Professional Documents
Culture Documents
Backup Devices
In this section we will see the backup devices from smaller to enterprise
solutions. For a personal computer, they are −
CD and DVD, Blue-Rays − They are used for home/personal usage where
people can store their documents, mainly personal or office related
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Removable Devices − They are again for home usage (data, documents,
music, photos, movies) which can be a Removable USB or external hard
disks. Their capacities lately have increased a lot, they vary from 2 GB to 2
TB.
Network attached storage (NAS) − They are generally devices that are
used in small businesses for backup purposes because they offer a
centralized manner of backup. All the users can connect through the network
to access this device and save data.
They are lesser in cost when compared to other solutions and they also offer
a good fault tolerance as they are configured in RAID (redundant array of
independent disks). They can be rack or non-rack mounted. They offer a
good level of authentication of users and web console managing.
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Storage Area Network (SAN) − These are generally devices that are used
for big businesses for backup purposes. They offer a high speed of network
for storage the biggest producers are EMC Corporation, DELL.
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Local Backups
Online Backups
Generally local backups store the data in a CD, NA Storages, etc. as there
can be a simple copying of files or by using any third party software. One of
them in the server is the Windows backup which is included in the Windows
Server Edition License.
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
The other is Amazon with it product S3 details about this product can be
found on − http://aws.amazon.com/s3/
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
For more knowledge about this topic, please check the link
provided.
https://www.youtube.com/watch?v=Vjd6c7wdOhI
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
CHAPTER 9: COMPUTER
SECURITY - POLICIES
In this chapter we will explain security policies which
are the basis of security for the technology infrastructure
of your company.
In a way they are the regulatory of the behaviors of your
employees towards the use of technology in the
workplace, that can minimize the risk of being hacked,
information leak, internet bad usage and it also ensures
safeguarding of company resources.
In real life you will notice the employees of your
organization will always tend to click on bad or virus
infected URL’s or email attachments with viruses.
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Structure of a Security
Policy
When you compile a security policy you should have in
mind a basic structure in order to make something
practical. Some of the main points which have to be taken
into consideration are −
Description of the Policy and what is the usage for?
Where this policy should be applied?
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Types of Policies
In this section we will see the most important types of
policies.
Permissive Policy − It is a medium
restriction policy where we as an administrator block
just some well-known ports of malware regarding
internet access and just some exploits are taken in
consideration.
Prudent Policy − This is a high restriction
policy where everything is blocked regarding the
internet access, just a small list of websites are
allowed, and now extra services are allowed in
computers to be installed and logs are maintained for
every user.
Acceptance User Policy − This policy
regulates the behavior of the users towards a system
or network or even a webpage, so it is explicitly said
what a user can do and cannot in a system. Like are
they allowed to share access codes, can they share
resources, etc.
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
For more knowledge about this topic, please check the link
provided
https://www.youtube.com/watch?v=aa_ZlfOaXhM
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
CHAPTER 8: COMPUTER
SECURITY
Computer Security is the process of detecting and preventing any
unauthorized use of your laptop/computer. It involves the process of
safeguarding against trespassers from using your personal or office based
computer resources with malicious intent or for their own gains, or even for
gaining any access to them accidentally.
In this tutorial, we will treat the concept of computer security which can be a
laptop, a workstation, a server or even a network device. This is an
introductory tutorial that covers the basics of Computer Security and how to
deal with its various components and sub-components.
Why Security?
Cyberspace (internet, work environment, intranet) is becoming a dangerous
place for all organizations and individuals to protect their sensitive data or
reputation. This is because of the numerous people and machines accessing
it. It is important to mention that the recent studies have shown a big danger
is coming from internal threats or from disappointed employees like the
Edward Snowden case, another internal threat is that information material
can be easy accessible over the intranet.
One important indicator is the IT skills of a person that wants to hack or to
breach your security has decreased but the success rate of it has increased,
this is because of three main factors −
Hacking tools that can be found very easily by everyone just by
googling and they are endless.
Technology with the end-users has increased rapidly within these
years, like internet bandwidth and computer processing speeds.
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
What to Secure?
