Professional Documents
Culture Documents
Information Technology Act 2000 An Overview
Information Technology Act 2000 An Overview
PRESENTATION OVERVIEW
Need
of subscribers
Penalties and Adjudication
Offences
Protection to Network Service Providers in
certain situations.
Access
Addressee
Computer
Computer Resource
Data
Electronic Form
Information
Intermediary
Secure System
Asymmetric Cryptography
Digital Signature.
E-commerce
Simply
put:
on Net-Confidentiality, Integrity
and Availability.
Cyber crimes-Hackers, Viruses
Technological Complexities
Lack of Information trail
Complex cross border Legal Issues
Desparate Regulatory Environment and
Taxation Policies.
Challenges
Protecting
Information in Transit
Protecting Information in storage
Protecting Information in Process
Availability and Access to
information to those Authorised.
Concerns in E-Transactions
Confidentiality
Integrity
Availability
Confidentiality concerns
Eavesdropping
Wire Tapping
Active/Passive
E-mail snooping
Shoulder Surfing
Integrity Attacks
Data Diddling
Buffer Overflow
Used to insert malicious code
Channel violation
Spoofing
Availability Threats
Denial of Service (DDOS)
Ping of Death
SYN Flooding
Remote Shut Down
Key Loggers
Password Crackers
Mobile Code
Trap Doors
Sniffers
Smurf (Ping tools)
Viruses
Exe, Script, Datafile, Macro
Worms
Trojan Horse
Logic Bombs
Remote Access Trojans
Attacks on Cryptosystems
Cipher-text only attacks
Known plain text attacks
Brute Force Attacks
Man-in-middle attacks
Social Engineering
The best bet ever
Trickery and Deceit
Targeting Gullible victims
Most effective can penetrate the
most
secure technologies
Parameters
Data
Confidentiality
User Authentication
Data Origin Authentication
Data Integrity
Non Repudiation.
DIGITAL
SIGNATURES.
1.
2.
3.
5.
6.
7.
Digital Signatures
Central
Enabling Principles of
Electronic Commerce
Legal Recognition of Electronic Record.
Legal requirement of Information to be in
writing shall be deemed to be satisfied if it
is:
a. Rendered or made available in an
electronic form.
b. Accessible so as to be usable for
subsequent reference.
RETENTION OF ELECTRONIC
RECORDS.
Requirements of law as regards retention of
records met even if in electronic form and if
the:
Information therein is accessible and usable.
In original format or ensure accuracy
Details as to Origin, Destination, Date and
Time of Dispatch and Receipt of Electronic
records are maintained.
CERTIFICATION PRACTICE
STATEMENT
CAs
KEY MANAGEMENT
Cryptographic keys provide the basis for the
functioning of Digital certificate and Authentication
of Digital Signatures.
Keys must be adequately secured at every stage.
Key generation, distribution, storage, usage, backup,
Archival
CAs should take necessary precautions to prevent
loss,disclosure,modification or unauthorised use.
CA should use trustworthy Hardware, Software and
encryption techniques approved by the controller for
all operations requiring use of private key.
Information Technology
Security Procedure and
Guideline
Rules prescribe
Physical and operational security
Information Management
Systems Integrity, risks and integrity controls
Audit trail and verifications
Data centre operations security
Change Management Guidelines.
Offences
Without
permission
Accesses or secures access to computer, computer
system or computer network
Downloads,copies or extracts any data, computer
data base or information from such computer
resource.
Introduces or causes to be introduced any computer
containment or computer virus into any computer
resources
Damages or causes to be damaged any computer
resource.
Documents
Hacking with computer System
Publishing of information which is obscene
in Electronic form.
Who is liable
Every
person who,
At the time of contravention was committed
Was in charge of, and was responsible to,
the company for the conduct of business.
Shall be guilty of the contravention and
shall be liable to be proceeded against and
punished.
Penalties
Upto