A6.3: Cyber Security Laws Tybba Sem-Vi Dept. of MGT, Z.B. Patil College, Dhule. Sgshah

A6.3: Cyber Security Laws TYBBA Sem-VI Dept. of Mgt, Z.B. Patil College, Dhule.
SGShah
A6.3: Cyber Security & Laws
Objectives:
 To introduce the student with information security, security threats and control
 To study and understand the basic concepts of cryptography, network security
and cyber laws.
1 Overview of Cyber World and Cyber Laws in India (10)
1.1. Meaning of Data & Information
1.2. Internet and Online Resources
1.3. Importance of Information Security
1.4. History Cyber Laws in India
1.5. Objectives of Information & Technology Act,2000
1.6. Scope of Cyber Law- E-commerce, online contracts, Intellectual Property Rights (IPRs),
E-Governance, Cyber Crimes
1.7. Distinction between Cyber Crime and Other Crimes in general
2 Cyber Networks (10)
2.1 Computer, Computer Network and Cyber: Meaning
2.2 Types of Computer Network: LAN, WAN, MAN
2.3 Virtual Private Networks (VPN) - Meaning, Types
2.4 Computer Network Peripherals: Router, Hub, Fire Walls, Gate Way
2.5 Cyber Network Securities: Meaning & Need
3 Modes of Network Security (10)
3.1 Cryptography: meaning
3.2 Types of Cryptographic Systems,
3.3 Encryption and Decryption
3.4 Physical Security to Network- Meaning & Needs,
3.5 Biometrics System: Meaning & Benefits of Biometrics Systems
3.6 Criteria for selection of Biometrics.
3.7 Use Finger Prints Technology in Network Security
4 E-Commerce, M-Commerce & E-Governance (10)
4.1 E-Commerce & M-commerce: Meaning, Difference and Advantages
4.2 Modes of Payment in E-Commerce & M-Commerce- Cash on Delivery, Internet Banking,
Debit & Credit Card Payment, E-Wallet.
4.3 Security Threats to E Commerce & M-Commerce
4.4 E-Governance: Meaning & Scope
4.5 Importance of E-Governance
4.6 Security Threats to E-Governance
4.7 Digital Signature: Meaning & Scope, Requirement of Digital Signature System
5 Social Networking & Cyber Crime (10)
5.1 Meaning of Social Networking
5.2 Advantages & Disadvantages of Social Networking
5.3 Social networking Sites and their impact on youngsters.
5.4 Crimes related to Social Networking
6 Cyber Crime & Punishments (10)
6.1 Cyber Crime: Meaning
6.2 Types of Cyber Crime
6.2.1 Email Tracing and Tracking, 6.2.2 Hacking
6.2.3 Virus, Worms attacks 6.2.4 Phishing
6.2.5 Cyber Pornography 6.2.6 Cyber Terrorism
6.3 Cyber Criminals and their Objectives
6.4 Few Provision related to Offences & Punishment under Information Technology Act-2000.
Page | 1
A6.3: Cyber Security Laws TYBBA Sem-VI Dept. of Mgt, Z.B. Patil College, Dhule. SGShah
Reference Books:
1. Cyber Law : Pawan Duggal :Universal Publication
2. Cyber Law- Indian And International Perspectives On Key Topics Including Data Security, E-
Commerce, Cloud Computing And Cyber Crimes Hardcover
3. Information Technology Law and Practice (Law & Emerging Technology Cyber Law &
Ecommerce, Reprint): Vakul Sharma
4. Computer Networking: A Top - Down Approach by James F. Kurose
Page | 2
Unit-1: Overview of Cyber World and Cyber Laws in India (10)
1.5. Objectives of Information & Technology Act-2000
1.6. Scope of Cyber Law- E-commerce, online contracts, Intellectual Property Rights (IPRs),
E-Governance, Cyber Crimes

Many organizations work with large amounts of data. Data are basic values or facts and are
organized in a database. Many people think of data as synonymous with information; however,
information actually consists of data that has been organized to help answers questions and to solve
problems. An information system is defined as the software that helps organize and analyze data. So, the
purpose of an information system is to turn raw data into useful information that can be used for decision
making in an organization.
Defining Information Systems
Almost all programs in business require students to take a course in something called information
systems. But what exactly does that term mean? Let‟s take a look at some of the more popular definitions,
first from Wikipedia and then from a couple of textbooks:
 “Information systems (IS) is the study of complementary networks of hardware and software that
people and organizations use to collect, filter, process, create, and distribute data.”
 “Information systems are combinations of hardware, software, and telecommunications networks
that people build and use to collect, create, and distribute useful data, typically in organizational
settings.”
 “Information systems are interrelated components working together to collect, process, store, and
disseminate information to support decision making, coordination, control, analysis, and
viualization in an organization.”
As you can see, these definitions focus on two different ways of describing information systems:
the components that make up an information system and the role that those components play in an
organization.
Internet, as the name suggests, in a network of network i.e. it is a collection of several small, medium
and large networks. This clearly indicates to one fact, nobody is a single owner of the internet and it is one
of the proven example of collaborative success. Now you must be surprised how such a large network
which is spread across the continents can run without the any problem. Yes it is correct that to monitor
such a large network, we require an international body which can frame the rules, regulation and protocols
to join and use this network. Therefore, an international organization, known as “The Internet Society”
was formed in 1992 to take care of such issues.
Let us now discuss, how this internet works? How the email you sent to your friend is received by
your friend‟s computer located at another country/continent. When you are working in your
laptop/desktop in your home without connecting to the internet, your computer is a standalone system.
But, whenever you connect to the internet by dialling to your Internet Service Provider(ISP) using your
modem, you become the part of the network. The ISP is the link between the internet backbone, through
which the entire data route, and the user. The ISP connects to the internet backbone at Network Access
Points(NAP). These NAPs are the provided by the large telecommunication companies at various regions.
These large telecommunication companies connect the countries and the continents by building and
maintaining the large backbone infrastructure to route data from NAP to NAP. ISPs are connected to this
backbone at NAP and are responsible build and manage network locally. So when you dial internet
through modem, you first become part of the local ISP, which in turn connects to the internet backbone
Page | 3
through NAP. The data is routed through this backbone and sent to the destination NAP, where the ISP of
your friend‟s network is located. As soon as your friend dials his modem to connect to the internet, the
data is delivered to your friend‟s computer.
The meaning of the term information security has evolved in recent years. Before the problem of
data security became widely publicized in the media, most people‟s idea of computer security focused on
the physical machine. Traditionally, computer facilities have been physically protected for three reasons:
• To prevent theft of or damage to the hardware
• To prevent theft of or damage to the information
• To prevent disruption of service
Computer security is security applied to computing devices such as computers and smart phones,
as well as computer networks such as private and public networks, including the whole Internet. The field
covers all the processes and mechanisms by which digital equipment, information and services are
protected from unintended or unauthorized access, change or destruction, and are of growing importance
in line with the increasing reliance on computer systems of most societies worldwide. It includes physical
security to prevent theft of equipment, and information security to protect the data on that equipment. It is
sometimes referred to as "cyber security" or "IT security", though these terms generally do not refer to
physical security (locks and such).
Cyber Crime is not defined in Information Technology Act 2000 nor in the I.T. Amendment Act 2008
nor in any other legislation in India. In fact, it cannot be too. Offence or crime has been dealt with
elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and quite
a few other legislations too. Hence, to define cyber crime, we can say, it is just a combination of crime
and computer. To put it in simple terms „any offence or crime in which a computer is used is a cyber
crime‟. Interestingly even a petty offence like stealing or pick-pocket can be brought within the broader
purview of cyber crime if the basic data or aid to such an offence is a computer or an information stored
in a computer used (or misused) by the fraudster. The I.T. Act defines a computer, computer network,
data, information and all other necessary ingredients that form part of a cyber crime,
about which we will now be discussing in detail.
In a cyber crime, computer or the data itself the target or the object of offence or a tool in
committing some other offence, providing the necessary inputs for that offence. All such acts of crime
will come under the broader definition of cyber crime.
Let us now discuss, the Information Technology Act -2000 and the I.T. Amendment Act 2008 in
general and with particular reference to banking and financial sector related transactions. Before going
into the section-wise or chapter-wise description of various provisions of the Act, let us discuss the
history behind such a legislation in India, the circumstances under which the Act was passed and the
purpose or objectives in passing it.
The Genesis of IT legislation in India: Mid 90‟s saw an impetus in globalization and computerisation,
with more and more nations computerizing their governance, and e-commerce seeing an enormous
growth. Until then, most of international trade and transactions were done through documents being
transmitted through post and by telex only. Evidences and records, until then, were predominantly paper
evidences and paper records or other forms of hard-copies only. With much of international trade being
done through electronic communication and with email gaining momentum, an urgent and imminent need
was felt for recognizing electronic records ie the data what is stored in a computer or an external storage
attached there to.
The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model
Law on e-commerce in 1996. The General Assembly of United Nations passed a resolution in January
1997 inter alia, recommending all States in the UN to give favourable considerations to the said Model
Law, which provides for recognition to electronic records and according it the same treatment like a paper
communication and record.
Page | 4
1.5. Objectives of Information & Technology Act-2000
It is against this background the Government of India enacted its Information Technology Act 2000 with
the objectives as follows, stated in the preface to the Act itself. “to provide legal recognition for
transactions carried out by means of electronic data interchange and other means of electronic
communication, commonly referred to as "electronic commerce", which involve the use of alternatives to
paper-based methods of communication and storage of information, to facilitate electronic filing of
documents with the Government agencies and further to amend the Indian Penal Code, the Indian
Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and
for matters connected therewith or incidental thereto.”
The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got President
assent on 9 June and was made effective from 17 October 2000. The Act essentially deals with the
following issues:
 Legal Recognition of Electronic Documents
 Legal Recognition of Digital Signatures
 Offenses and Contraventions
 Justice Dispensation Systems for cyber crimes.
1.6. Scope of Cyber Law- E-commerce, online contracts, Intellectual Property Rights (IPRs), E-
Governance, Cyber Crimes
The Government of India enacted The Information Technology Act with some major objectives which are
as follows:
 To deliver lawful recognition for transactions through electronic data interchange (EDI) and other
means of electronic communication, commonly referred to as electronic commerce or E-commerce.
The aim was to use replacements of paper-based methods of communication and storage of
information.
 E-contract E-contract is any kind of contract formed in the courseof e-commerce by the interaction of
two or more individuals using electronic means, such as e-mail, the interaction of an individual with
an electronic agent, such as a computer program, or the interaction of at least two electronic agents
that are programmed to recognize the existence of a contract. The Uniform Computer Information
Transactions Act provides rules regarding the formation, governance, and basic terms of an e-contract.
Traditional contract principles and remedies also apply to e-contracts. This is also known as electronic contract
 To facilitate electronic filing of documents with the Government agencies and further to amend the
Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the
Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.
 e-Governance: Chapter III discusses Electronic governance issues and procedures and the legal
recognition to electronic records is dealt with in detail in Section 4 followed by description of
procedures on electronic records, storage and maintenance and according recognition to the validity of
contracts formed through electronic means.
 The only difference between a traditional crime and a cyber-crime is that the cyber-crime involves in-
a crime related to computers. Threats originate from all kinds of sources, and mark themselves in
disruptive activities that target individuals, businesses, national infrastructures, and governments
alike. Criminals of these activities can only be worked out from the target, the effect, or other
circumstantial evidence. Threat actors can operate with considerable freedom from virtually
anywhere. The motives for disruption can be anything such as:
o simply demonstrating technical prowess
o theft of money or information
o extension of state conflict, etc.
Criminals, terrorists and sometimes the State themselves act as the source of these threats. Criminals
and hackers use different kinds of malicious tools and approaches. With the criminal activities taking
new shapes every day, the possibility for harmful actions propagates.
Page | 5
 The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I. T. Act got
the President‟s assent on June 9, 2000 and it was made effective from October 17, 2000. By adopting
this Cyber Legislation, India became the 12th nation in the world to adopt a Cyber Law regime.
 Intellectual property rights are the legal rights that cover the privileges given to individuals
who are the owners and inventors of a work, and have created something with their
intellectual creativity. Individuals related to areas such as literature, music, invention, etc.,
can be granted such rights, which can then be used in the business practices by them.
The creator/inventor gets exclusive rights against any misuse or use of work without
his/her prior information. However, the rights are granted for a limited period of time to
maintain equilibrium.
The following list of activities which are covered by the intellectual property rights are laid down
by the World Intellectual Property Organization (WIPO) −
 Industrial designs and Scientific discoveries
 Protection against unfair competition
 Literary, artistic, and scientific works
 Inventions in all fields of human endeavor
 Performances of performing artists, phonograms, and broadcasts
 Trademarks, service marks, commercial names, and designations
 All other rights resulting from intellectual activity in the industrial, scientific, literary, or
artistic fields
Types of Intellectual Property