Let’s see this case, you are an IT administrator in a small company having
two small servers staying in a corner and you are very good at your job. You
are doing updates regularly, setting up firewalls, antiviruses, etc. One day,
you see that the organization employees are not accessing the systems
anymore. When you go and check, you see the cleaning lady doing her job
and by mistake, she had removed the power cable and unplugged the server.
What I mean by this case is that even physical security is important in
computer security, as most of us think it is the last thing to take care of.
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Data that you use to store information which can be financial, or non-
financial by encryption.
Information should be protected in all types of its representation in
transmission by encrypting it.
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
8
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
The general state in Computer Security has the ability to detect and
prevent attacks and to be able to recover. If these attacks are successful as
such then it has to contain the disruption of information and services and
check if they are kept low or tolerable.
Confidentiality
Confidentiality is the concealment of information or resources. Also, there is a
need to keep information secret from other third parties that want to have
access to it, so just the right people can access it.
9
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Example in real life − Let’s say there are two people communicating via an
encrypted email they know the decryption keys of each other and they read
the email by entering these keys into the email program. If someone else can
read these decryption keys when they are entered into the program, then the
confidentiality of that email is compromised.
Integrity
Integrity is the trustworthiness of data in the systems or resources by the
point of view of preventing unauthorized and improper changes. Generally,
Integrity is composed of two sub-elements – data-integrity, which it has to do
with the content of the data and authentication which has to do with the origin
of the data as such information has values only if it is correct.
Example in real life − Let’s say you are doing an online payment of 5 USD,
but your information is tampered without your knowledge in a way by sending
to the seller 500 USD, this would cost you too much.
In this case cryptography plays a very major role in ensuring data integrity.
Commonly used methods to protect data integrity includes hashing the data
you receive and comparing it with the hash of the original message.
10
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
However, this means that the hash of the original data must be
provided in a secure way.
Availability
Availability refers to the ability to access data of a resource when it is
needed, as such the information has value only if the authorized people can
access at right time. Denying access to data nowadays has become a
common attack. Imagine a downtime of a live server how costly it can be.
Example in real life − Let’s say a hacker has compromised a webserver of a
bank and put it down. You as an authenticated user want to do an e-banking
transfer but it is impossible to access it, the undone transfer is a money lost
for the bank.
For more knowledge about this topic, please check the link
provided
https://www.youtube.com/watch?v=6p_q_Xp--Rs
11
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
CHAPTER 7: Identification of
Applicable Laws and Regulations
Identify Sources
Regulated Industries
Legal Jurisdictions
Protected Information Types
Identify Regulators
Federal
State
Industry
Regulated Industries
Identify all known industries your organization operates in
Think about what products/services you provide
Think about what departments you have
Think broad, then focus in
Ex., A bank’s industries may include banking, finance
(loans), investments, insurance, and storage (safety
deposit boxes)
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Legal Jurisdictions
Identify all known legal jurisdictions you operate in
Think about where your offices/branches are
Think about where your customers live
Think about where your interactions with customers
are
Brick-and-Mortar and Online
Goal is to identify all countries and states you operate in
Protected Information
Types
Determine intuitive types of information
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Review of Cybersecurity
Law
Laws and regulations exist to protect our rights and
prevent unfair and deceptive practices
If you are non-compliant with the law, you are
breaking it
Strategic Questions
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Federal Laws
Two basic legal approaches
Laws primarily focused on cybersecurity
Laws focused on industry regulation with a
security component
Some laws apply to any organization conducting
business
Discovery laws, trade laws, etc.
Some apply to only certain categories of
businesses
Operate across state lines, critical infrastructure,
etc.
Federal Laws
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Risk-Based Security
Program
Risk-based information security program
Compliance ≠ Security
Reasonable and appropriate
Considers cost-benefit but not primary
motivation
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
For more knowledge about this topic, please check the link
provided
https://www.youtube.com/watch?v=ykmJWZBoGOA
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
8
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Types of Cybercrime
Let us now discuss the major types of cybercrime −
Hacking
It is an illegal practice by which a hacker breaches the computer’s security
system of someone for personal interest.
Unwarranted mass-surveillance
Mass surveillance means surveillance of a substantial fraction of a group of
people by the authority especially for the security purpose, but if someone
does it for personal interest, it is considered as cybercrime.
Child pornography
It is one of the most heinous crimes that is brazenly practiced across the
world. Children are sexually abused and videos are being made and
uploaded on the Internet.
