The document discusses information security. It defines information security and discusses its objectives of confidentiality, integrity, and availability. It also discusses the differences between information security, cybersecurity, and network security. Some key threats to information security are discussed such as viruses, malware, ransomware, phishing attacks, and denial of service attacks. The need for information security and regulatory compliance is explained. Risk management processes for information security are also summarized.
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The document discusses various topics related to cybersecurity including cyberspace, applications, types of attacks and attackers, security systems, challenges, and conclusions. It defines key terms like white hat, gray hat, and black hat attackers and types of common cyber attacks such as malware, phishing, ransomware, and denial of service attacks. The document emphasizes that public awareness and strong cryptographic protocols are needed to help reduce cyber attacks given their increasing sophistication and the untraceable nature of many threats.
Most of today's security attacks target digital information and systems because:
- More information and transactions are conducted online, providing more opportunities for attackers. As society has become more digital, so have the targets and means of attacks.
- Digital systems and data tend to be more accessible than physical assets. With ubiquitous internet connectivity, it is easier for attackers to remotely access networks, systems and information without needing physical proximity or access.
- Attacks on digital systems can potentially impact many more victims since data is often centralized. A single digital intrusion or exploitation can affect thousands or millions of users rather than a single physical target.
- There is perceived anonymity in digital attacks. Attackers may feel less accountable or identifiable launching digital attacks
The document discusses various topics related to web application security including common vulnerabilities like SQL injection, cross-site scripting, and insecure direct object references. It provides examples of how these vulnerabilities can be exploited and recommendations for proper input validation, output encoding, access control and other measures to help protect against attacks.
The document discusses e-commerce security challenges and developments over the past decade due to widespread computerization and growing networking. It covers network and internet security issues like confidentiality, authentication, integrity, and key management. It describes security threats like unauthorized access, data theft, and denial of service attacks. It also discusses encryption techniques like symmetric and asymmetric encryption, and cryptography concepts like public and private keys, digital signatures, and digital certificates.
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
This document discusses privacy protection challenges in big data environments. It first introduces security issues posed by big data, including privacy leaks caused by data collection, storage, and use. It then analyzes causes of privacy problems like social network connectivity, commercial interests, and government needs. Key principles for privacy protection discussed are limiting data use scope, ensuring data quality, and individual participation. The document concludes by outlining some technical approaches to privacy protection, such as anonymity, watermarking, provenance tracking, and access control technologies.
This document provides an overview of information and cyber security. It defines cyber security as technologies and processes designed to protect computers, networks, and data from attacks, vulnerabilities, damages, and unauthorized access. It discusses why cyber security is important by explaining the principles of confidentiality, integrity, and availability. It also covers common cyber security threats like viruses, malware, hacking, phishing, and denial of service attacks. The document provides tips on cyber security best practices for passwords, mobile devices, banking, and more. It introduces tools used in cyber security like Network Pro and F-RAT and concludes by emphasizing the importance of vigilance in maintaining security.
Just created a slideshare presentation giving a basic introduction to the Confidentiality, Integrity & Availability (CIA) Security Model. You can see more slideshows on http://www.slideshare.net/ImranahmedIT or visit my website: http://imran-ahmed.co.uk
The document discusses various topics related to cybersecurity including cyberspace, applications, types of attacks and attackers, security systems, challenges, and conclusions. It defines key terms like white hat, gray hat, and black hat attackers and types of common cyber attacks such as malware, phishing, ransomware, and denial of service attacks. The document emphasizes that public awareness and strong cryptographic protocols are needed to help reduce cyber attacks given their increasing sophistication and the untraceable nature of many threats.
Most of today's security attacks target digital information and systems because:
- More information and transactions are conducted online, providing more opportunities for attackers. As society has become more digital, so have the targets and means of attacks.
- Digital systems and data tend to be more accessible than physical assets. With ubiquitous internet connectivity, it is easier for attackers to remotely access networks, systems and information without needing physical proximity or access.
- Attacks on digital systems can potentially impact many more victims since data is often centralized. A single digital intrusion or exploitation can affect thousands or millions of users rather than a single physical target.
- There is perceived anonymity in digital attacks. Attackers may feel less accountable or identifiable launching digital attacks
The document discusses various topics related to web application security including common vulnerabilities like SQL injection, cross-site scripting, and insecure direct object references. It provides examples of how these vulnerabilities can be exploited and recommendations for proper input validation, output encoding, access control and other measures to help protect against attacks.
The document discusses e-commerce security challenges and developments over the past decade due to widespread computerization and growing networking. It covers network and internet security issues like confidentiality, authentication, integrity, and key management. It describes security threats like unauthorized access, data theft, and denial of service attacks. It also discusses encryption techniques like symmetric and asymmetric encryption, and cryptography concepts like public and private keys, digital signatures, and digital certificates.
Research on Privacy Protection in Big Data EnvironmentIJERA Editor
This document discusses privacy protection challenges in big data environments. It first introduces security issues posed by big data, including privacy leaks caused by data collection, storage, and use. It then analyzes causes of privacy problems like social network connectivity, commercial interests, and government needs. Key principles for privacy protection discussed are limiting data use scope, ensuring data quality, and individual participation. The document concludes by outlining some technical approaches to privacy protection, such as anonymity, watermarking, provenance tracking, and access control technologies.
This document provides an overview of information and cyber security. It defines cyber security as technologies and processes designed to protect computers, networks, and data from attacks, vulnerabilities, damages, and unauthorized access. It discusses why cyber security is important by explaining the principles of confidentiality, integrity, and availability. It also covers common cyber security threats like viruses, malware, hacking, phishing, and denial of service attacks. The document provides tips on cyber security best practices for passwords, mobile devices, banking, and more. It introduces tools used in cyber security like Network Pro and F-RAT and concludes by emphasizing the importance of vigilance in maintaining security.
This document summarizes security issues and threats facing e-businesses. It discusses how computerization and networking have increased security risks by exposing private networks to public threats. Technical attacks like hacking, malware, and denial of service as well as non-technical social engineering pose major risks. The document recommends tools like passwords, firewalls, and encryption to protect data and transactions. Regular security audits and testing are also advised to evaluate vulnerabilities and safeguard e-commerce over the long run as threats continue evolving.
I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~
Thanks "Duarte"!
Network security involves protecting computer networks through authorization of access to data, monitoring for unauthorized access, and adopting policies to prevent misuse. The key principles of security are confidentiality, data integrity, authentication, and non-repudiation. Confidentiality keeps information secret from unauthorized individuals. Data integrity ensures data is not altered without authorization. Authentication verifies the identity of entities and the origin of information. Non-repudiation prevents entities from denying commitments or actions. These principles secure networks and protect operations.
Data Security is an information security company with over 15 years of experience that offers various services such as incident response, risk analysis, gap analysis, penetration testing, business continuity planning, security policies, computer forensics, and courses on information security and cybercrime investigation. The company aims to protect information from threats to ensure confidentiality, integrity, and availability through adequate security measures and response to security incidents when they occur. Data Security conducts investigations of devices like computers and phones to determine the cause of incidents and identify responsible parties through forensic procedures.
protection & security of e-commerce ...Rishav Gupta
The document discusses security issues related to e-commerce and provides recommendations for protecting e-commerce websites and transactions. It defines different types of e-commerce and describes common security tools like digital certificates, encryption, firewalls and passwords. The document outlines security threats such as hackers, data theft, and fraud. It recommends conducting risk assessments, implementing access controls, limiting user privileges, and using encryption and regular scanning to help secure e-commerce systems and transactions.
The uncontrollable flow of change in technology these days and use of data, information and knowledge is creating a huge challenges in the front of application User and developer both. Data breaches are happening in every sector and every level of all sectors. These challenges are countless starting from operational to strategic and becoming more challengeable day by day as the penetration of Information technology application among the common man is increasing. Therefore the threat is become real. Everybody customers or companies, retailer or stakeholders , distributor or dealer need assurance; from the provider. corporate face up reputational risks among the user at every step. So there is a need to understand the information technology, a frame work or body which can manage , risks and controls. A body or a system of Privacy management system is which can build a frame work for protection of the data and at the same time can maintain , privacy and agreement issues. This can be done by adoption of a scalable risk-based method which can determine what to be secured and how by performing the certain action.
Cyber privacy refers to protecting personal data and information published online. It involves techniques and technologies to secure sensitive data from crimes like malware, denial of service attacks, and computer viruses. Privacy protection relies on effective cyber security by organizations to secure data as it is transmitted and stored. Crimes against cyber privacy include fraud, identity theft, and information theft. Effective cyber security and privacy protection are increasingly important as individuals and organizations become more connected online.
