Professional Documents
Culture Documents
Bh.Notes
cyber Security and Laws | MU
Aquality product by
BrainheatersT LLC
6D
Brainheaters Notes
CSLI Semester-7
o 25 Page 1 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
BH.Index
(Learn as per the Priority to prepare smartiy)
Introduction to cybercrime: 02
Indian IT Act. 62
o 25 Page 2 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
MODULE-1
QI. classify the cybercrimes and explain any one briefly. (P4- Appeared
ITime) (5-1OM)
o 25 Page 3 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 4 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 5 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
Child grooming
It is the practice of establishing an emotional connection with a
o 25 Page 6 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
need high security; however, some of the data, which belongs to the
government defense system, banks, defense research and
development organization, etc. are highly confidential and even
small amounts of negligend to these data may cause great
damage to the whole nation.
Therefore, a
such data need security at very high level.
How to Secure Data?
Let us now discuss how to secure data. In order to make your
security system strong, you need to pay attention to the following-
Security Architecture
.NetworkDiagram
Security Assessment Procedure
.Security Policies
Risk Management Policy
Backup and Restore Procedures
Disaster Recovery Plan
Risk Assessment Procedures
Once you have a complete blueprint of the points mentioned
above, you can put a better security system to your data and can
also retrieve your data if something goes wrong.
o 25 Page 7 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
MODULE-2
Ans: Active and Passive Attacks are security attacks. In Active attack, an
attacker tries to modify the content of the messages. Whereas in Passive
attack, an attacker observes the messages, copy them and may use them
for malicious purposes.
Following are the important differences between Active Attack and Passive
Attack.
o 25 Page 8 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
Cybercrimes
Cyber-stallking, Computer
vandalism, Cyber
email spoofing, etc.
transmitting terrorism
viruses, etc.
o 25 Page 9 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 10 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
Q3. what is the difference between virus and worms? (P4 - Appeared 1
Time) (5-10M)
Ans: Worms and viruses are malicious programs that can cause harm to
our workstation, but both are different.
Virus:
Alter
Data
Can Self
Mutate Replicate
Virus
Passive Steal
Transmission Information
Software Delete
Code Data
Figure Virus.
25 Page 11 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
Virus can enter into our system using.EXE files (Executable files)
which means, a virus cannot affect our computer unless and until
we run or release the malicious program.
It is significant to make a note that a virus cannot spread withouta
Alter
Data
Can Self
Mutate Replicate
Worm
Active Steal
Transmission Information
Self-
Contained Delete
Software Data
Figure Wom.
o 25 Page 12 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
Ans: There are various security breaches and the art of exploring such
various security breaches is termed as hacking. For so many years,
computer hackers are around us.
We have started to hear more and more about hacking, as the
internet is becoming the main part of our life, and it is being used
up widely throughout the world.
There are very few hackers which are well known such as Kevin
Mitnick
The digital world has many different types of hackers.
It is hard to outline an exact profile, since hackers are also human
They are mostly sharp minded and curious to know new things and
brave enough to take steps.
oO 25 Page 13 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 14 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 15 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
2. Linux a.out/elf/script
3. Solaris a.out/elf/script
4. DOS 32-bit COFF
5. DOS 16-bit .com file
o 25 Page 16 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
Q6. How should the Security system Evolve to Handle Cyber Security
o 25 Page 17 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 18 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 19 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 20 of 90
4:31 PM M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 21 of 90
4:32PM M
.
Bh.Notes
cyber Security and Laws | MU
o 25 Page 22 of 90
4:32PM M
.
Bh.Notes
cyber Security and Laws | MU
o 25 Page 23 of 90
4:32PM M
.
Bh.Notes
cyber Security and Laws | MU
Ans: There are several types of Email attacks that are used by the attackers
to steal the confidential information from users. The confidential
information may include login credentials, bank card details or any other
sensitive data. Phishing and Vishing are also such types of attacks.
1. Phishing
PHISHING VISHING
o 25 Page 24 of 90
4:32PM M
.
