SlideShare a Scribd company logo

Information Security and Indian IT Act 2000

Download as PPTX, PDF
Dr. Prashant Vats
Dr. Prashant Vats

The document discusses information security. It defines information security and discusses its objectives of confidentiality, integrity, and availability. It also discusses the differences between information security, cybersecurity, and network security. Some key threats to information security are discussed such as viruses, malware, ransomware, phishing attacks, and denial of service attacks. The need for information security and regulatory compliance is explained. Risk management processes for information security are also summarized.

1 of 42
INDIRA GANDHI DELHI TECHNICAL UNIVERSITY FOR WOMEN By: Prashant Kumar Vats, B. Tech. (IT),M. Tech. (IT), Ph.D. (CSE), M.A. in Education, P.G. Diploma in Cyber Laws. Subject - Cyber Laws & Rights M. tech. 3rd Sem., ISM.
Security of Information
What is Information Security? • Information Security is not only about securing information from unauthorized access. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. • Information security, sometimes abbreviated to infosec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it's being stored and when it's being transmitted from one machine or physical location to another. You might sometimes see it referred to as data security. • Information can be physical or electronic one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. • Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc. • As knowledge has become one of the 21st century's most important assets, efforts to keep information secure have correspondingly become increasingly important.
Information security vs. cybersecurity • sometimes information security and cyber security used interchangeably. • Strictly speaking, cyber security is the broader practice of defending IT assets from attack, • Information security is a specific discipline under the cyber security umbrella. • Network security and application security are sister practices to information security, focusing on networks and app code, respectively. • You can't secure data transmitted across an insecure network or manipulated by a leaky application. • As well, there is plenty of information that isn't stored electronically that also needs to be protected.
Objectives of Information Security • Information Security programs are build around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability. • Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached. • Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way. For example if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data. • Availability – means information must be available when needed. For example if one needs to access information of a particular employee to check whether employee has outstand the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management. • Denial of service attack is one of the factor that can hamper the availability of information.
Some more principle that governs information security programs • Non repudiation – means one party cannot deny receiving a message or a transaction nor can the other party deny sending a message or a transaction. For example in cryptography it is sufficient to show that message matches the digital signature signed with sender’s private key and that sender could have a sent a message and nobody else could have altered it in transit. Data Integrity and Authenticity are pre-requisites for Non repudiation. • Authenticity – means verifying that users are who they say they are and that each input arriving at destination is from a trusted source. This principle if followed guarantees the valid and genuine message received from a trusted source through a valid transmission. For example if take above example sender sends the message along with digital signature which was generated using the hash value of message and private key. Now at the receiver side this digital signature is decrypted using the public key generating a hash value and message is again hashed to generate the hash value. If the 2 value matches then it is known as valid transmission with the authentic or we say genuine message received at the recipient side • Accountability – means that it should be possible to trace actions of an entity uniquely to that entity. For example as we discussed in Integrity section Not every employee should be allowed to do changes in other employees data. For this there is a separate department in an organization that is responsible for making such changes and when they receive request for a change then that letter must be signed by higher authority for example Director of college and person that is allotted that change will be able to do change after verifying his bio metrics, thus timestamp with the user(doing changes) details get recorded. Thus we can say if a change goes like this then it will be possible to trace the actions uniquely to an entity.
Difference between Cyber Security and Information Security
CYBER SECURITY INFORMATION SECURITY It is the practice of protecting the data from outside the resource on the internet. It is all about protecting information from unauthorized user, access and data modification or removal in order to provide confidentiality, integrity, and availability. It is about the ability to protect the use of cyberspace from cyber attacks. It deals with protection of data from any form of threat. Cybersecurity to protect anything in the cyber realm. Information security is for information irrespective of the realm. Cybersecurity deals with danger against cyberspace. Information security deals with the protection of data from any form of threat. Cybersecurity strikes against Cyber crimes, cyber frauds and law enforcement. Information security strives against unauthorised access, disclosure modification and disruption. On the other hand cyber security professionals with cyber security deals with advanced persistent threat. Information security professionals is the foundation of data security and security professionals associated with it prioritize resources first before dealing with threats. It deals with threats that may or may not exist in the cyber realm such as a protecting your social media account, personal information, etc. It deals with information Assets and integrity confidentiality and availability.
Difference between Information Security and Network Security
INFORMATION SECURITY NETWORK SECURITY It protects information from unauthorized user, access and data modification. It protects the data flowing over the network. It is super set of cyber security and network security. It is a subset of cyber security. Information security is for information irrespective of the realm. It protects anything in the network realm. It deals with the protection of data from any form of threat. It deals with the protection from DOS attacks. It strikes against unauthorized access, disclosure modification and disruption. Network Security strikes against trojans. It provides confidentiality, integrity and availability. It provides security over network only. Information security ensures to protect transit and stationary data both. Network security ensures to protect the transit data only. It deals with information assets and integrity, confidentiality and availability. It secures the data travelling across the network by terminals.
Need Of Information Security • Protecting the functionality of the organization: The decision maker in organizations must set policy and operates their organization in compliance with the complex, shifting legislation, efficient and capable applications. • Enabling the safe operation of applications: The organization is under immense pressure to acquire and operates integrated, efficient and capable applications. The modern organization needs to create an environment that safeguards application using the organizations IT systems, particularly those application that serves as important elements of the infrastructure of the organization. • Protecting the data that the organization collect and use: Data in the organization can be in two forms that are either in rest or in motion, the motion of data signifies that data is currently used or processed by the system. The values of the data motivated the attackers to seal or corrupts the data. This is essential for the integrity and the values of the organization's data. Information security ensures protection of both data in motion as well as data in rest. • Safeguarding technology assets in organizations: The organization must add intrastate services based on the size and scope of the organization. Organizational growth could lead to the need for public key infrastructure, PKI an integrated system of the software, encryption methodologies..
Cyber Crime – Mobile Security Threats • Mobile devices are now an essential need for every person for day-to-day tasks. As a result, the number of mobile users is rising exponentially. • This gives us the direction to think about the data they process and what security mechanisms are being taken by mobile application developers to keep the user’s data secure. • There was a time when the biggest threat to the data was due to spyware which runs silently on the computer background and steals user data. • Now even mobile devices are a fruit target for cybercriminals to steal your data without even getting noticed. • When it comes to securing mobile data, use an antivirus application that tends to protect your data from getting breached.
Types of Mobile Security Threats • Web-Based Threats – These types of threats happen when people visit sites that appear to be fine on the front-end but in reality, automatically download malicious content onto the mobile devices. Also, many mobile applications continue to sync their data in the background which poses a threat. These threats usually go un-noticed by the users. – Phishing Through Links : Some legitimate-looking links are sent through messages, emails, or social media platforms. They extract personal information by tricking with several schemes. It is not possible to categorize them as real or fake as they copy the original website. – Forced Downloads : When you visit a page through anonymous links, it automatically directs you to the download page. This method is called drive-by downloads. • Physical Threats – These threats happen when someone physically tries to access your device. When you lose your mobile, or it is stolen there is a possibility for physical threats. Mobile devices carry your transactional data as well as has connected applications to your bank accounts, which is a threat to your privacy breach. – No Password Protection : With keeping all measures to secure your data, it is surprising to know that some people find it difficult to use a password on their devices, or they rather use a password that is easy to crack by hackers. This leads to physical threats. – Encryption : While using carrier networks they generally provide good encryption while accessing servers. But while accessing some client and enterprise servers they are explicitly managed. They are not end-to-end encrypted which can lead to physical threats.
Types of Mobile Security Threats • Network-Based Threats – Mobile network includes both Cellular and Local network support such as Bluetooth and Wi-Fi. These are used to host network threats. These threats are especially dangerous as the cybercriminals can steal unencrypted data while people use public WiFi networks. – Public WiFi : While we are using our devices for every task, at public places we are provided with public open WiFi which tends to be legitimate while they are controlled by hackers which results in data leakage. – Network Exploits : Network exploits are due to the vulnerabilities in the operating system in your mobile devices. Once this software is connected to the network they are capable of installing malware onto the device without being known. • Application-Based Threats – Websites available for software downloads are home to these threats. They tend to be genuine software but in fact are specially designed to carry malicious activities. – Malware : Malware is designed to send unwanted messages to recipients and further use your personal and business information by hacking your devices. – Spyware : They are the software that are used to collect specific information about an organization or person which later can be used for fraud and identity threats.