This document discusses various e-business security issues in cyberspace. It outlines basic security issues like authentication, authorization, confidentiality, integrity and non-repudiation. It also describes common security threats like denial of service attacks, unauthorized access, and theft/fraud. Finally, it explains different types of security techniques used like encryption, decryption, cryptography, virtual private networks, digital signatures, and digital certificates.
Encryption is a process that converts information into an encoded format, called ciphertext, which cannot be easily understood by unauthorized parties. There are different types of encryption, including symmetric encryption which uses a single key and asymmetric encryption which uses a public/private key pair. Proper encryption helps ensure the confidentiality, integrity, and authenticity of data in electronic commerce and online transactions. Some common threats to e-commerce include credit card fraud, hacking, and security breaches which can compromise personal or financial data. Using digital signatures and certificates can help verify the identity of parties involved in online transactions and protect against threats like spoofing or tampering with data.
Unit II discusses cyber crime, including the methods and taxonomy of cyber attacks. The cyber world refers to the online environment where people interact through digital media like sharing and consuming content. Cyber crime involves any criminal activity using computers or networks and can be for profit, to damage systems, or use computers to spread illegal materials. Cyber attacks are classified based on the responsible agent as cyber warfare by states, cyber crime by individuals/organizations, or cyber terrorism. Common cyber attacks include injection attacks, DNS spoofing, and denial of service attacks on websites, as well as viruses, worms, and trojans on systems. Reasons for cyber crime include the ease of accessing systems, ability to store data in small spaces, complexity of systems, negligence
In this presentation, Nagaswathi introduces IoT and associated trends. Nagaswathi wants to tackle security problems faced by users of IoT devices through an access key based approach.
This document is a paper submitted to the University of Kerala by Nikhil D. in partial fulfillment of a Bachelor of Education degree. The paper discusses cyber privacy, password protection, and related cybersecurity issues. It defines cyber privacy and outlines privacy hazards like cookies, web bugs, hacking, spamming, and data mining. It also discusses cyber security measures like firewalls, VPNs, and two-factor authentication. The paper provides guidelines for creating strong passwords and concludes by emphasizing the interconnected nature of privacy protection and cyber security.
The document discusses e-business security objectives and challenges, including confidentiality, integrity, availability, legitimate use, auditing, and non-repudiation. It defines these terms and explains why they are important for securing e-business transactions and ensuring trust between parties. Additionally, it provides a checklist of common security options and risk assessment factors to consider for e-business security.
This document discusses information security and its various components. It defines information security as providing assurance that information risks and controls are balanced. It notes that every organization has information others may want to access or deny access to. The document outlines different types of security including physical, personal, operations, communications, network, and information security. It describes securing the different components of an information system and notes that perfect security is impossible, rather security must balance protection with reasonable access.
The document provides an overview of information security concepts and threats. It discusses how security is difficult to implement due to costs, user resistance, and sophisticated criminals. The document then outlines various hacking techniques like information gathering, social engineering, sniffing, and denial of service attacks. It concludes by describing defensive security measures for organizations, including firewalls, intrusion detection, honeypots, antivirus software, user awareness training, and penetration testing.
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Nowadays the payment fraud landscape is changing quite fast. Changing from classic schemes as bank cheque fraud, faked manual payment orders to organized crime with corporates as targets
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
The document discusses privacy issues in cloud computing. It defines privacy and describes privacy enhancing technologies (PETs) that can help protect privacy, such as pseudonymization and federated identity management. It also discusses privacy by design, which aims to embed privacy protections directly into technologies. Ensuring privacy in cloud computing requires measures like access controls, protecting against unauthorized access/copying of data, and specifying privacy controls in agreements. Overall privacy is a major challenge for cloud computing due to issues of data governance, security, and differing international regulations.
This document summarizes an ITC presentation on internet use, security, and privacy. It discusses how the internet works by connecting computers through IP addresses and internet service providers using standardized protocols. It also covers internet security methods like firewalls and encryption to protect against hacking threats. Finally, it provides tips for safe internet use such as creating strong passwords, minimizing personal details online, and using antivirus software to protect computers and privacy.
This document discusses security issues related to e-commerce, including brute force credit card attacks. It provides examples of real attacks, such as one where hackers processed over 140,000 fake credit card charges through an online merchant. The document outlines the basic security issues in e-commerce like confidentiality, integrity, and authentication. It also describes different types of threats and attacks, both technical (e.g. viruses, worms) and non-technical (e.g. social engineering). Additionally, it covers security risk management, technologies like encryption and firewalls, and managerial issues related to e-commerce security.
Cybersecurity Vs Information Security.pptxInfosectrain3
A simple definition of information security is preventing unauthorized access during the storage or transmission of data. Biometric information, social media profiles, and data on mobile phones can be considered information. Therefore, research for information security covers various fields, such as cryptocurrency and online forensics.
This document summarizes security issues and threats facing e-businesses. It discusses how computerization and networking have increased security risks by exposing private networks to public threats. Technical attacks like hacking, malware, and denial of service as well as non-technical social engineering pose major risks. The document recommends tools like passwords, firewalls, and encryption to protect data and transactions. Regular security audits and testing are also advised to evaluate vulnerabilities and safeguard e-commerce over the long run as threats continue evolving.
I take no credit with the templates and the designs used. They were originally from a "Duarte" presentation. Just copied it since I don't have much time. Hope to part some knowledge. Ciao~
Thanks "Duarte"!
Network security involves protecting computer networks through authorization of access to data, monitoring for unauthorized access, and adopting policies to prevent misuse. The key principles of security are confidentiality, data integrity, authentication, and non-repudiation. Confidentiality keeps information secret from unauthorized individuals. Data integrity ensures data is not altered without authorization. Authentication verifies the identity of entities and the origin of information. Non-repudiation prevents entities from denying commitments or actions. These principles secure networks and protect operations.
Data Security is an information security company with over 15 years of experience that offers various services such as incident response, risk analysis, gap analysis, penetration testing, business continuity planning, security policies, computer forensics, and courses on information security and cybercrime investigation. The company aims to protect information from threats to ensure confidentiality, integrity, and availability through adequate security measures and response to security incidents when they occur. Data Security conducts investigations of devices like computers and phones to determine the cause of incidents and identify responsible parties through forensic procedures.
protection & security of e-commerce ...Rishav Gupta
The document discusses security issues related to e-commerce and provides recommendations for protecting e-commerce websites and transactions. It defines different types of e-commerce and describes common security tools like digital certificates, encryption, firewalls and passwords. The document outlines security threats such as hackers, data theft, and fraud. It recommends conducting risk assessments, implementing access controls, limiting user privileges, and using encryption and regular scanning to help secure e-commerce systems and transactions.
The uncontrollable flow of change in technology these days and use of data, information and knowledge is creating a huge challenges in the front of application User and developer both. Data breaches are happening in every sector and every level of all sectors. These challenges are countless starting from operational to strategic and becoming more challengeable day by day as the penetration of Information technology application among the common man is increasing. Therefore the threat is become real. Everybody customers or companies, retailer or stakeholders , distributor or dealer need assurance; from the provider. corporate face up reputational risks among the user at every step. So there is a need to understand the information technology, a frame work or body which can manage , risks and controls. A body or a system of Privacy management system is which can build a frame work for protection of the data and at the same time can maintain , privacy and agreement issues. This can be done by adoption of a scalable risk-based method which can determine what to be secured and how by performing the certain action.
Cyber privacy refers to protecting personal data and information published online. It involves techniques and technologies to secure sensitive data from crimes like malware, denial of service attacks, and computer viruses. Privacy protection relies on effective cyber security by organizations to secure data as it is transmitted and stored. Crimes against cyber privacy include fraud, identity theft, and information theft. Effective cyber security and privacy protection are increasingly important as individuals and organizations become more connected online.
This document discusses various e-business security issues in cyberspace. It outlines basic security issues like authentication, authorization, confidentiality, integrity and non-repudiation. It also describes common security threats like denial of service attacks, unauthorized access, and theft/fraud. Finally, it explains different types of security techniques used like encryption, decryption, cryptography, virtual private networks, digital signatures, and digital certificates.
Encryption is a process that converts information into an encoded format, called ciphertext, which cannot be easily understood by unauthorized parties. There are different types of encryption, including symmetric encryption which uses a single key and asymmetric encryption which uses a public/private key pair. Proper encryption helps ensure the confidentiality, integrity, and authenticity of data in electronic commerce and online transactions. Some common threats to e-commerce include credit card fraud, hacking, and security breaches which can compromise personal or financial data. Using digital signatures and certificates can help verify the identity of parties involved in online transactions and protect against threats like spoofing or tampering with data.
