UNIT V: CYBER SAFETY

MECHANISM
Cyber Safety Mechanism: Introduction, brief Introduction about Policies involved in cyber safety mechanism and
purpose of implementing cyber security model

Information Technology Law (Cyber Law): Evolution of the IT Act 2000 and Its amendments: Genesis and
Necessity, advantages.
 CYBER SAFETY

• Cyber safety is the safe and responsible use of information and communication technology. It is
about keeping information safe and secure, but also about being responsible with that
information, being respectful to other people online, and using good Internet etiquette. It
includes body of technologies, processes and practices designed to protect networks, computers,
programs and data from attack, damage or unauthorized access.
 WHAT IS CYBERSAFETY?

Cybersafety is the safe and responsible use of Information and Communication Technologies
(ICT), approach to cybersafety is founded on:

• Maintaining a positive approach about the many benefits brought by technologies

• Encouraging the public to identify the risks associated with ICT
• Putting in place strategies to minimise and manage risks
• Recognising the importance of effective teaching and learning programmes.
 CYBERBULLYING
Cyberbullying includes sending, posting or sharing negative, harmful, false or mean information and content about
someone. It is a serious offence which is punishable under Cyber law.
Cyber Bullying includes:
• Nasty comments on your posts or posts about you
• Someone creating a fake prole in your name and trying to defame you
• Threatening or abusive messages online or on the mobile phone
• Being excluded from online groups and forums
• Embarrassing photographs put online without your permission
• Rumours and lies about you on a site
• Stealing your account password and sending unwanted/inappropriate messages from your account
• Offensive chat
• Fake online profiles created with an intent to defame you
 DO THE FOLLOWING IF CYBERBULLIED

• Do not Respond: If someone is cyber bullying you, do not respond or retaliate by doing the same
thing back. Responding or retaliating to cyber bullying may make matter worse or even get you
into trouble
• Screenshot: Take a screenshot of anything that you think could be cyber bullying and keep a
record of it.
• Block and Report: Most online platforms have this feature, if someone bothers you, make sure
you block and report the offender to the social media platform.
• Talk about it: Cyber bullying may affect you in many deferent ways. Do not feel that you are
alone. Let your parents and teachers know what is going on. Never keep it to yourself
 DO THE FOLLOWING IF CYBERBULLIED

• Be Private: Keep your social media privacy settings high and do not connect with anybody who
you do not know online. You would not talk to random people on the street, so why do it online?
• Be Aware: Remain updated with all the preventive and security measures in the cyber world
 COMPUTER SAFETY AND SECURITY
• Log off your Computer when not in use & don’t leave them un-attended
• Do not plug the computer directly to the wall outlet as power surges may destroy computer. Instead, use a stabilizer to
plug a computer
• Do not install pirated software
• Do not connect unknown devices to your computer as they may contain viruses
• Use only verfied open source or licensed software and operating systems
• Check that antivirus software in each system is regularly updated
• Invest in a robust firewall
• Consider blocking of file extension such as .bat, .cmd, .exe, .pif by using content filtering software
• Have a password protocol with specific strong password guidelines, frequently change your passwords, prevents reuse of
old passwords
• Ensure that computer system and labs are assist only by authorized personnel
• Discourage use of personal devices on the network, such as personal USBs or hard drives
 INTERNET SAFETY AND ETHICS

• Respect other people’s privacy

• Follow proper protocol in language use while chatting, blogging and emailing
• Do not log in to other people’s email accounts
• Do not download and use copyrighted material
• Enable automatic browser update to ensure detection of malicious sites
 SAFE EMAIL PRACTICES

• Do not reply to emails from unknown sender even if it looks like a genuine email
• Do not provide personal information like name, date of birth, school name, address, parent’s names
or any other information
• Do not fall for lucrative offers/discounts as they might be coming from unknown source and it may
not be reliable. Ignore/delete those mails
• Do not open attachments or click on links from unknown senders, since they may contain malicious
les that might affect your device.
• Only click the links and downloads from websites that you trust
• Beware of phishing websites - check the URL to confirm if the website is secure
• Do not forward spam or suspicious emails to others
CYBER SECURITY MECHANISM
 CYBER SECURITY MECHANISM

Types of Security Mechanism are :