Common Security Threats • Computer viruses- A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. • Malware any software intentionally designed to cause damage to a computer, server, client, or computer network • Screen-locking ransom ware 'Lock-screens', or screen lockers is a type of “cyber police” ransom ware that blocks screens on Windows or Android devices with a false accusation in harvesting illegal content, trying to scare the victims into paying up a fee • Trojan horses A Trojan horse is a harmful program that misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it. A Trojan horse usually carries a hidden destructive function that is activated when the application is started. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth • logic bomb A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. • Computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. • Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. • Sabotage means destroying company’s website to cause loss of confidence on part of its customer.
• Theft of Intellectual Property or Data • Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists. • Mobile Devices and applications and their associated Cyber Attacks • Botnet A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data, send spam, and allows the attacker to access the device and its connection. • Phishing Attacks Phishing attacks are a form of social engineering that is designed to steal sensitive data such as passwords, usernames, credit card numbers. These attacks impersonate reputable websites, banking institutions, and personal contacts that come in the form of instant messages or phishing emails designed to appear legitimate. • Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. • Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server. • Cyber-Vandalism accounts to the act of damaging someone's data from the computer that in a way disrupts the victim's business or image due to editing the data into something invasive, embarrassing or absurd • Cyber terrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Common Security Threats
Need for information security regulatory compliance • Regulations are in place to help companies improve their information security strategy by providing guidelines and best practices based on the company’s industry and type of data they maintain. • Non-compliance with these regulations can result in severe fines, or worse, a data breach. • Most companies are subject to at least one security regulation. • The difficulty comes in determining which ones apply and interpreting what policies and controls are required to reach compliance.
Risk Management for Information Security • The complete process of handling Risk can be divided into following stages: • Context Establishment • Risk Assessment – Risk Identification – Risk Estimation – Risk Evaluation • Risk Management/ Mitigation – Risk Assumption – Risk Avoidance – Risk Limitation – Risk Planning – Research and Acknowledgement – Risk Transference • Risk Communication • Risk Monitoring and Review • IT Evaluation and Assessment
Provisions in IT Act 2000 for Information Security • As per IT Act 2000 cyber security‖ means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. • secure system‖ means computer hardware, software, and procedure that– • (a) are reasonably secure from unauthorized access and misuse; • (b) provide a reasonable level of reliability and correct operation; • (c) are reasonably suited to performing the intended functions; and (d) adhere to generally accepted security procedures; • (zf) security procedure‖ means the security procedure prescribed under section 16 by the Central Government.
• 14. Secure electronic record.—Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall he deemed to be a secure electronic record from such point of time to the time of verification. • 15. Secure electronic signature.—An electronic signature shall be deemed to be a secure electronic signature if— • (i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and • (ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed. • Explanation.–In case of digital signature, the ―signature creation data‖ means the private key of the subscriber. • 16. Security procedures and practices.—The Central Government may, for the purposes of sections 14 and 15, prescribe the security procedures and practices: Provided that in prescribing such security procedures and practices, the Central Government shall have regard to the commercial circumstances, nature of transactions and such other related factors as it may consider appropriate. Provisions in IT Act 2000 for Information Security
• 43. Penalty and compensation for damage to computer, computer system, etc.– • If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network, he shall be liable to pay damages by way of compensation to the person so affected – • (a) accesses or secures access to such computer, computer system or computer network or computer resource; • (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; • (c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; • (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network; • (e) disrupts or causes disruption of any computer, computer system or computer network; Provisions in IT Act 2000 for Information Security
Provisions in IT Act 2000 for Information Security • Explanation for Sec. 43 – For the purposes of this section,– • (i) ― computer contaminant‖ means any set of computer instructions that are designed– • (a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or • (b) by any means to usurp the normal operation of the computer, computer system, or computer network; • (ii) ― computer data-base‖ means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalized manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network; • (iii) ― computer virus‖ means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource; • (iv) ― damage‖ means to destroy, alter, delete, add, modify or rearrange any computer resource by any means. • (v) ― computer source code‖ means the listing of programme, computer commands, design and layout and programme analysis of computer resource in any form.]
• 43A. Compensation for failure to protect data.– Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. • Explanation.–For the purposes of this section,– • (i) ―body corporate‖ means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities; • (ii) ―reasonable security practices and procedures‖ means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit; • (iii) ―sensitive personal data or information‖ means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
CHAPTER XI OFFENCES • 65. Tampering with computer source documents.– • Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, • shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. • Explanation.– • For the purposes of this section, computer source code‖ means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.
• 66. Computer related offences.– • If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both. • 66A. Punishment for sending offensive messages through communication service, etc.– • Any person who sends, by means of a computer resource or a communication device,– • (a) any information that is grossly offensive or has menacing character; or • (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device; • (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine. • Explanation.–For the purposes of this section, terms ― • electronic mail‖ and electronic mail message‖ means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.
• 66B. Punishment for dishonestly receiving stolen computer resource or communication device.–Whoever dishonestly receive or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
• 66C. Punishment for identity theft.–Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh. • 66D. Punishment for cheating by personating by using computer resource.– Whoever, by means of any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.
• 66E. Punishment for violation of privacy.– • Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both. • Explanation.–For the purposes of this section– • (a) ―transmit‖ means to electronically send a visual image with the intent that it be viewed by a person or persons; • (b) ―capture‖, with respect to an image, means to videotape, photograph, film or record by any means; • (c) ―private area‖ means the naked or undergarment clad genitals, public area, buttocks or female breast: • (d) ―publishes‖ means reproduction in the printed or electronic form and making it available for public; • (e) ―under circumstances violating privacy‖ means circumstances in which a person can have a reasonable expectation that– (i) he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii) any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.
• 66F. Punishment for cyber terrorism.– • (1) Whoever,– • (A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by– • (i) denying or cause the denial of access to any person authorized to access computer resource; or • (ii) attempting to penetrate or access a computer resource without authorization or exceeding authorized access; or • (iii) introducing or causing to introduce any computer contaminant, and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70; or • (B) knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer data base that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer data base, with reasons to believe that such information, data or computer data base so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism. • (2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.
• 67. Punishment for publishing or transmitting obscene material in electronic form • Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
• 69. Power to issue directions for interception or monitoring or decryption of any information through any computer resource.– • (1) Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource. • (2) The procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed. • (3) The subscriber or intermediary or any person in-charge of the computer resource shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical assistance to– • (a) provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or • (b) intercept, monitor, or decrypt the information, as the case may be; or • (c) provide information stored in computer resource.
• 69A. Power to issue directions for blocking for public access of any information through any computer resource.– • 69B. Power to authorize to monitor and collect traffic data or information through any computer resource for cyber security.–
• 70. Protected system.– • (1) The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system. • 70A. National nodal agency.– • (1) The Central Government may, by notification published in the Official Gazette, designate any organization of the Government as the national nodal agency in respect of Critical Information Infrastructure Protection. • 2) The national nodal agency designated under sub-section (1) shall be responsible for all measures including Research and Development relating to protection of Critical Information Infrastructure. • (3) The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed.
• 70B. Indian Computer Emergency Response Team to serve as national agency for incident response.– • (1) The Central Government shall, by notification in the Official Gazette, appoint an agency of the Government to be called the Indian Computer Emergency Response Team. • (2) The Central Government shall provide the agency referred to in sub- section (1) with a Director General and such other officers and employees as may be prescribed. • (3) The salary and allowances and terms and conditions of the Director- General and other officers and employees shall be such as may be prescribed. • (4) The Indian Computer Emergency Response Team shall serve as the national agency for performing the following functions in the area of cyber security,– • (a) collection, analysis and dissemination of information on cyber incidents; • (b) forecast and alerts of cyber security incidents; • (c) emergency measures for handling cyber security incidents; • (d) coordination of cyber incidents response activities; • (e) issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents;
Steps for to be protected over internet • Take control. Protect your interests. • Review and secure your social media accounts. ... • Change your passwords on all other accounts. ... • Use an Encrypted Operating System. ... • Get smart about smart device security. ... • Cut back on data sharing. ... • Don't use public computers. ... • Don't use free Wi-Fi. ... • Use a VPN whenever you're online. • Double-check everyone.
Thank You