Unit II discusses cyber crime, including the methods and taxonomy of cyber attacks. The cyber world refers to the online environment where people interact through digital media like sharing and consuming content. Cyber crime involves any criminal activity using computers or networks and can be for profit, to damage systems, or use computers to spread illegal materials. Cyber attacks are classified based on the responsible agent as cyber warfare by states, cyber crime by individuals/organizations, or cyber terrorism. Common cyber attacks include injection attacks, DNS spoofing, and denial of service attacks on websites, as well as viruses, worms, and trojans on systems. Reasons for cyber crime include the ease of accessing systems, ability to store data in small spaces, complexity of systems, negligence
In this presentation, Nagaswathi introduces IoT and associated trends. Nagaswathi wants to tackle security problems faced by users of IoT devices through an access key based approach.
This document is a paper submitted to the University of Kerala by Nikhil D. in partial fulfillment of a Bachelor of Education degree. The paper discusses cyber privacy, password protection, and related cybersecurity issues. It defines cyber privacy and outlines privacy hazards like cookies, web bugs, hacking, spamming, and data mining. It also discusses cyber security measures like firewalls, VPNs, and two-factor authentication. The paper provides guidelines for creating strong passwords and concludes by emphasizing the interconnected nature of privacy protection and cyber security.
The document discusses e-business security objectives and challenges, including confidentiality, integrity, availability, legitimate use, auditing, and non-repudiation. It defines these terms and explains why they are important for securing e-business transactions and ensuring trust between parties. Additionally, it provides a checklist of common security options and risk assessment factors to consider for e-business security.
This document discusses information security and its various components. It defines information security as providing assurance that information risks and controls are balanced. It notes that every organization has information others may want to access or deny access to. The document outlines different types of security including physical, personal, operations, communications, network, and information security. It describes securing the different components of an information system and notes that perfect security is impossible, rather security must balance protection with reasonable access.
The document provides an overview of information security concepts and threats. It discusses how security is difficult to implement due to costs, user resistance, and sophisticated criminals. The document then outlines various hacking techniques like information gathering, social engineering, sniffing, and denial of service attacks. It concludes by describing defensive security measures for organizations, including firewalls, intrusion detection, honeypots, antivirus software, user awareness training, and penetration testing.
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
"Security, Privacy Data Protection and Perspectives to Counter Cybercrime" was presented at the CodeGate 2008 security conference in Seoul, Korea, April 2008.
http://www.codegate.org/
Nowadays the payment fraud landscape is changing quite fast. Changing from classic schemes as bank cheque fraud, faked manual payment orders to organized crime with corporates as targets
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
The document discusses privacy issues in cloud computing. It defines privacy and describes privacy enhancing technologies (PETs) that can help protect privacy, such as pseudonymization and federated identity management. It also discusses privacy by design, which aims to embed privacy protections directly into technologies. Ensuring privacy in cloud computing requires measures like access controls, protecting against unauthorized access/copying of data, and specifying privacy controls in agreements. Overall privacy is a major challenge for cloud computing due to issues of data governance, security, and differing international regulations.
This document summarizes an ITC presentation on internet use, security, and privacy. It discusses how the internet works by connecting computers through IP addresses and internet service providers using standardized protocols. It also covers internet security methods like firewalls and encryption to protect against hacking threats. Finally, it provides tips for safe internet use such as creating strong passwords, minimizing personal details online, and using antivirus software to protect computers and privacy.
This document discusses security issues related to e-commerce, including brute force credit card attacks. It provides examples of real attacks, such as one where hackers processed over 140,000 fake credit card charges through an online merchant. The document outlines the basic security issues in e-commerce like confidentiality, integrity, and authentication. It also describes different types of threats and attacks, both technical (e.g. viruses, worms) and non-technical (e.g. social engineering). Additionally, it covers security risk management, technologies like encryption and firewalls, and managerial issues related to e-commerce security.
Cybersecurity Vs Information Security.pptxInfosectrain3
A simple definition of information security is preventing unauthorized access during the storage or transmission of data. Biometric information, social media profiles, and data on mobile phones can be considered information. Therefore, research for information security covers various fields, such as cryptocurrency and online forensics.
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
Cybersecurity Interview Questions and Answers.pdfJazmine Brown
Cyber security professionals are in high demand, and those willing to learn new skills to enter the area will have plenty of opportunities. Our goal is to present you with the most comprehensive selection of cybersecurity interview questions available.
Best BCA colleges in Delhi NCR JIMS Vasant Kunj New Delhi.
cyber ethics is a part of curriculum of BCA 6TH Sem of BESTBCACOLLGE IN DELHI NCR.
JIMS Vasant KunjII is the Top institute for BCA. JIMS is one of the Best BCA Colleges in Delhi which offers best placements in Top IT Companies in Delhi NCR. It is amongst the top A+ Category highest ranked colleges in Delhi, provides 3 years Regular Degree from UGC Approved University
Fundamentals of Information Security..pdfZahid Hussain
Hello there! I'm Zahid Hussain, a technology enthusiast at heart, a passionate blogger, and the proud founder of techsvistaa.com. My fascination for technology and its transformational power is what fuels me every day.
I spend my time exploring new ideas and discovering how advanced technologies are shaping our world, offering individuals, brands, and businesses the tools they need to not just survive, but truly thrive in this competitive landscape.
At techsvistaa.com, I've created a platform for sharing the latest in tech news, trends, and updates. I've built a community that's just as passionate about technology as I am. It's a place where we can collectively delve into the intricacies of the tech world and dissect the impact of the latest advancements.
In a world where technology is constantly evolving, I make it my mission to keep both myself and my audience informed and updated. I'm Zahid Hussain, your guide to the compelling world of technology, inviting you to join me on this exciting journey through the digital landscape.
The document outlines an information security course that covers 5 key objectives: understanding information security basics, legal and ethical issues, risk management, security standards, and technological aspects. It details 5 units that will be covered: Introduction, Security Investigation, Security Analysis, Logical Design, and Physical Design. The Introduction unit defines information security, discusses its importance for organizations, and covers concepts like the CIA triad, NSTISSC security model, securing system components, and the Systems Development Life Cycle.
The CIA triangle outlines the three primary goals of information security: confidentiality, integrity, and availability. Confidentiality ensures that information is only available to authorized users, integrity ensures the accuracy and trustworthiness of information, and availability ensures that information is accessible when needed. These three principles form the basis of information security practices and help define how organizations should protect information assets from various threats.
Module 1Introduction to cyber security.pptxSkippedltd
This document provides an overview of a course on fundamentals of cybersecurity. The course objectives are to provide theoretical and practical knowledge of cyber attacks, cyber law, intellectual property, cyber crimes, and web security. It covers 5 modules: introduction to cybersecurity, cyber attacks and protection tools, cyber risks and incident management, overviews of firewalls, and artificial intelligence in cybersecurity. Key topics include importance of cybersecurity, cybersecurity challenges, ethical hacking tools and processes, and methods for authentication, access control, intrusion detection, and prevention.
The document outlines an agenda for a security awareness workshop. It discusses various cybersecurity concepts like information assets, security objectives of confidentiality, integrity and availability. It describes security awareness and the responsibilities of end users, human resources, suppliers and compliance in cybersecurity. It emphasizes the importance of cybersecurity and provides examples of cyber attacks. It also covers leading cyber threats, computer security best practices, and identifying security compromises.
1. Original Post by Catherine JohnsonCryptographic MethodsCSantosConleyha
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
1. Original Post by Catherine JohnsonCryptographic MethodsCAbbyWhyte974
1. Original Post by Catherine Johnson
Cryptographic Methods:
Cryptography is the science of concealing information or encrypting information. Computers use complex cryptographic algorithms to enable data protection, data hiding, integrity checks, nonrepudiation services, policy enforcement, key management, and exchange, and many more (Conklin, 2018). Cryptography is classified into three types symmetric cryptography, asymmetric cryptography, and hash functions
Symmetric cryptography is also known as secret-key cryptography. It uses a single key to encrypt and decrypt data making it the simplest type of cryptography. A plain text with the key produces the same cipher similarly, the ciphertext with the key produces the plain text. "Symmetric encryption is useful for protecting data between parties with an established shared key and is also frequently used to store confidential data" (Burnett & Foster, 2004). This type of cryptography is suited for bulk encryption as it is fast and easy.
