts of appropriate use and protection of information.
  23. 23. Privacy Issues: with Technology As technology has advanced, the way in which privacy is protected and violated has changed with it. In the case of some technologies, such as the printing press or the Internet, the increased ability to share information can lead to new ways in which privacy can be breached. It is generally agreed that the first publication advocating privacy in the United States was the article by Samuel Warren, that was written largely in response to the increase in newspapers and photographs made possible by printing technologies.
  24. 24. Privacy Issues: with Internet The Internet has brought new concerns about privacy in an age where computers can permanently store records of everything: "where every online photo, status update, Twitter post and blog entry by and about us can be stored forever,. This currently has an effect on employment. Microsoft reports that 75 percent of U.S. recruiters and human-resource professionals now do online research about candidates, often using information provided by search engines, social-networking sites, photo/video-sharing sites, personal web sites and blogs, and Twitter. They also report that 70 percent of U.S. recruiters have rejected candidates based on internet information. This has created a need by many to control various online privacy settings in addition to controlling their online reputations, both of which have led to legal suits against various sites and employers
  25. 25. Privacy Issues: Protection on Internet On the internet you almost always give away a lot of information about yourself: Unencrypted e-mails can be read by the administrators of the e-mail server, if the connection is not encrypted (no https), and also the internet service provider and other parties sniffing the traffic of that connection are able to know the contents. Furthermore, the same applies to any kind of traffic generated on the internet (web browsing, instant messaging, ...) In order not to give away too much personal information, e-mails can be encrypted and browsing of WebPages as well as other online activities can be done traceless via anonymizers, or, in cases those are not trusted, by open source distributed anonymizers, so called mix nets. Well known open-source mix nets are I2P - The Anonymous Network or tor.
  26. 26. Main topic’s are listed below .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1 ✓
  27. 27. Cyber Crime: Introduction Computer crime, cyber crime, e-crime, hi-tech crime or electronic crime generally refers to criminal activity where a computer or network is the source, tool, target, or place of a crime. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal Code. The abuse of computers has also given birth to a amount of new age crimes that are addressed by the Information Technology Act, 2000.
  28. 28. Cyber Crime: Categorization We can categorize Cyber crimes in two ways 1) The Computer as a Target :-using a computer to attack other computers. e.g. Hacking, Virus/Worm attacks, DOS attack etc. 2) The computer as a weapon :-using a computer to commit real world crimes. e.g. Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography etc.
  29. 29. Cyber Crime: Technical Aspects Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as a. Unauthorized access & Hacking:- Access means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. Unauthorized access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network. Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use ready-made computer programs to attack the target computer. They possess the desire to destruct and they get the kick out of such destruction. Some hackers hack for personal monetary gains, such as to stealing the credit card information, transferring money from various bank accounts to their own account followed by withdrawal of money. By hacking web server taking control on another persons website called as web hijacking
  30. 30. Cyber Crime: Technical Aspects (contd.. ) b. Trojan Attack:- The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans. Trojans come in two parts, a Client part and a Server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the Client to connect to the Server and start using the trojan. TCP/IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well. c. Virus and Worm attack:- A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses but spread from computer to computer are called as worms.
  31. 31. Cyber Crime: Technical Aspects (contd.. ) d. E-mail & IRC related crimes:- 1. Email spoofing Email spoofing refers to email that appears to have been originated from one source when it was actually sent from another source. Please Read 2. Email Spamming Email "spamming" refers to sending email to thousands and thousands of users - similar to a chain letter. 3 Sending malicious codes through email E-mails are used to send viruses, Trojans etc through emails as an attachment or by sending a link of website which on visiting downloads malicious code. 4. Email bombing E-mail "bombing" is characterized by abusers repeatedly sending an identical email message to a particular address. 5. Sending threatening emails 6. Email frauds 7. IRC related Three main ways to attack IRC are: "verbalâ⦣8218;?Ŧ#8220; attacks, clone attacks, and flood attacks.
  32. 32. Cyber Crime: Technical Aspects (contd.. ) e. Denial of Service attacks (DOS):- Flooding a computer resource with more requests than it can handle. This causes the resource to crash thereby denying access of service to authorized users. e. Pornography:- g. Forgery:- Counterfeit currency notes, postage and revenue stamps, mark sheets etc can be forged using sophisticated computers, printers and scanners. h. IPR Violations:- These include software piracy, copyright infringement, trademarks violations, theft of computer source code, patent violations. etc. Cyber Squatting- Domain names are also trademarks and protected by ICANN’s domain dispute resolution policy and also under trademark laws. i. Cyber Terrorism:- Targeted attacks on military installations, power plants, air traffic control, banks, trail traffic control, telecommunication networks are the most likely targets. Others like police, medical, fire and rescue systems etc. Cyberterrorism is an attractive option for modern terrorists for several reasons.
