Cyber Safety Mechanism: Introduction, brief Introduction about Policies involved in cyber safety mechanism and purpose of implementing cyber security model
Information Technology Law (Cyber Law): Evolution of the IT Act 2000 and Its amendments: Genesis and Necessity, advantages.
1. UNIT V: CYBER SAFETY
MECHANISM
Cyber Safety Mechanism: Introduction, brief Introduction about Policies involved in
cyber safety mechanism and purpose of implementing cyber security model
Information Technology Law (Cyber Law): Evolution of the IT Act 2000 and Its
amendments: Genesis and Necessity, advantages.
2. CYBER SAFETY
• Cyber safety is the safe and responsible use of information and communication
technology. It is about keeping information safe and secure, but also about being
responsible with that information, being respectful to other people online, and using
good Internet etiquette. It includes body of technologies, processes and practices
designed to protect networks, computers, programs and data from attack, damage or
unauthorized access.
3. WHAT IS CYBERSAFETY?
Cybersafety is the safe and responsible use of Information and Communication
Technologies (ICT), approach to cybersafety is founded on:
• Maintaining a positive approach about the many benefits brought by technologies
• Encouraging the public to identify the risks associated with ICT
• Putting in place strategies to minimise and manage risks
• Recognising the importance of effective teaching and learning programmes.
4. CYBERBULLYING
Cyberbullying includes sending, posting or sharing negative, harmful, false or mean information and
content about someone. It is a serious offence which is punishable under Cyber law.
Cyber Bullying includes:
• Nasty comments on your posts or posts about you
• Someone creating a fake prole in your name and trying to defame you
• Threatening or abusive messages online or on the mobile phone
• Being excluded from online groups and forums
• Embarrassing photographs put online without your permission
• Rumours and lies about you on a site
• Stealing your account password and sending unwanted/inappropriate messages from your account
• Offensive chat
• Fake online profiles created with an intent to defame you
5. DO THE FOLLOWING IF CYBERBULLIED
• Do not Respond: If someone is cyber bullying you, do not respond or retaliate by doing
the same thing back. Responding or retaliating to cyber bullying may make matter
worse or even get you into trouble
• Screenshot: Take a screenshot of anything that you think could be cyber bullying and
keep a record of it.
• Block and Report: Most online platforms have this feature, if someone bothers you, make
sure you block and report the offender to the social media platform.
• Talk about it: Cyber bullying may affect you in many deferent ways. Do not feel that you
are alone. Let your parents and teachers know what is going on. Never keep it to
yourself
6. DO THE FOLLOWING IF CYBERBULLIED
• Be Private: Keep your social media privacy settings high and do not connect with
anybody who you do not know online. You would not talk to random people on the
street, so why do it online?
• Be Aware: Remain updated with all the preventive and security measures in the
cyber world
7. COMPUTER SAFETY AND SECURITY
• Log off your Computer when not in use & don’t leave them un-attended
• Do not plug the computer directly to the wall outlet as power surges may destroy computer.
Instead, use a stabilizer to plug a computer
• Do not install pirated software
• Do not connect unknown devices to your computer as they may contain viruses
• Use only verfied open source or licensed software and operating systems
• Check that antivirus software in each system is regularly updated
• Invest in a robust firewall
• Consider blocking of file extension such as .bat, .cmd, .exe, .pif by using content filtering software
• Have a password protocol with specific strong password guidelines, frequently change your
passwords, prevents reuse of old passwords
• Ensure that computer system and labs are assist only by authorized personnel
• Discourage use of personal devices on the network, such as personal USBs or hard drives
8. INTERNET SAFETY AND ETHICS
• Respect other people’s privacy
• Follow proper protocol in language use while chatting, blogging and emailing
• Do not log in to other people’s email accounts
• Do not download and use copyrighted material
• Enable automatic browser update to ensure detection of malicious sites
9. SAFE EMAIL PRACTICES
• Do not reply to emails from unknown sender even if it looks like a genuine email
• Do not provide personal information like name, date of birth, school name, address,
parent’s names or any other information
• Do not fall for lucrative offers/discounts as they might be coming from unknown
source and it may not be reliable. Ignore/delete those mails
• Do not open attachments or click on links from unknown senders, since they may
contain malicious les that might affect your device.
• Only click the links and downloads from websites that you trust
• Beware of phishing websites - check the URL to confirm if the website is secure
• Do not forward spam or suspicious emails to others
11. CYBER SECURITY MECHANISM
Types of Security Mechanism are :
• Encipherment : This security mechanism deals with hiding and covering of data
which helps data to become confidential. It is achieved by applying mathematical
calculations or algorithms which reconstruct information into not readable form. It
is achieved by two famous techniques named Cryptography and Encipherment.