Asymmetric cryptography is also known as public-key cryptography. In this method, two keys are used to encrypt data. One for encoding and the other for decoding. One of the two keys stays private while the other is shared. The algorithms are based on integer factorization and discrete logarithmic problems. This encryption method is used for authentication and confidentiality.
The hash function is a special mathematical function. It performs a one-way function, which means that once the algorithm is processed, there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it (Conklin, 2018). Hashes provide confidentiality but not integrity because even though we cannot determine the original text, we can ascertain the modified text. These are utilized in programs, text messages, and operating systems files.
Public Key Infrastructure (PKI):
It is an infrastructure that enables users to communicate securely. PKI uses the asymmetric method; one private key and one public key. The public key can only decrypt the file encrypted by the private key, which affirms the receiver and the sender's information is secure during a transaction. The challenges PKI face is the storage and protection of the keys. The encryption keys can be stolen or unrecoverable based on the measures taken to store them. Additionally, failure to issue and renew certificates can cause large-scale connectivity issues.
Physical Security:
Physical security needs to be maintained to prevent attackers from gaining access to steal data. Physical security is essential in an organization to prevent unauthorized individuals from causing harm to the business. If systems and devices are physically accessed, all files, data, information, and networks can be compromised. Granting limited access to employees to computer rooms or server rooms can prevent theft and help with intentional and unintentional damages. Perimeter security is also important, especially for sites ...
Cybersecurity refers to protecting internet-connected systems, networks, programs, and data from malicious attacks. It aims to ensure confidentiality, integrity, and availability of data. The document discusses different types of cybersecurity including network security, application security, information security, identity management, operational security, mobile security, cloud security, and disaster recovery planning. It also covers common cybersecurity threats like malware, viruses, spyware, and describes their purpose and how they function. The overall goal of cybersecurity is to protect sensitive data and systems from unauthorized access or corruption.
information security (network security methods)Zara Nawaz
This document provides an overview of information security concepts. It discusses basic security principles like how no system is completely secure but security measures can reduce risks. It then summarizes key aspects of network security such as protecting systems through configuration, detection of issues, and rapid response. Common network security methods are outlined like access control, anti-malware tools, and firewalls. Goals of security like confidentiality, integrity and availability are defined in relation to the CIA triad model. Threats to these goals are also summarized.
Cybersecurity refers to the practice of protecting internet-connected systems, including hardware, software, and data, from attack, damage, or unauthorized access. This includes protecting personal devices, such as smartphones and laptops, as well as critical infrastructure systems, such as power plants and financial systems.
Cyber attacks can come in many forms, such as viruses and malware, phishing scams, and hacking attempts. These attacks can have serious consequences, such as identity theft, financial loss, and disruption of critical services.
To protect against these threats, individuals and organizations must implement strong cybersecurity measures, including using strong passwords and updating them regularly, keeping software and security systems up-to-date, and being cautious about the information that is shared online.
Cybersecurity
Businesses must also invest in the necessary technologies and training to ensure the security of their systems and data. This includes using firewalls, antivirus software, and intrusion detection systems, as well as educating employees on safe online practices.
In addition to technical measures, individuals must also be informed and vigilant about potential threats. This includes being cautious of suspicious emails and links, and being careful about what information is shared online.
In short, cybersecurity is the practice of protecting internet-connected systems and the information stored on them from cyber attacks. Implementing strong technical measures and being informed and vigilant are crucial steps in reducing the risk of cyber attacks and ensuring a safer online experience.
Cybersecurity is a critical aspect of modern society, as more and more of our personal and professional lives are conducted online. Cyber attacks can range from simple nuisance attacks, such as spam emails, to more sophisticated attacks that can steal sensitive information, disrupt businesses, or even cause physical damage.
One of the key components of cybersecurity is the protection of personal and sensitive information. This includes information such as credit card numbers, social security numbers, and passwords. It is important to use strong passwords, and to regularly update them, as well as to be careful about the information that is shared online.
Another important aspect of cybersecurity is the protection of critical infrastructure, such as power plants and financial systems. These systems are vulnerable to attack from hackers who may seek to cause physical damage, disrupt operations, or steal sensitive information.
Businesses and organizations must also take cybersecurity seriously, as they are often targets of cyber attacks. They must implement strong security measures, such as firewalls, antivirus software, and intrusion detection systems, and educate employees about safe online practices.
In addition to technical measures, it is also important for individuals to be informed and vigilant about it
The document provides an introduction to cyber security, including definitions and explanations of key terms. It discusses the importance of cyber security in protecting systems and networks from malicious attacks. It also outlines various types of cyber threats like malware, phishing, and denial-of-service attacks. Additionally, it covers cyber security goals to ensure confidentiality, integrity, and availability of data. The document provides an overview of cyber security and important considerations for organizations.
This document discusses security concepts related to databases and data. It defines several types of security that organizations implement to protect operations, including physical security, personnel security, operations security, communications security, network security, and information security. It also discusses personal data protection laws, data security definitions and concepts, types of database backups that can be performed, security at the server, network and operating system levels, data encryption, and the importance of database auditing and monitoring for security and accountability.
This document provides an introduction to cyber security. It discusses the primary goals of cyber security which are to protect information and information systems through maintaining confidentiality, integrity and availability of data. It also outlines some common cyber security threats such as phishing, ransomware, malware and social engineering. The document describes different types of cyber security including network security, cloud security, endpoint security, mobile security, IoT security, application security and zero trust models. Finally, it lists some basic prerequisites and hardware resources needed for learning cyber security.
The document provides tips and information about internet safety. It discusses 11 tips for safe internet use such as using strong passwords, not chatting with strangers, and only downloading software from trusted sites. It also discusses security levels on networks including keeping information secret, integrity of data, and availability of resources. Types of internet threats are explored such as passive attacks like traffic analysis and disclosure of message contents. Active attacks like masquerading, message modification, and denial of service are also outlined. Laws around internet safety for children are mentioned like COPPA, which requires parental consent for collection of personal information from kids.
Similar to Information Security and Indian IT Act 2000 (20)
This document contains C code examples for various programming concepts like functions, loops, arrays, structures, unions, file handling etc. There are a total of 30 code snippets showing how to use different data types, control structures and functions in C programming language. The code snippets range from simple Hello World program to more complex examples demonstrating concepts like recursion, structures, file handling etc.
The document discusses 12 financial functions in Microsoft Excel: FV, ACCRINT, COUPDAYBS, CUMIPMT, CUMPRINC, DB, DDB, DISC, DURATION, EFFECT, FVSCHEDULE, and INTRATE. Each function is described, including what it calculates and its syntax and required/optional arguments. Examples are provided for some of the functions.
This document describes several text functions in Excel including joining strings with the & operator, extracting portions of strings with LEFT, RIGHT, MID, and FIND functions, getting the length of a string with LEN, and replacing text within a string using SUBSTITUTE.
The document discusses various lookup functions in Microsoft Excel, including LOOKUP, HLOOKUP, INDEX, MATCH, and CHOOSE. It provides the syntax and purpose of each function. LOOKUP returns a value from a range based on a lookup value. HLOOKUP looks up a value in the top row and returns the value from the same column in a specified row. INDEX returns a value based on row and column numbers. MATCH locates the position of a lookup value. CHOOSE returns a value from a list using a given index position.
This document provides information on using date and time functions in Excel. It describes how to enter dates using "/" or "-" and times using ":" in a cell. Functions like YEAR, MONTH, DAY, NOW, TODAY, HOUR, MINUTE and SECOND are used to extract individual components from dates or times. The DATE and TIME functions allow adding or subtracting specific numbers of years, months, days, hours, minutes and seconds to dates or times.
This document describes 11 statistical and financial functions in Excel including AVERAGE, AVERAGEIF, MEDIAN, MODE, STEDV, MIN, MAX, LARGE, SMALL, FV, and COUNT. These functions allow users to calculate averages, find median, mode, standard deviation, minimum, maximum, future values, and counts of numbers in a dataset. The FV function specifically returns the future value of an investment given periodic payments and interest rate.
Subtotals in Excel allow you to summarize different groups of data in worksheets to make the information easier to understand. You can insert subtotals that use functions like SUM, COUNT, and AVERAGE to total subsets of values and create an outline to display or hide detail groups. To add a subtotal, select the data, click the Subtotal button on the Data tab, and choose a subtotal function.
Mathematical functions in Excel are used to perform arithmetic operations like sum, average, count, max, min. The SUM function adds the values within a cell range. For example, SUM(C1:C3)=15 adds the values in cells C1 through C3. The AVERAGE function calculates the average of a range of cells. COUNT counts the number of cells that contain numbers. Other common functions include ROUND, RAND, MOD, INT, ABS, ARABIC, and CEILING.MATH.