Recommended

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Cyber security
Cyber securityCyber security
Cyber security
TanmoyMaitra
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
primeteacher32
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
Krishna Srikanth Manda
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data Environment
IJERA Editor
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
SumanPramanik7
 

Recommended

Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dumindu Pahalawatta
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Cyber security
Cyber securityCyber security
Cyber security
TanmoyMaitra
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
primeteacher32
 
Web Application Security Session for Web Developers
Web Application Security Session for Web DevelopersWeb Application Security Session for Web Developers
Web Application Security Session for Web Developers
Krishna Srikanth Manda
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
Mayank Kashyap
 
Research on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data EnvironmentResearch on Privacy Protection in Big Data Environment
Research on Privacy Protection in Big Data Environment
IJERA Editor
 
Information cyber security
Information cyber securityInformation cyber security
Information cyber security
SumanPramanik7
 
E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
Darlene Enderez
 
Goals of security
Goals of securityGoals of security
Goals of security
Savyasachi14
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
Data Security
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
RSIS International
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protection
Bavijesh Thaliyil
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
Rahul Kumar
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Arnav Chowdhury
 
IoT
IoTIoT
IoT
Mphasis
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
Nikhil D
 
E business security
E business securityE business security
E business security
Sameer Sharma
 
Infromation securiity
Infromation securiityInfromation securiity
Infromation securiity
Aamir Sohail
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
Ramiro Cid
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
Awais Haider
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
Wisnu Dewobroto
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptx
Infosectrain3
 
IT.pptx
IT.pptxIT.pptx
IT.pptx
RaaviKapoor
 

More Related Content

What's hot

E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
NetstarterSL
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
Darlene Enderez
 