Bh.Notes
cyber Security and Laws | MU
o 25 Page 25 of 90
4:32PM M
.
Bh.Notes
cyber Security and Laws | MU
password accordingly.
2) Set up a firewall
In order to protect your network, firewalls are an important initiative
to consider.
They are a must-have for any company, as they control the internet
traffic coming and leaving your business.
3) Think of antivirus protection
Antivirus and anti-malware are indispensable to protecting your
Data.
They are designed to prevent, search for, detect and remove viruses
but also adware, worms, trojans, and so on.
4) Updating is important
Your computer must be properly patched and updated. Recent
updates allow your Data to be more secured.
5) Secure every laptoP
.Laptops are portable so there is a higher risk that they can be
stolen.
As a consequence, it is important to take more security measures in
order to protect all laptops.
A simple solution is to encrypt them. In doing so, without the right
o 25 Page 26 of 90
4:32PM M
.
Bh.Notes
cyber Security and Laws | MU
o 25 Page 27 of 90
4:32PM M
.
Bh.Notes
cyber Security and Laws | MU
Read on to learn more about this field and get examples of the types of
security management in place today.
Feature of Security Management System:
Security management relates to the physical safety of buildings,
people and products.
Security management is the identity of the organization's assets.
Generally Security Management System is provided to any
enterprises used for security management and procedures as
information classification, risk assessment, and risk analysis to
identify threats, categorize assets, and rate.
Importance of security management
There are some important of security management which is
generally provided to any organization and which are given below:
Intellectual Property:
There are principle reasons that organizations formalize an
innovation management program is to gain a competitive edge on
the competition.
Although if the initial ideation phases are open to everyone, a lot of
work goes into developing and refining those ideas and that
refinement is often the difference between an incremental idea and
a transformative one and the companies don't protect those later
stage refinement activities, then they could lose the competitive
edge they gain by instituting an innovation management program
in the first place.
Data Integrity:
.Security Management systems confidence in lots of data to help
prioritize and validate initiatives and generally we could be talking
about votes and comments on ideas, ROI data, and beyond.
If security management systems aren't secure, this data could be
Page no -
27 Handcrafted by Engineers | P Priority
o 25 Page 28 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 29 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
MODULE-3
Ans: Keyloggers are many hackers and script kiddie's favorite tools.
Keylogging is a method that was first imagined back in the year 1983.
Around then, the utilization of this product was uncommon and just the top
examination organizations and spies could get their hands on it, yet today,
it is a typical element offered by most government operative applications
like TheOneSpy.
Individuals use it all as an opportunity to guarantee the assurance
of their families, organizations, and the ones they care about.
Keylogger is a software that records each and every keystroke you
enter, including mouse clicks.
Hardware keyloggers are also available which will be inserted
between keyboard and CPU.
It provides the following features:
1. It takes a minute to install this software/hardware in the
o 25 Page 30 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 31 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
activities.
Types Of Keylogger
There are basically two types of Keyloggers:
1.
Hardware Keylogger: This is a thumb-size device. It records all
the keystrokes you enter from the keyboard then saves it in its
memory. Later this data will be analyzed. The drawback of this
device is, It can't record mouse clicks, can't take screenshots,
and even can't email, more importantly, It requires physical
access to the machine. Hardware Keylogger is advantageous
because it's not hooked into any software nor can it's
detected by any software.
2. Software Keylogger: Software Keylogger can be installed in the
victim's system even if they use updated Antivirus. There are
lots of software available in the market which make a
Keylogger undetectable by latest antivirus, we are going to
study about them too in upcoming chapters There are many
keyloggers available in the market with various features. Some
examples of Software Keyloggers are:
1. Blazing tools perfect Keylogger
2. Ardamax Keylogger
3. WinSpy
4. Invisible Keylogger
5. Refog Keylogger
6. Activity Keylogger
Keystroke Keyloggers
7.
What are the uses of a Keylogger?
Keylogger offers following uses to the user:
1.