Child grooming
It is the practice of establishing an emotional connection with a child
especially for the purpose of child-trafficking and child prostitution.
Copyright infringement
If someone infringes someone’s protected copyright without permission and
publishes that with his own name, is known as copyright infringement.
Money laundering
Illegal possession of money by an individual or an organization is known as
money laundering. It typically involves transfers of money through foreign
banks and/or legitimate business. In other words, it is the practice of
transforming illegitimately earned money into the legitimate financial system.
Cyber-extortion
When a hacker hacks someone’s email server, or computer system and
demands money to reinstate the system, it is known as cyber-extortion.
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Cyber-terrorism
Normally, when someone hacks government’s security system or intimidates
government or such a big organization to advance his political or social
objectives by invading the security system through computer networks, it is
known as cyber-terrorism.
Cyber Security
Cyber security is a potential activity by which information and other
communication systems are protected from and/or defended against the
unauthorized use or modification or exploitation or even theft.
Likewise, cyber security is a well-designed technique to protect computers,
networks, different programs, personal data, etc., from unauthorized access.
Security Architecture
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Network Diagram
Security Assessment Procedure
Security Policies
Risk Management Policy
Backup and Restore Procedures
Disaster Recovery Plan
Risk Assessment Procedures
Once you have a complete blueprint of the points mentioned above, you can
put better security system to your data and can also retrieve your data if
something goes wrong.
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
The links in the email may install malware on the user’s device or direct them
to a malicious website set up to trick them into divulging personal and
financial information, such as passwords, account IDs or credit card details.
These techniques are too much in use with cybercriminals, as it is far easier
to trick someone into clicking a malicious link in the email than trying to break
through a computer’s defenses. Although some phishing emails are poorly
written and clearly fake.
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
There are several ways to detect a Phishing Email, some of these methods
are discussed here for better understanding.
Spelling and Bad Grammar
Cyber criminals generally make grammar and spelling mistakes because they
use dictionary too often to translate in a specific language. If you notice
mistakes in an email, it might be a scam.
Links in Email
Links in the email are always with hidden URLs, you don't click on it. Rest
your mouse (but don't click) on the link to see if the address matches the link
that was typed in the message. In the following example the link reveals the
real web address, as shown in the box with the yellow background. The string
of cryptic numbers looks nothing like the company's web address.
Links also may redirect you to .exe, or zipped files. These are known to
spread malicious software.
Threats or They are too Good to be True
Cybercriminals often use threats that your security has been compromised.
The above screenshot shows it very well. In our case the subject talking
about Suspension.
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
pop-up windows. In our case, there is this email of Amazon which is not a
genuine one.
Salutation
Generally, if it is genuine you will have a personalized email like Dear Mr.
John, but the cybercriminals, they don’t know your name except the email
address, so they will use just a part of your email in the salutation or a
general salutation.
Contact the authority on whose behalf you got that email. You should
also report to your account administrator.
For more knowledge about this topic, please check the link
provided
https://www.youtube.com/watch?v=2mh-N9_O_yI
8
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Electronic Signature
An electronic signature or e-signature, indicates either that a person who
demands to have created a message is the one who created it.
A signature can be defined as a schematic script related with a person. A
signature on a document is a sign that the person accepts the purposes
recorded in the document. In many engineering companies digital seals are
also required for another layer of authentication and security. Digital seals
and signatures are same as handwritten signatures and stamped seals.
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Offences
Cyber offences are the illegitimate actions, which are carried out in a classy
manner where either the computer is the tool or target or both.
Cyber-crime usually includes the following −
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Example
Offences Under The It Act 2000
Section 65. Tampering with computer source documents
Whoever knowingly or intentionally conceals, destroys or alters or
intentionally or knowingly causes another to conceal, destroy or alter any
computer source code used for a computer, computer program, computer
system or computer network, when the computer source code is required to
be kept or maintained by law for the being time in force, shall be punishable
with imprisonment up to three year, or with fine which may extend up to two
lakh rupees, or with both.
Explanation − For the purpose of this section “computer source code” means
the listing of programs, computer commands, design and layout and program
analysis of computer resource in any form.