  33. 33. Cyber Crime: Technical Aspects (contd.. ) j. Banking/Credit card Related crimes:- In the corporate world, Internet hackers are continually looking for opportunities to compromise a company’s security in order to gain access to confidential banking and financial information. k. E-commerce/ Investment Frauds:- Sales and Investment frauds. An offering that uses false or fraudulent claims to solicit investments or loans, or that provides for the purchase, use, or trade of forged or counterfeit securities. Merchandise or services that were purchased or contracted by individuals online are never delivered. l. Sale of illegal articles:- This would include trade of narcotics, weapons and wildlife etc., by posting information on websites, auction websites, and bulletin boards or simply by using email communication. m. Online gambling:- There are millions of websites hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually fronts for money laundering. n.Cyber Stacking:- Cyber stalking involves following a persons movements across the Internet by posting messages (sometimes threatening) on the bulletin boards frequented by the victim, entering the chat-rooms frequented by the victim, constantly bombarding the victim with emails etc.
  34. 34. Cyber Crime: Technical Aspects (contd.. ) q. Identity Theft :- Identity theft is the fastest growing crime in countries like America. Identity theft occurs when someone appropriates another's personal information without their knowledge to commit theft or fraud. r. Data diddling:- Data diddling involves changing data prior or during input into a computer. In other words, information is changed from the way it should be entered by a person typing in the data, a virus that changes data, the programmer of the database or application, or anyone else involved in the process of having information stored in a computer file. s. Theft of Internet Hours:- Unauthorized use of Internet hours paid for by another person. By gaining access to an organisation's telephone switchboard (PBX) individuals or criminal organizations can obtain access to dial-in/dial-out circuits and then make their own calls or sell call time to third parties. t. Theft of computer system (Hardware):- This type of offence involves the theft of a computer, some part(s) of a computer or a peripheral attached to the computer. u. Physically damaging a computer system:- Physically damaging a computer or its peripheralseither by shock, fire or excess electric supply etc.
  35. 35. Cyber Law: Introduction As all the country’s India has it’s own Cyber Laws When Internet was developed, the founding fathers of Internet hardly had any inclination that Internet could transform itself into an all pervading revolution which could be missused for criminal activities and which required regulation. Due to the anonymous nature of the Internet, it is possible to engage into a variety of criminal activities with impunity and people with intelligence, have been grossly misusing this aspect of the Internet to perpetuate criminal activities in cyberspace.
  36. 36. Cyber Law: Importance Cyberlaw is important because it touches almost all aspects of transactions and activities on and concerning the Internet, the World Wide Web and Cyberspace. Initially it may seem that Cyberlaws is a very technical field and that it does not have any bearing to most activities in Cyberspace. But the actual truth is that nothing could be further than the truth. Whether we realize it or not, every action and every reaction in Cyberspace has some legal and Cyber legal perspectives.
  37. 37. Cyber Law: Advantages The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records. In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature. From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law. * Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act. * Digital signatures have been given legal validity and sanction in the Act. * The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. * The Act now allows Government to issue notification on the web thus heralding e-governance. * The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government. * The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date. * Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore. To download IT ACT 2000 got to the URL :
  38. 38. Let’s move to the next topic .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1 ✓
  39. 39. Cyber Addictions: Introduction Computer addiction, a loosely used term with Internet Addiction, or Video game addiction, is the excessive or compulsive use of computers that interferes with daily life. This disorder may affect the following: social interaction, mood, personality, work ethic, relationships, thought process. It may also cause social disorders or possibly sleep deprivation. It is important to note that as of now, psychologists are not sure how to label this disorder. Many refer to it as Internet Addiction Disorder; however, computer addiction originated long before internet use is as common as it is today.
  40. 40. Cyber Addictions: Symptoms Here are a list of symptoms one may encounter while suffering from computer addiciton: Using the computer for pleasure, gratification, or relief from stress. Feeling irritable and out of control or depressed when not using it. Spending increasing amounts of time and money on hardware, software, magazines, and computer-related activities. Neglecting work, school, or family obligations. Lying about the amount of time spent on computer activities. Risking loss of career goals, educational objectives, and personal relationships. Failing at repeated efforts to control computer use.
  41. 41. Cyber Threats: Introduction Computer systems are vulnerable to many threats that can inflict various types of damage resulting in significant losses. This damage can range from errors harming database integrity to fires destroying entire computer centers. The effects of various threats varies considerably: some affect the confidentiality or integrity of data while others affect the availability of a system
  42. 42. Cyber Threats: Losses 1. Errors and Omissions Errors and omissions are an important threat to data and system integrity. These errors are caused not only by data entry clerks processing hundreds of transactions per day, but also by all types of users who create and edit data. Many programs, especially those designed by users for personal computers, lack quality control measures. However, even the most sophisticated programs cannot detect all types of input errors or omissions. 2. Fraud and Theft Computer systems can be exploited for both fraud and theft both by "automating" traditional methods of fraud and by using new methods. For example, individuals may use a computer to skim small amounts of money from a large number of financial accounts, assuming that small discrepancies may not be investigated. Financial systems are not the only ones at risk. Systems that control access to any resource are targets (e.g., time and attendance systems, inventory systems, school grading systems, and long-distance telephone systems). 3. Malicious Hackers The term malicious hackers, sometimes called crackers, refers to those who break into computers without authorization. They can include both outsiders and insiders. Much of the rise of hacker activity is often attributed to increases in connectivity in both government and industry.