Parental control: It's a great way to track the activity of your
children through Keylogger without getting caught. Likewise,
o 25 Page 32 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 33 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
methods:
1.
Uploading the info to an internet site, database, or FTP server.
2. Periodically emailing data to a predefined email address.
3. Wirelessly transmitting information through a joined
equipment framework.
4. Software empowering far off login to your neighborhood
machine.
How to Detect and Remove Keylogger?
There is a spread of the way to detect a Keylogger, though none are
a catchall, so if you've got a reason to suspect your computer
features a Keylogger, we recommend trying a variety of these
tactics:
1. Choose the best Antivirus, to detect a Keylogger on your
system. There is some specific sort of AV dedicated for such
scans.
2. Press Ctrl+Alt+Delete to check the task list on your computer.
Examine the tasks running, and if you're unacquainted with
any of them, look at them abreast of an inquiry engine.
3. Scan your hard disc for the foremost recent files stored. Look
at the contents of any files that often update, as they could be
logs.
4. Use your system configuration utility to look at which
programs are loaded at computer start-up. Access this list by
typing "msconfig" into the run box.
Pros Of Keylogger
1. Monitor Every Keystroke Made.
2. Protect Confidential Iinformation.
3. Safety Concerns.
o 25 Page 34 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Cons Of Keylogger
1. Zero Privacy.
2. Release of Sensitive Information.
3. Gives Keylogging Service Providers Free Reign.
Ans: Bluetooth has been used for a long time, there exist several flaws in
the system. These flaws have been subject to different types of attacks
over time, vulnerable to hacking. which makes the technology veryy
o 25 Page 35 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 36 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
MODULE-4
o 25 Page 37 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 38 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Make note that we've included all these sections to give you a
general idea of e commerce classification, although models like
G2C or C2G are part of ecommerce only in its loosest definition.
80% of the time, when we're talking about ecommerce, we're
talking about the B2C or the B2B model
o 25 Page 39 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Q3. Discuss safety and security measures while using the computer in a
cyber cafe. (P4 -
Appeared 1
Time) (5-10M)
1.
Ans: Always logout:
While checking emails or logging into chatting services such as
instant messaging or using any other services that require
username and password, always click logout or sign out before
leaving the system.
Do not save your login information through options that allow
automatic login.
2. Stay with the computer:
o 25 Page 40 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Q4. Draw and explain how Botnets are used for gainful purposes. (P4
Ans: Botnet is a term used for collection of software robots, or bots, that run
Page no 40
-
Handcrafted by Engineers | P -
Priority
o 25 Page 41 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Botnet Creation
Malware Stealing
DDoS Spam confidential Phishing
and Adware Spamdexing
Attacks Attacks installations infomation attacks
o 25 Page 42 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Page no -
42 Handcrafted by Engineers | P -
Priority
o 25 Page 43 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Ans: Cybercrimes:
1.
Cybercrime against individuals
a. Electronic mail spoofing
b. Phishing
C. Spamming
d. Cyber defamation
e. Cyber stalking and harassment
f.Computer sabotage
g. Pornographic offenses
h. Password sniffing
o 25 Page 44 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Time) (5-10M)
o 25 Page 45 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
1. Skimming
Skimming is where the information is held on either the
magnetic strip on the back of the credit card or the data stored on
the smart chip are copied from one card to another.
2. Triangulation:
It is another method of credit card fraud and works in the following
way:
The criminal offers the goods th heavy discounted rates t rough
a website designed and hosted by him, which appears to be a
legitimate merchandise website.
The customer registers on the website with their details
.The criminal orders the goods from a legitimate website with the
help of stolen credit card details and supply shipping address that
have been provided by the customer while registering on the
criminal's website.
The goods are shipped to the customer and the transaction gets
completed.
The criminal keeps on purchasing other goods using fraudulent
credit card details of different customers till the criminal closes the
existing website and starts a nevw one.
Such websites are usually available for a few weeks/months, till the
authorities track the websites through which the criminal has
enticed the individuals to reveal their personal details, which
enabled the criminal to commit the transaction by using credit card
details of these customers.