Goals of security
Goals of securityGoals of security
Goals of security
Savyasachi14
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
Data Security
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
Rishav Gupta
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
RSIS International
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protection
Bavijesh Thaliyil
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
Rahul Kumar
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
Dattatreya Reddy Peram
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
Arnav Chowdhury
 
IoT
IoTIoT
IoT
Mphasis
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
Nikhil D
 
E business security
E business securityE business security
E business security
Sameer Sharma
 
Infromation securiity
Infromation securiityInfromation securiity
Infromation securiity
Aamir Sohail
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
belsis
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Gohsuke Takama
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
Ramiro Cid
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
Awais Haider
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
Wisnu Dewobroto
 

What's hot (20)

E-commerce & Security
E-commerce & SecurityE-commerce & Security
E-commerce & Security
 
Security Threats to Electronic Commerce
Security Threats to Electronic CommerceSecurity Threats to Electronic Commerce
Security Threats to Electronic Commerce
 
Goals of security
Goals of securityGoals of security
Goals of security
 
Data Security - English
Data Security - EnglishData Security - English
Data Security - English
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Privacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or PerishPrivacy Management System: Protect Data or Perish
Privacy Management System: Protect Data or Perish
 
Cyber law and password protection
Cyber law and password protectionCyber law and password protection
Cyber law and password protection
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
Security Threats in E-Commerce
Security Threats in E-CommerceSecurity Threats in E-Commerce
Security Threats in E-Commerce
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
IoT
IoTIoT
IoT
 
Cyber Privacy & Password Protection
Cyber Privacy & Password ProtectionCyber Privacy & Password Protection
Cyber Privacy & Password Protection
 
E business security
E business securityE business security
E business security
 
Infromation securiity
Infromation securiityInfromation securiity
Infromation securiity
 
Introduction To Information Security
Introduction To Information SecurityIntroduction To Information Security
Introduction To Information Security
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
Internet Use, Privacy and security
Internet Use, Privacy and securityInternet Use, Privacy and security
Internet Use, Privacy and security
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
 

Similar to Information Security and Indian IT Act 2000

Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptx
Infosectrain3
 
IT.pptx
IT.pptxIT.pptx
IT.pptx
RaaviKapoor
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Careerera
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
Jazmine Brown
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
AnupmaMunshi
 
Fundamentals of Information Security..pdf
Fundamentals of Information Security..pdfFundamentals of Information Security..pdf
Fundamentals of Information Security..pdf
Zahid Hussain
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
Royalzig Luxury Furniture
 
security IDS
security IDSsecurity IDS
security IDS
Gregory Hanis
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
Skippedltd
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
AbdullahKanash
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
SantosConleyha
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
AbbyWhyte974
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Emmanuel Gbenga Dada (BSc, MSc, PhD)
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
Zara Nawaz
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
Zara Nawaz
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
publicchats
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
himanshuratnama
 
Data Security
Data SecurityData Security
Data Security
ankita_kashyap
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
SharmaAnirudh2
 
Internet safety
Internet safetyInternet safety
Internet safety
joseluisbetico
 

Similar to Information Security and Indian IT Act 2000 (20)

Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptx
 
IT.pptx
IT.pptxIT.pptx
IT.pptx
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Cybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdfCybersecurity Interview Questions and Answers.pdf
Cybersecurity Interview Questions and Answers.pdf
 
Cyber Ethics Notes.pdf
Cyber Ethics Notes.pdfCyber Ethics Notes.pdf
Cyber Ethics Notes.pdf
 
Fundamentals of Information Security..pdf
Fundamentals of Information Security..pdfFundamentals of Information Security..pdf
Fundamentals of Information Security..pdf
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
security IDS
security IDSsecurity IDS
security IDS
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Awareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdfAwareness Security Session 2023 v1.0.pptx.pdf
Awareness Security Session 2023 v1.0.pptx.pdf
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC1. Original Post by Catherine JohnsonCryptographic MethodsC
1. Original Post by Catherine JohnsonCryptographic MethodsC
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
information security (network security methods)
information security (network security methods)information security (network security methods)
information security (network security methods)
 
Information security ist lecture
Information security ist lectureInformation security ist lecture
Information security ist lecture
 
what is cybersecurity.pdf
what is cybersecurity.pdfwhat is cybersecurity.pdf
what is cybersecurity.pdf
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
 
Data Security
Data SecurityData Security
Data Security
 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
 
Internet safety
Internet safetyInternet safety
Internet safety
 

More from Dr. Prashant Vats

Multiplexers
MultiplexersMultiplexers
Multiplexers
Dr. Prashant Vats
 
C lab programs
C lab programsC lab programs
C lab programs
Dr. Prashant Vats
 
Financial fucntions in ms e xcel
Financial fucntions in ms e xcelFinancial fucntions in ms e xcel
Financial fucntions in ms e xcel
Dr. Prashant Vats
 
4. text functions in excel
4. text functions in excel4. text functions in excel
4. text functions in excel
Dr. Prashant Vats
 
3. lookup functions in excel
3. lookup functions in excel3. lookup functions in excel
3. lookup functions in excel
Dr. Prashant Vats
 
2. date and time function in excel
2. date and time function in excel2. date and time function in excel
2. date and time function in excel
Dr. Prashant Vats
 
1. statistical functions in excel
1. statistical functions in excel1. statistical functions in excel
1. statistical functions in excel
Dr. Prashant Vats
 
3. subtotal function in excel
3. subtotal function in excel3. subtotal function in excel
3. subtotal function in excel
Dr. Prashant Vats
 
2. mathematical functions in excel
2. mathematical functions in excel2. mathematical functions in excel
2. mathematical functions in excel
Dr. Prashant Vats
 
RESOLVING CYBERSQUATTING DISPUTE IN INDIA
RESOLVING CYBERSQUATTING DISPUTE IN INDIARESOLVING CYBERSQUATTING DISPUTE IN INDIA
RESOLVING CYBERSQUATTING DISPUTE IN INDIA
Dr. Prashant Vats
 
