Presentation on Cyber Security

An
Initiative by
www.computerscienceexpertise.com

By: Dheeraj Mehrotra

 CYBER SPACE:
The Global Room Today

A science fiction writer coined the useful term "cyberspace" in 1982. But the territory in
question, the electronic frontier, is about a hundred and thirty years old. Cyberspace is
the "place" where a telephone conversation appears to occur. Not inside your actual
phone, the plastic device on your desk. This "place“ is not "real," but it is serious, it is
earnest. Tens of thousands of people have dedicated their lives to it, to the public service
of public communication by wire and electronics. Cyberspace today is a "Net," a "Matrix,"
international in scope and growing swiftly and steadily. It's growing in size, and wealth,
and political importance. People have met there and been married there. There are entire
living communities in cyberspace today; chattering, gossipping, planning, conferring and
scheming, leaving one another voice-mail and electronic mail, giving one another big
weightless chunks of valuable data, both legitimate and illegitimate. They busily pass one
another computer software and the occasional festering computer virus.

By: Dheeraj Mehrotra

 Legal Framework for
Information Technology

- The Need for the Hour

By: Dheeraj Mehrotra

The Bottom Line

The Internet already has triggered challenging

questions about the applicability of case precedent and
legal models for Internet-mediated communications
and commerce.
At the macro-level, the Internet affects broad, almost
metaphysical concepts like matter, distance, time and
space.
At the micro-level, it directly impacts how we
communicate, educate, entertain and transact
business.

By: Dheeraj Mehrotra

DATA SECURITY TOOL

By: Dheeraj Mehrotra

 TROJANS: The chief of VIRUSES
(Vital Information Resource Under Seize)

Trojans are small programs that effectively give “hackers” remote control
over your entire Computer. Some common features with Trojans are as
follows:
Open your CD-Rom drive
Capture a screenshot of your computer
Record your key strokes and send them to the “Hacker”
Full Access to all your drives and files
Ability to use your computer as a bridge to do other
hacking related activities.
Disable your keyboard
Disable your mouse…and more!

By: Dheeraj Mehrotra

ULTIMATE PREVENTION: CURE

By: Dheeraj Mehrotra

10 Driving Principles of the New Economy

Matter—law involves the processing of information and the Internet provides

a comparatively superior medium for some applications.
Space—the Internet transcends distance and provides a major new
promotional medium.
Time—Internet time moves faster than we’d like.
People—brain power and people skills matter particularly in an Internet-
mediated world.
Growth—the Internet can fuel market expansion.
Value—Web pages offer prospective clients access to helpful general
information and for existing clients a portal to a some of a firm’s assets.
Efficiency—consider whether and how e-mail enhances productivity.
Markets—the Internet makes markets more porous and more easily
customized.
Transactions—with modification, the Internet can provide a medium for
commerce.
Impulse—the Internet reduces the time between sales pitch and transaction.
By: Dheeraj Mehrotra
DATA SECURITY ON THE WEB???

By: Dheeraj Mehrotra

Technology Trends

The Internet provides a “virtual” medium for

communications and commerce that
transcends many of the limitations in the
physical world.
This presents a mixed blessing: the capacity
to achieve near parity with competitors
located any place, offset by expectations and
the complexity in doing business across
jurisdictions.
We must ascend new learning curves and
make sizeable equipment investments to
accrue efficiency and productivity gains.

By: Dheeraj Mehrotra

Marketplace Trends

The Internet reduces market entry barriers.

It provides a new medium, that can reduce
transaction costs and promote “frictionless”
commerce.
It can eliminate intermediaries that do not add
sufficient value (“disintermediation”), but it
also can create new opportunities, e.g., content
portals, auctioneers and B2B brokers.
It reduces comparative and competitive
disadvantages based on location alone.
It offers the promise of faster,better, smarter,
cheaper and more convenient services.

By: Dheeraj Mehrotra

 Business in the 21 Century st

All businesses in 21 st century will be more and

more knowledge based. IT will be a strong
enabler for the business
Businesses will stick to their core competencies
Logistics will be critical
Layers of management structures will shrink
Changing Business Relationships
And the Cyber Security shall be a concern for
all…………………..