.The criminals aim to create a great deal of confusion for the
authorities so that they can operate long enough to accumulate a
vast amount of goods purchased through such fraudulent
transactions.
o 25 Page 46 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Q8. Draw and explain pull and push attacks on mobile devices. (P4 -
Appeared 1
Time) (5-10M)
Captured E Mal,
passwords, etc
wEP Encrypted
WEP Encrypted
Legitnae
Pocket PC Device Access Point
conta
Containing credential
aata. naare of
these atacks
and enterprise data
Caphred ties,
EMal,
passworda, etc
ogue Peer
SGH T0 Open po
pocket PC
o 25 Page 47 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
Attack
Launches blended attack over
network
o0 0hoc
(B0211,
bluetooth, infrared)
Worm/ Zombie
Contactist
of victin
Worm/Zombie Worm/Zombie
Fig: Push attack on mobile devices. DDos implies distributed denial-of-service attack.
Ans: i.Mishing:
Mishing isa combination of mobile phone and phishing. Missing
attacks are attempted using mobile phone technology.
M-Commerce is fast becoming a part of everyday life.
Ifyou use your mobile phone for purchasing goods/services and for
banking you could be more vulnerable to a phishing scam.
A typical mishing attacker usesa call termed as vishing or message
o 25 Page 48 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
ii.Vishing:
Vishing is the criminal practice of using social engineering over the
telephone system most often using features facilitated by VolP to
gain access to personal and financial information from the public
for the purpose of financial reward.
The term is a combination of V-voice and phishing.
Vishing is usually used to steal credit card numbers or other related
data used in ID theft schemes from individuals.
ii.Smishing
Smishing isa criminal offence conducted by using social
engineering techniques similar to phishing.
.The name is derived from SMS Phishing.
SMS- short message service is a text messages communication
component dominantly used in mobile phones.
Smishing uses cell phone text messages to deliver a lure message
to get the victim to reveal his/her Pl.
The popular technique to hook the victim is either to provide a
phone number to force the victim to call or provide a website URL to
force the victim to access the URL wherein the victim gets
connected with bogus website that is duplicate but fake site
created by the criminal and submits his/her Pl
iv.Proliferation of mobile devices:
Mobile computing is "taking a computer and all necessary files and
software out into the field". Many types of mobile computers have
been introduced since the 1990s.
a.Portable computer: It is a general purpose computer that can be
easily moved from one place to another but cannot be used while
in transit, usually because it requires some setting up and an ac
power supply
o 25 Page 49 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 50 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 51 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 52 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 53 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 54 of 90
4:32 PM m M
Bh.Notes
cyber Security and Laws | MU
k. SomeTrouble
x.Spamming:
People who create electronic spam are called spammers.
Spam is the abuse of electronic messaging systems that send
unsolicited bulk messages indiscriminately.
Although the most widely recognised form of spam is EMail spam,
web search engine spam, spam in blogs, wiki spam, social
networking spam, file sharing network spam, video sharing sit et c.
Spamming is difficult to control because it has economic viability-
advertisers have no operating costs beyond the management of
their mailing lists, and it is difficult to hold senders accountable for
their mass mailings.
Spammers are numerous: the volume of unsolicited mail has
become very high because the barrier to entry is low.
The costs, such as lost productivity and fraud are borne by the
public and by the internet service providers, who are forced to add
extra capacity to cope with this deluge. Another definition of
spamming is in the context of "search engine spamming".
.In this context, spamming is alteration or creation of a document
with the intent to deceive an electronic catalog or a filing system.
xi.cyber defamation:
According to IPC section 499:
1. It may amount to defamation to impute anything to a deceased
o 25 Page 55 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 56 of 90
4:33PM m Mi
Bh.Notes
cyber Security and Laws | MU
o 25 Page 57 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 58 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
or a communication system
xvii.Reconnaissance
The literal meaning of "reconnaissance "
is an act of
reconnaissance explore, often with the goal of finding something
or somebody.