1) The document discusses methods of resolving cybersquatting disputes in India, including policies from international bodies like ICANN and WIPO, as well as national bodies and judicial precedents.
2) It outlines ICANN's Uniform Domain Name Dispute Resolution Policy and WIPO's domain name dispute resolution services. In India, disputes can be resolved through the .IN Dispute Resolution Policy or trademark infringement lawsuits.
3) Key court cases that helped define cybersquatting in India are discussed, such as Rediff Communication v. Cyberbooth and Aroon Purie v. Kautilya Krishan Pandey. The conclusion is that India needs specific cyberlaws to better handle domain name disputes
India: Meta-Tagging Vis-À-Vis Trade Mark Misuse: An OverviewDr. Prashant Vats
This document discusses meta-tagging and trademark misuse related to meta-tagging under Indian law. It begins by explaining what meta-tags are and how they can be used to manipulate search engine results. It then discusses legal cases where misleading meta-tags containing competitors' trademarks were found to cause initial interest confusion and violate trademark law. The document outlines exceptions for descriptive, comparative and consumer review uses of trademarks in meta-tags that constitute fair use. It concludes that while India recognizes issues with meta-tagging abuse, concrete laws are still needed to properly regulate meta-tags and intellectual property on the internet.
METHODS OF RESOLVING CYBERSQUATTING DISPUTE IN INDIADr. Prashant Vats
1) The document discusses methods of resolving cybersquatting disputes in India, including policies from international bodies like ICANN and WIPO, as well as national bodies and judicial precedents.
2) It outlines ICANN's Uniform Domain Name Dispute Resolution Policy and WIPO's domain name dispute resolution services. In India, disputes can be resolved through the .IN Dispute Resolution Policy or trademark infringement lawsuits.
3) Key court cases that helped define cybersquatting in India are discussed, such as Rediff Communication v. Cyberbooth and Aroon Purie v. Kautilya Krishan Pandey. The conclusion is that India needs specific cyberlaws to better deal with cybers
This document provides information about various topics related to computer software and intellectual property rights, including:
- Definitions of property, intellectual property, patents, copyrights, and software patents.
- The classification of intellectual property into industrial property and literary property.
- Criteria for patentability such as novelty, inventive step, and industrial applicability.
- A list of patentable and non-patentable inventions.
- An overview of the patenting process and timelines for protection of different intellectual property rights.
- Discussion of software patents, copyright protections, and differences between patents and copyrights for software.
- Examples of computer-aided inventions and fields that
Amendments to the Indian Evidence Act, 1872 with respect to IT ACT 2000Dr. Prashant Vats
This document outlines amendments made to the Indian Evidence Act of 1872 by the Information Technology Act of 2000 regarding electronic records and digital signatures. Some key points:
- It defines electronic terms like digital signature and includes electronic records in definitions of evidence and documents.
- It allows electronic records and documents produced from computers to be considered admissible as evidence if certain conditions are met regarding the computer system and record keeping.
- It establishes provisions for proving digital signatures and verifying them, including allowing courts to request digital signature certificates from individuals, controllers or certifying authorities.
- It creates presumptions that electronic records of official gazettes, electronic agreements containing digital signatures, and secure digital records and signatures are valid unless proven
This document discusses trademark issues related to domain names in the digital era. It begins by explaining how domain names have become important business identifiers online and discusses some of the structure and purpose of domain name systems. It then explains how disputes can arise over domain name ownership between trademark holders operating in different regions. The document outlines the domain name assignment procedure and some available legal remedies for disputes, including the Uniform Domain Name Dispute Resolution Policy (UDRP) established by ICANN. It provides details on the UDRP process and notes that India has its own dispute resolution policy for .IN domain names as well. In conclusion, it states that domain name dispute resolution has proven an effective alternative to litigation for resolving conflicts.
Trade-Related Aspects of Intellectual Property Rights (TRIPS)Dr. Prashant Vats
The TRIPS agreement is an international agreement administered by the WTO that introduced intellectual property law into the multilateral trading system. It requires WTO members to provide minimum standards of protection for copyrights, trademarks, patents, and other intellectual property. TRIPS was negotiated at the end of the Uruguay Round between 1989-1990 and remains the most comprehensive agreement on IP. It has provisions for enforcement and allows for compulsory licensing of medicines under certain conditions. However, many nations have adopted even higher "TRIPS-plus" standards through bilateral agreements.
How to Copyright a Website to Protect It under IPR and copyright actDr. Prashant Vats
- A website is a collection of interconnected web pages located on the same server and maintained by an organization. The content on a website, such as writing, images, and videos, can be copyrighted but not the website structure itself.
- To copyright a website, the content must be original, owned by the applicant, and clearly described. Copyright protection applies automatically when content goes live but registering the copyright provides additional legal protections.
- Parts of a website that cannot be copyrighted include domain names, website layout/design, links to other sites, public domain works, and common symbols/icons. Employees' work is owned by the business but contractors retain ownership unless assigned in a contract.
- To protect a website
The document discusses several international treaties related to intellectual property protection administered by the World Intellectual Property Organization (WIPO). It provides details on the Beijing Treaty on Audiovisual Performances, the Berne Convention for the Protection of Literary and Artistic Works, and the principles and minimum standards of protection established by the Berne Convention. The Berne Convention deals with protecting works and author's rights, establishing the principles of national treatment, automatic protection without formalities, and independence of protection across countries.
This slide is special for master students (MIBS & MIFB) in UUM. Also useful for readers who are interested in the topic of contemporary Islamic banking.
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Dr. Vinod Kumar Kanvaria
Exploiting Artificial Intelligence for Empowering Researchers and Faculty,
International FDP on Fundamentals of Research in Social Sciences
at Integral University, Lucknow, 06.06.2024
By Dr. Vinod Kumar Kanvaria
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
A workshop hosted by the South African Journal of Science aimed at postgraduate students and early career researchers with little or no experience in writing and publishing journal articles.
How to Manage Your Lost Opportunities in Odoo 17 CRMCeline George
Odoo 17 CRM allows us to track why we lose sales opportunities with "Lost Reasons." This helps analyze our sales process and identify areas for improvement. Here's how to configure lost reasons in Odoo 17 CRM
How to Make a Field Mandatory in Odoo 17Celine George
In Odoo, making a field required can be done through both Python code and XML views. When you set the required attribute to True in Python code, it makes the field required across all views where it's used. Conversely, when you set the required attribute in XML views, it makes the field required only in the context of that particular view.
How to Add Chatter in the odoo 17 ERP ModuleCeline George
In Odoo, the chatter is like a chat tool that helps you work together on records. You can leave notes and track things, making it easier to talk with your team and partners. Inside chatter, all communication history, activity, and changes will be displayed.
বাংলাদেশের অর্থনৈতিক সমীক্ষা ২০২৪ [Bangladesh Economic Review 2024 Bangla.pdf] কম্পিউটার , ট্যাব ও স্মার্ট ফোন ভার্সন সহ সম্পূর্ণ বাংলা ই-বুক বা pdf বই " সুচিপত্র ...বুকমার্ক মেনু 🔖 ও হাইপার লিংক মেনু 📝👆 যুক্ত ..
আমাদের সবার জন্য খুব খুব গুরুত্বপূর্ণ একটি বই ..বিসিএস, ব্যাংক, ইউনিভার্সিটি ভর্তি ও যে কোন প্রতিযোগিতা মূলক পরীক্ষার জন্য এর খুব ইম্পরট্যান্ট একটি বিষয় ...তাছাড়া বাংলাদেশের সাম্প্রতিক যে কোন ডাটা বা তথ্য এই বইতে পাবেন ...
তাই একজন নাগরিক হিসাবে এই তথ্য গুলো আপনার জানা প্রয়োজন ...।
বিসিএস ও ব্যাংক এর লিখিত পরীক্ষা ...+এছাড়া মাধ্যমিক ও উচ্চমাধ্যমিকের স্টুডেন্টদের জন্য অনেক কাজে আসবে ...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
Information Security and Indian IT Act 2000
1. INDIRA GANDHI DELHI TECHNICAL
UNIVERSITY FOR WOMEN
By: Prashant Kumar Vats,
B. Tech. (IT),M. Tech. (IT), Ph.D. (CSE),
M.A. in Education, P.G. Diploma in Cyber Laws.
Subject - Cyber Laws & Rights
M. tech. 3rd Sem., ISM.
3. What is Information Security?
• Information Security is not only about securing information from
unauthorized access.