• Encipherment : This security mechanism deals with hiding and covering of data which helps
data to become confidential. It is achieved by applying mathematical calculations or algorithms
which reconstruct information into not readable form. It is achieved by two famous techniques
named Cryptography and Encipherment. Level of data encryption is dependent on the algorithm
used for encipherment.
• Access Control : This mechanism is used to stop unattended access to data which you are
sending. It can be achieved by various techniques such as applying passwords, using firewall, or
just by adding PIN to data.
 CYBER SECURITY MECHANISM

Notarization : This security mechanism involves use of trusted third party in communication. It
acts as mediator between sender and receiver so that if any chance of conflict is reduced. This
mediator keeps record of requests made by sender to receiver for later denied.
Data Integrity : This security mechanism is used by appending value to data to which is created
by data itself. It is similar to sending packet of information known to both sending and receiving
parties and checked before and after data is received. When this packet or data which is appended
is checked and is the same while sending and receiving data integrity is maintained.
 CYBER SECURITY MECHANISM

• Authentication exchange : This security mechanism deals with identity to be known in communication.
This is achieved at the TCP/IP layer where two-way handshaking mechanism is used to ensure data is
sent or not
• Bit stuffing :This security mechanism is used to add some extra bits into data which is being transmitted.
It helps data to be checked at the receiving end and is achieved by Even parity or Odd Parity.
• Digital Signature :This security mechanism is achieved by adding digital data that is not visible to eyes.
It is form of electronic signature which is added by sender which is checked by receiver electronically.
This mechanism is used to preserve data which is not more confidential but sender’s identity is to be
notified.
 INTRODUCTION TO CLASSIC SECURITY
MODELS
These models are used for maintaining goals of security, i.e. Confidentiality, Integrity, and
Availability. In simple words, it deals with CIA Triad maintenance. There are 3 main types of
Classic Security Models.

• Bell-LaPadula
• Biba
• Clarke Wilson Security Model
 1. BELL-LAPADULA
• This Model was invented by Scientists David Elliot Bell and Leonard .J. LaPadula. Thus this
model is called the Bell-LaPadula Model. This is used to maintain the Confidentiality of
Security. Here, the classification of Subjects(Users) and Objects(Files) are organized in a non-
discretionary fashion, with respect to different layers of secrecy.
 1. BELL-LAPADULA
It has mainly 3 Rules
• SIMPLE CONFIDENTIALITY RULE: Simple Confidentiality Rule states that the Subject can only Read the
files on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of Secrecy, due to
which we call this rule as NO READ-UP

• STAR CONFIDENTIALITY RULE: Star Confidentiality Rule states that the Subject can only Write the files on
the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to which we
call this rule as NO WRITE-DOWN

• STRONG STAR CONFIDENTIALITY RULE: Stong Star Confidentiality Rule is highly secured and strongest
which states that the Subject can Read and Write the files on the Same Layer of Secrecy only and not the Upper
Layer of Secrecy or the Lower Layer of Secrecy, due to which we call this rule as NO READ WRITE UP DOWN
 2. BIBA
• This Model was invented by Scientist Kenneth .J. Biba. Thus this model is called Biba Model.
This is used to maintain the Integrity of Security. Here, the classification of Subjects(Users) and
Objects(Files) are organized in a non-discretionary fashion, with respect to different layers of
secrecy. This works the exact reverse of the Bell-LaPadula Model.
 2. BIBA
It has mainly 3 Rules:
• SIMPLE INTEGRITY RULE: Simple Integrity Rule states that the Subject can only Read the
files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of
Secrecy, due to which we call this rule as NO READ DOWN
• STAR INTEGRITY RULE: Star Integrity Rule states that the Subject can only Write the files
on the Same Layer of Secrecy and the Lower Layer of Secrecy but not the Upper Layer of
Secrecy, due to which we call this rule as NO WRITE-UP
• STRONG STAR INTEGRITY RULE
 3. CLARKE WILSON SECURITY MODEL

• SUBJECT: It is any user who is requesting for Data

Items.
• CONSTRAINED DATA ITEMS:It cannot be
accessed directly by the Subject. These need to be
accessed via Clarke Wilson Security Model
• UNCONSTRAINED DATA ITEMS: It can be
accessed directly by the Subject.
 3. CLARKE WILSON SECURITY MODEL

• The Components of Clarke Wilson Security Model

• TRANSFORMATION PROCESS: Here, the Subject’s request to access the Constrained Data
Items is handled by the Transformation process which then converts it into permissions and then
forwards it to Integration Verification Process
• INTEGRATION VERIFICATION PROCESS: The Integration Verification Process will
perform Authentication and Authorization. If that is successful, then the Subject is given access
to Constrained Data Items.
 THE INFORMATION TECHNOLOGY ACT,
2000
• The Information Technology Act, 2000 also Known as an IT Act is an act proposed by the Indian
Parliament reported on 17th October 2000. This Information Technology Act is based on the United
Nations Model law on Electronic Commerce 1996 (UNCITRAL Model) which was suggested by the
General Assembly of United Nations by a resolution dated on 30th January, 1997. It is the most important
law in India dealing with Cybercrime and E-Commerce.