Reconnaissance phase begins with footprinting this is the
preparation toward pre attack phase and involves accumulating
the data about the target's environment and computer architecture
to find ways to intrude into that environment.
Footprinting gives an overview about system vulnerabilities and
o 25 Page 59 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 60 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 61 of 90
4:33 PM M M@ WiFi wir
7
Bh.Notes
cyber Security and Laws | MU
or relationships.
7. Some stalkers subscribe/register the email account of the
victim to innumerable porno raphic and sex sites, becaus
of which victim will start receiving such kind of unsolicited
emails
o 25 Page 62 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
MODULE-5
QI. Explain data protection and the new clause 43A under the amended
IT Act (P4- Appeared 1
Time) (5-10M)
Ans: The amended Indian IT Act provides for penalty for damage to
computers, computer systems under the title Penalty and Adjudication in
Section 43 that is widely interpreted as a clause to provide data protection
in the country.
Unauthorised access to a computer, computer system or computer
network is punishable with a compensation of up to l crore rupees
This section has been improved to include stealing of computer
source code for which compensation can be claimed.
Data protection has now been made more explicit through insertion
of a new clause 43A that provides for compensation to an
aggrieved person whose personal data including sensitive personal
data may be compromised by a company, during the time it was
under processing with the company, for failure to protect such data
whether because of negligence in implementing or maintaining
reasonable security practices
Furthermore, reasonable security practices and procedures will
constitute those practices and procedures that protect such
information from unauthorised access, damage, use, modification,
disclosure or impairment as may be specified in an agreement
between the parties or as may be specified in any law in force.
In the absence of such an agreement or any law, the Central
Government will prescribe security practices and procedures in
o 25 Page 63 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Q2.what are the amendments in ITA 2008 under section 66, 67, 68 (P4-
Appeared 1 1Time) (5-10M)
Section 66C:
.Identity theft.
Punishment: Imprisonment for a term which may extend to three
years also liable to fine which may extend to Iakh rupees.
1
Section 66D:
Cheating by personation.
o 25 Page 64 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Section 66E:
Violation of Privacy.
Punishment: Imprisonment for a term which may extend to three
years or with a fine not exceeding 2 Iakh rupees.
Section 66F:
Cyber Terrorism.
Punishment: Imprisonment which may extend to imprisonment for
life.
Section 67:
Fine increased to 5 Iakhs for first instance and 10 lakhs for
subsequent instance.
Imprisonment reduced to 3 years for first instance and 5 years for
subsequent instance.
New section 67A introduced to cover material containing "sexually
explicit acts".
Punishment: On first conviction with imprisonment for a term which
may extend to 5 years and with fine which may extend to 10 Iakhs.
In the event of second and subsequent conviction with
imprisonment for a term which may extend to 7 years and also with
fine which may extend to 10 lakhs.
New section 67B introduced to cover child explicit act or conduct.
Punishment On first conviction with imprisonment for a term which
may extend to 5 years and with fine which may extend to 10 lakhs.
In the event of second and subsequent conviction with
imprisonment for a term which may extend to 7 years and also with
fine which may extend to 10 lakhs.
New section 67C, this provision will require intermediaries to
o 25 Page 65 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Q3.what are the positive aspects and weak areas of ITA 2000 Positive
Aspects: (P4- Appeared 1 Time) (5-10M)
Ans: 1.Prior to the enactment of ITA 2000 even an email was not accepted
under the prevailing statutes of India as an accepted legal form of
communication and as evidence in a court of law.
But the 2000 changed this scenario by legal recognition of the
ITA
transactions online. These signatures have been given legal validity and
sanction under the ITA 2000.
4. In today's scenario, information is stored by the companies on their
respective computer system, apart from maintaining a backup. Under the
ITA 2000, it became possible for corporations to have a statutory remedy if
o 25 Page 66 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Weak Areas:
1. The ITA 2000 is likely to cause a conflict of jurisdiction
2. E-commerce on the system of domain names. The ITA
is based
2000 does not even touch the issues relating to domain names.