India: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An Overview
India: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An OverviewIndia: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An Overview
India: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An Overview
Dr. Prashant Vats
 
Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...
Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...
Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...
Dr. Prashant Vats
 
Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...
Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...
Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...
Dr. Prashant Vats
 
METHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIA
METHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIAMETHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIA
METHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIA
Dr. Prashant Vats
 
Computer Software and Related IPR Issues
Computer Software and Related IPR Issues Computer Software and Related IPR Issues
Computer Software and Related IPR Issues
Dr. Prashant Vats
 
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Dr. Prashant Vats
 
Trademark Issues in cyberspace
Trademark Issues in cyberspace Trademark Issues in cyberspace
Trademark Issues in cyberspace
Dr. Prashant Vats
 
Trade-Related Aspects of Intellectual Property Rights (TRIPS)
Trade-Related Aspects of Intellectual Property Rights (TRIPS)Trade-Related Aspects of Intellectual Property Rights (TRIPS)
Trade-Related Aspects of Intellectual Property Rights (TRIPS)
Dr. Prashant Vats
 
How to Copyright a Website to Protect It under IPR and copyright act
How to Copyright a Website to Protect It under IPR and copyright actHow to Copyright a Website to Protect It under IPR and copyright act
How to Copyright a Website to Protect It under IPR and copyright act
Dr. Prashant Vats
 
International Treaties for protection of IPR
International Treaties for protection of IPRInternational Treaties for protection of IPR
International Treaties for protection of IPR
Dr. Prashant Vats
 

More from Dr. Prashant Vats (20)

Multiplexers
MultiplexersMultiplexers
Multiplexers
 
C lab programs
C lab programsC lab programs
C lab programs
 
Financial fucntions in ms e xcel
Financial fucntions in ms e xcelFinancial fucntions in ms e xcel
Financial fucntions in ms e xcel
 
4. text functions in excel
4. text functions in excel4. text functions in excel
4. text functions in excel
 
3. lookup functions in excel
3. lookup functions in excel3. lookup functions in excel
3. lookup functions in excel
 
2. date and time function in excel
2. date and time function in excel2. date and time function in excel
2. date and time function in excel
 
1. statistical functions in excel
1. statistical functions in excel1. statistical functions in excel
1. statistical functions in excel
 
3. subtotal function in excel
3. subtotal function in excel3. subtotal function in excel
3. subtotal function in excel
 
2. mathematical functions in excel
2. mathematical functions in excel2. mathematical functions in excel
2. mathematical functions in excel
 
RESOLVING CYBERSQUATTING DISPUTE IN INDIA
RESOLVING CYBERSQUATTING DISPUTE IN INDIARESOLVING CYBERSQUATTING DISPUTE IN INDIA
RESOLVING CYBERSQUATTING DISPUTE IN INDIA
 
India: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An Overview
India: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An OverviewIndia: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An Overview
India: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An Overview
 
Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...
Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...
Trademark Cases Arise from Meta-Tags, Frames: Disputes Involve Search-Engine ...
 
Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...
Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...
Scheme for Notifying Examiner of Electronic Evidence Under section 79A of the...
 
METHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIA
METHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIAMETHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIA
METHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIA
 
Computer Software and Related IPR Issues
Computer Software and Related IPR Issues Computer Software and Related IPR Issues
Computer Software and Related IPR Issues
 
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000
 
Trademark Issues in cyberspace
Trademark Issues in cyberspace Trademark Issues in cyberspace
Trademark Issues in cyberspace
 
Trade-Related Aspects of Intellectual Property Rights (TRIPS)
Trade-Related Aspects of Intellectual Property Rights (TRIPS)Trade-Related Aspects of Intellectual Property Rights (TRIPS)
Trade-Related Aspects of Intellectual Property Rights (TRIPS)
 
How to Copyright a Website to Protect It under IPR and copyright act
How to Copyright a Website to Protect It under IPR and copyright actHow to Copyright a Website to Protect It under IPR and copyright act
How to Copyright a Website to Protect It under IPR and copyright act
 
International Treaties for protection of IPR
International Treaties for protection of IPRInternational Treaties for protection of IPR
International Treaties for protection of IPR
 

Recently uploaded

Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
Nicholas Montgomery
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
IreneSebastianRueco1
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
taiba qazi
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
simonomuemu
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
Celine George
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 

Recently uploaded (20)

Film vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movieFilm vocab for eal 3 students: Australia the movie
Film vocab for eal 3 students: Australia the movie
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
RPMS TEMPLATE FOR SCHOOL YEAR 2023-2024 FOR TEACHER 1 TO TEACHER 3
 
DRUGS AND ITS classification slide share
DRUGS AND ITS classification slide shareDRUGS AND ITS classification slide share
DRUGS AND ITS classification slide share
 
Smart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICTSmart-Money for SMC traders good time and ICT
Smart-Money for SMC traders good time and ICT
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
How to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP ModuleHow to Add Chatter in the odoo 17 ERP Module
How to Add Chatter in the odoo 17 ERP Module
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 