By: Dheeraj Mehrotra

How business will be
done in the 21 Century
st

Deal with well informed

customers with high service
standards expectation
Paperless Offices and work
flow based execution
Business at any hour
Virtual Showrooms and
Teleshopping
And again the Cyber Security shall
be a concern for all………….
By: Dheeraj Mehrotra
The need for cyber laws

To facilitate e-commerce
To curb Cyber crimes. Cyber crimes can
have a devastating effect
E-Governance

By: Dheeraj Mehrotra

How the Internet Affects the Law

Internet mediation does not necessarily foreclose the application of

preexisting laws; something unlawful, regulated or licensed does not
become lawful, unregulated and unlicensed simply through Internet-
mediation.
The transborder nature of Internet commerce and communications
challenges national sovereignty and the jurisdictional reach of laws
and regulations.
Technological innovations, coupled with the global reach of the
Internet, threaten the viability of laws including ones protecting
intellectual property, privacy and consumers.

By: Dheeraj Mehrotra

 What is Cyberlaw ?

Cyberlaw is a generic term which refers to

all the legal and regulatory aspects of
Information Technology in the Cyber space
 Anything related to or concerning any activity
of netizens and others, within Cyberspace
comes within the the ambit of Cyberlaw
 A vibrant and effective regulatory mechanism
is crucial for the success of e-Commerce

By: Dheeraj Mehrotra

INDIAN SCENARIO: A Layman’s
View of Cyber Security

By: Dheeraj Mehrotra

The Information
Technology Act 2000

India is the 13th country to pass

legislation on Information Technology.

The I.T. Act received the President’s

sanction on 9th June, 2000.The I.T. Act
is effective from 17th October, 2000.

By: Dheeraj Mehrotra

 Salient Features of I.T Act

 Computer data accorded legal sanctity

 Certifying Authorities for Digital Signature
established
 Digital Signature recognised
 Cyber crimes to invite tough penalties
 E-Governance

By: Dheeraj Mehrotra

 Salient features of I.T.Act
 Police Authorities given powers of
enforcement
 Appellate authorities set up

By: Dheeraj Mehrotra

 Legal recognition for
electronic records
 An electronic data will be considered as a valid evidence
in the court of law.
 The following conditions have to be satisfied:
 The information contained in the data is accessible for
subsequent use or reference.
 The electronic record is retained or reproducible in the
format in which it was originally generated, sent or
received
 Facilitate identification of the origin, date and time of
despatch or receipt of such electronic record.

By: Dheeraj Mehrotra

 Digital Certificate

 A Digital Certificate is an “electronic card”

that establishes one’s credentials when doing
business or other transactions on the web.
Issuing Authority
 Certifying Authority is a person to whom a
license has been granted to issue a Digital
Certificate which is used to create public-
private key pairs and digital signatures.
By: Dheeraj Mehrotra
 Eligibility criteria for
Certifying Authorities

 An individual being a citizen of India, who has

a capital of Rs 5 crores in his business or
profession
 A company with a paid up capital of Rs 5
crores and net worth not less than Rs 50 crores
and with a foreign holding of not more than 49
%
 A firm with capital of all partners exceeding 5
crores and net worth
By: Dheerajexceeding
Mehrotra Rs 50 crores
 Certifying Authorities

 Certifying Authority to be monitored by the

Controller of Certifying Authorities.
 Duties, rights and responsibilities specified in
the rules

By: Dheeraj Mehrotra

 Digital Signature
 A digital signature is a digital code that can be
attached to an electronically transmitted
message to uniquely identify the stranger.
 Unlike a handwritten signature, a digital
signature binds the content of a message to
the signer in such a way that if even one bit in
the message changes enroute, the signature
will not verify at the other end.

By: Dheeraj Mehrotra

 Authentication of
Digital Signatures
 Any subscriber (a person in whose name digital
signature is issued)may authenticate an electronic
record by affixing his digital signature
 A Digital Signature is secure if it has the
following attributes :
 Unique to subscriber affixing it
 Capable of identifying such subscriber
 Created in an manner or using means under the
exclusive control of the subscriber

By: Dheeraj Mehrotra

 Duties of the subscriber
 Subscriber to generate the key pair by using
the prescribed security procedure
 Subscriber to exercise reasonable care to
retain control over the private key
 Cannot refute a document to which his
signature is affixed as not sent by him using
his private key

By: Dheeraj Mehrotra

 Revocation of Digital
Signature Certificate
 Upon request made by a subscriber
 Upon the death by a subscriber
 Upon dissolution of firm or company
 Requirements for issuance of digital
signature not fulfilled by subscriber

By: Dheeraj Mehrotra

 Cyber Crimes
What is Cyber Crime?
 All activities done with
criminal intent in Cyber
space. These could be
either the criminal activities
in the conventional sense or could be
activities, newly evolved with growth of new
medium.