Rights- Intellectual Property
Rights can be further classified
into the following categories –
 Copyright
 Patent
 Patent
 Trade Secrets, etc
Advantages of Intellectual Property Rights-

Intellectual property rights are advantageous in the following ways −
 Provides exclusive rights to the creators or inventors.
 Encourages individuals to distribute & share- information & data instead of keeping it
confidential.
 Provides legal defense and offers the creators the incentive of their work.
 Helps in social and financial development.
Intellectual Property Rights in India
To protect the intellectual property rights in the Indian territory, India has defined the formation
of constitutional, administrative and jurisdictive outline whether they imply the copyright, patent,
trademark, industrial designs, or any other parts of the intellectual property rights.
Back in the year 1999, the government passed an important legislation based on international
practices to safeguard the intellectual property rights. Let us have a glimpse of the same −
 The Patents (Amendment) Act, 1999, facilitates the establishment of the mail box system
for filing patents. It offers exclusive marketing rights for a time period of five years.
 The Trade Marks Bill, 1999, replaced the Trade and Merchandise Marks Act, 1958
 The Copyright (Amendment) Act, 1999, was signed by the President of India.
Page | 6
 The sui generis legislation was approved and named as the Geographical Indications of
Goods (Registration and Protection) Bill, 1999.
 The Industrial Designs Bill, 1999, replaced the Designs Act, 1911.
 The Patents (Second Amendment) Bill, 1999, for further amending the Patents Act of
1970 in compliance with the TRIPS.
Intellectual Property in Cyber Space
Every new invention in the field of technology experiences a variety of threats. Internet is
one such threat, which has captured the physical marketplace and have converted it into a
virtual marketplace.
To safeguard the business interest, it is vital to create an effective property management
and protection mechanism keeping in mind the considerable amount of business and commerce
taking place in the Cyber Space.
Today it is critical for every business to develop an effective and collaborative IP
management mechanism and protection strategy. The ever-looming threats in the cybernetic
world can thus be monitored and confined.
Various approaches and legislations have been designed by the law-makers to up the ante
in delivering a secure configuration against such cyber-threats. However it is the duty of the
intellectual property right (IPR) owner to invalidate and reduce such mala fide acts of criminals
by taking proactive measures.
Page | 7
2 Cyber Networks (10)
„Computer’ means any electronic magnetic, optical or other high-speed data processing device or
system which performs logical, arithmetic, and memory functions by manipulations of electronic,
magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or
communication facilities which are connected or related to the computer in a computer system or
computer network;
The word „Computer Network’ means collection of devices with input, output and storage capabilities.
Interestingly, the „computer network‟ have been so widely defined to mean many electronic devices with
data processing capability, performing computer functions like logical, arithmetic and memory functions
with input, storage and output capabilities. A careful reading of the words will make one understand that a
high-end programmable gadgets like AC, washing machine, robots connected through switches and
routers used in a network can all be brought under the definition.
Cyber means Cyberspace can be defined as an intricate environment that involves interactions between
people, software, and services. It is maintained by the worldwide distribution of information and
communication technology devices and networks. With the benefits carried by the technological
advancements, the cyberspace today has become a common pool used by citizens, businesses, critical
information infrastructure, military and governments in a fashion that makes it hard to induce clear
boundaries among these different groups. The cyberspace is anticipated to become even more complex in
the upcoming years, with the increase in networks and devices connected to it.
The word „communication devices’ inserted in the ITAA-2008 has been given an inclusive definition,
taking into its coverage cell phones, personal digital assistance or such other devices used to transmit any
text, video etc like what was later being marketed as „iPad‟ or other similar devices on „Wi-fi‟ and cellular
models. Definitions for some words like „cyber café‟ were also later incorporated in the ITAA 2008
A computer network is a group of computers that use a set of common communication protocols
over digital interconnections for the purpose of sharing resources located on or provided by the network
nodes.
Definition – A group of computers which are connected to each other and follow similar usage
protocols for the purpose of sharing information and having communications provided by the
networking nodes is called a Computer Network.
A network may be small where it may include just one system or maybe as large as what one may want.
The nodes may further be classified into various types. These include:
 Personal Computers
 Servers
 Networking Hardware
 General Hosts
Networking can be classified into three types:
1. Types of Computer Networks
2. Topology
3. Interpreters
Types of Computer Networks- There are five main types of Computer Networks:
Page | 8
LAN (Local Area Network) –
 Systems connected in a small network like in a building or a small office
 It is inexpensive
 It uses Ethernet or Token-ring technology
 Two or more personal computers can be connected through wires or cables acting as
nodes
 Transfer of data is fast and is highly score
PAN (Personal Area Network) –
 The smallest computer network
 Devices may be connected through Bluetooth or other infra-red enables devices
 It has a connectivity range of upto 10 metres
 It covers an area of upto 30 feet
 Personal devices belonging to a single person can be connected to each other using
PAN
MAN (Metropolitan Area Network) –
 A network that can be connected within a city, for example, cable TV Connection
 It can be in the form of Ethernet, ATM, Token-ring and FDDI
 It has a higher range
 This type of network can be used to connect citizens with the various Organisations
WAN (Wide Area Network) –
 A network which covers over a country or a larger range of people
 Telephonic lines are also connected through WAN
 Internet is the biggest WAN in the world
 Mostly used by Government Organisations to manage data and information
VPN (Virtual Private Network): –
 A network which is constructed by using public wires to connect to a private network
 There are a number of systems which enable you to create networks using the Internet
as a medium for transporting data
 These systems use encryptions and other security mechanisms to ensure only
authorised users can access
Network Topologies- Given below are the eight types of Network Topologies:
1. Point to Point Topology – Point to Point topology is the simplest topology that connects
two nodes directly together with a common link.
2. Bus Topology – A bus topology is such that there is a single line to which all nodes are
connected and the nodes connect only to the bus
3. Mesh Topology – This type of topology contains at least two nodes with two or more
paths between them
4. Ring Topology – In this topology every node has exactly two branches connected to it.
The ring is broken and cannot work if one of the nodes on the ring fails
5. Star Topology – In this network topology, the peripheral nodes are connected to a
central node, which rebroadcasts all the transmissions received from any peripheral node
to all peripheral nodes on the network, including the originating node
6. Tree Topology – In this type of topology nodes are connected in the form of a tree. The
function of the central node in this topology may be distributed
7. Line Topology – in this topology all the nodes are connected in a straight line
8. Hybrid Topology – When two more types of topologies combine together, they form a
Hybrid topology
Page | 9
(VPN) | An Introduction
VPN stands for virtual private network. A virtual private network (VPN) is a technology that
creates a safe and encrypted connection over a less secure network, such as the internet. Virtual Private
network is a way to extend a private network using a public network such as internet. The name only
suggests that it is Virtual “private network” i.e. user can be the part of local network sitting at a remote
location. It makes use of tunneling protocols to establish a secure connection.
Lets understand VPN by an example:
Think of a situation where corporate office of a bank is situated in Washington,USA.This office
has a local network consisting of say 100 computers. Suppose another branches of bank are in Mumbai,
India and Tokyo, Japan. The traditional method of establishing a secure connection between head office
and branch was to have a leased line between the branches and head office which was very costly as well
as troublesome job. VPN let us overcome this issue in an effective manner.
The situation is described below:
 All 100 hundred computers of corporate office at Washington are connected to the VPN server(which is a well
configured server containing a public IP address and a switch to connect all computers present in the local
network i.e. in US head office).
 The person sitting in the Mumbai office connects to The VPN server using dial up window and VPN server
return an IP address which belongs to the series of IP addresses belonging to local network of corporate office.
 Thus person from Mumbai branch becomes local to the head office and information can be shared securely
over the public internet.
 So this is the intuitive way of extending local network even across the geographical borders of the country
VPN is well exploited all across the globe