Object − The object of the section is to protect the “intellectual property”
invested in the computer. It is an attempt to protect the computer source
documents (codes) beyond what is available under the Copyright Law
Essential ingredients of the section
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
retention of information
8
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
9
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
The following table shows the offence and penalties against all the mentioned
sections of the I.T. Act −
Compounding of Offences
As per Section 77-A of the I. T. Act, any Court of competent jurisdiction may
compound offences, other than offences for which the punishment for life or
imprisonment for a term exceeding three years has been provided under the
Act.
No offence shall be compounded if −
The accused is, by reason of his previous conviction, is liable to either
enhanced punishment or to the punishment of different kind; OR
Offence affects the socio economic conditions of the country; OR
Offence has been committed against a child below the age of 18 years;
OR
Offence has been committed against a woman.
The person alleged of an offence under this Act may file an application for
compounding in the Court. The offence will then be pending for trial and the
provisions of Sections 265-B and 265-C of Cr. P.C. shall apply.
For more knowledge about this topic, please check the link
provided
https://www.youtube.com/watch?v=TmA2QWSLSPg
10
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Passive Devices
These devices identify and report on unwanted traffic, for example, intrusion
detection appliances.
Preventative Devices
These devices scan the networks and identify potential security problems.
For example, penetration testing devices and vulnerability assessment
appliances.
Firewalls
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Antivirus
An antivirus is a tool that is used to detect and remove malicious software. It
was originally designed to detect and remove viruses from computers.
Modern antivirus software provide protection not only from virus, but also
from worms, Trojan-horses, adwares, spywares, keyloggers, etc. Some
products also provide protection from malicious URLs, spam, phishing
attacks, botnets, DDoS attacks, etc.
Content Filtering
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Web filtering
Screening of Web sites or pages
E-mail filtering
Screening of e-mail for spam
Other objectionable content
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
The last four sections namely sections 91 to 94 in the I.T. Act 2000
deals with the amendments to the Indian Penal Code 1860, The Indian
Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the
Reserve Bank of India Act 1934 were deleted.
It commences with Preliminary aspect in Chapter 1, which deals with
the short, title, extent, commencement and application of the Act in
Section 1. Section 2 provides Definition.
Chapter 2 deals with the authentication of electronic records, digital
signatures, electronic signatures, etc.
Chapter 11 deals with offences and penalties. A series of offences have
been provided along with punishment in this part of The Act.
Thereafter the provisions about due diligence, role of intermediaries
and some miscellaneous provisions are been stated.
The Act is embedded with two schedules. The First Schedule deals with
Documents or Transactions to which the Act shall not apply. The
Second Schedule deals with electronic signature or electronic
authentication technique and procedure. The Third and Fourth
Schedule are omitted.
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Intermediary Liability
Intermediary, dealing with any specific electronic records, is a person who on
behalf of another person accepts, stores or transmits that record or provides
any service with respect to that record.
According to the above mentioned definition, it includes the following −
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
For more knowledge about this topic, please check the link
provided
https://www.youtube.com/watch?v=inWWhr5tnEA
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
CHAPTER 3: POLICIES TO
MITIGATE CYBER RISK
This chapter takes you through the various policies
laid to minimize cyber risk. It is only with well-defined
policies that the threats generated in the cyberspace can
be reduced.
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Threat Intelligence
Research work to mitigate cyber-threats is already being commenced in
India. There is a proactive response mechanism in place to deal with cyber
threats. Research and Development activities are already underway at
various research organizations in India to fight threats in cyberspace.
Authentication Techniques
Authentication techniques such as Key Management, Two Factor
Authentication, and Automated key Management provide the ability to
encrypt and decrypt without a centralized key management system and file
protection. There is continuous research happening to strengthen these
authentication techniques.
BYOD, Cloud and Mobile Security
With the adoption of varied types of mobile devices, the research on the
security and privacy related tasks on mobile devices has increased. Mobile
security testing, Cloud Security, and BYOD (Bring Your Own Device) risk
mitigation are some of the areas where a lot of research is being done.
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Cyber Forensics
Cyber Forensics is the application of analysis techniques to collect and
recover data from a system or a digital storage media. Some of the specific
areas where research is being done in India are −
Disk Forensics
Network Forensics
Mobile Device Forensics
Memory Forensics
Multimedia Forensics
Internet Forensics
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Information Sharing
United States proposed a law called Cybersecurity Information Sharing
Act of 2014 (CISA) to improve cybersecurity in the country through
enhanced sharing of information about cybersecurity threats. Such laws are
required in every country to share threat information among citizens.