  43. 43. Cyber Threats: Losses (contd…) 4. Malicious Code Malicious code refers to viruses, worms, Trojan horses, logic bombs, and other "uninvited" software. Sometimes mistakenly associated only with personal computers, malicious code can attack other platforms. Malicious Software: A Few Key Terms Virus: A code segment that replicates by attaching copies of itself to existing executables. Trojan Horse: A program that performs a desired task, but that also includes unexpected (and undesirable) functions. Worm: A self-replicating program that is self-contained and does not require a host program. 8. Threats to Personal Privacy The accumulation of vast amounts of electronic information about individuals by governments, credit bureaus, and private companies, combined with the ability of computers to monitor, process, and aggregate large amounts of information about individuals have created a threat to individual privacy.
  44. 44. Main topic’s are listed below .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1 ✓
  45. 45. Information overloaded: Introduction "Information overload" is a term popularized by Alvin Toffler that refers to the difficulty a person can have understanding an issue and making decisions that can be caused by the presence of too much information . Users are now classified as active users because more people in society are participating in the Digital and Information Age. Therefore we see an information overload from the access to so much information, almost instantaneously, without knowing the validity of the content and the risk of misinformation.
  46. 46. Information overloaded: General Causes The general causes of information overload include: A rapidly increasing rate of new information being produced The ease of duplication and transmission of data across the Internet An increase in the available channels of incoming information (e.g. telephone, e-mail, instant messaging, rss) Large amounts of historical information to dig through A low signal-to-noise ratio A lack of a method for comparing and processing different kinds of information The pieces of information are unrelated or do not have any overall structure to reveal their relationships E-mail remains a major source of information overload, as people struggle to keep up with the rate of incoming messages. As well as filtering out unsolicited commercial messages (spam), users also have to contend with the growing use of e-mail attachments in the form of lengthy reports, presentations and media files.
  47. 47. Basic concept of IPR: Introduction Intellectual property (IP) is a legal field that refers to creations of the mind such as musical, literary, and artistic works; inventions; and symbols, names, images, and designs used in commerce, including copyrights, trademarks, patents, and related rights. Under intellectual property law, the holder of one of these abstract "properties" has certain exclusive rights to the creative work, commercial symbol, or invention by which it is covered.
  48. 48. Basic concept of IPR: Types Copyright Domain name Geographical indication Industrial design rights (or registered designs) Know how Moral rights Patent (for inventions) Utility model Personality rights Related rights Protected designation of origin Trade dress Trade secret Trademark (including service marks) Traditional knowledge Gene patents
  49. 49. Basic concept of IPR: Essential Elements IPR is a broad term for covering - 1) Patents for inventions 2) Copyrights for material 3) Trademarks for broad identity and 4) Trade secrets. In general these properties are termed as "Intellectual Property". Intellectual Property is an asset that can be bought or sold, licensed and exchanged. These properties are protected on a national basis.
  50. 50. Main topic’s are listed below .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1 ✓
  51. 51. Copy right & Patents: Introduction In the Cyber field these are the main stuff’s coming under Copyright & Patents : Software’s Domain Names ( Website Articles
  52. 52. Main topic’s are listed below .. CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1 ✓
  53. 53. Open access publishing models : Introduction Open Access comes in two forms, Gratis and Libre: Gratis OA is no-cost online access, while Libre OA offers some additional usage rights. Open content is similar to OA, but usually includes the right to modify the work, whereas in scholarly publishing it is usual to keep an article's content intact and to associate it with a fixed author. Creative Commons licenses can be used to specify usage rights. The Open Access idea can be extended to the learning objects and resources provided in e-learning.
  54. 54. Free software movement: Introduction The free software movement is a social and political movement[1] with the goal of ensuring software users' four basic freedoms: the freedom to run it, to study and change it, and to redistribute copies with or without changes. The alternative terms "software libre", "open source", and "FOSS" are associated with the free software movement. Although drawing on traditions and philosophies among members of the 1970s hacker culture, Richard Stallman is credited with launching the movement in 1983 by founding the GNU Project
  55. 55. Topic’s covered in the session CONTENTS Information Security Open access publishing models & Free software movement cyber crime & cyber Law Information overload & Basic concepts of IPR Privacy issues cyber addictions& cyber threats Copyrights and Patents 7 6 5 4 3 2 1 ✓ ✓ ✓ ✓ ✓ ✓ ✓
  56. 56. Questions ?
  57. 57. THANK YOU!