I will explain you with an example that i use regularly in my smartphone. Spotify-a swedish music app
which is not active in India But I am making full use of it sitting in india . so how ?? VPN can be used to
camouflage our geo location. Let me explain you step by step.
 My Ip address is 101.22.23.3 which belongs to india. That‟s why my device is not able to access
spotify music app.
 But the magic begins when i used Psiphon app which is an android app and is used to change the
my device ip address to the ip address of the location i want(say US where spotify works in a
seamless manner).
Page | 10
 The IP address is changed using VPN technology. Basically what happens is that your device will
connect to a VPN server of respective country that you have entered in your location textbox of
psiphon app and now you will inherit a new IP from this server.
Now I typed, “what is my ip address”? Amazingly my ip address changed to 45.79.66.125 which belongs
to USA And since spotify works well in US, so i can use it now being in India (virtually in USA). Is not
that good? obviously, it is very useful.
This is not only a single reason I should choose to use VPN. It also provide some amazing features which
are listed below:-
1. VPN also ensures security by providing an encrypted tunnel between client and vpn server.
2. VPN is used to bypass many blocked sites.
3. VPN facilitates Anonymous browsing by hiding your ip address.
4. Also most appropriate Search engine optimization(SEO) is done by analyzing the data from VPN
providers which provide country wise stats of browsing a particular product . This method of SEO is
used widely my many internet marketing managers to form new strategies.
VPN and its legality
Using VPN is legal in most of the countries,. The legality of using a VPN service depends on the
country and its geopolitical relations with another country as well. A reliable and secure VPN is always
legal if you are not intended to use for any illegal activities like to commit a fraud online, cyber theft, or
in some countries to download copyrighted content.
China has decided to block all VPNs (Virtual Private Network) by next year, as per report of
Bloomberg. Many Chinese Internet users use VPNs to privately access websites that are blocked under
China‟s so called “great firewall”. This is done to avoid any information leakage to rival countries and so
as to tighten the information security.
Another Example:- A company wanting to connect two (or more) of its sites can choose from several
different types of WAN services: leased lines, Frame Relay, or more likely Multiprotocol Label Switching
(MPLS) today. All these services are typcially expensive. However, another much cheaper option exists
for connecting company sites to each other. Each site can simply be connected to the Internet using a
broadband Internet access technology like digital subscriber line (DSL), cable, WiMAX, or even 3G/4G.
Different sites then can send data to each other using the public Internet as a wide area network (WAN).
Page | 11
There is one problem with using Internet as a WAN though. The Internet is not as secure as other
WAN options. The vulnerability of the Internet is, to a great extent, due to the fact that it is a public
network. Just anyone with a computer can access the Internet and possibly attack any other computer.
Other WAN options mentioned here are relatively secure. For example, in order to steal data flowing over
a leased line, the attacker has to physically tap into the line with specialized equipment or be present at the
telco central office. These actions are punishable by law and not easy for just anyone.
The possibility to use the Internet as a WAN is quite tempting despite the security concerns. Virtual
private network (VPN) technology provides answers to the security questions associated with using the
Internet as a private WAN service. In this chapter, we introduce you to the basic concepts and
terminology related to VPNs. We then discuss details of two main types of VPNs: IP Security (IPsec) and
Secure Sockets Layer (SSL).
VPNs have several advantages over other WAN technologies, some of which are summarized here:
 Cost: Internet VPN solutions can be much cheaper than alternate private WAN options available
today.
 Security: Modern VPN solutions can be as secure as private WAN options and are being used even
by organizations with the most stringent security requirements such as credit card companies.
 Scalability: Internet VPN solutions can be scaled quickly and cost-effectively to a large number of
sites.
Each location can choose from multiple options of Internet connectivity.
VPN Concepts
A virtual private network (VPN) is used to transport data from a private network to another private
network over a public network, such as the Internet, using encryption to keep the data confidential. In
other words, a VPN is an encrypted connection between private networks over a public network, most
often the Internet. VPNs provide the following services:
 Confidentiality: VPNs prevent anyone in the middle of the Internet from being able to read the data.
The Internet is inherently insecure as data typically crosses networks and devices under different
administrative controls. Even if someone is able to intercept data at some point in the network they
won‟t be able to interpret it due to encryption.
 Integrity: VPNs ensure that data was not modified in any way as it traversed the Internet.
 Authentication: VPNs use authentication to verify that the device at the other end of VPN is a
legitimate device and not an attacker impersonating a legitimate device.
 Anti-Replay: VPNs ensure that hackers are not able to make changes to packets that flow from source
to destination.
A VPN is essentially a secure channel, often called a tunnel, between two devices or end points
near the edge of the Internet. The VPN end points encrypt the whole of original IP packet, meaning
the contents of the original packet cannot be understood by someone who even manages to see a copy
of the packet as it traverses the network. The VPN end points also append headers to the original
encrypted packet. The additional headers include fields that allow VPN devices to perform all their
functions.
Network Devices- Discussed below are a few important network devices from the exam point
of view:
 Network Repeater – Used to generate incoming electrical, wireless or optical signals
 Network Hub – It is a small network device. It joins multiple computers together to form a
single network segment. On this segment, all computers can interact with each other
 Network Switch – It is a small hardware device which joins multiple computers together
with a single LAN
 Network Router – This device interfaces in multiple networks whose task is to copy
packages from one network to another. It provides connectivity inside enterprises,
between Enterprises and the Internet and within an ISP
Page | 12
 Network Bridge – It reads the outermost section of the data packet to tell where the
message is going. It reduces the traffic on other network segments.
 Modem – This device converts digital signals into analog signals. It is always placed
between a telephone and a computer system
Firewalls
A firewall is a network security system that manages and regulates the network traffic
based on some protocols. A firewall establishes a barrier between a trusted internal network and
the internet.
Firewalls exist both as software that run on a hardware and as hardware appliances.
Firewalls that are hardware-based also provide other functions like acting as a DHCP server for
that network.
Most personal computers use software-based firewalls to secure data from threats from
the internet. Many routers that pass data between networks contain firewall components and
conversely, many firewalls can perform basic routing functions.
Firewalls are commonly used in private networks or intranets to prevent unauthorized
access from the internet. Every message entering or leaving the intranet goes through the
firewall to be examined for security measures.
An ideal firewall configuration consists of both hardware and software based devices. A
firewall also helps in providing remote access to a private network through secure authentication
certificates and logins.
Hardware and Software Firewalls
Hardware firewalls are standalone products. These are also found in broadband routers.
Most hardware firewalls provide a minimum of four network ports to connect other computers.
For larger networks − e.g., for business purpose − business networking firewall solutions are
available.
Software firewalls are installed on your computers. A software firewall protects your
computer from internet threats.

Network security is the security provided to a network from unauthorized access and risks. It is
the duty of network administrators to adopt preventive measures to protect their networks from
potential security threats.
Computer networks that are involved in regular transactions and communication within the
government, individuals, or business require security. The most common and simple way of
protecting a network resource is by assigning it a unique name and a corresponding password.
Types of Network Security Devices
 Active Devices-These security devices block the surplus traffic. Firewalls, antivirus
scanning devices, and content filtering devices are the examples of such devices.
 Passive Devices-These devices identify and report on unwanted traffic, for example,
intrusion detection appliances.
 Preventative Devices-These devices scan the networks and identify potential security
problems. For example, penetration testing devices and vulnerability assessment
appliances.
 Unified Threat Management (UTM)-These devices serve as all-in-one security devices.
Examples include firewalls, content filtering, web caching, etc.
 Firewalls and Gateways- Already discussed in earlier topics
Page | 13
Q 1. Which of the following is not a type of network topology?
1. Ring 4. Bus
2. Star 5. All of the above are a type of network
3. Circle topology
Answer: (2) Circle
Q 2. The network device converts digital signals into analog signals and can be connected through a
telephone is called _____
1. Modem 4. Bridge
2. Hotspot 5. Switch
3. Router
Answer: (1) Modem
Q 3. Which of the following terms is related to sending data to a satellite?
1. Uplink 4. Modular
2. Modem 5. Downlink
3. Switch
Answer: (1) Uplink
Q 4. ______ topology is the simplest topology that connects two nodes directly together with a common
link.
1. Point to Point 4. Star
2. Line 5. None of the above
3. Ring
Answer: (1) Point to Point
Q 5. Which is the shortest network covering network?
1. LAN 4. PAN
2. MAN 5. VPN
3. WAN
Answer: (4) Personal Area Network (PAN)
Q 6. When two or more topologies connect together, they are called ______
1. Tree Topology 4. Mesh Topology
2. Cluster Topology 5. Line Topology
3. Hybrid Topology
Answer: (3) Hybrid Topology
Q 7. ATM is a form of _____
1. Local Area Network 4. Personal Area Network
2. Wide Area Network 5. Virtual Private Network
3. Metropolitan Area Network
Answer: (3) Metropolitan Area Network
Q 8. _______ is a small hardware device which joins multiple computers together with a single LAN.
1. Modem 4. Router
2. Switch 5. Bridge
3. Modular
Answer: (2) Switch
Q 9. A collection of various computers into a single coherent system, provided to a client, is called
_______.
1. Distributed System 4. Collective Network
2. Computer Network 5. None of the above
3. Systematic Network
Answer: (1) Distributed System
Q 10. A network which is constructed by using public wires to connect to a private network is called
______
1. Local Area Network 4. Personal Area Network
2. Wide Area Network 5. Virtual Private Network
3. Metropolitan Area Network
Answer: (5) Virtual Private Network
Page | 14
Differences between Firewall and Antivirus
A firewall is a security network designed to Antivirus is is a software utility program designed to

protect computer systems and networks from protect a system from internal attacks from viruses, trojan
malicious attacks. horse, spyware etc
The general term used for a firewall is “packet Antivirus identifies and corrects any weaknesses found in
filter” because it filters any incoming data the computer system.
packets for suspicious contents.
The main purpose of a firewall is to monitor The main function of an antivirus is to scan, detect, prevent
network traffic and restrict any unauthorized and remove any existential threat to the computer system
entry
A firewall works at a network protocol level An antivirus will only scan for any harmful programs that
to safeguard against any unwanted intrusion are present in the system such as viruses, worms, Trojans
etc
One of the limitations of a firewall is that it One of the limitations of an antivirus is that it is cannot
cannot block any internal attacks and also check read-only files.
those attacks that bypass its network coverage
DEC SEAL was the first commercially viable The first documented removal of a computer virus was by
firewall program that came out in 1992. Its an actual antivirus software was in 1987 when a German
creation was spearheaded by American computer security expert, Bernard Robert Fix, created a
computer scientists Brian Reed and Jeff programme to remove a virus that had infected files in a
Mogul. DOS-based system
Difference Between Virus and Malware
Malware and Virus are mostly considered to be the same thing and people generally tend to interchange
their meaning. Thus, it is important for one to know the difference between malware and virus as these
two terms are technically different from each other.
Malware is a type of malicious software which intends to infect the host computer. Whereas, Virus is a
type of malware itself. It infects files and then spreads through a device whenever the file or program is
run.
Key Differences – Malware vs Virus
Given below are the differences between malware and virus in a tabular format to easily and accurately
understand the two terms:
Difference Between Malware and Virus
Malware Virus
Definition: Malware is a software which is Definition: A virus is a code which attaches itself
designed to get unauthorised access of a to various files and programs which get infected
computer system, generally for a third party in a manner that they can disrupt and corrupt a
benefit. device.
Types of Malware include: Types of Virus include:

Page | 15
 Virus  Boot sector

 Trojan  Multipartite
 Worm  Spacefiller
 Ransomware  Resident
 Spyware  Polymorphic
 Adware  File infector
 Direct Action
 Macro
The full form of Malware is Malicious Software The full form of Virus is Vital Information
Resource Under Seize
A computer system with a malware software Antivirus is used to remove viruses from a
can be repaired using an antimalware software computer device
If a malware software affects your computer A system attacked by a computer virus can be
device, it may: apprehended if:
 Try to retrieve personal information  The processing speed decreases
 Steal data like saved cards or payment  Too many pop-ups appear on the screen
details  Passwords are reset
 Initiate mining for bitcoin  Different programs begin to execute
 Overpower its presence and execute themselves
unwanted tasks
Examples of Anti-Malware software include: Examples of Antivirus software are:

 Total AV  McAfee
 Bitdefender  Norton
 Malwarebytes  Avast
 Hitman Pro  Kaspersky
Aspirants can also visit the Computer Virus page and learn in detail about what is a virus and what are its
different types.
Page | 16
3 Modes of Network Security (10)
3.4 Physical Security to Network- Meaning & Needs,
-----------------------------------------------------------------------------------------------------------------------
Cryptography is one of the most important tools for building secure systems. Through the proper
use of cryptography, one can ensure the confidentiality of data, protect data from unauthorized
modification, and authenticate the source of data. Cryptography can also enable many other security goals
as well. Cryptography, however, is not a panacea. Getting cryptography right is extremely hard.
Modern cryptography is the cornerstone of computer and communications security. Its foundation
is based on various concepts of mathematics such as number theory, computational-complexity theory,
and probability theory.
Characteristics of Modern Cryptography
1. It operates on binary bit sequences.
2. It relies on publicly known mathematical algorithms for coding the information. Secrecy is obtained
through a secrete key which is used as the seed for the algorithms. The computational difficulty of
algorithms, absence of secret key, etc., make it impossible for an attacker to obtain the original
information even if he knows the algorithm used for coding.
3. Modern cryptography requires parties interested in secure communication to possess the secret key
only.
Cryptology, the study of cryptosystems, can be subdivided into two branches −
 Cryptography
 Cryptanalysis
What is Cryptography?
Cryptography is the art and science of making a cryptosystem that is capable of providing
information security.
Cryptography deals with the actual securing of digital data. It refers to the design of mechanisms
based on mathematical algorithms that provide fundamental information security services. You can think
of cryptography as the establishment of a large toolkit containing different techniques in security
applications.
What is Cryptanalysis?
The art and science of breaking the cipher text is known as cryptanalysis.
Cryptanalysis is the sister branch of cryptography and they both co-exist. The cryptographic process
results in the cipher text for transmission or storage. It involves the study of cryptographic mechanism
with the intention to break them. Cryptanalysis is also used during the design of the new cryptographic
techniques to test their security strengths.
Note− Cryptography concerns with the design of cryptosystems, while cryptanalysis studies the
breaking of cryptosystems.
Security Services of Cryptography
The primary objective of using cryptography is to provide the following four fundamental
information security services. Let us now see the possible goals intended to be fulfilled by cryptography.
Confidentiality
Confidentiality is the fundamental security service provided by cryptography. It is a security
service that keeps the information from an unauthorized person. It is sometimes referred to as privacy or
Page | 17
secrecy. Confidentiality can be achieved through numerous means starting from physical securing to the
use of mathematical algorithms for data encryption.
Data Integrity
It is security service that deals with identifying any alteration to the data. The data may get
modified by an unauthorized entity intentionally or accidently. Integrity service confirms that whether
data is intact or not since it was last created, transmitted, or stored by an authorized user.
Data integrity cannot prevent the alteration of data, but provides a means for detecting whether data has
been manipulated in an unauthorized manner.
Authentication
Authentication provides the identification of the originator. It confirms to the receiver that the data
received has been sent only by an identified and verified sender.
Authentication service has two variants −
 Message authentication identifies the originator of the message without any regard router or
system that has sent the message.
 Entity authentication is assurance that data has been received from a specific entity, say a
particular website.
Apart from the originator, authentication may also provide assurance about other parameters related to
data such as the date and time of creation/transmission.
Non-repudiation
It is a security service that ensures that an entity cannot refuse the ownership of a previous
commitment or an action. It is an assurance that the original creator of the data cannot deny the creation or
transmission of the said data to a recipient or third party.
Non-repudiation is a property that is most desirable in situations where there are chances of a
dispute over the exchange of data. For example, once an order is placed electronically, a purchaser cannot
deny the purchase order, if non-repudiation service was enabled in this transaction.
Cryptography Primitives
Cryptography primitives are nothing but the tools and techniques in Cryptography that can be
selectively used to provide a set of desired security services −
 Encryption
 Hash functions
 Message Authentication codes (MAC)
 Digital Signatures
Cryptosystems
A cryptosystem is an implementation of cryptographic techniques and their accompanying
infrastructure to provide information security services. A cryptosystem is also referred to as a cipher
system.
Let us discuss a simple model of a cryptosystem that provides confidentiality to the information being
transmitted. This basic model is depicted in the illustration below
Page | 18
The illustration shows a sender who wants to transfer some sensitive data to a receiver in such a way that
any party intercepting or eavesdropping on the communication channel cannot extract the data.
The objective of this simple cryptosystem is that at the end of the process, only the sender and the receiver
will know the plaintext.
Components of a Cryptosystem
The various components of a basic cryptosystem are as follows −
 Plaintext. It is the data to be protected during transmission.
 Encryption Algorithm. It is a mathematical process that produces a ciphertext for any given
plaintext and encryption key. It is a cryptographic algorithm that takes plaintext and an encryption
key as input and produces a ciphertext.
 Ciphertext. It is the scrambled version of the plaintext produced by the encryption algorithm
using a specific the encryption key. The ciphertext is not guarded. It flows on public channel. It
can be intercepted or compromised by anyone who has access to the communication channel.
 Decryption Algorithm, It is a mathematical process, that produces a unique plaintext for any
given ciphertext and decryption key. It is a cryptographic algorithm that takes a ciphertext and a
decryption key as input, and outputs a plaintext. The decryption algorithm essentially reverses the
encryption algorithm and is thus closely related to it.
 Encryption Key. It is a value that is known to the sender. The sender inputs the encryption key
into the encryption algorithm along with the plaintext in order to compute the ciphertext.
 Decryption Key. It is a value that is known to the receiver. The decryption key is related to the
encryption key, but is not always identical to it. The receiver inputs the decryption key into the
decryption algorithm along with the ciphertext in order to compute the plaintext.
For a given cryptosystem, a collection of all possible decryption keys is called a key space.
An interceptor (an attacker) is an unauthorized entity who attempts to determine the plaintext. He can see
the ciphertext and may know the decryption algorithm. He, however, must never know the decryption key

Fundamentally, there are two types of cryptosystems based on the manner in which encryption-
decryption is carried out in the system −
 Symmetric Key Encryption
 Asymmetric Key Encryption
The main difference between these cryptosystems is the relationship between the encryption and the
decryption key. Logically, in any cryptosystem, both the keys are closely associated. It is practically
impossible to decrypt the ciphertext with the key that is unrelated to the encryption key.
Symmetric Key Encryption
The encryption process where same keys are used for encrypting and decrypting the
information is known as Symmetric Key Encryption.
The study of symmetric cryptosystems is referred to as symmetric cryptography. Symmetric
cryptosystems are also sometimes referred to as secret key cryptosystems.
A few well-known examples of symmetric key encryption methods are − Digital Encryption
Standard (DES), Triple-DES (3DES), IDEA, and BLOWFISH
Page | 19
Prior to 1970, all cryptosystems employed symmetric key encryption. Even today, its relevance is very
high and it is being used extensively in many cryptosystems. It is very unlikely that this encryption will
fade away, as it has certain advantages over asymmetric key encryption.
The salient features of cryptosystem based on symmetric key encryption are −
 Persons using symmetric key encryption must share a common key prior to exchange of information.
 Keys are recommended to be changed regularly to prevent any attack on the system.
 A robust mechanism needs to exist to exchange the key between the communicating parties. As keys
are required to be changed regularly, this mechanism becomes expensive and cumbersome.
 In a group of n people, to enable two-party communication between any two persons, the number of
keys required for group is n × (n – 1)/2.
 Length of Key (number of bits) in this encryption is smaller and hence, process of encryption-
decryption is faster than asymmetric key encryption.
 Processing power of computer system required to run symmetric algorithm is less.
Challenge of Symmetric Key Cryptosystem
There are two restrictive challenges of employing symmetric key cryptography.
 Key establishment − Before any communication, both the sender and the receiver need to agree
on a secret symmetric key. It requires a secure key establishment mechanism in place.
 Trust Issue − Since the sender and the receiver use the same symmetric key, there is an implicit
requirement that the sender and the receiver „trust‟ each other. For example, it may happen that the
receiver has lost the key to an attacker and the sender is not informed.
These two challenges are highly restraining for modern day communication. Today, people need to
exchange information with non-familiar and non-trusted parties. For example, a communication between
online seller and customer. These limitations of symmetric key encryption gave rise to asymmetric key
encryption schemes.
Asymmetric Key Encryption
The encryption process where different keys are used for encrypting and decrypting the
information is known as Asymmetric Key Encryption. Though the keys are different, they are
mathematically related and hence, retrieving the plaintext by decrypting ciphertext is feasible. The
process is depicted in the following illustration −
Asymmetric Key Encryption was invented in the 20th century to come over the necessity of pre-
shared secret key between communicating persons. The salient features of this encryption scheme are as
follows –
 Every user in this system needs to have a pair of dissimilar keys, private key and public key. These
keys are mathematically related − when one key is used for encryption, the other can decrypt the
ciphertext back to the original plaintext.
Page | 20
 It requires to put the public key in public repository and the private key as a well-guarded secret.
Hence, this scheme of encryption is also called Public Key Encryption.
 Though public and private keys of the user are related, it is computationally not feasible to find one
from another. This is a strength of this scheme.
 When Host1 needs to send data to Host2, he obtains the public key of Host2 from repository, encrypts
the data, and transmits.
 Host2 uses his private key to extract the plaintext.
 Length of Keys (number of bits) in this encryption is large and hence, the process of encryption-
decryption is slower than symmetric key encryption.
 Processing power of computer system required to run asymmetric algorithm is higher.
Symmetric cryptosystems are a natural concept. In contrast, public-key cryptosystems are quite difficult
to comprehend.
You may think, how can the encryption key and the decryption key are ‘related’, and yet it is impossible
to determine the decryption key from the encryption key? The answer lies in the mathematical concepts. It
is possible to design a cryptosystem whose keys have this property. The concept of public-key
cryptography is relatively new. There are fewer public-key algorithms known than symmetric algorithms.
Challenge of Public Key Cryptosystem
Public-key cryptosystems have one significant challenge − the user needs to trust that the public key that
he is using in communications with a person really is the public key of that person and has not been
spoofed by a malicious third party.
This is usually accomplished through a Public Key Infrastructure (PKI) consisting a trusted third party.
The third party securely manages and attests to the authenticity of public keys. When the third party is
requested to provide the public key for any communicating person X, they are trusted to provide the
correct public key.
The third party satisfies itself about user identity by the process of attestation, notarization, or some other
process − that X is the one and only, or globally unique, X. The most common method of making the
verified public keys available is to embed them in a certificate which is digitally signed by the trusted
third party.
Relation between Encryption Schemes
A summary of basic key properties of two types of cryptosystems is given below
Symmetric Cryptosystems Public Key Cryptosystems
Relation between Keys Same Different, but mathematically related
Encryption Key Symmetric Public
Decryption Key Symmetric Private
Due to the advantages and disadvantage of both the systems, symmetric key and public-key
cryptosystems are often used together in the practical information security systems.
3.4 Physical Security to Network- Meaning & Needs- Introduction to Physical Security
These days, Don‟t forget to backup your data, apply patches over vulnerabilities, monitor
firewalls, etc. It is very important to remember that software is not your only weapon when it comes to
cyber security. Physical Cyber Security is another tier in your line of defense.
Factors on which Physical Security Depends
 How many workplaces, buildings or sites are there in an organization?
 Size of the building of the organization?
 How many employees are employed in the organization?
 How many entry and exit points are there in the organization?
 Points of placement of data centers and other confidential information.
Page | 21
Layers of Physical Security
Layers in Physical Security are implemented at the perimeter and are moving towards an asset.
The layers are as follows:
1. Deterrence
The goal of Deterrence methods is to convince a potential attacker that a successful attack is not
possible due to strong defenses. For example: By placing your keys inside a highly secure key control
system made up of heavy metal like steel, you can help prevent attackers from gaining access to
assets. Deterrence methods are classified into 4 categories:
 Physical Barriers: These include fences, walls, vehicle barriers, etc. They also act as a
Psychological deterrent by defining the perimeter of the facility and making intrusion seem
more difficult.
 Combination Barriers: These are designed to defeat defined threats. This is a part of building
codes as well as fire codes.
 Natural Surveillance: In this architects seek to build places that are more open and visible to
authorized users and security personnel so that attackers are unable to perform the unauthorized
activity without being seen. For example- decreasing the amount of dense and tall vegetation.
 Security Lighting: Doors, gates or other means of the entrance should be well lit as Intruders
are less likely to enter well-lit areas. Keep mind to place lighting in a manner, that is difficult
to tamper.
2. Detection
If you are using the manual key control system, you have no way of knowing the exact timestamp of
when an unauthorized user requested a key or has exceeded its time limit. Detection methods can of
the following types:
 Alarm Systems and Sensors: Alarm systems can be installed to alert security personnel in
case of an attempt of unauthorized access. They consist of sensors like perimeter sensors,
motion sensors, etc.
 Video Surveillance: Surveillance cameras can be used for detection if an attack has already
occurred and a camera is placed at the point of attack. Recorded video can be used
3. Access Control
These methods are used to monitor and control the traffic through specific access points. Access
Control includes the following methods:
 Mechanical Access Control Systems: These includes gates, doors, locks, etc.
 Electronic Access Control: These are used to monitor and control larger populations,
controlling for user life cycles, dates and individual access points.
 Identification System and access policies: These includes the use of policies, procedures and
processes to manage the access into the restricted area.
4. Security Personnel
They play a central role in all layers of security. They perform many functions like:
 Administering electronic access control.
 Responding to alarms.
 Monitoring and analyzing video footage and many more
Countermeasures and Protection Techniques
1. Protection against Dumpster Diving
Dumpster Diving is the process of finding some useful information about the person or business from
the trash that can later be used for hacking purpose. Since the information is in the trash, it is not
useful for the owner but deemed useful to the picker. To protect against it, you need to follow certain
measures:
Page | 22
 Ensure all important documents are shredded and they are still secure.
 Destroy any CDs/ DVDs containing personal data.
 Make sure that nobody can walk into your building and simply steal your garbage and should
have safe disposal policy.
 Firewalls can be used to prevent suspicious users from accessing the discarded data.
2. Employee Awareness Training
A negligent employee can be one of the major causes of a Cyber security breach. Employee awareness
training sessions can help in such cases. Employee awareness training should focus on one underlying
theme- avoid the SEP- Somebody else’s problem field.
3. Site Access Control
Lack of Access Control can be highly devastating if a wrong person gets in and gets access to sensitive
information. Fortunately nowadays, you have a number of modern tools that will help you to optimize
your access control.
 Envoy is a tool that will help you to expand access to guests in controlled manner.
 Open Path is a mobile system that allows access to only a limited set of people within th e
directory using smartphones and other devices.
4. Securing Your Windows
If you have the data that hackers would love to get their hands on, they will try any method and might
just look through the window. Make sure you are aware of the sight angles to position your screens
and other devices. Overlooking from different sight angles to see your credentials is known
as Shoulder Surfing.
5. Secure Network-Enabled Printers
Network Printers are a very convenient option allowing anyone in the office to get connected, without
a need of extra wiring. Unfortunately, they have underlying security risks also. Sometimes, due to
default settings, they offer open WiFi access, thus allowing anyone to get in and open vulnerabilities in
the process.
 Only connect those to the Internet that actually needs to be.
 Remote access is not necessary for scenarios where only people from your office use the
printer.
 You can add passwords to the connection if necessary.
6. Securing Your Backups
Physical backups are critical for business continuity, helping you prevent data loss in the event of
disasters, outages, and more. Most businesses secure their servers but they forget that backups are
equally important. They are holding the same level of sensitive data as servers. Treat your backups as
you treat your sensitive information and secure them.
7. Building Secure Guest Wifi
Guest WiFi is a natural solution when you have guests or visitors. Here are a few tricks to help protect
your resources from the external users:
 Segment your network- In this way, it isolates Guest WiFi from your internal devices and data.
 Encrypt your wireless signals and change the default passwords of all devices on the network.
8. Locking up your Servers
Any area in your organization that stores data need to be secured. Locking doors and making sure
server area gets extra protection.
9. Accounting for Loss or Stolen Devices
As devices are becoming more mobile, chances for them being stolen or falling out of someone‟s
pocket becomes more frequent. Mobile Device Management can help you to manage such situations
and take the necessary precautions. The best solution in such cases is to simply lock down and
potentially wipe any lost or stolen devices from the organization remotely.
10. Implementing video systems
Page | 23
To achieve a more secure premises, it is advisable to use a Video Surveillance system.
 Mere presence of cameras can deter potential attackers.
 Availability of video footage allows you to have continuous monitoring over the entire
premises.
 If an attack happens, you can check the recorded video, easily reconcile the process and catch
the perpetrator.