Information Security and Indian IT Act 2000

  • 1. INDIRA GANDHI DELHI TECHNICAL UNIVERSITY FOR WOMEN By: Prashant Kumar Vats, B. Tech. (IT),M. Tech. (IT), Ph.D. (CSE), M.A. in Education, P.G. Diploma in Cyber Laws. Subject - Cyber Laws & Rights M. tech. 3rd Sem., ISM.
  • 3. What is Information Security? • Information Security is not only about securing information from unauthorized access. • Information Security is basically the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. • Information security, sometimes abbreviated to infosec, is a set of practices intended to keep data secure from unauthorized access or alterations, both when it's being stored and when it's being transmitted from one machine or physical location to another. You might sometimes see it referred to as data security. • Information can be physical or electronic one. Information can be anything like Your details or we can say your profile on social media, your data in mobile phone, your biometrics etc. • Thus Information Security spans so many research areas like Cryptography, Mobile Computing, Cyber Forensics, Online Social Media etc. • As knowledge has become one of the 21st century's most important assets, efforts to keep information secure have correspondingly become increasingly important.
  • 4. Information security vs. cybersecurity • sometimes information security and cyber security used interchangeably. • Strictly speaking, cyber security is the broader practice of defending IT assets from attack, • Information security is a specific discipline under the cyber security umbrella. • Network security and application security are sister practices to information security, focusing on networks and app code, respectively. • You can't secure data transmitted across an insecure network or manipulated by a leaky application. • As well, there is plenty of information that isn't stored electronically that also needs to be protected.
  • 5. Objectives of Information Security • Information Security programs are build around 3 objectives, commonly known as CIA – Confidentiality, Integrity, Availability. • Confidentiality – means information is not disclosed to unauthorized individuals, entities and process. For example if we say I have a password for my Gmail account but someone saw while I was doing a login into Gmail account. In that case my password has been compromised and Confidentiality has been breached. • Integrity – means maintaining accuracy and completeness of data. This means data cannot be edited in an unauthorized way. For example if an employee leaves an organization then in that case data for that employee in all departments like accounts, should be updated to reflect status to JOB LEFT so that data is complete and accurate and in addition to this only authorized person should be allowed to edit employee data. • Availability – means information must be available when needed. For example if one needs to access information of a particular employee to check whether employee has outstand the number of leaves, in that case it requires collaboration from different organizational teams like network operations, development operations, incident response and policy/change management. • Denial of service attack is one of the factor that can hamper the availability of information.
  • 6. Some more principle that governs information security programs • Non repudiation – means one party cannot deny receiving a message or a transaction nor can the other party deny sending a message or a transaction. For example in cryptography it is sufficient to show that message matches the digital signature signed with sender’s private key and that sender could have a sent a message and nobody else could have altered it in transit. Data Integrity and Authenticity are pre-requisites for Non repudiation. • Authenticity – means verifying that users are who they say they are and that each input arriving at destination is from a trusted source. This principle if followed guarantees the valid and genuine message received from a trusted source through a valid transmission. For example if take above example sender sends the message along with digital signature which was generated using the hash value of message and private key. Now at the receiver side this digital signature is decrypted using the public key generating a hash value and message is again hashed to generate the hash value. If the 2 value matches then it is known as valid transmission with the authentic or we say genuine message received at the recipient side • Accountability – means that it should be possible to trace actions of an entity uniquely to that entity. For example as we discussed in Integrity section Not every employee should be allowed to do changes in other employees data. For this there is a separate department in an organization that is responsible for making such changes and when they receive request for a change then that letter must be signed by higher authority for example Director of college and person that is allotted that change will be able to do change after verifying his bio metrics, thus timestamp with the user(doing changes) details get recorded. Thus we can say if a change goes like this then it will be possible to trace the actions uniquely to an entity.
  • 7. Difference between Cyber Security and Information Security
  • 8. CYBER SECURITY INFORMATION SECURITY It is the practice of protecting the data from outside the resource on the internet. It is all about protecting information from unauthorized user, access and data modification or removal in order to provide confidentiality, integrity, and availability. It is about the ability to protect the use of cyberspace from cyber attacks. It deals with protection of data from any form of threat. Cybersecurity to protect anything in the cyber realm. Information security is for information irrespective of the realm. Cybersecurity deals with danger against cyberspace. Information security deals with the protection of data from any form of threat. Cybersecurity strikes against Cyber crimes, cyber frauds and law enforcement. Information security strives against unauthorised access, disclosure modification and disruption. On the other hand cyber security professionals with cyber security deals with advanced persistent threat. Information security professionals is the foundation of data security and security professionals associated with it prioritize resources first before dealing with threats. It deals with threats that may or may not exist in the cyber realm such as a protecting your social media account, personal information, etc. It deals with information Assets and integrity confidentiality and availability.
  • 10. INFORMATION SECURITY NETWORK SECURITY It protects information from unauthorized user, access and data modification. It protects the data flowing over the network. It is super set of cyber security and network security. It is a subset of cyber security. Information security is for information irrespective of the realm. It protects anything in the network realm. It deals with the protection of data from any form of threat. It deals with the protection from DOS attacks. It strikes against unauthorized access, disclosure modification and disruption. Network Security strikes against trojans. It provides confidentiality, integrity and availability. It provides security over network only. Information security ensures to protect transit and stationary data both. Network security ensures to protect the transit data only. It deals with information assets and integrity, confidentiality and availability. It secures the data travelling across the network by terminals.
  • 11. Need Of Information Security • Protecting the functionality of the organization: The decision maker in organizations must set policy and operates their organization in compliance with the complex, shifting legislation, efficient and capable applications. • Enabling the safe operation of applications: The organization is under immense pressure to acquire and operates integrated, efficient and capable applications. The modern organization needs to create an environment that safeguards application using the organizations IT systems, particularly those application that serves as important elements of the infrastructure of the organization. • Protecting the data that the organization collect and use: Data in the organization can be in two forms that are either in rest or in motion, the motion of data signifies that data is currently used or processed by the system. The values of the data motivated the attackers to seal or corrupts the data. This is essential for the integrity and the values of the organization's data. Information security ensures protection of both data in motion as well as data in rest. • Safeguarding technology assets in organizations: The organization must add intrastate services based on the size and scope of the organization. Organizational growth could lead to the need for public key infrastructure, PKI an integrated system of the software, encryption methodologies..