Domain names have not been defined and the rights and liabilities
of domain name owners do not find any mention in the law. The law
does not address the rights and liabilities of domain name holders.
3. The ITA 2000 does not deal with the issues concerning the
protection of Intellectual Property Rights (IPR) in the context of the
online environment. Contentious yet very important issues
concerning online copyrights, trademarks and patents have been
left untouched by the law, thereby leaving many loopholes. Thus,
the law lacks "Proper Intellectual Property Protection for Electronic
Information and Data" the law misses out the issues of IPR and
makes no provisions whatsoever for copyrighting, trade marking or
patenting of electronic information and data. However, the
corresponding provisions are available under the Indian Copyright
Act
4. As the cyber law is evolving, so are the new forms and
manifestations of cyber crimes. The offences defined in ITA 2000 are
by no means exhaustive. However, the drafting of the relevant
provisions of the 2000 makes it appear as if the offences
ITA
detailed therein are the only cyber offeences possible and existing.
o 25 Page 67 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
The ITA 2000 does not cover various kinds of cyber crimes and
Internet-related crimes. Including
a. Theft of Internet hours
b. Cyber theft
C. Cyber stalking
d. Cyber harassment
e. Cyber defamation
f.Cyber fraud
g. Misuse of credit card numbers
h. Chat room abuse
i.
Cyber squatting
5. The ITA 2000 has not tackled vital issues pertaining to E-commerce
sphere like privacy and content regulation to name a few
not explicit about regulation of Electronic Payments, and
6. The ITA is
avoids applicability of ITA to negotiable instruments. The ITA stays silent
over the regulation of electronic payments gateway and rather segregates
the negotiable instruments from the applicability of the ITA. This may have
a major effect on the growth of E-commerce in India. This has led to
tendencies of banking and financial sectors being irresolute in their stands.
7.1TA does not touch upon antitrust issues.
8. The most serious concern about the Indian Cyber Law relates to its
implementation. The ITA 2000 does not lay down parameters for its
implementation. Also, when Internet penetration in India is extremely low
and government and police officials, in general, are not very computer
savvy, the new Indian cyber law raises more questions than it answers. It
seems that the parliament would be required to amend the ITA 2000 to
remove the gray areas mentioned above.
o 25 Page 68 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Q4.what are the amendments to the Bankers Books Evidence Act and
Reserve Bank of India act (P4 -
Appeared 1
Time) (5-10M)
o 25 Page 69 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 70 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
the system
cA further certificate from the person in-charge of the computer
system to the effect that to the best of his knowledge and belief
such computer system operated properly at the material time, he
was provided with all the relevant data and the printout in question
represents correctly, or is appropriately derived from, the revenant
data"
Amendments to the Reserve Bank of India Act
In the Reserve Bank of India Act 1934, in section 58, in subsection (2)
after clause (p), the following clause shall be inserted, namely,
"The regulation of fund transfer through electronic means between
the banks or between the banks and other financial institutions
referred to Clause(c) of section 45-1, including the laying down of
the conditions subject to which banks and other financial
institutions shall participate in such fund transfers, the manner of
such fund transfers and the rights and obligations of the
participants in such fund transfers"
(5-10M)
o 25 Page 71 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 72 of 90
4:33PM m M
Bh.Notes
cyber Security and Laws | MU
Ans:
Security Practice Requirements
1. Build and Maintain
. Install and maintain a firewall configuration to
a Secure Network protect
. Do notdata.
use vendor-supplied defaults for system
passwords and other security parameters.
2. Protect 3. Protect stored data
Cardholder Data 4. Encrypt transmission of cardholder data and
sensitive information across public networks
o 25 Page 73 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 74 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 75 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
agency.
e. NERC: North American Electric Reliability Corporation wad
formed to oversee and regulate the reliability of the North
American bulk power systems. NERC is a self- regulated
organisation and has been designed as the National Electric
Reliability Organisation (ERO) by the US Federal Energy
Regulatory Commission.
f. ISO/IEC: It is a family of Information Security Management
Ans: a.ISO
It is a family of Information Security Management Systems
o 25 Page 76 of 90
4:33 PM m M
Bh.NotesS
cyber Security and Laws | MU
2000? What is the punishment for tampering with it? (P4 Appeared 1
Time) (5-1OM)
o 25 Page 77 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Ans: Whoever with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person destroys or deletes or
alters any information residing in a computer resource or diminishes its
value or utility or affects it injuriously by any means, commits hack.