Access control security systems are designed to restrict physical entry to only users with authorization. Many
organizations, governmental and private, have started adopting access control security systems for physical entry
into their facilities. Whether it is a simple non intelligent access control system like a punching in a password, or
advanced biometric systems that scan and permit entry very specifically, there are many advantages to employing
these security systems.
There are many biometric modalities available including fingerprint, finger vein, facial recognition, iris, voice,
signature, gait, and more. It‟s important to understand that not all biometric modalities have the ability to meet the
requirements of every organization
Finger-Print Access Control System (and Eye Retina )
Biometric systems will collect and store this data in order to use it for verifying personal identity. The
combination of biometric data systems and biometrics recognition/ identification technologies creates the biometric
security systems. The biometric security system is a lock and capture mechanism to control access to specific data.
In order to access the biometric security system, an individual will need to provide their unique characteristics or
traits which will be matched to a database in the system. If there is a match, the locking system will provide access
to the data for the user. The locking and capturing system will activate and record information of users who
accessed the data.

It‟s important to realize that there is not one biometric modality which is best for all conditions
and implementations. Many factors must be taken into account when implementing a biometric device
including location, security, acceptability, and ease of use. However, performance and cost may vary
when taking into consideration deployment requirements and environment. At times deployments may
require combining two biometric modalities (i.e. “multimodal” biometrics) to ensure optimal accuracy.
Choosing the right modality is important to maximize the full benefits from a biometric system.
some important factors which should be considered for choosing a biometric
 Accuracy Accuracy is one of the most important aspects to assess when choosing a biometric
modality. It is based on several criteria including error rate, false acceptance rate (FAR),
identification rate, false reject rate (FRR) and additional biometric system standards.
 Anti-spoofing capabilities As biometric recognition systems become more widespread, more
attention has been given to possible direct attacks, where potential intruders may gain access to
the system by interacting with the system input device. Such attempts are commonly referred
as spoofing attacks. Strong anti-spoofing protection is a must have capability for the right
biometric modality.
 Acceptability User acceptance is the linchpin of biometric identification management
deployment success. Certain biometric modalities may have a stigma associated with them
(e.g. – fingerprint biometrics and criminality) which can negatively impact user perception in
certain cultures. Understanding which modalities are acceptable versus those that may cause
user acceptance issues is important.
 Cost effectiveness Cost is an important factor to consider when choosing the best and most
effective biometric hardware modality. Depending on the underlying technology and hardware
characteristics, certain modalities may be more cost effective than others. It‟s important to
recognize that an initial investment in biometrics can and is quite often recouped in a short
amount of time to achieve fast return on investment (ROI).
Page | 24
Hygiene Contact dependent biometric hardware is an important factor to consider before making an
investment. Many new deployments in industries that pay close attention to infection control prefer to use
contactless biometric modalities for hygienic reasons.