• Information Security is basically the practice of preventing
unauthorized access, use, disclosure, disruption, modification,
inspection, recording or destruction of information.
• Information security, sometimes abbreviated to infosec, is a set of
practices intended to keep data secure from unauthorized access
or alterations, both when it's being stored and when it's being
transmitted from one machine or physical location to another. You
might sometimes see it referred to as data security.
• Information can be physical or electronic one. Information can be
anything like Your details or we can say your profile on social
media, your data in mobile phone, your biometrics etc.
• Thus Information Security spans so many research areas like
Cryptography, Mobile Computing, Cyber Forensics, Online Social
Media etc.
• As knowledge has become one of the 21st century's most
important assets, efforts to keep information secure have
correspondingly become increasingly important.
4. Information security vs. cybersecurity
• sometimes information security and cyber
security used interchangeably.
• Strictly speaking, cyber security is the broader practice
of defending IT assets from attack,
• Information security is a specific discipline under the
cyber security umbrella.
• Network security and application security are sister
practices to information security, focusing on networks
and app code, respectively.
• You can't secure data transmitted across an insecure
network or manipulated by a leaky application.
• As well, there is plenty of information that isn't stored
electronically that also needs to be protected.
5. Objectives of Information Security
• Information Security programs are build around 3 objectives, commonly
known as CIA – Confidentiality, Integrity, Availability.
• Confidentiality – means information is not disclosed to unauthorized
individuals, entities and process. For example if we say I have a password
for my Gmail account but someone saw while I was doing a login into
Gmail account. In that case my password has been compromised and
Confidentiality has been breached.
• Integrity – means maintaining accuracy and completeness of data. This
means data cannot be edited in an unauthorized way. For example if an
employee leaves an organization then in that case data for that employee
in all departments like accounts, should be updated to reflect status to
JOB LEFT so that data is complete and accurate and in addition to this only
authorized person should be allowed to edit employee data.
• Availability – means information must be available when needed. For
example if one needs to access information of a particular employee to
check whether employee has outstand the number of leaves, in that case
it requires collaboration from different organizational teams like network
operations, development operations, incident response and policy/change
management.
• Denial of service attack is one of the factor that can hamper the
availability of information.
6. Some more principle that governs information security
programs
• Non repudiation – means one party cannot deny receiving a message or a transaction
nor can the other party deny sending a message or a transaction. For example in
cryptography it is sufficient to show that message matches the digital signature signed
with sender’s private key and that sender could have a sent a message and nobody else
could have altered it in transit. Data Integrity and Authenticity are pre-requisites for
Non repudiation.
• Authenticity – means verifying that users are who they say they are and that each
input arriving at destination is from a trusted source. This principle if followed
guarantees the valid and genuine message received from a trusted source through a
valid transmission. For example if take above example sender sends the message along
with digital signature which was generated using the hash value of message and private
key. Now at the receiver side this digital signature is decrypted using the public key
generating a hash value and message is again hashed to generate the hash value. If the 2
value matches then it is known as valid transmission with the authentic or we say
genuine message received at the recipient side
• Accountability – means that it should be possible to trace actions of an entity uniquely
to that entity. For example as we discussed in Integrity section Not every employee
should be allowed to do changes in other employees data. For this there is a separate
department in an organization that is responsible for making such changes and when
they receive request for a change then that letter must be signed by higher authority for
example Director of college and person that is allotted that change will be able to do
change after verifying his bio metrics, thus timestamp with the user(doing changes)
details get recorded. Thus we can say if a change goes like this then it will be possible to
trace the actions uniquely to an entity.
8. CYBER SECURITY INFORMATION SECURITY
It is the practice of protecting the data from
outside the resource on the internet.
It is all about protecting information from
unauthorized user, access and data modification
or removal in order to provide confidentiality,
integrity, and availability.
It is about the ability to protect the use of
cyberspace from cyber attacks.
It deals with protection of data from any form of
threat.
Cybersecurity to protect anything in the cyber
realm.
Information security is for information
irrespective of the realm.
Cybersecurity deals with danger against
cyberspace.
Information security deals with the protection of
data from any form of threat.
Cybersecurity strikes against Cyber crimes, cyber
frauds and law enforcement.
Information security strives against unauthorised
access, disclosure modification and disruption.
On the other hand cyber security professionals
with cyber security deals with advanced
persistent threat.
Information security professionals is the
foundation of data security and security
professionals associated with it prioritize
resources first before dealing with threats.
It deals with threats that may or may not exist in
the cyber realm such as a protecting your social
media account, personal information, etc.
It deals with information Assets and integrity
confidentiality and availability.
10. INFORMATION SECURITY NETWORK SECURITY
It protects information from
unauthorized user, access and data
modification.
It protects the data flowing over the
network.
It is super set of cyber security and
network security.
It is a subset of cyber security.
Information security is for information
irrespective of the realm.
It protects anything in the network
realm.
It deals with the protection of data from
any form of threat.
It deals with the protection from DOS
attacks.
It strikes against unauthorized access,
disclosure modification and disruption.
Network Security strikes against trojans.
It provides confidentiality, integrity and
availability.
It provides security over network only.
Information security ensures to protect
transit and stationary data both.
Network security ensures to protect the
transit data only.
It deals with information assets and
integrity, confidentiality and availability.
It secures the data travelling across the
network by terminals.
11. Need Of Information Security
• Protecting the functionality of the organization:
The decision maker in organizations must set policy and operates their
organization in compliance with the complex, shifting legislation, efficient
and capable applications.
• Enabling the safe operation of applications:
The organization is under immense pressure to acquire and operates
integrated, efficient and capable applications. The modern organization
needs to create an environment that safeguards application using the
organizations IT systems, particularly those application that serves as
important elements of the infrastructure of the organization.
• Protecting the data that the organization collect and use:
Data in the organization can be in two forms that are either in rest or in
motion, the motion of data signifies that data is currently used or processed
by the system. The values of the data motivated the attackers to seal or
corrupts the data. This is essential for the integrity and the values of the
organization's data. Information security ensures protection of both data in
motion as well as data in rest.
• Safeguarding technology assets in organizations:
The organization must add intrastate services based on the size and scope
of the organization. Organizational growth could lead to the need for public
key infrastructure, PKI an integrated system of the software, encryption
methodologies..
12. Cyber Crime – Mobile Security Threats
• Mobile devices are now an essential need for every person
for day-to-day tasks. As a result, the number of mobile
users is rising exponentially.
• This gives us the direction to think about the data they
process and what security mechanisms are being taken by
mobile application developers to keep the user’s data
secure.
• There was a time when the biggest threat to the data was
due to spyware which runs silently on the computer
background and steals user data.
• Now even mobile devices are a fruit target for
cybercriminals to steal your data without even getting
noticed.
• When it comes to securing mobile data, use an antivirus
application that tends to protect your data from getting
breached.
13. Types of Mobile Security Threats
• Web-Based Threats –
These types of threats happen when people visit sites that appear to be fine on the
front-end but in reality, automatically download malicious content onto the mobile
devices. Also, many mobile applications continue to sync their data in the background
which poses a threat. These threats usually go un-noticed by the users.
– Phishing Through Links :
Some legitimate-looking links are sent through messages, emails, or social media
platforms. They extract personal information by tricking with several schemes. It is
not possible to categorize them as real or fake as they copy the original website.
– Forced Downloads :
When you visit a page through anonymous links, it automatically directs you to the
download page. This method is called drive-by downloads.
• Physical Threats –
These threats happen when someone physically tries to access your device. When you
lose your mobile, or it is stolen there is a possibility for physical threats. Mobile devices
carry your transactional data as well as has connected applications to your bank
accounts, which is a threat to your privacy breach.
– No Password Protection :
With keeping all measures to secure your data, it is surprising to know that some
people find it difficult to use a password on their devices, or they rather use a
password that is easy to crack by hackers. This leads to physical threats.
– Encryption :
While using carrier networks they generally provide good encryption while
accessing servers. But while accessing some client and enterprise servers they are
explicitly managed. They are not end-to-end encrypted which can lead to physical
threats.
14. Types of Mobile Security Threats
• Network-Based Threats –
Mobile network includes both Cellular and Local network support such as
Bluetooth and Wi-Fi. These are used to host network threats. These threats are
especially dangerous as the cybercriminals can steal unencrypted data while
people use public WiFi networks.
– Public WiFi :
While we are using our devices for every task, at public places we are provided
with public open WiFi which tends to be legitimate while they are controlled by
hackers which results in data leakage.