By: Dheeraj Mehrotra

 Major Cybercrimes

Unauthorised access to a computer system

 Unauthorised access to data or information
 Introduces or causes to introduce viruses
 Tampering with computer source documents
 Cause Damage to Computer system or causes any
disruption
 Denies access to any person authorised to access
the computer system
 Spread of viruses

By: Dheeraj Mehrotra

 Major Cybercrimes

 Uses or down loads un-licensed software

 Hacking
 Publishing obscene information
 Breach of confidentiality and privacy
 Cyber Squatting
 Spread of viruses

By: Dheeraj Mehrotra

 CYBERLAWS FOR
E-COMMERCE
Cybercrimes are on the
increase.
Cybercrimes can be said
to be of three
categories :
Cybercrime against
property
Cybercrime against
By: Dheeraj Mehrotra
Electronic Governance

Filing of forms, application or other documents in

any government office in the electronic form as
per the manner prescribed is given legal sanctity

By: Dheeraj Mehrotra

 Special Provisions for ISPs

 Service Providers considered as intermediaries

 ISPs – Internet Service Providers to maintain
log of all their customers and the sites they
have visited. For this special software is
required to be installed.
 Such data to be produced on demand by ISPs to
any enquiry officer

By: Dheeraj Mehrotra

 THE INFORMATION
TECHNOLOGY ACT, 2000

India enacted its first law,

namely, the Information
Technology Act, 2000 on
17th May, 2000. The said
law received the assent of
the President on 9th June,
2000 and it was finally
implemented on 17th
By: Dheeraj Mehrotra
 I T ACT,2000- OBJECTS
Aims to provide legal
recognition for transactions
carried out by means of
electronic data interchange and
other means of electronic
communication commonly
referred to as electronic
commerce which involve the
alternatives to paper based
methods of communication and
By: Dheeraj Mehrotra
 I T ACT,2000- OBJECTS

To facilitate electronic filing of

documents with Government
agencies .
To amend four laws of the
country, The Indian Penal
Code, The Indian Evidence Act,
1872, The Bankers Book
Evidence Act, 1881 and The
By: Dheeraj Mehrotra
 DIGITAL SIGNATURE
NECESSARY FOR
E-COMMERCE

Once digital signatures

come in, there will be
great enabling factors in
boosting up authenticity
of electronic records and
contracts and would
further in turn boost up
the e-commerce scenario
By: Dheeraj Mehrotra
CYBERCRIME AND IT ACT

IT Act defines various cyber

crimes.
Cyber offences have been
declared as penal offences
punishable with imprisonment
and fine.
These include hacking ,
damage to computer source
code, publishing in an
electronic form any information
By: Dheeraj Mehrotra
 Machinery created for
implementation of the Act

 Powers of Police Officers and Other

Officers
 Establishment of Cyber Appellate Tribunal

By: Dheeraj Mehrotra

Conclusions: Observatory facts at a glance

The Internet (and in particular the World Wide Web)

already has begun to change how we communicate and
engage in commerce.
However, the “we” is not inclusive: a Digital Divide
separates people with the finances, computer literacy skills
and interest and those lacking one or more of these
prerequisites.
We need to understand the risks and rewards of Internet
use.
Legislators, regulators and judges must recognize how
Internet-mediation parallels older media, but also how it
creates new challenges and questions to existing models.
By: Dheeraj Mehrotra
 DRACONIAN POWERS
OF POLICE
• Draconian powers given to
a DSP
• Nowhere in the world do
be find a parallel of such a
wide and unrestricted
power being given to any
officer for the purpose of
investigating and
By: Dheeraj Mehrotra
 DRACONIAN POWERS
OF POLICE
• After all, the power given by the
IT Act to the said DSP includes the
power to " enter any public place
and search and arrest without
warrant any person found therein
who is reasonably suspected or
having committed or of
committing or of being about to
commit any offence under this
Act." By: Dheeraj Mehrotra
 INTERCEPTION OF
INFORMATION
• Any agency of the government
can intercept any information
transmitted through any
computer resource if the same
is necessary in the interest of
the sovereignty or integrity of
India, the security of the State,
friendly relations with foreign
States or public order or for
By: Dheeraj Mehrotra
 INTERCEPTION OF
INFORMATION
• This is one provision which
is likely to be misused
• No standards or provisions
have been laid down by the
IT Act, which define any
conditions detailed above.
• Gross violation of individual
freedom and that aforesaid
By: Dheeraj Mehrotra
 LIABILITY OF NETWORK
SERVICE PROVIDERS
• The normal principle laid
down by the IT Act, 2000 is
that the ISPs are liable for
any third party information
and data made available by
them.
• Section79 talks of liability of
network service providers for
By: Dheeraj Mehrotra
 HACKING
Hacking has been made a penal
offence punishable with
imprisonment and fine.
“ Whoever with the intent to cause
or knowing that he is likely to
cause wrongful loss or damage to
the public or any person destroys
or deletes or alters any information
residing in a computer resource or
diminishes itsBy: Dheeraj
value Mehrotra
or utility or
NEED FOR COMPLIANCE
WITH IT ACT,2000