A fingerprint sensor is an electronic device used to capture a digital image of
the fingerprint pattern. The captured image is called a live scan. This live scan is digitally processed to
create a biometric template (a collection of extracted features) which is stored and used for matching.
 Cyber security fingerprinting refers to a set of information that can be used to identify
network protocols, operating systems, hardware devices, software among other things.
 Hackers use fingerprinting as the first step of their attack to gather maximum information about
targets
 Higher accuracy – As one of the most sophisticated biometric modalities, fingerprint scanners
provide almost 100% of accuracy during authentication. Faster access – Compared to typing a
password, a fingerprint scanner can lock and unlock your workstation or device quickly
Securing devices with fingerprint recognition further secures the network and the resources
these devices access, as access is provided on the basis of “what a user it”.
 Finger print biometrics also offers a great solution for personal devices accessing corporate
network
Organizations at enterprise level have a fairly complex IT infrastructure and resources that are
simultaneously accessed by several users, devices and applications. Information and resources over a
corporate network can be crucial for business continuity, and a breach may bring business operations to a
complete halt. Frequent occurrence of data breaches and information security incidents is a wake-up call
for business and corporations to re-evaluate their network and PC security efforts. Organizations with “it
will not happen to us” mentality often ignore crucial data security aspects unless it actually happens to
them. Once a malware is on a corporate network, it quickly infects other machines, paralyzing the whole
network.
Page | 25
4 E-Commerce, M-Commerce & E-Governance (10)
4.2 Modes of Payment in E-Commerce & M-Commerce- Cash on Delivery, Internet Banking,
Debit & Credit Card Payment, E-Wallet.
------------------------------------------------------------------------------------------------------------------------------
Traditional commerce Electronic Commerce
1. It traditional commerce never plays a role of IT. 1. In E-Commerce involves IT.
2. Telecommunication technology not used here. 2. Telecommunication is main part of E-
Commerce.
3. Customer can feel & touch a product. 3. Customer can‟t feel & touch a product, but
only see product.
4. Shopping is not online. 4. Shopping is online.
5. Product cost is highly according to E- 5. Product cost is low according to global
Commerce market.
6. Business process is commonly process. 6. Advance business process.
7. Time consuming. 7. Time saver.
9. Distance matter 9. Doesn‟t matter.
10. Is maximum secure. 10. But E-Commerce is not secures.
11. Minimum (Limitations) variety. 11. No limitation in variety.
12. Bargaining is possible 12. Don‟t possible bargaining.
13. Direct cash payment or do credit purchase. 13. In E-Commerce we can payment in credit
card, debit card, digital cash
Definition - What does Business Transaction on web mean?
A business transaction, in the context of electronic commerce, is any monetary transaction that is
made between consumers or businesses via the Internet. Business transactions free up time when
conducted online since each party does not need to be physically present in order to make the transaction.
When you conduct business over the Internet, you are engaging in a robust and complex system
with which you can purchase items for yourself or your business from the comfort of your own home. By
familiarizing yourself with how Internet transactions work and what to look out for, you can make safe
purchases and enjoy the many benefits of e-commerce
E-Commerce
E-Commerce is a modern business of methodology, which act the need of organization; merchant to
customer to cut the cost of products while improving quality of goods & services & increasing speed of
services regarding delivery. It is associated with buying & selling of information of product & services
through computer network. The goals of E-Commerce are
 Reduce cost  Faster customer response
 Lower product cycle time  Improve service quality
You engage in electronic commerce when you purchase a product or service from a vendor's
website instead of from a physical,brick-and-mortar store. There are two primary types of e-
commerce -- B2B and B2C. You are engaging in B2B, or business-to-business e-commerce
when you buy products or services for your own business. B2C, or business-to-customer, is far
more common; it occurs when you buy products online for yourself. Additionally, there are two
types of online stores. These are "Pure Click" and "Brick and Click." The first denotes an online
Page | 26
A6.3: Cyber Security Laws TYBBA Sem-VI Dept. of Mgt, Z.B. Patil College, Dhule.
SGShah
operation that has no physical store, and the second refers to an online operation that has at least
one physical store.
M-Commerce:
The use of wireless handheld devices such as cellular phones and laptops to conduct commercial
transactions online. Mobile commerce transactions continues to grow, and the term includes the
purchase and sale of a wide range of goods and services, online banking, bill payment,
information delivery and so on. Also known as m-commerce.
Mobile Commerce, also known as M-Commerce or mCommerce, is the ability to conduct
commerce using a mobile device, such as a mobile phone, a PDA (personal digital assistant ), a
smart phone, or other emerging mobile equipment such as dashtop mobile devices.
M-commerce (mobile commerce) is the buying and selling of goods and services through
wireless handheld devices such as cellular telephone and personal digital assistants (PDAs).
In order to exploit the m-commerce market potential, handset manufacturers such as Nokia,
Ericsson, Motorola, and Qualcomm are working with carriers such as AT&T Wireless and Sprint
to develop WAP-enabled smart phones, the industry's answer to the Swiss Army Knife, and
ways to reach them. Using Bluetooth technology, smart phones offer fax, e-mail, and phone
capabilities all in one, paving the way for m-commerce to be accepted by an increasingly mobile
workforce.
As content delivery over wireless devices becomes faster, more secure, and scalable, there is
wide speculation that m-commerce will surpass wireline e-commerce as the method of choice for
digital commerce transactions. The industries affected by m-commerce include:
 Financial services, which includes mobile banking (when customers use their handheld
devices to access their accounts and pay their bills)
 Brokerage services, in which stock quotes can be displayed and trading conducted from
the same handheld device
 Telecommunications, in which service changes, bill payment and account reviews can all
be conducted from the same handheld device
 Service/retail, as consumers are given the ability to place and pay for orders on-the-fly
 Information services, which include the delivery of financial news, sports figures and
traffic updates to a single mobile device
Procedures of E-commerce :
1. Filling form online 7. E-mail Receipt
2. Selecting product service 8. Merchant account
3. Web server 9. Credit card processing
4. Encryption 10. Verification
5. Forwarding 11. Merchant getting money
6. Leased lines 12. Shipment
Parties to E-commerce or M-commerce Transactions:
An E-commerce transaction is concerned with & passes through different parties involved in the payment
process. The parties involved for the completion of E-commerce transactions include:
1. The User : He is a card holder & party in the E-commerce transaction, who plans to purchase
goods or services online.
Page | 27
2. The Merchant : The merchant is the company or business house wishing to sell goods or services
to enable customers to buy online.
3. The Issuer : It is credit card company that issues cards to the user to initiate online buying.
4. The Acquirer : He is usually the banker of the merchant- to the specific, the merchant‟s financial
institution.
5. The Certificate Authority : It is an independent & neutral third party authority that issues
certificates to the merchant, to the issuer & in some cases the cardholder
The Process
When you do business over the Internet, you put a complex chain of events into motion. First, you
land on the vendor's website and are presented with its catalog of items. You read descriptions and
compare prices. When you find the item you want, you click a button to signify that you would like to
purchase it. In the background, software that the vendor has installed to its site keeps a running tally of all
the items that you select. This is known as "shopping cart" software. When you have finished shopping,
you click the "Check Out" button. The site redirects you to a page where the shopping cart software
presents you with your grand total. You then enter your name, address, birth date and credit or debit card
number to complete the transaction
Payment Methods
Typically, you must use either a credit or debit card to purchase items online. There are exceptions
to this. There are sites that will accept checks, money orders or electronic wallets, such as PayPal. When
you pay with a credit or debit card, note that the information you provide must match the information that
the issuing bank has on file. If it does not, the bank will not approve the transaction. This safeguard exists
to prevent unauthorized use of your cards.
Consumer Information Security and Concerns
When you pay for items online with a credit or debit card, you are transmitting the card's number, its
expiration date and -- often -- the three-digit security number on its backside. Fortunately, all this
information is routed through a secure channel that encrypts the data and requires the recipient to enter
the correct key to decrypt it. This technology is called "Secure Sockets Layer Encryption." Sites that
utilize this countermeasure will typically display an official certification seal, such as "VeriSign."
Features of E-commerce
1. Benefits to Society, Organization as well as customer.
2. No Geographical barrier reach to narrow market too.
3. E-commerce help organization to reduce product cost.
4. 365 x 24 x 7 availability.
5. Better customer communication.
6. Improved customer services.
7. Increase operating and trading flexibility.
8. Cost of Transaction is same everywhere for the consumer/buyer.
9. E-commerce technologies enable a business to easily reach across geographic boundaries.
10. It‟s really easy to understand how this feature can benefit to a business as well as consumers.
11. e-commerce is made possible through hardware (Internet) and software/content (World Wide Web).
12. Universal standards can greatly influence market entry costs.
13. Consumer/user can interact with the Internet, more option to sale/purchases are available in the global
market.
14. E-commerce has more opportunities for personalization then going to a store and buying an item face-
to-face in a store.
Benefits / need of E-Commerce
Hopefully by now you're aware of the main benefits of E-Commerce, which are:
 immediacy - no going to the shops or waiting in queues
 price - goods bought online tend to be cheaper
 choice - the range of goods available is vast and with sites
 speed - you'll locate what you want much quicker
Page | 28
 global markets - neither you nor the vendor are restricted to your/their locality
 interactivity - get immediate feedback on prices, features etc
 less paperwork - always a good thing!
 Expanded Geographical Reach
 Expanded Customer Base
 Increase Visibility through Search Engine Marketing
 Provide Customers valuable information about your business
 24-hour availability- /the shop Never Close
 Build Customer Loyalty
 Reduction of Marketing and Advertising Costs
 Collection of Customer Data
Modern Payment System(Electronic Payment System) [EPS] :
Electronic payment is an integrated part of e-commerce. A broadly define E-payment is financial
exchange that take place online between buyer & seller. The content of exchange is usually some form on
digital financial instrument i.e. done by bank or legal vendor. Following factors are stimulating interest
among financial instruments.
1. Reduce operating & processing
2. Online communication.
The goal of online commerce is to develop a small set of payment that are widely used by consumers,
merchants & banks. The general payment methods are – Net-banking, credit cards, debit cards, smart
cards, micro payments, e-cash.
Consumer uses a web browser to place an order & provide information about time of payments.
Objectives of e-payments: Limitations of payment:
1. To benefit an participant online payments 1. Lack of confidence & convenience
2. Online funding of checking account. 2. Lack of security
3. Bills payment 3. Lack of coverage
4. Fund transfer 4. Lack of eligibility
5. Return guarantee against fraud 5. Lack of support of micro-stations
6. View digital copies of cheques 6. The processing overheads are extra added
7. Online form of ordering cheque
8. Stop payment & other services.
Requirements e-payment system:
1. Confidentiality
2. Integrity
3. Assurance
4. Authentication
5. Privacy
4.2 Modes of Payment in E-Commerce & M-Commerce-
Cash on Delivery-
Internet Banking-
Over the last few decades technology has changed everything around us including banking. It has
made possible internet banking. Here the customer can do all his banking activities on the internet without
physically going to a bank or any human interaction.
All of the bank‟s data and the information is stored on servers. So there are services that the bank
provides to the customer online and in real time. Customers can see their account statements, transfer
funds, apply for loans, pay their bills all online. Hence the phenomenon of e-banking has caught on in the
last few years. Almost all banks provide it now.
Net banking allows for customers of financial institutions to perform transactions online through a
website interface. First introduced in 1994 by Stanford Federal Credit Union in 1994, net banking is now
Page | 29
available across the spectrum of the financial industry, from traditional institutions to banks that exist
only online.
Net banking is changing the ways that people interact with financial institutions by enabling
transactions to be performed through personal computers and mobile devices. This access allows
customers to be in virtual contact with their banks on a regular basis, while minimizing the time spent in a
physical location. For example, smart-phone apps allow customers to make deposits by taking pictures of
the front and back of checks, which eliminates the need to go to a brick and mortar location. Online
banking also enables paperless bill paying, record keeping and money transfers between accounts.
Advantages of Online (e)Banking
 24×7 banking is possible.
 The convenience of the customers, who can do most of their daily banking activities from the
comfort of their homes
 Provides competitive advantage to the banks
 Banking is not limited to the branches of the bank, so banks need not invest too much capital in
multiple locations
Net banking allows customers to access their accounts around the clock. This facilitates real-time
account maintenance, which can be done while traveling, sitting at a coffee shop or after arriving home
late from work. Online access provides the convenience and time savings of being able to take care of
banking activities without needing to drive to a physical location and wait in line for a teller's window to
open. These advantages can also be applied to loan applications and assessing interest rates on time
deposits such as certificates of deposit.
Disadvantages on Net Banking
Some of the disadvantages of net banking depend on whether the institution has brick and mortar
locations or is online only. For banks that have only a virtual presence, disadvantages include the absence
of face-to-face conversations for customer service issues or special situations such as applying for
business loans. One example of this type of disadvantage would be a situation that requires the customer
to provide documentation, such as when overdraft fees are being contested. Instead of being able to walk
in a bank branch and present paperwork in person, the customer would need to print out the documents
and either fax or scan and email them.
Debit & Credit Card Payment-
Debit card:-
A debit card (also known as a bank card, plastic card or check card) is a plastic payment card that can
be used instead of cash when making purchases. It is similar to a credit card, but unlike a credit card, the
money is immediately transferred directly from the cardholder's bank account when performing a
transaction.
Some cards might carry a stored value with which a payment is made, while most relay a message
to the cardholder's bank to withdraw funds from a payer's designated bank account. In some cases, the
primary account number is assigned exclusively for use on the Internet and there is no physical card.
In many countries,[where?] the use of debit cards has become so widespread that their volume has
overtaken or entirely replaced cheques and, in some instances, cash transactions. The development of
debit cards, unlike credit cards and charge cards, has generally been country specific resulting in a number
of different systems around the world, which were often incompatible. Since the mid-2000s, a number of
initiatives have allowed debit cards issued in one country to be used in other countries and allowed their
use for internet and phone purchases.
Debit cards usually also allow instant withdrawal of cash, acting as an ATM card for this purpose.
Merchants may also offer cashback facilities to customers, so that a customer can withdraw cash along
with their purchase.
As we mentioned above, debit cards come in a few different types. Here are three you may come
across.
1. Bank-issued debit cards. Also known simply as “debit cards,” these cards use money from a
linked checking account.
Page | 30
2. Prepaid debit cards. Also known simply as “prepaid cards,” these cards typically don‟t require a
bank account or credit history to open, which is why they may appeal to nonbank customers.
Unlike other debit cards, prepaid debit cards are not typically connected to a bank account and
allow you to load money directly onto the card to make purchases.
3. Electronic benefits transfer cards. These cards allow people to make purchases with
government-issued food or cash benefits.
Credit card:-
A credit card is a payment card issued to users (cardholders) to enable the cardholder to pay a merchant
for goods and services based on the cardholder's promise to the card issuer to pay them for the amounts
plus the other agreed charges.[1] The card issuer (usually a bank) creates a revolving account and grants a
line of credit to the cardholder, from which the cardholder can borrow money for payment to a merchant
or as a cash advance. In other words, credit cards combine payment services with extensions of credit.[2]
Complex fee structures in the credit card industry may limit customers' ability to comparison shop,
helping to ensure that the industry is not price-competitive and helping to maximize industry profits. Due
to concerns about this, many legislatures have regulated credit card fees.[3]
A credit card is different from a charge card, which requires the balance to be repaid in full each
month.[4] In contrast, credit cards allow the consumers a continuing balance of debt, subject to interest
being charged. A credit card also differs from a cash card, which can be used like currency by the owner
of the card. A credit card differs from a charge card also in that a credit card typically involves a third-
party entity that pays the seller and is reimbursed by the buyer, whereas a charge card simply defers
payment by the buyer until a later date.
Here are some ways credit cards differ from debit cards.
1. Credit cards allow you to carry balances from month to month.
2. Credit card issuers may have varying interest rates for purchases and balance transfers (typically
expressed as a yearly rate known as an APR).
3. They may offer cash back, travel points or other rewards with each purchase.
E-Wallet.

