Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Presentation by balu at cysi 30052013


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Presentation by balu at cysi 30052013

  1. 1. Social Networking Sites-Security30 – 05 - 2013
  2. 2. Background SNSs-Facebook, Orkut, Twitter, Friendster, MySpace, Hi5, etc. Virtual community- People standoffish- New privacy settings - Criminals exploit –Inactiveness of the account - Poor security forinformation in social networking forum- Personal lives of people arepublicly discussed- Greater damage.
  3. 3. Privacy Right to control one’s personal information, Ability to determine how that information should be obtained andused. Right to Privacy is an implied right under Fundamental Rights. The Supreme Court of India Spelt out from the provision of Article 21which deals with the right to life and liberty. Its application vis-à-vis internet content has not yet been directlyclarified by a judicial ruling.
  4. 4. ITAA-2008-Protecting Privacy. Sections 43 A/ 72A for privacy issues. Section 43A- Sensitive Information/Reasonable Security Practice by thedata handlers-Compensation from the body corporate that has beennegligent. Section 72A -A person including an intermediary could be held liable ifhe discloses “sensitive information” which he accessed while providingservices under a contract.Continued.,
  5. 5. ITAA-2008-Encroaching privacy. Sections 69/ 69B encroach upon the right to privacy. Section 69 of the amended Act empowers the state to issue directions forinterception, monitoring, decryption of any information through anycomputer resource. Section 69B empowers the Government the authority to monitor, collecttraffic data or information through any computer resource for cybersecurity
  6. 6. Privacy and security The security and privacy issues are entirely two different beasts. A security issue occurs when a hacker gains unauthorized access to asite’s protected coding or written language. Privacy issues are those involving the unwarranted access to the privateinformation which doesn’t necessarily have to involve security breaches. But both types of breaches are often intertwined on social networks,especially since anyone who breaches a site’s security network opens thedoor for easy access to private information belonging to any user.
  7. 7. Youth culture. They may not always know what is appropriate, factual, or legal for them to viewor use. A youth who has grown up with computers, other IT devices and the Internetmay be developing different standards for behaving “online” as opposed to whenthey are “offline”, because they are interacting more via cyberspace, where socialsanctions are not clearly defined or consistently sanctioned as they are in thereal world. Concerns about youth creating fake profiles in order to carry out harmfulactivities online or, conversely, to protect their real identities are also increasingalong with social networking popularity lying about one’s age.
  8. 8. Data Protection by Corporations Social networking fraud. These sites create exponential networks andallow tapping into other people’s network and their friends’ networks. - The most common method for obtaining personal information is socialengineering. Once personal information is provided to anunscrupulous company or person, it is difficult to regain control of theinformation. Justification for restricting employee Internet access to socialnetworking sites in an organization- for the following reasons :virus orspyware prevention-employee productivity drain-bandwidth concerns-liability issues
  9. 9. Security Measures. Users can also block specific Facebook users . Facebook also limits theability of search-site Web crawlers to harvest user information. A new option has also been introduced by Facebook where a user whologs in from a different computer is asked for authorization. This login is notified to the registered email of the Facebook user. So ifthe account is hacked or an unknown user logs in, the information ofsuch an access is instantaneously sent on the registered email.
  10. 10. ITAA-2008-0FFENCES. Jurisdiction under IT Act, 2008 extends to persons outside India andpersons who are not citizens of India provided at least one computersituated in India has been used in the commission of the offence. Thatis the reason why they have adopted two distinct provisions relating tojurisdiction, in Section 1(2) and Section 75. Section 66: This Section is attracted when the imposter fraudulentlyand dishonestly with ulterior motive uses the fake profiles to spreadspam or viruses or commit data theftContinued.,
  11. 11.  Section 66A: When the imposter posts offensive or menacinginformation on the fake profile concerning the person in whose namethe profile is created. Further, the fake profile also misleads therecipient about the origin of the Message posted.. Section 66C: When the imposter uses the unique identificationfeature of the real person like his/her photograph and other personaldetails to create a fake profile, the offence under Section 66CInformation Technology Act is attracted Section 66D: When the imposter personates the real person by meansof a fake profile and cheats then the provision of Section 66D isattracted .Continued.,
  12. 12.  Section 79 An intermediary shall not be liable for any third partyinformation data or communication link made available or hosted byhim if; (a) the function of the intermediary is limited to providingaccess to a communication system over which information madeavailable by third parties is transmitted or temporarily stored or hosted;(b) the intermediary does not initiate the transmission or select thereceiver of the transmission and select or modify the informationcontained in the transmission; (c) the intermediary observes duediligence while discharging his duties.Continued.,
  13. 13.  Section 85 Every person who, at the time of the contravention, was incharge of and was responsible for the conduct of the business of thecompany would be guilty of the contravention. Not liable if he proves that the contravention took place without hisknowledge/ he exercised all due diligence to prevent the contravention . “Body corporate” has been defined as any company and includes afirm, sole proprietorship or other association of individuals engaged incommercial or professional activities. Thus, government agencies andnonprofit organizations are entirely excluded from the ambit of thissection.
  14. 14. Conclusion and Suggestions Adequate amount of caution/ common sense. Anti-Phishing Working Group (APWG). Anti-spam reputation systems. Awareness-raising/educational campaigns by users/Sites. Cross reference verification by social networking websites. Cyber Crime Insurance Programme. Discover trends to prevent future harm. Effective enforcement of laws Encouragement for “Security Culture” in the community.Continued.,
  15. 15.  External auditors for updating knowledge/ procedures. ICP should be made liable and not the ISP. Information Security Auditors in the organization. Introduce IPv6 for IPv4 for better monitoring and security. Pop-up confirmation. Read and understand documents. Regularly check your privacy settings on social networking sites. Research should be carried out Self-regulation. Skill improvement of IOs/prosecuting and judicial officers. Taught Children about the harms and ways to counter it.
  16. 16. Thank You " SEC RITY IS NOT COMPLETE WITHOUT U "S.Balu , Addl.SP. (Retd)/Adviser-Admin & PR,HAND IN HAND INDIA.Cell : +91 9841013541E-mail :