All companies doing e-

commerce need to ensure
that they comply with the
mandatory requirements
of compliance under the I
T Act and the I T Rules.
By: Dheeraj Mehrotra
 I T SECURITY POLICY

Companies must have a

detailed I T Security Policy in
tune with the mandatory
specific provisions of the IT Act
and IT Rules. This is
absolutely essential in order to
enable any company to take
benefit of the provisions of the
By: Dheeraj Mehrotra
 SEARCH ENGINE ISSUES
In case, if your website has a
search facility or a search engine,
specific declaration about the same
needs to be given on the
homepage.
Express disclaiming statements
need to be given that search
engine is only spidering the web
for the requested query on the
basis of the relevant
By: Dheeraj Mehrotra
technology
 LINKING

Websites should have specific

linking policy in case they
provide links. The said policy
should specifically state the
crux of understanding or
agreement with linking
websites and other consequent
benefits. By: Dheeraj Mehrotra
 SECURITY

• Security issues are of

immense importance in
Cyberlaw.
• Crucial issues of Security
are addressed in the IT
Act, 2000 and IT Rules,
2000 By: Dheeraj Mehrotra
 FACTORS FOR
CONSIDERATION FOR
BUYERS AND SELLERS
Buyers and sellers need to
know the identity of the
person with whom they are
interacting.
The content of the terms to
be agreed upon between
parties have to be crystal
By: Dheeraj Mehrotra
DISPUTE RESOLUTION

There must be a clarity of

thought process on the
mechanism for dispute
resolution, should a
dispute realize. This may
be in the form of either
online arbitration or
By: Dheeraj Mehrotra
 INDIAN CYBERLAW
DOES NOT TALK ABOUT

• DATA PROTECTION
• RIGHT TO INFORMATION
• ONLINE INTELLECTUAL
PROPERTY RIGHTS
• PRIVACY
• CONFIDENTIALITY
• E-TAXATION
• DOMAIN NAMES ISSUES
By: Dheeraj Mehrotra
 NEED FOR EDUCATION

• Need for educating

employees about
potential cybercrimes
and how to escape
harassment arising from
the said offences.
• Cybercrime to be
investigated only by a
By: Dheeraj Mehrotra
 CONCLUSION
• The IT Act, 2000 is the first
step forward.The other steps
have to follow. However, the
government has to be quick
in responding to the
challenges raised by the
constantly changing
technologies. Just as time
does not wait for anyone, so
By: Dheeraj Mehrotra
Let us all analyse the fact that the
e-Commerce Success

Will depend on
• Information Technology and knowledge
based industries
• Physical logistics
• Smart Commercial Chain
• Cyber laws and Digital Law enforcement
• Cheaper Hardware, Software and Internet
• People with e-vision and common sense
By: Dheeraj Mehrotra
 What is needed today is ……………

Launch Nation wide information security campaign:

Information on cyber security related aspects is the
concern of all the computer network / Internet users. Thus,
the Government should take appropriate steps to inform
the public about cyber security in a well-organised
manner. This could be done by organising workshops /
trainings, regular discussions / talks on TV during prime
time, publishing articles etc. in the leading newspapers on
cyber security and counter security aspects.

By: Dheeraj Mehrotra

 What is needed today as already in
practice is ……………

Develop cyber security related curriculum for IT course: This will

include identification of the cyber security courses which could be offered as
part of IT education both in the formal and non-formal education sector. To
identify the cyber security related course areas such as:-
Fundamentals of Cyber Security; Cyber Security Techniques and
Mechanisms; Cyber Security Protocols, Threats and Defenses; E-business
Security and Information Assurance etc. , a subgroup could be formed. The
subgroup could include members from Academic Institutes - IITs, IISc etc.;
Research institutes / labs - DRDO, ISRO, BARC, TIFR etc; Industry -
WIPRO, INFOSYS, SCL etc.; certification agencies like STQC; and other
leading computer organisations like CDAC etc. While developing the overall
curriculum, Sub-group will take into consideration the HR requirements as
projected by the Working Group.

By: Dheeraj Mehrotra

Let us all come together to prevent Cyber
Crime, as
TOGETHER WE CAN.

Thankyou for the kind support.

www.computerscienceexpertise.com
wishes you all a
QUALITY OF WORK LIFE AHEAD.
By: Dheeraj Mehrotra