  • 12. Cyber Crime – Mobile Security Threats • Mobile devices are now an essential need for every person for day-to-day tasks. As a result, the number of mobile users is rising exponentially. • This gives us the direction to think about the data they process and what security mechanisms are being taken by mobile application developers to keep the user’s data secure. • There was a time when the biggest threat to the data was due to spyware which runs silently on the computer background and steals user data. • Now even mobile devices are a fruit target for cybercriminals to steal your data without even getting noticed. • When it comes to securing mobile data, use an antivirus application that tends to protect your data from getting breached.
  • 13. Types of Mobile Security Threats • Web-Based Threats – These types of threats happen when people visit sites that appear to be fine on the front-end but in reality, automatically download malicious content onto the mobile devices. Also, many mobile applications continue to sync their data in the background which poses a threat. These threats usually go un-noticed by the users. – Phishing Through Links : Some legitimate-looking links are sent through messages, emails, or social media platforms. They extract personal information by tricking with several schemes. It is not possible to categorize them as real or fake as they copy the original website. – Forced Downloads : When you visit a page through anonymous links, it automatically directs you to the download page. This method is called drive-by downloads. • Physical Threats – These threats happen when someone physically tries to access your device. When you lose your mobile, or it is stolen there is a possibility for physical threats. Mobile devices carry your transactional data as well as has connected applications to your bank accounts, which is a threat to your privacy breach. – No Password Protection : With keeping all measures to secure your data, it is surprising to know that some people find it difficult to use a password on their devices, or they rather use a password that is easy to crack by hackers. This leads to physical threats. – Encryption : While using carrier networks they generally provide good encryption while accessing servers. But while accessing some client and enterprise servers they are explicitly managed. They are not end-to-end encrypted which can lead to physical threats.
  • 14. Types of Mobile Security Threats • Network-Based Threats – Mobile network includes both Cellular and Local network support such as Bluetooth and Wi-Fi. These are used to host network threats. These threats are especially dangerous as the cybercriminals can steal unencrypted data while people use public WiFi networks. – Public WiFi : While we are using our devices for every task, at public places we are provided with public open WiFi which tends to be legitimate while they are controlled by hackers which results in data leakage. – Network Exploits : Network exploits are due to the vulnerabilities in the operating system in your mobile devices. Once this software is connected to the network they are capable of installing malware onto the device without being known. • Application-Based Threats – Websites available for software downloads are home to these threats. They tend to be genuine software but in fact are specially designed to carry malicious activities. – Malware : Malware is designed to send unwanted messages to recipients and further use your personal and business information by hacking your devices. – Spyware : They are the software that are used to collect specific information about an organization or person which later can be used for fraud and identity threats.
  • 15. Common Security Threats • Computer viruses- A computer virus is a type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code. • Malware any software intentionally designed to cause damage to a computer, server, client, or computer network • Screen-locking ransom ware 'Lock-screens', or screen lockers is a type of “cyber police” ransom ware that blocks screens on Windows or Android devices with a false accusation in harvesting illegal content, trying to scare the victims into paying up a fee • Trojan horses A Trojan horse is a harmful program that misrepresents itself to masquerade as a regular, benign program or utility in order to persuade a victim to install it. A Trojan horse usually carries a hidden destructive function that is activated when the application is started. The term is derived from the Ancient Greek story of the Trojan horse used to invade the city of Troy by stealth • logic bomb A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. • Computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will use this machine as a host to scan and infect other computers. • Spyware is unwanted software that infiltrates your computing device, stealing your internet usage data and sensitive information. • Sabotage means destroying company’s website to cause loss of confidence on part of its customer.
  • 16. • Theft of Intellectual Property or Data • Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason. Individuals who perform hacktivism are known as hacktivists. • Mobile Devices and applications and their associated Cyber Attacks • Botnet A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data, send spam, and allows the attacker to access the device and its connection. • Phishing Attacks Phishing attacks are a form of social engineering that is designed to steal sensitive data such as passwords, usernames, credit card numbers. These attacks impersonate reputable websites, banking institutions, and personal contacts that come in the form of instant messages or phishing emails designed to appear legitimate. • Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. • Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address, Address Resolution Protocol (ARP), or Domain Name System (DNS) server. • Cyber-Vandalism accounts to the act of damaging someone's data from the computer that in a way disrupts the victim's business or image due to editing the data into something invasive, embarrassing or absurd • Cyber terrorism is the use of the Internet to conduct violent acts that result in, or threaten, loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Common Security Threats
  • 17. Need for information security regulatory compliance • Regulations are in place to help companies improve their information security strategy by providing guidelines and best practices based on the company’s industry and type of data they maintain. • Non-compliance with these regulations can result in severe fines, or worse, a data breach. • Most companies are subject to at least one security regulation. • The difficulty comes in determining which ones apply and interpreting what policies and controls are required to reach compliance.
  • 18. Risk Management for Information Security • The complete process of handling Risk can be divided into following stages: • Context Establishment • Risk Assessment – Risk Identification – Risk Estimation – Risk Evaluation • Risk Management/ Mitigation – Risk Assumption – Risk Avoidance – Risk Limitation – Risk Planning – Research and Acknowledgement – Risk Transference • Risk Communication • Risk Monitoring and Review • IT Evaluation and Assessment
  • 19. Provisions in IT Act 2000 for Information Security • As per IT Act 2000 cyber security‖ means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. • secure system‖ means computer hardware, software, and procedure that– • (a) are reasonably secure from unauthorized access and misuse; • (b) provide a reasonable level of reliability and correct operation; • (c) are reasonably suited to performing the intended functions; and (d) adhere to generally accepted security procedures; • (zf) security procedure‖ means the security procedure prescribed under section 16 by the Central Government.
  • 20. • 14. Secure electronic record.—Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall he deemed to be a secure electronic record from such point of time to the time of verification. • 15. Secure electronic signature.—An electronic signature shall be deemed to be a secure electronic signature if— • (i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory and no other person; and • (ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed. • Explanation.–In case of digital signature, the ―signature creation data‖ means the private key of the subscriber. • 16. Security procedures and practices.—The Central Government may, for the purposes of sections 14 and 15, prescribe the security procedures and practices: Provided that in prescribing such security procedures and practices, the Central Government shall have regard to the commercial circumstances, nature of transactions and such other related factors as it may consider appropriate. Provisions in IT Act 2000 for Information Security
  • 21. • 43. Penalty and compensation for damage to computer, computer system, etc.– • If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network, he shall be liable to pay damages by way of compensation to the person so affected – • (a) accesses or secures access to such computer, computer system or computer network or computer resource; • (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; • (c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network; • (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network; • (e) disrupts or causes disruption of any computer, computer system or computer network; Provisions in IT Act 2000 for Information Security