The most common security threats are phishing attacks, money thefts, data misuse, hacking, credit
card frauds and unprotected services.
 Inaccurate management-One of the main reason to e-commerce threats is poor management. ...
 Price Manipulation-Modern e-commerce systems often face price manipulation problems.
1. Online Security - There is a whole range of security threats out there to beware of, including malware,
phishing attacks, hacking and spam mail.
To defend against these threats, make sure that you update your platform‟s operating system regularly,
and use a strong SSL (Secure Sockets Layer).
2. System Reliability -The Internet service provider (ISP) server could crash, your online payment
system could show errors and the ecommerce plugin could have bugs.
Except keeping all operating systems and APIs updated, these are just some things that may happen
outside of our control.
3. Privacy Issues -Customers‟ personal data could be compromised and used for spamming, identity theft
and unsolicited marketing.
In addition to the online security measures previously mentioned, make sure to require customers to use
strong passwords.
Page | 31
4. Customer Disputes -A customer might not have received their order, their credit card was charged
twice, or the product their received didn‟t fit the online description.
Whether the customer is right or not, it‟s important to always have great customer service and to rectify
all possible mistakes that were made.
5. Credit Card Fraud -Someone could use a stolen credit card to make an online purchase, or a hacker
could use stolen credit data from other customers in your system.
No matter how good your online security measures are, always watch out for any suspicious transactions.
6. Intellectual Property Issues - Your website images, product descriptions, logos, videos, music, as
well as your products, could be copied by others, or violate someone else‟s intellectual property.
7. SEO- Google or other platforms could do a complete makeover of their algorithm at any time,
and make your website traffic drop significantly overnight.
8. Taxation - You might not be including the appropriate sales tax in your sales, or you are not paying
fair shipping and/or import taxes depending on your shipping destination.
9. Return of Goods and Warranty - Common headaches when dealing with product returns: Increase in
supply chain costs and not being able to resell the items at their original price.
10. Warehousing and Logistics Issues - You could run out of stocks while orders are coming in, a
product shipment might be delayed, or a parcel could be delivered to the wrong recipient.
These are risks that come with the territory when running an ecommerce business
E-governance is one of the very important topics in understanding government machinery and its
important functions.
E-governance, expands to electronic governance, is the integration of Information and
Communication Technology (ICT) in all the processes, with the aim of enhancing government ability to
address the needs of the general public. ... In short, it is the use of electronic means, to promote good
governance.
Definition of e-Governance
Electronic governance or e-governance implies government functioning with the application of ICT
(Information and Communications Technology). Hence e-Governance is basically a move towards
SMART governance implying: simple, moral, accountable, responsive and transparent governance.
What is SMART Governance?
 Simple — implies simplification of rules and regulations of the government and avoiding
complex processes with the application of ICTs and therefore, providing a user-friendly
government.
 Moral — meaning the emergence of a new system in the administrative and political
machinery with technology interventions to improve the efficiency of various government
agencies.
 Accountable — develop effective information management systems and other
performance measurement mechanisms to ensure the accountability of public service
functionaries.
 Responsive — Speed up processes by streamlining them, hence making the system
more responsive.
 Transparent — providing information in the public domain like websites or various portals
hence making functions and processes of the government transparent.
Interactions in e-Governance There are 4 kinds of interactions in e-governance, namely:
1. G2C (Government to Citizens): Interaction between the government and the citizens.
 This enables citizens to benefit from the efficient delivery of a large range of public services.
 Expands the accessibility and availability of government services and also improves the quality of
services
 The primary aim is to make the government citizen-friendly.
Page | 32
2. G2B (Government to Business):
 It enables the business community to interact with the government by using e-governance tools.
 The objective is to cut red-tapism which will save time and reduce operational costs. This will also
create a more transparent business environment when dealing with the government.
 The G2B initiatives help in services such as licensing, procurement, permits and revenue
collection.
3. G2G (Government to Government):
 Enables seamless interaction between various government entities.
 This kind of interaction can be between various departments and agencies within government or
between two governments like the union and state governments or between state governments.
 The primary aim is to increase efficiency, performance and output.
 Read about government to government initiative in the linked article.
4. G2E (Government to Employees):
 This kind of interaction is between the government and its employees.
 ICT tools help in making these interactions fast and efficient and thus increases the satisfaction
levels of employees.
Advantages of e-Governance
 Improves delivery and efficiency of government services
 Improved government interactions with business and industry
 Citizen empowerment through access to information
 More efficient government management
 Less corruption in the administration
 Increased transparency in administration
 Greater convenience to citizens and businesses
 Cost reductions and revenue growth
 Increased legitimacy of government
 Flattens organisational structure (less hierarchic)
 Reduces paperwork and red-tapism in the administrative process which results in better planning
and coordination between different levels of government
 Improved relations between the public authorities and civil society
 Re-structuring of administrative processes
e-Governance Initiatives
Steps taken to promote e-governance in India are as follows:
 A National Task Force on Information Technology and Software Development was set-up in
1998.
 The Ministry of Information Technology was created at the Centre in 1999.
 A 12-point agenda was listed for e-Governance for implementation in all the central ministries and
departments.
 The Information Technology Act (2000) was enacted. This Act was amended in 2008.
 The first National Conference of States‟ IT Ministers was organised in the year 2000, for arriving
at a Common Action Plan to promote IT in India.
 Government set-up NISG (National Institute for Smart Government).
 The state governments launched e-Governance projects like e-Seva (Andhra Pradesh), Bhoomi
(Karnataka), and so on.
 The National e-Governance Plan (NeGP) was launched. It consists of 31 Mission Mode Projects
(MMPs) and 8 support components.
 The National Policy on Information Technology (NPIT) was adopted in 2012.
Page | 33
 The National e-Governance Plan (NeGP)
 The National e-Governance Plan (NeGP), provides a holistic view of e-Governance initiatives
across the country.
 Around this idea, a massive countrywide infrastructure reaching down to the remotest of villages
is evolving, and large-scale digitization of records is taking place to enable easy, reliable access to
the internet.
 The Government has proposed to implement “e-Kranti: National e-Governance Plan (NeGP) 2.0”
under the Digital India programme.
ICT applications impact upon the structures of public administration systems. Technological
advancements facilitate the administrative systems by enabling:
• Administrative Development; and
• Effective Service Delivery
We will now discuss them individually. Administrative Development Administrative reforms, often, have
focused on procedural details and restructuring of systems and processes of government organisations.
The basic objective of these reforms is to enhance capacities of the systems. ICTs can be used and are
being used now to give further impetus to the process. They help in the following manners:
• Automation of Administrative Processes A truly e-governed system would require minimal human
intervention and would rather be system driven. While initially the solutions that were offered were quite
primitive with poor information layout, inadequate navigation provisions, occasional disruption in
services, periodic outdated content and little or no „back office‟ support. However, technological
advancements and increased pressure from citizenry have prompted improvements in these areas. Now
administrative departments are computerised and connected through network. Software has been built and
designed around government departments ensuring efficiency in operations. The departments have
launched individual websites carrying information of their respective departments. This has enabled
online carrying of operations and file movements. Budgeting, accounting, data flow, etc. has become
easy. This has increased the efficiency of office operations and processes and has reduced unnecessary
delays.
• Paper Work Reduction An immediate impact of automation would be on the paperwork. Paperwork is
reduced to a greater extent with communication being enabled via electronic route and storage and
retrieval of information in the electronic form. All this has led to emergence of „less paper office‟. This
concept is defined as an office situation where all the information (file and mail) amongst various
functionaries is distributed online. In the words of Dubey, less paper office is the implementation of
effective electronic communication processes that enable elimination of reproductive works and
unnecessary papers. The concept is where files and mails (information) are transmitted over wires to small
computers at each employee‟s desk. Office work, such as, file movements, notings, etc. is computerised
and documentation, report preparation, databases are now maintained in computers. Due to
interconnectivity through LAN, transfer of information and files take place online, thus reducing the
physical movements and consumption and storage of huge piles of paper.
• Quality of Services ICT helps governments to deliver services to the citizens with greater
accountability, responsiveness and sensitivity. Quality of services improves, as now the people are able to
get services efficiently and instantaneously. As volumes of transactions and information can be
electronically handled and delivered over a wider area through the net and web, qualitative services
become possible in least time, in least cost, in least difficulty and in greater convenience. By ensuring
online redressal of grievances the accountability of officials is ensured. They have become sensitive to the
issues affecting people. Monitoring by way of video teleconferencing has further facilitated central
monitoring, reporting and face to face communication that has assured effective service delivery by the
officials.
• Elimination of Hierarchy ICT has reduced procedural delays caused by hierarchical processes in the
organisation. Through Intranet and LAN, it has become possible to send information and data across
various levels in the organisation at the same time. Computerisation and communication patterns
Page | 34
facilitated by ICT have increased efficiency and have led to the involvement of all levels in decision-
making.
• Change in Administrative Culture Bureaucratic structures have been plagued by characteristics aptly
described by Victor Thompson as „bureau-pathology‟. From the days of New Public Administration,
efforts have been made to find ways to deal with the pathological or dysfunctional aspects of bureaucratic
behaviour and to make delivery of public services effective and efficient. With e-governance, public
actions coming under public glare would certainly induce norms and values of accountability, openness,
integrity, fairness, equity, responsibility and justice in the administrative culture. Rather, administration
would become efficient and responsive
Effective Service Delivery ICTs play an important role in effectively delivering services to the people.
ICTs ensure: • Transparency by dissemination and publication of information on the web. This provides
easy access to information and subsequently makes the system publicly accountable. Also as web enables
free flow of information, it can be easily accessed by all without any discrimination.
• Economic Development The deployment of ICTs reduces the transaction costs, which makes services
cheaper. For example, rural areas suffer on account of lack of information regarding markets, products,
agriculture, health, education, weather, etc. and if all this could be accessed online would lead to better
and more opportunities and thereby prosperity in these areas.
• Social Development The access to information empowers the citizens. Informed citizenry can
participate and voice their concerns, which can be accommodated in the programme/ project formulation,
implementation, monitoring and service delivery. Web enabled participation will counter the
discriminatory factors affecting our societal behaviour.
• Strategic Information System Changing organisational environment and increasing competitiveness
have put pressures on the performance of the functionaries. Information regarding all aspects need to be
made available to the management at every point to make routine as well as strategic decisions. ICTs
effectively enable putting such strategic information systems in place.