Cybersecurity Breaches Need a Mandatory Reporting Mechanism
The recent malware named Uroburos/Snake is an example of growing
cyber-espionage and cyber-warfare. Stealing of sensitive information is the
new trend. However, it is unfortunate that the telecom companies/internet
service providers (ISPs) are not sharing information pertaining to cyber-
attacks against their networks. As a result, a robust cybersecurity strategy to
counter cyber-attacks cannot be formulated.
This problem can be addressed by formulating a good cybersecurity law that
can establish a regulatory regime for obligatory cybersecurity breach
notifications on the part of telecom companies/ISPs.
Infrastructures such as automated power grids, thermal plants, satellites, etc.,
are vulnerable to diverse forms of cyber-attacks and hence a breach
notification program would alert the agencies to work on them.
The Core,
Implementation Tiers, and
Framework Profiles.
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
For more knowledge about this topic, please check the link
provided
https://www.youtube.com/watch?v=rYGernHiyIo
8
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
9
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
CHAPTER 2: INTELLECTUAL
PROPERTY RIGHT
Intellectual property rights are the legal rights that cover the privileges
given to individuals who are the owners and inventors of a work, and have
created something with their intellectual creativity. Individuals related to areas
such as literature, music, invention, etc., can be granted such rights, which
can then be used in the business practices by them.
The creator/inventor gets exclusive rights against any misuse or use of work
without his/her prior information. However, the rights are granted for a limited
period of time to maintain equilibrium.
The following list of activities which are covered by the intellectual property
rights are laid down by the World Intellectual Property Organization (WIPO) −
Industrial designs
Scientific discoveries
Protection against unfair competition
Literary, artistic, and scientific works
Inventions in all fields of human endeavor
Performances of performing artists, phonograms, and broadcasts
Trademarks, service marks, commercial names, and designations
All other rights resulting from intellectual activity in the industrial,
scientific, literary, or artistic fields
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Copyright
Patent
Patent
Trade Secrets, etc.
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Comparison of Attacks
The following table shows the Comparison of Attack Categories against
Desired Cyber Ecosystem Capabilities −
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Case Study
The following diagram was prepared by Guilbert Gates for The New York
Times, which shows how an Iranian plant was hacked through the internet.
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Types of Attacks
The following table describes the attack categories −
data-leakage attacks
injection attacks and abuse of functionality
spoofing
time-state attacks
buffer and data structure attacks
resource manipulation
stolen credentials usage
backdoors
8
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
9
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
network investigation
10
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
standards
guidelines
practices
These parameters help the owners and operators of critical infrastructure to
manage cybersecurity-related risks.
11
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
12
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
End-to-End Measures
It is a medium for transporting Protocol Data Units (PDUs) in a protected
manner from source to destination in such a way that disruption of any of
their communication links does not violate security.
Association-Oriented Measures
Association-oriented measures are a modified set of end-to-end measures
that protect every association individually.
Data Encryption
It defines some general features of conventional ciphers and the recently
developed class of public-key ciphers. It encodes information in a way that
only the authorized personnel can decrypt them.
13
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
14
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
For more knowledge about this topic, please check the link provided
https://www.youtube.com/watch?v=UqZJPuyK9VY
15
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
16
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
The Internet has now become all-encompassing; it touches the lives of every
human being. We cannot undermine the benefits of Internet, however its
anonymous nature allows miscreants to indulge in various cybercrimes. This
is a brief tutorial that explains the cyber laws that are in place to keep
cybercrimes in check. In addition to cyber laws, it elaborates various IT
Security measures that can be used to protect sensitive data against potential
cyber threats.
1
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Cyber security
Cybersecurity denotes the technologies and procedures intended to
safeguard computers, networks, and data from unlawful admittance,
weaknesses, and attacks transported through the Internet by cyber
delinquents.
ISO 27001 (ISO27001) is the international Cybersecurity Standard that
delivers a model for creating, applying, functioning, monitoring, reviewing,
preserving, and improving an Information Security Management System.