Level of data encryption is dependent on the algorithm used for encipherment.
• Access Control : This mechanism is used to stop unattended access to data which
you are sending. It can be achieved by various techniques such as applying
passwords, using firewall, or just by adding PIN to data.
12. CYBER SECURITY MECHANISM
Notarization : This security mechanism involves use of trusted third party in
communication. It acts as mediator between sender and receiver so that if any chance
of conflict is reduced. This mediator keeps record of requests made by sender to
receiver for later denied.
Data Integrity : This security mechanism is used by appending value to data to which
is created by data itself. It is similar to sending packet of information known to both
sending and receiving parties and checked before and after data is received. When this
packet or data which is appended is checked and is the same while sending and
receiving data integrity is maintained.
13. CYBER SECURITY MECHANISM
• Authentication exchange : This security mechanism deals with identity to be known in
communication. This is achieved at the TCP/IP layer where two-way handshaking
mechanism is used to ensure data is sent or not
• Bit stuffing :This security mechanism is used to add some extra bits into data which is
being transmitted. It helps data to be checked at the receiving end and is achieved by
Even parity or Odd Parity.
• Digital Signature :This security mechanism is achieved by adding digital data that is not
visible to eyes. It is form of electronic signature which is added by sender which is
checked by receiver electronically. This mechanism is used to preserve data which is not
more confidential but sender’s identity is to be notified.
14. INTRODUCTION TO CLASSIC SECURITY
MODELS
These models are used for maintaining goals of security, i.e. Confidentiality, Integrity,
and Availability. In simple words, it deals with CIA Triad maintenance. There are 3
main types of Classic Security Models.
• Bell-LaPadula
• Biba
• Clarke Wilson Security Model
15. 1. BELL-LAPADULA
• This Model was invented by Scientists David Elliot Bell and Leonard .J. LaPadula.
Thus this model is called the Bell-LaPadula Model. This is used to maintain the
Confidentiality of Security. Here, the classification of Subjects(Users) and
Objects(Files) are organized in a non-discretionary fashion, with respect to different
layers of secrecy.
16. 1. BELL-LAPADULA
It has mainly 3 Rules
• SIMPLE CONFIDENTIALITY RULE: Simple Confidentiality Rule states that the
Subject can only Read the files on the Same Layer of Secrecy and the Lower Layer of
Secrecy but not the Upper Layer of Secrecy, due to which we call this rule as NO READ-
UP
• STAR CONFIDENTIALITY RULE: Star Confidentiality Rule states that the Subject can
only Write the files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not
the Lower Layer of Secrecy, due to which we call this rule as NO WRITE-DOWN
• STRONG STAR CONFIDENTIALITY RULE: Stong Star Confidentiality Rule is highly
secured and strongest which states that the Subject can Read and Write the files on the
Same Layer of Secrecy only and not the Upper Layer of Secrecy or the Lower Layer of
Secrecy, due to which we call this rule as NO READ WRITE UP DOWN
17. 2. BIBA
• This Model was invented by Scientist Kenneth .J. Biba. Thus this model is called
Biba Model. This is used to maintain the Integrity of Security. Here, the
classification of Subjects(Users) and Objects(Files) are organized in a non-
discretionary fashion, with respect to different layers of secrecy. This works the
exact reverse of the Bell-LaPadula Model.
18. 2. BIBA
It has mainly 3 Rules:
• SIMPLE INTEGRITY RULE: Simple Integrity Rule states that the Subject can only
Read the files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not
the Lower Layer of Secrecy, due to which we call this rule as NO READ DOWN
• STAR INTEGRITY RULE: Star Integrity Rule states that the Subject can only
Write the files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not
the Upper Layer of Secrecy, due to which we call this rule as NO WRITE-UP
• STRONG STAR INTEGRITY RULE
19. 3. CLARKE WILSON SECURITY MODEL
• SUBJECT: It is any user who is requesting
for Data Items.
• CONSTRAINED DATA ITEMS:It cannot be
accessed directly by the Subject. These need
to be accessed via Clarke Wilson Security
Model
• UNCONSTRAINED DATA ITEMS: It can be
accessed directly by the Subject.