• The main objective of this act is to carry lawful and trustworthy electronic, digital and online transactions
and alleviate or reduce cybercrimes. The IT Act has 13 chapters and 90 sections. The last four sections
that starts from ‘section 91 – section 94’, deals with the revisions to the Indian Penal Code 1860.
 THE INFORMATION TECHNOLOGY ACT,
2000
• The IT Act, 2000 has two schedules:

• First Schedule – Deals with documents to which the Act shall not apply.
• Second Schedule – Deals with electronic signature or electronic authentication method.
 THE INFORMATION TECHNOLOGY ACT,
2000
The offences and the punishments in IT Act 2000 :
• Tampering with the computer source documents.
• Directions of Controller to a subscriber to extend facilities to decrypt information.
• Publishing of information which is obscene in electronic form.
• Penalty for breach of confidentiality and privacy.
• Hacking for malicious purposes.
• Penalty for publishing Digital Signature Certificate false in certain particulars.
 THE INFORMATION TECHNOLOGY ACT,
2000
• Penalty for misrepresentation.
• Confiscation.
• Power to investigate offences.
• Protected System.
• Penalties for confiscation not to interfere with other punishments.
• Act to apply for offence or contravention committed outside India.
• Publication for fraud purposes.
• Power of Controller to give directions.
 THE INFORMATION TECHNOLOGY ACT,
2000
Sections and Punishments under Information Technology Act, 2000 are as follows :
• Section 43 This section of IT Act, 2000 states that any act of destroying, altering or stealing
computer system/network or deleting data with malicious intentions without authorization from
owner of the computer is liable for the payment to be made to owner as compensation for damages.
• Section 43A This section of IT Act, 2000 states that any corporate body dealing with sensitive
information that fails to implement reasonable security practices causing loss of other person will
also liable as convict for compensation to the affected party.
• Section 66 Hacking of a Computer System with malicious intentions like fraud will be punished
with 3 years imprisonment or the fine of Rs.5,00,000 or both.
 THE INFORMATION TECHNOLOGY ACT,
2000
Section 66 B, C, D Fraud or dishonesty using or transmitting information or identity theft is
punishable with 3 years imprisonment or Rs. 1,00,000 fine or both.
Section 66 E This Section is for Violation of privacy by transmitting image or private area is
punishable with 3 years imprisonment or 2,00,000 fine or both.
Section 66 F This Section is on Cyber Terrorism affecting unity, integrity, security, sovereignty of
India through digital medium is liable for life imprisonment.
Section 67 This section states publishing obscene information or pornography or transmission of
obscene content in public is liable for imprisonment up to 5 years or fine or Rs. 10,00,000 or both.
 THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT 2008
• The Information Technology (Amendment) Act 2008, an act to amend the IT Act 2000 received
the President’s permission on 5th February 2009. Several legal & security experts are analyzing
the contents and possible impacts of the amendments.
• The IT(A) Act 2008 has introduced two sections that address data protection aspects.
The sections under consideration are:
• Section 43A: Compensation for failure to protect data
• Section 72A: Punishment for disclosure of information in breach of lawful contract
 THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT 2008
• Description of Section 43A
• Where a body corporate, possessing, dealing or handling any sensitive personal data or
information in a computer resource which it owns, controls or operates, is negligent in
implementing and maintaining reasonable security practices and procedures and thereby causes
wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay
damages by way of compensation, to the person so affected.
 THE INFORMATION TECHNOLOGY
(AMENDMENT) ACT 2008
• Description of Section 72A
• Under this section, disclosure without consent exposes a person, including an “intermediary,” to
three years imprisonment or a fine up to Rs. Five lacs or both.

• This section uses the term “personal information” and not “sensitive personal information” as in
section 43A. Hence, it could apply to any information obtained to deliver services and, therefore,
broaden the definition of information.