.Whoever commits hacking, shall be punished with imprisonment
upto 3 years, or with a fine which may extend up to 5 lakh rupees or
with both.
(5-1OM)
o 25 Page 78 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
may extend to 3 years and with fine which may extend to 5 lakh rupees
and in the event of a second conviction with imprisonment of either
description for a term which may extend to 5 years and also with a fine
which may extend to 10 Iakh rupees.
Ans: Save as otherwise provided in this Act or any other law for the time
being in force, any person who, in pursuance of any of the powers
conferred under this Act, rules or regulations made three-under, has
secured access to any electronic record, book, register, correspondence,
information, document or other material without the consent of the person
concerned discloses such electronic record, book, register,
correspondence, information, document or other material to any other
person shall be punished with imprisonment for a term which may extend
to 2 years or with a fine which may extend to llakh rupees or with both.
o 25 Page 79 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Q17. List any 2 sections of ITA 2008 related to cyber café with their
statements (and comments for 5 marks)
o 25 Page 80 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Ans:
Section What is states
cybercafe means any facility from where access to the
Section 2(na) Internet is offered by any person in the ordinary course
of business to the members ofthe public
Ans:
section What it states
o 25 Page 81 of 90
4:33 PM m M llwr lw
Bh.Notes
cyber Security and Laws | MU
o 25 Page 82 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
are no exception.
Thus e-commerce law has become an exciting new field in the
legal arena.
There are common issues that arise within e-commerce law in the
world of cyberspace, including:
oSecurity and digital signatures - Digital signatures and
biometrics are now used to ensure that parties to a contact
are who they say they are.
Contract formation -
Legal issues arise when forming a
contract an electric forum because
in it must still adhere to
traditional contract laws.
oLiability ofinternet providers- Internet service providers
often face liability when events such as Internet outages
occur because they can have devastating effects on
contract formation, particularly at the offer and acceptance
phase.
Appeared 1
Time) (5-10M)
o 25 Page 83 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
Ans: In legal terms, evidence refers to a proof legally presented in the court
of law to ascertain the truth of a matter. Pieces of evidence tend to prove
or disprove the fact in question and are required by the courts to reach a
conclusion in legal cases.
Pieces of evidence are produced by all the parties in a legal dispute.
Different types of evidence are given below:
Type Of Evidence Example
o 25 Page 84 of 90
4:33 PM m M llwr lw
Bh.Notes
cyber Security and Laws | MU
Ans: A crime is an unlawful act that is forbidden and punishable by the law.
It is an act that could be harmful to an individual, a community, society or
the state.
The same is true even if it is done technology, and is called a
cybercrime.
To combat cybercrime, India enacted the Information Technology
Act, 2000, which amended various existing laws related to crime in
India.
Indian Penal Code, drafted in 1860, is the official criminal code of
India.
It provides a general penal code for India and is applicable
throughout India, except for the state of Jammu and Kashmir. It
contains 23 chapters with 511 sections.
The Information Technology Act 2000 has made several
o 25 Page 85 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 86 of 90
4:33 PM M M@ lll WiEiall wi
7
Bh.Notes
cyber Security and Laws | MU
o 25 Page 87 of 90
4:33 PM M M@
Bh.Notess
cyber Security and Laws | MU
MODULE-6
QI. write key IT requirements for sox, HIPAA and PCI. (P4 - Appeared 1
Time) (5-10M)
o 25 Page 88 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 89 of 90
4:33 PM m M
Bh.Notes
cyber Security and Laws | MU
o 25 Page 90 of 90