20. 3. CLARKE WILSON SECURITY MODEL
• The Components of Clarke Wilson Security Model
• TRANSFORMATION PROCESS: Here, the Subject’s request to access the
Constrained Data Items is handled by the Transformation process which then
converts it into permissions and then forwards it to Integration Verification Process
• INTEGRATION VERIFICATION PROCESS: The Integration Verification Process
will perform Authentication and Authorization. If that is successful, then the
Subject is given access to Constrained Data Items.
21. THE INFORMATION TECHNOLOGY ACT,
2000
• The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the
Indian Parliament reported on 17th October 2000. This Information Technology Act is
based on the United Nations Model law on Electronic Commerce 1996 (UNCITRAL
Model) which was suggested by the General Assembly of United Nations by a resolution
dated on 30th January, 1997. It is the most important law in India dealing with
Cybercrime and E-Commerce.
• The main objective of this act is to carry lawful and trustworthy electronic, digital and
online transactions and alleviate or reduce cybercrimes. The IT Act has 13 chapters and
90 sections. The last four sections that starts from ‘section 91 – section 94’, deals with
the revisions to the Indian Penal Code 1860.
22. THE INFORMATION TECHNOLOGY ACT,
2000
• The IT Act, 2000 has two schedules:
• First Schedule – Deals with documents to which the Act shall not apply.
• Second Schedule – Deals with electronic signature or electronic authentication
method.
23. THE INFORMATION TECHNOLOGY ACT,
2000
The offences and the punishments in IT Act 2000 :
• Tampering with the computer source documents.
• Directions of Controller to a subscriber to extend facilities to decrypt information.
• Publishing of information which is obscene in electronic form.
• Penalty for breach of confidentiality and privacy.
• Hacking for malicious purposes.
• Penalty for publishing Digital Signature Certificate false in certain particulars.
24. THE INFORMATION TECHNOLOGY ACT,
2000
• Penalty for misrepresentation.
• Confiscation.
• Power to investigate offences.
• Protected System.
• Penalties for confiscation not to interfere with other punishments.
• Act to apply for offence or contravention committed outside India.
• Publication for fraud purposes.
• Power of Controller to give directions.
25. THE INFORMATION TECHNOLOGY ACT,
2000
Sections and Punishments under Information Technology Act, 2000 are as follows :
• Section 43 This section of IT Act, 2000 states that any act of destroying, altering or
stealing computer system/network or deleting data with malicious intentions without
authorization from owner of the computer is liable for the payment to be made to owner
as compensation for damages.
• Section 43A This section of IT Act, 2000 states that any corporate body dealing with
sensitive information that fails to implement reasonable security practices causing loss
of other person will also liable as convict for compensation to the affected party.
• Section 66 Hacking of a Computer System with malicious intentions like fraud will
be punished with 3 years imprisonment or the fine of Rs.5,00,000 or both.
26. THE INFORMATION TECHNOLOGY ACT,
2000
Section 66 B, C, D Fraud or dishonesty using or transmitting information or
identity theft is punishable with 3 years imprisonment or Rs. 1,00,000 fine or both.
Section 66 E This Section is for Violation of privacy by transmitting image or
private area is punishable with 3 years imprisonment or 2,00,000 fine or both.
Section 66 F This Section is on Cyber Terrorism affecting unity, integrity, security,
sovereignty of India through digital medium is liable for life imprisonment.
Section 67 This section states publishing obscene information or pornography or
transmission of obscene content in public is liable for imprisonment up to 5 years or
fine or Rs. 10,00,000 or both.
27. THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT 2008
• The Information Technology (Amendment) Act 2008, an act to amend the IT Act
2000 received the President’s permission on 5th February 2009. Several legal &
security experts are analyzing the contents and possible impacts of the
amendments.
• The IT(A) Act 2008 has introduced two sections that address data protection aspects.
The sections under consideration are:
• Section 43A: Compensation for failure to protect data
• Section 72A: Punishment for disclosure of information in breach of lawful contract
28. THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT 2008
• Description of Section 43A
• Where a body corporate, possessing, dealing or handling any sensitive personal data
or information in a computer resource which it owns, controls or operates, is
negligent in implementing and maintaining reasonable security practices and
procedures and thereby causes wrongful loss or wrongful gain to any person, such
body corporate shall be liable to pay damages by way of compensation, to the person
so affected.
29. THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT 2008
• Description of Section 72A
• Under this section, disclosure without consent exposes a person, including an
“intermediary,” to three years imprisonment or a fine up to Rs. Five lacs or both.
• This section uses the term “personal information” and not “sensitive personal
information” as in section 43A. Hence, it could apply to any information obtained to
deliver services and, therefore, broaden the definition of information.