– Network Exploits :
Network exploits are due to the vulnerabilities in the operating system in your
mobile devices. Once this software is connected to the network they are capable of
installing malware onto the device without being known.
• Application-Based Threats –
Websites available for software downloads are home to these threats. They
tend to be genuine software but in fact are specially designed to carry
malicious activities.
– Malware :
Malware is designed to send unwanted messages to recipients and further use
your personal and business information by hacking your devices.
– Spyware :
They are the software that are used to collect specific information about an
organization or person which later can be used for fraud and identity threats.
15. Common Security Threats
• Computer viruses- A computer virus is a type of computer program that, when
executed, replicates itself by modifying other computer programs and inserting its
own code.
• Malware any software intentionally designed to cause damage to
a computer, server, client, or computer network
• Screen-locking ransom ware 'Lock-screens', or screen lockers is a type of “cyber
police” ransom ware that blocks screens on Windows or Android devices with a false
accusation in harvesting illegal content, trying to scare the victims into paying up a
fee
• Trojan horses A Trojan horse is a harmful program that misrepresents itself to
masquerade as a regular, benign program or utility in order to persuade a victim to
install it. A Trojan horse usually carries a hidden destructive function that is activated
when the application is started. The term is derived from the Ancient Greek story of
the Trojan horse used to invade the city of Troy by stealth
• logic bomb A logic bomb is a piece of code intentionally inserted into a software
system that will set off a malicious function when specified conditions are met.
• Computer worm A computer worm is a standalone malware computer program that
replicates itself in order to spread to other computers. It often uses a computer
network to spread itself, relying on security failures on the target computer to access
it. It will use this machine as a host to scan and infect other computers.
• Spyware is unwanted software that infiltrates your computing device, stealing your
internet usage data and sensitive information.
• Sabotage means destroying company’s website to cause loss of confidence on part of
its customer.
16. • Theft of Intellectual Property or Data
• Hacktivism is the act of misusing a computer system or network for a socially or politically
motivated reason. Individuals who perform hacktivism are known as hacktivists.
• Mobile Devices and applications and their associated Cyber Attacks
• Botnet A botnet is a number of Internet-connected devices, each of which is running one or
more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data,
send spam, and allows the attacker to access the device and its connection.
• Phishing Attacks Phishing attacks are a form of social engineering that is designed to steal
sensitive data such as passwords, usernames, credit card numbers. These attacks
impersonate reputable websites, banking institutions, and personal contacts that come in
the form of instant messages or phishing emails designed to appear legitimate.
• Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network,
making it inaccessible to its intended users. DoS attacks accomplish this by flooding the
target with traffic, or sending it information that triggers a crash.
• Spoofing is the act of disguising a communication from an unknown source as being from a
known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be
more technical, such as a computer spoofing an IP address, Address Resolution Protocol
(ARP), or Domain Name System (DNS) server.
• Cyber-Vandalism accounts to the act of damaging someone's data from the computer that in
a way disrupts the victim's business or image due to editing the data into something invasive,
embarrassing or absurd
• Cyber terrorism is the use of the Internet to conduct violent acts that result in, or threaten,
loss of life or significant bodily harm, in order to achieve political or ideological gains through
threat or intimidation.
Common Security Threats
17. Need for information security
regulatory compliance
• Regulations are in place to help companies improve
their information security strategy by providing
guidelines and best practices based on the company’s
industry and type of data they maintain.
• Non-compliance with these regulations can result in
severe fines, or worse, a data breach.
• Most companies are subject to at least one security
regulation.
• The difficulty comes in determining which ones apply
and interpreting what policies and controls are
required to reach compliance.
18. Risk Management for Information
Security
• The complete process of handling Risk can be divided into following
stages:
• Context Establishment
• Risk Assessment
– Risk Identification
– Risk Estimation
– Risk Evaluation
• Risk Management/ Mitigation
– Risk Assumption
– Risk Avoidance
– Risk Limitation
– Risk Planning
– Research and Acknowledgement
– Risk Transference
• Risk Communication
• Risk Monitoring and Review
• IT Evaluation and Assessment
19. Provisions in IT Act 2000 for
Information Security
• As per IT Act 2000 cyber security‖ means protecting information,
equipment, devices, computer, computer resource, communication
device and information stored therein from unauthorized access,
use, disclosure, disruption, modification or destruction.
• secure system‖ means computer hardware, software, and
procedure that–
• (a) are reasonably secure from unauthorized access and misuse;
• (b) provide a reasonable level of reliability and correct operation;
• (c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted security procedures;
• (zf) security procedure‖ means the security procedure prescribed
under section 16 by the Central Government.
20. • 14. Secure electronic record.—Where any security procedure has been
applied to an electronic record at a specific point of time, then such record
shall he deemed to be a secure electronic record from such point of time
to the time of verification.
• 15. Secure electronic signature.—An electronic signature shall be deemed
to be a secure electronic signature if—
• (i) the signature creation data, at the time of affixing signature, was under
the exclusive control of signatory and no other person; and
• (ii) the signature creation data was stored and affixed in such exclusive
manner as may be prescribed.
• Explanation.–In case of digital signature, the ―signature creation data‖
means the private key of the subscriber.
• 16. Security procedures and practices.—The Central Government may, for
the purposes of sections 14 and 15, prescribe the security procedures and
practices: Provided that in prescribing such security procedures and
practices, the Central Government shall have regard to the commercial
circumstances, nature of transactions and such other related factors as it
may consider appropriate.
Provisions in IT Act 2000 for
Information Security
21. • 43. Penalty and compensation for damage to computer, computer system, etc.–
• If any person without permission of the owner or any other person who is in
charge of a computer, computer system or computer network, he shall be liable
to pay damages by way of compensation to the person so affected –
• (a) accesses or secures access to such computer, computer system or computer
network or computer resource;
• (b) downloads, copies or extracts any data, computer data base or information
from such computer, computer system or computer network including information
or data held or stored in any removable storage medium;
• (c) introduces or causes to be introduced any computer contaminant or computer
virus into any computer, computer system or computer network;
• (d) damages or causes to be damaged any computer, computer system or
computer network, data, computer data base or any other programmes residing
in such computer, computer system or computer network;
• (e) disrupts or causes disruption of any computer, computer system or computer
network;
Provisions in IT Act 2000 for
Information Security
22. Provisions in IT Act 2000 for
Information Security
• Explanation for Sec. 43 – For the purposes of this section,–
• (i) ― computer contaminant‖ means any set of computer instructions that are
designed–
• (a) to modify, destroy, record, transmit data or programme residing within a
computer, computer system or computer network; or
• (b) by any means to usurp the normal operation of the computer, computer
system, or computer network;
• (ii) ― computer data-base‖ means a representation of information, knowledge,
facts, concepts or instructions in text, image, audio, video that are being prepared
or have been prepared in a formalized manner or have been produced by a
computer, computer system or computer network and are intended for use in a
computer, computer system or computer network;
• (iii) ― computer virus‖ means any computer instruction, information, data or
programme that destroys, damages, degrades or adversely affects the
performance of a computer resource or attaches itself to another computer
resource and operates when a programme, data or instruction is executed or some
other event takes place in that computer resource;
• (iv) ― damage‖ means to destroy, alter, delete, add, modify or rearrange any
computer resource by any means.
• (v) ― computer source code‖ means the listing of programme, computer
commands, design and layout and programme analysis of computer resource in
any form.]
23. • 43A. Compensation for failure to protect data.– Where a body corporate,
possessing, dealing or handling any sensitive personal data or information
in a computer resource which it owns, controls or operates, is negligent in
implementing and maintaining reasonable security practices and
procedures and thereby causes wrongful loss or wrongful gain to any
person, such body corporate shall be liable to pay damages by way of
compensation to the person so affected.
• Explanation.–For the purposes of this section,–
• (i) ―body corporate‖ means any company and includes a firm, sole
proprietorship or other association of individuals engaged in commercial
or professional activities;
• (ii) ―reasonable security practices and procedures‖ means security
practices and procedures designed to protect such information from
unauthorized access, damage, use, modification, disclosure or
impairment, as may be specified in an agreement between the parties or
as may be specified in any law for the time being in force and in the
absence of such agreement or any law, such reasonable security practices
and procedures, as may be prescribed by the Central Government in
consultation with such professional bodies or associations as it may deem
fit;
• (iii) ―sensitive personal data or information‖ means such personal
information as may be prescribed by the Central Government in
consultation with such professional bodies or associations as it may deem
fit.