  • 22. Provisions in IT Act 2000 for Information Security • Explanation for Sec. 43 – For the purposes of this section,– • (i) ― computer contaminant‖ means any set of computer instructions that are designed– • (a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or • (b) by any means to usurp the normal operation of the computer, computer system, or computer network; • (ii) ― computer data-base‖ means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalized manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network; • (iii) ― computer virus‖ means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource; • (iv) ― damage‖ means to destroy, alter, delete, add, modify or rearrange any computer resource by any means. • (v) ― computer source code‖ means the listing of programme, computer commands, design and layout and programme analysis of computer resource in any form.]
  • 23. • 43A. Compensation for failure to protect data.– Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. • Explanation.–For the purposes of this section,– • (i) ―body corporate‖ means any company and includes a firm, sole proprietorship or other association of individuals engaged in commercial or professional activities; • (ii) ―reasonable security practices and procedures‖ means security practices and procedures designed to protect such information from unauthorized access, damage, use, modification, disclosure or impairment, as may be specified in an agreement between the parties or as may be specified in any law for the time being in force and in the absence of such agreement or any law, such reasonable security practices and procedures, as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit; • (iii) ―sensitive personal data or information‖ means such personal information as may be prescribed by the Central Government in consultation with such professional bodies or associations as it may deem fit.
  • 24. CHAPTER XI OFFENCES • 65. Tampering with computer source documents.– • Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, • shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. • Explanation.– • For the purposes of this section, computer source code‖ means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.
  • 25. • 66. Computer related offences.– • If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or with both. • 66A. Punishment for sending offensive messages through communication service, etc.– • Any person who sends, by means of a computer resource or a communication device,– • (a) any information that is grossly offensive or has menacing character; or • (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device; • (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment for a term which may extend to three years and with fine. • Explanation.–For the purposes of this section, terms ― • electronic mail‖ and electronic mail message‖ means a message or information created or transmitted or received on a computer, computer system, computer resource or communication device including attachments in text, image, audio, video and any other electronic record, which may be transmitted with the message.
  • 26. • 66B. Punishment for dishonestly receiving stolen computer resource or communication device.–Whoever dishonestly receive or retains any stolen computer resource or communication device knowing or having reason to believe the same to be stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
  • 27. • 66C. Punishment for identity theft.–Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh. • 66D. Punishment for cheating by personating by using computer resource.– Whoever, by means of any communication device or computer resource cheats by personating, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.
  • 28. • 66E. Punishment for violation of privacy.– • Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both. • Explanation.–For the purposes of this section– • (a) ―transmit‖ means to electronically send a visual image with the intent that it be viewed by a person or persons; • (b) ―capture‖, with respect to an image, means to videotape, photograph, film or record by any means; • (c) ―private area‖ means the naked or undergarment clad genitals, public area, buttocks or female breast: • (d) ―publishes‖ means reproduction in the printed or electronic form and making it available for public; • (e) ―under circumstances violating privacy‖ means circumstances in which a person can have a reasonable expectation that– (i) he or she could disrobe in privacy, without being concerned that an image of his private area was being captured; or (ii) any part of his or her private area would not be visible to the public, regardless of whether that person is in a public or private place.
  • 29. • 66F. Punishment for cyber terrorism.– • (1) Whoever,– • (A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by– • (i) denying or cause the denial of access to any person authorized to access computer resource; or • (ii) attempting to penetrate or access a computer resource without authorization or exceeding authorized access; or • (iii) introducing or causing to introduce any computer contaminant, and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70; or • (B) knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer data base that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer data base, with reasons to believe that such information, data or computer data base so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism. • (2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.
  • 30. • 67. Punishment for publishing or transmitting obscene material in electronic form • Whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to three years and with fine which may extend to five lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to five years and also with fine which may extend to ten lakh rupees.
  • 31. • 69. Power to issue directions for interception or monitoring or decryption of any information through any computer resource.– • (1) Where the Central Government or a State Government or any of its officers specially authorised by the Central Government or the State Government, as the case may be, in this behalf may, if satisfied that it is necessary or expedient so to do, in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource. • (2) The procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed. • (3) The subscriber or intermediary or any person in-charge of the computer resource shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical assistance to– • (a) provide access to or secure access to the computer resource generating, transmitting, receiving or storing such information; or • (b) intercept, monitor, or decrypt the information, as the case may be; or • (c) provide information stored in computer resource.
  • 32. • 69A. Power to issue directions for blocking for public access of any information through any computer resource.– • 69B. Power to authorize to monitor and collect traffic data or information through any computer resource for cyber security.–
  • 33. • 70. Protected system.– • (1) The appropriate Government may, by notification in the Official Gazette, declare any computer resource which directly or indirectly affects the facility of Critical Information Infrastructure, to be a protected system. • 70A. National nodal agency.– • (1) The Central Government may, by notification published in the Official Gazette, designate any organization of the Government as the national nodal agency in respect of Critical Information Infrastructure Protection. • 2) The national nodal agency designated under sub-section (1) shall be responsible for all measures including Research and Development relating to protection of Critical Information Infrastructure. • (3) The manner of performing functions and duties of the agency referred to in sub-section (1) shall be such as may be prescribed.
  • 34. • 70B. Indian Computer Emergency Response Team to serve as national agency for incident response.– • (1) The Central Government shall, by notification in the Official Gazette, appoint an agency of the Government to be called the Indian Computer Emergency Response Team. • (2) The Central Government shall provide the agency referred to in sub- section (1) with a Director General and such other officers and employees as may be prescribed. • (3) The salary and allowances and terms and conditions of the Director- General and other officers and employees shall be such as may be prescribed. • (4) The Indian Computer Emergency Response Team shall serve as the national agency for performing the following functions in the area of cyber security,– • (a) collection, analysis and dissemination of information on cyber incidents; • (b) forecast and alerts of cyber security incidents; • (c) emergency measures for handling cyber security incidents; • (d) coordination of cyber incidents response activities; • (e) issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents;
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41. Steps for to be protected over internet • Take control. Protect your interests. • Review and secure your social media accounts. ... • Change your passwords on all other accounts. ... • Use an Encrypted Operating System. ... • Get smart about smart device security. ... • Cut back on data sharing. ... • Don't use public computers. ... • Don't use free Wi-Fi. ... • Use a VPN whenever you're online. • Double-check everyone.