The Ministry of Communication and Information Technology under the
government of India provides a strategy outline called the National
Cybersecurity Policy. The purpose of this government body is to protect the
public and private infrastructure from cyber-attacks.
Cybersecurity Policy
The cybersecurity policy is a developing mission that caters to the entire field
of Information and Communication Technology (ICT) users and providers. It
includes −
Home users
Small, medium, and large Enterprises
Government and non-government entities
It serves as an authority framework that defines and guides the activities
associated with the security of cyberspace. It allows all sectors and
organizations in designing suitable cybersecurity policies to meet their
requirements. The policy provides an outline to effectively protect information,
information systems and networks.
It gives an understanding into the Government’s approach and strategy for
security of cyber space in the country. It also sketches some pointers to allow
collaborative working across the public and private sectors to safeguard
information and information systems. Therefore, the aim of this policy is to
2
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Cyber Crime
The Information Technology Act 2000 or any legislation in the Country
does not describe or mention the term Cyber Crime. It can be globally
considered as the gloomier face of technology. The only difference between
a traditional crime and a cyber-crime is that the cyber-crime involves in a
crime related to computers. Let us see the following example to understand it
better −
Traditional Theft − A thief breaks into Ram’s house and steals an object
kept in the house.
Hacking − A Cyber Criminal/Hacker sitting in his own house, through his
computer, hacks the computer of Ram and steals the data saved in Ram’s
computer without physically touching the computer or entering in Ram’s
house.
The I.T. Act, 2000 defines the terms −
access in computer network in section 2(a)
computer in section 2(i)
computer network in section (2j)
data in section 2(0)
information in section 2(v).
To understand the concept of Cyber Crime, you should know these laws. The
object of offence or target in a cyber-crime are either the computer or the
data stored in the computer.
Nature of Threat
Among the most serious challenges of the 21st century are the prevailing and
possible threats in the sphere of cybersecurity. Threats originate from all
kinds of sources, and mark themselves in disruptive activities that target
individuals, businesses, national infrastructures, and governments alike. The
effects of these threats transmit significant risk for the following −
3
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
public safety
security of nations
stability of the globally linked international community
Malicious use of information technology can easily be concealed. It is difficult
to determine the origin or the identity of the criminal. Even the motivation for
the disruption is not an easy task to find out. Criminals of these activities can
only be worked out from the target, the effect, or other circumstantial
evidence. Threat actors can operate with considerable freedom from virtually
anywhere. The motives for disruption can be anything such as −
Enabling People
4
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
5
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Mission
The following mission caters to cybersecurity −
To safeguard information and information infrastructure in cyberspace.
To build capabilities to prevent and respond to cyber threats.
To reduce vulnerabilities and minimize damage from cyber incidents
through a combination of institutional structures, people, processes,
technology, and cooperation.
Vision
To build a secure and resilient cyberspace for citizens, businesses, and
Government.
6
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Create Awareness
While the U.S. government has declared October as the National
Cybersecurity Awareness month, India is following the trend to implement
some stringent awareness scheme for the general public.
The general public is partially aware of the crimes related to virus transfer.
However, they are unaware of the bigger picture of the threats that could
affect their cyber-lives. There is a huge lack of knowledge on e-commerce
and online banking cyber-crimes among most of the internet users.
Be vigilant and follow the tips given below while you participate in online
activities −
Filter the visibility of personal information in social sites.
Do not keep the "remember password" button active for any email
address and passwords
Make sure your online banking platform is secure.
Keep a watchful eye while shopping online.
Do not save passwords on mobile devices.
Secure the login details for mobile devices and computers, etc.
7
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
Areas of Development
The "Cyberlaw Trends in India 2013" and "Cyber law Developments in India
in 2014" are two prominent and trustworthy cyber-law related research works
provided by Perry4Law Organization (P4LO) for the years 2013 and 2014.
There are some grave cyber law related issues that deserve immediate
consideration by the government of India. The issues were put forward by the
Indian cyber law roundup of 2014 provided by P4LO and Cyber Crimes
Investigation Centre of India (CCICI). Following are some major issues −
8
MODULE SOCIAL AND PROFESSIONAL ISSUES-SP1
For more knowledge about this topic, please check the link provided
https://www.youtube.com/watch?v=symZriga1mY