24. CHAPTER XI
OFFENCES
• 65. Tampering with computer source documents.–
• Whoever knowingly or intentionally conceals, destroys or
alters or intentionally or knowingly causes another to
conceal, destroy, or alter any computer source code used
for a computer, computer programme, computer system or
computer network, when the computer source code is
required to be kept or maintained by law for the time being
in force,
• shall be punishable with imprisonment up to three years, or
with fine which may extend up to two lakh rupees, or with
both.
• Explanation.–
• For the purposes of this section, computer source code‖
means the listing of programmes, computer commands,
design and layout and programme analysis of computer
resource in any form.
25. • 66. Computer related offences.–
• If any person, dishonestly or fraudulently, does any act referred to in section
43, he shall be punishable with imprisonment for a term which may extend to
three years or with fine which may extend to five lakh rupees or with both.
• 66A. Punishment for sending offensive messages through communication
service, etc.–
• Any person who sends, by means of a computer resource or a communication
device,–
• (a) any information that is grossly offensive or has menacing character; or
• (b) any information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred or ill will, persistently by making use of such
computer resource or a communication device;
• (c) any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or
recipient about the origin of such messages, shall be punishable with
imprisonment for a term which may extend to three years and with fine.
• Explanation.–For the purposes of this section, terms ―
• electronic mail‖ and electronic mail message‖ means a message or
information created or transmitted or received on a computer, computer
system, computer resource or communication device including attachments in
text, image, audio, video and any other electronic record, which may be
transmitted with the message.
26. • 66B. Punishment for dishonestly receiving
stolen computer resource or communication
device.–Whoever dishonestly receive or
retains any stolen computer resource or
communication device knowing or having
reason to believe the same to be stolen
computer resource or communication device,
shall be punished with imprisonment of either
description for a term which may extend to
three years or with fine which may extend to
rupees one lakh or with both.
27. • 66C. Punishment for identity theft.–Whoever,
fraudulently or dishonestly make use of the electronic
signature, password or any other unique identification
feature of any other person, shall be punished with
imprisonment of either description for a term which
may extend to three years and shall also be liable to
fine which may extend to rupees one lakh.
• 66D. Punishment for cheating by personating by using
computer resource.– Whoever, by means of any
communication device or computer resource cheats by
personating, shall be punished with imprisonment of
either description for a term which may extend to
three years and shall also be liable to fine which may
extend to one lakh rupees.
28. • 66E. Punishment for violation of privacy.–
• Whoever, intentionally or knowingly captures, publishes or transmits the
image of a private area of any person without his or her consent, under
circumstances violating the privacy of that person, shall be punished with
imprisonment which may extend to three years or with fine not exceeding
two lakh rupees, or with both.
• Explanation.–For the purposes of this section–
• (a) ―transmit‖ means to electronically send a visual image with the intent
that it be viewed by a person or persons;
• (b) ―capture‖, with respect to an image, means to videotape,
photograph, film or record by any means;
• (c) ―private area‖ means the naked or undergarment clad genitals, public
area, buttocks or female breast:
• (d) ―publishes‖ means reproduction in the printed or electronic form and
making it available for public;
• (e) ―under circumstances violating privacy‖ means circumstances in
which a person can have a reasonable expectation that–
(i) he or she could disrobe in privacy, without being concerned that an
image of his private area was being captured; or
(ii) any part of his or her private area would not be visible to the public,
regardless of whether that person is in a public or private place.
29. • 66F. Punishment for cyber terrorism.–
• (1) Whoever,–
• (A) with intent to threaten the unity, integrity, security or sovereignty of India or to
strike terror in the people or any section of the people by–
• (i) denying or cause the denial of access to any person authorized to access computer
resource; or
• (ii) attempting to penetrate or access a computer resource without authorization or
exceeding authorized access; or
• (iii) introducing or causing to introduce any computer contaminant, and by means of
such conduct causes or is likely to cause death or injuries to persons or damage to or
destruction of property or disrupts or knowing that it is likely to cause damage or
disruption of supplies or services essential to the life of the community or adversely
affect the critical information infrastructure specified under section 70; or
• (B) knowingly or intentionally penetrates or accesses a computer resource without
authorization or exceeding authorized access, and by means of such conduct obtains
access to information, data or computer data base that is restricted for reasons of the
security of the State or foreign relations; or any restricted information, data or computer
data base, with reasons to believe that such information, data or computer data base so
obtained may be used to cause or likely to cause injury to the interests of the sovereignty
and integrity of India, the security of the State, friendly relations with foreign States,
public order, decency or morality, or in relation to contempt of court, defamation or
incitement to an offence, or to the advantage of any foreign nation, group of individuals
or otherwise, commits the offence of cyber terrorism.
• (2) Whoever commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.
30. • 67. Punishment for publishing or transmitting
obscene material in electronic form
• Whoever publishes or transmits or causes to be
published or transmitted in the electronic form, any
material which is lascivious or appeals to the prurient
interest or if its effect is such as to tend to deprave and
corrupt persons who are likely, having regard to all
relevant circumstances, to read, see or hear the matter
contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for
a term which may extend to three years and with fine
which may extend to five lakh rupees and in the event
of second or subsequent conviction with imprisonment
of either description for a term which may extend to
five years and also with fine which may extend to ten
lakh rupees.
31. • 69. Power to issue directions for interception or monitoring or
decryption of any information through any computer resource.–
• (1) Where the Central Government or a State Government or any of its
officers specially authorised by the Central Government or the State
Government, as the case may be, in this behalf may, if satisfied that it is
necessary or expedient so to do, in the interest of the sovereignty or
integrity of India, defence of India, security of the State, friendly relations
with foreign States or public order or for preventing incitement to the
commission of any cognizable offence relating to above or for investigation
of any offence, it may subject to the provisions of sub-section (2), for
reasons to be recorded in writing, by order, direct any agency of the
appropriate Government to intercept, monitor or decrypt or cause to be
intercepted or monitored or decrypted any information generated,
transmitted, received or stored in any computer resource.
• (2) The procedure and safeguards subject to which such interception or
monitoring or decryption may be carried out, shall be such as may be
prescribed.
• (3) The subscriber or intermediary or any person in-charge of the
computer resource shall, when called upon by any agency referred to in
sub-section (1), extend all facilities and technical assistance to–
• (a) provide access to or secure access to the computer resource
generating, transmitting, receiving or storing such information; or
• (b) intercept, monitor, or decrypt the information, as the case may be; or
• (c) provide information stored in computer resource.
32. • 69A. Power to issue directions for blocking
for public access of any information through
any computer resource.–
• 69B. Power to authorize to monitor and
collect traffic data or information through
any computer resource for cyber security.–
33. • 70. Protected system.–
• (1) The appropriate Government may, by notification in the Official
Gazette, declare any computer resource which directly or indirectly
affects the facility of Critical Information Infrastructure, to be a
protected system.
• 70A. National nodal agency.–
• (1) The Central Government may, by notification published in the
Official Gazette, designate any organization of the Government as
the national nodal agency in respect of Critical Information
Infrastructure Protection.
• 2) The national nodal agency designated under sub-section (1) shall
be responsible for all measures including Research and
Development relating to protection of Critical Information
Infrastructure.
• (3) The manner of performing functions and duties of the agency
referred to in sub-section (1) shall be such as may be prescribed.
34. • 70B. Indian Computer Emergency Response Team to serve as national
agency for incident response.–
• (1) The Central Government shall, by notification in the Official Gazette,
appoint an agency of the Government to be called the Indian Computer
Emergency Response Team.
• (2) The Central Government shall provide the agency referred to in sub-
section (1) with a Director General and such other officers and employees
as may be prescribed.
• (3) The salary and allowances and terms and conditions of the Director-
General and other officers and employees shall be such as may be
prescribed.
• (4) The Indian Computer Emergency Response Team shall serve as the
national agency for performing the following functions in the area of cyber
security,–
• (a) collection, analysis and dissemination of information on cyber incidents;
• (b) forecast and alerts of cyber security incidents;
• (c) emergency measures for handling cyber security incidents;
• (d) coordination of cyber incidents response activities;
• (e) issue guidelines, advisories, vulnerability notes and white papers relating
to information security practices, procedures, prevention, response and
reporting of cyber incidents;
35.
36.
37.
38.
39.
40.
41. Steps for to be protected over internet
• Take control. Protect your interests.
• Review and secure your social media accounts. ...
• Change your passwords on all other accounts. ...
• Use an Encrypted Operating System. ...
• Get smart about smart device security. ...
• Cut back on data sharing. ...
• Don't use public computers. ...
• Don't use free Wi-Fi. ...
• Use a VPN whenever you're online.
• Double-check everyone.