The attacks on security of e-governance system can be in different forms including- Defacing of
web sites, Hacking, Cracking, Damage to critical database and applications, Network security check
list, DSA, Viruses and Malwares etc
The ICT assets themselves can be of a wide variety including the following: Data, Information,
Knowledge Resources, Programs, Hardware, Networks Above we mention some ICT assets which are
very important for security perspective of E-governance. This is a very important responsibility of E-
governance administrators to protect these assets.
Security of What? This is a major question when we talk about E-governance security. Security is all
about protecting the Information and Communication Technology (ICT) assets of an organization. The
ICT assets themselves can be of a wide variety including the following: Data, Information, Knowledge
Resources, Programs, Hardware, and Networks. Above we mention some ICT assets which are very
important for security perspective of E-governance. This is a very important responsibility of E-
governance administrators to protect these assets
Security against What? There are various threats to security of our ICT system, and we can‟t define or
declare them exactly, it may come from various sources and in various forms. So it is very necessary for
egovernance administrator to identify these threats. In this section we firstly give some sources of threats
and then some types of threats which affect to E-governance.
Sources of Threat The sources of threat can be internal or it can be external to the government body.
There are various internal sources of threat like the employees who work on the E-governance project,
customers of the E-governance projects they may attempt to access the databases for their personal
financial profit. When we talk about external sources it may be Professional hackers, Criminal
organizations, various Intelligence agencies or Investigation agencies.
Types of Threat Threats may include unauthorized access, modification, and destruction of data. The
threats may be of different types varying from time to time because technology changes frequently. The
Page | 35
attacks on security of e-governance system can be in different forms including- Defacing of web sites,
Hacking, Cracking, Damage to critical database and applications, Network security check list, DSA,
Viruses and Malwares etc. the damage of ICT assets need not always be a result of such malicious attacks
as mentioned previously. It may be some kind of natural or environmental disasters etc.
Security Management The above facts lead us to conclusion that the security of the egovernance system has to
be managed systematically in three levels.
Security at User Level Security at user level is a very important issue. We can classify user level security
management in three Parts Identity Management The main purpose of this is to create unique digital identity or
credential to all legal users by providing a unique user name and password, to create and manage ICT systems
which ensure that the digital identities are secure. Access Management System In this level the unique
credentials which are provided to the user at identity level are matched to identify the user, that he/she is
actually the authentic person. Interaction Management System Interaction management is a most
comprehensive and complex phase. It includes assurance of the Integrity, Confidentiality and Non-repudiation
principles of a comprehensive security. In user level, we can use various tools such as digital identity token, public
key infrastructure (PKI), digital signature, asymmetric key cryptography etc. to provide or enhance the security at
the user level. Security at Transport Level In this level we consider about e-governance security in two aspects
which are security within LAN and WAN, and the second one is Security over the Internet. This security level is
classified into two systems, i.e. Secure Communication System and Cryptographic System. Fig.4- Security at
Transport level The data and information reaches through user to ICT assets or vice-versa, and when the data is in
between these two i.e. in transmissision medium which can be either LAN, WAN, or any wireless or any other
medium whatever, then we need a higher security. For this e-governance administrator use various tools or
techniques like creating a Virtual Private Network (VPN), installing Firewalls, using higher and complex Encryption
or decryption techniques etc. Security at ICT Assets level ICT assets are the most precious for any organization or
institution, so to secure this level we have two broad categories of security treatment i.e. Physical security and
Electronic security. Fig.5- Security for ICT Assets Physical Security It is used to protect the data against physical
damages or losses like- natural disasters etc. to protect data in this security level we take some steps such as-
security level of data centers are highly secured by using biometric-controlled system, in data centers provision of
dust-proof environment, fire protection systems, security alarms, CCTV monitoring of data center etc. automated
backup system. By using some basic instructions we easily secure the data physically. Electronic Security to give
the protection against digital threats we want to use electronic security. We have various electronic security tools,
and we can manage them in two categories Anti-virus System When we discuss about digital threats the first
thing in our mind is virus, which affects our ICT assets in various ways such as- slowing down of the system,
occupy disk space, corrupt our valuable data or storage medium etc. it is also known as malware, worms and
Trojan horses. there are “over 1,122,311 known viruses active in the world as of 2008[2]”. Firewalls “A system
designed to prevent unauthorized access to or from a private network[3]”. A firewall is a security device that can
be hardware or software that is mainly use for to separate a secure area from a less secure area and to control
communications between the two. We have several firewall techniques such as Packet filter, Application gateway,
Circuit-level gateway, Proxy server. There are many different brands of software firewalls, some of them are
ZoneAlarm, BlackICE and Kerio etc. Security Standards The standard for information security was set by the BS
7799, being its popularity it was adopted by ISO as ISO 17799 and its sequel BS 7799-2 that prescribes the
specification for Information Security Management. “The ISO 27001 standard was published in October 2005,
essentially replacing the old BS 7799-2 standard. It is the specification for an Information Security Management
System[4]”. “ISO 17799 defines 127 security controls structured under 10 major headings to enable the
information security manager to identify the particular safeguards that are appropriate to there specific area of
responsibility [5]”. Fig.8-Major Security Areas Security Architecture The security architecture of E-governance is a
high level document that set the security goals of e-governance project and describe the procedure that need to
be followed by all the e-governance hierarchy such as users, businesses, operators etc. Appropriate legal
framework is absolutely essential for the systematic and sustained growth of e-governance.
Page | 36
Digital signatures allow us to verify the author, date and time of signatures, authenticate the
message contents. It also includes authentication function for additional capabilities.
A digital signature should not only be tied to the signing user, but also to the message.
Applications - There are several reasons to implement digital signatures to communications:
 Authentication - Digital signatures help to authenticate the sources of messages. For example, if a
bank‟s branch office sends a message to central office, requesting for change in balance of an
account. If the central office could not authenticate that message is sent from an authorized source,
acting of such request could be a grave mistake.
 Integrity - Once the message is signed, any change in the message would invalidate the signature.
 Non-repudiation- By this property, any entity that has signed some information cannot at a later
time deny having signed it.
Digital Signature
A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software or digital document.
1. Key Generation Algorithms : Digital signature are electronic signatures, which assures that the
message was sent by a particular sender. While performing digital transactions authenticity and
integrity should be assured, otherwise the data can be altered or someone can also act as if he was the
sender and expect a reply.
2. Signing Algorithms: To create a digital signature, signing algorithms like email programs create a
one-way hash of the electronic data which is to be signed. The signing algorithm then encrypts the
hash value using the private key (signature key). This encrypted hash along with other information
like the hashing algorithm is the digital signature. This digital signature is appended with the data and
sent to the verifier. The reason for encrypting the hash instead of the entire message or document is
that a hash function converts any arbitrary input into a much shorter fixed length value. This saves
time as now instead of signing a long message a shorter hash value has to be signed and moreover
hashing is much faster than signing.
3. Signature Verification Algorithms : Verifier receives Digital Signature along with the data. It then
uses Verification algorithm to process on the digital signature and the public key (verification key)
and generates some value. It also applies the same hash function on the received data and generates a
hash value. Then the hash value and the output of the verification algorithm are compared. If they
both are equal, then the digital signature is valid else it is invalid.
Page | 37
The steps followed in creating digital signature are :
1. Message digest is computed by applying hash function on the message and then message digest is
encrypted using private key of sender to form the digital signature. (digital signature = encryption
(private key of sender, message digest) and message digest = message digest algorithm(message)).
2. Digital signature is then transmitted with the message.(message + digital signature is transmitted)
3. Receiver decrypts the digital signature using the public key of sender.(This assures authenticity,as
only sender has his private key so only sender can encrypt using his private key which can thus be
decrypted by sender‟s public key).
4. The receiver now has the message digest.
5. The receiver can compute the message digest from the message (actual message is sent with the digital
signature).
6. The message digest computed by receiver and the message digest (got by decryption on digital
signature) need to be same for ensuring integrity.
Message digest is computed using one-way hash function, i.e. a hash function in which computation of
hash value of a is easy but computation of a from hash value of a is very difficult.
Digital Certificate
Digital certificate is issued by a trusted third party which proves sender's identity to the receiver and
receiver‟s identity to the sender.
A digital certificate is a certificate issued by a Certificate Authority (CA) to verify the identity of the
certificate holder. The CA issues an encrypted digital certificate containing the applicant‟s public key and
a variety of other identification information. Digital signature is used to attach public key with a particular
individual or an entity.
Digital certificate contains:-
1. Name of certificate holder.
2. Serial number which is used to uniquely identify a certificate, the individual or the entity identified by
the certificate
3. Expiration dates.
4. Copy of certificate holder's public key.(used for encrypting messages and digital signatures)
5. Digital Signature of the certificate issuing authority.
Digital certificate is also sent with the digital signature and the message.
Digital certificate vs Digital signature :
Digital signature is used to verify authenticity, integrity, non-repudiation ,i.e. it is assuring that the
message is sent by the known user and not modified, while digital certificate is used to verify the identity
of the user, maybe sender or receiver. Thus, digital signature and certificate are different kind of things
but both are used for security. Most websites use digital certificate to enhance trust of their users.
System Requirement
1) The following requirements need to be fulfilled for optimum use of the features
Page | 38
1a) Valid class 2 or class 3 Digital Signature Certificate (DSC) obtained from a DSC provider
2) A computer connected to internet through an ISP with Modem
3) The computer should have adequate RAM &HDD depending on version of Windows
4) The computer (Desktop / Laptop) should have Windows XP SP3 or above as the Operating System
5) The website is best viewed in Internet Explorer version 8 or above or equivalent Web Browser
6) Latest version of Java should be installed on the system
7) Scanner for scanning paper attachments and Printer for Challan or Service fee payment receipt.
8) Java Installation & Acrobat Reader version. 7.0.5, to download and fill the e-form
9) UPS for Power Backup
10) Latest Anti-virus running on the system
5 Social Networking & Cyber Crime (10)

5.1 Meaning of Social Networking
5.2 Advantages & Disadvantages of Social Networking
5.3 Social networking Sites and their impact on youngsters.
5.4 Crimes related to Social Networking
Page | 39

A6.3: Cyber Security Laws Tybba Sem-Vi Dept. of MGT, Z.B. Patil College, Dhule. Sgshah

Uploaded by

Copyright:

Available Formats

You might also like

A6.3: Cyber Security Laws Tybba Sem-Vi Dept. of MGT, Z.B. Patil College, Dhule. Sgshah

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

A6.3: Cyber Security Laws Tybba Sem-Vi Dept. of MGT, Z.B. Patil College, Dhule. Sgshah

Uploaded by

Copyright:

Available Formats

A6.3: Cyber Security Laws TYBBA Sem-VI Dept. of Mgt, Z.B. Patil College, Dhule.

1.1. Meaning of Data & Information

Types of Intellectual Property

Advantages of Intellectual Property Rights-

2.1 Computer, Computer Network and Cyber: Meaning

VPN is well exploited all across the globe

2.5 Cyber Network Securities: Meaning & Need

A firewall is a security network designed to Antivirus is is a software utility program designed to

Difference Between Malware and Virus

Types of Malware include: Types of Virus include:

 Virus  Boot sector

Examples of Anti-Malware software include: Examples of Antivirus software are:

3.2 Types of Cryptographic Systems,

3.5 Biometrics System: Meaning & Benefits of Biometrics Systems

3.6 Criteria for selection of Biometrics.

3.7 Use Finger Prints Technology in Network Security

4.3 Security Threats to E Commerce & M-Commerce

4.6 Security Threats to E-Governance

5 Social Networking & Cyber Crime (10)

You might also like