QUESTION: Write a brief note on cybercrime law in Nigeria. Discussing:
i. Scope of the law ii. Implication of the law ii. Content of the law Cybercrime law includes laws related to computer crime, internet crime, information crimes, communications crimes and technology crimes. While the internet and the digital economy represent a significant opportunity, it is also an enabler for criminal activity. Cybercrime laws are laws that create the offences and penalties for cybercrimes. Cybercriminals may use computer technology to access personal information, business trade secrets or use the internet for exploitative or malicious purposes. Criminals can also use computers for communication and document or data storage. SCOPE OF THE LAW Cyber law is associated with all the areas of business which have a technological bend. Cyber-crime is a criminal exploitation of the internet. A misconduct that is committed against an individual or groups of individuals with an unlawful intention to hurt the position of the victim or cause any mental or physical harm to the victim directly or indirectly by using advanced IT and related sources such as Internet and mobile phones is termed as cyber- crime. Such crimes may be harmful for a country. Six areas of concern for a cyber-law namely, e-commerce, online contracts, business software patenting, e-taxation, e-governance, and cybercrimes. IMPLICATION OF THE LAW The principal responsibilities placed on financial institutions are contained in Part IV of the Act. Section 37(1) places a duty to verify the identity of customers carrying out electronic financial transactions, requiring the customers to present documents bearing their names, addresses and other relevant information before issuing ATMs, credit or debit cards and other related electronic devices. Failure to do so attracts a fine upon conviction. Section 38 requires service providers to keep all traffic data and subscription for a period of at least two years. Further, service providers are required to turn over such information to law enforcement agencies and failure to comply with either attracts a fine of 7m naira. Section 39 requires service providers, upon a court order, to assist competent authorities with the collection or recording of content and/or traffic data associated with specified communications. Under s.40 they are required to provide assistance to law enforcement agencies in identifying offenders, tracing proceeds of offences and the cancellation of services used to commit offences. CONTENTS OF THE LAW Cybercrimes usually threaten a nation’s security and financial health. As a matter of fact, cybercrimes sometimes transcends the national border of a country as if often involves the interests of at least another nation state. Thus, criminal activities perpetrated on the internet range from fraud, theft, extortion, hacking, copyright infringement, plagiarism, child grooming, cyber stalking, cyber warfare, cyber terrorism, to mention a few. MATRIC NO: 15/69/0011 COM 317 QUESTION: Write short note on the following I. Attack II. Vulnerability and Vulnerability management III. Risk and Risk management An attack in computer security is a type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. Attacks can range from installing threats like spyware or malware on a personal computer to attempting to destroy the infrastructure of entire nations. There are many different kinds of attacks, including but not limited to passive, active, targeted, click jacking, brand jacking, botnet, phishing, spamming, inside and outside. Vulnerability refer to any type of weakness present in a computer itself, in a set of procedures, or in anything that allows information security to be exposed to a threat. The use of vulnerability with the same meaning of risk can lead to confusion. The risk is the potential of a significant impact resulting from the exploit of a vulnerability e.g. Bugs, weak passwords, buffer overflow, missing authorization etc. While vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities A risk in computer security can be define as anything on your computer that may damage or steal your data or allow someone else to access your computer, without your knowledge or consent. There are a lot of different things that can create a computer risk, including malware, a general term used to describe many types of bad software. Misconfiguration of computer products as well as unsafe computing habits also pose risks. While risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings. These threats, or risks, could surface from a wide variety of sources, including financial uncertainty, legal liabilities, strategic management errors, accidents and natural disasters.