ye fs Tomou Stupy WeLeee snus Stet Course Code : MCS-215 Course Title : Security and Cyber Laws Assignment Number : MCA (1)/215/Assign/2023 Maximum Marks : 100 tos Weightage : 30% wwnw.ignousite.com aH Last date of Submission : 30" Apri, 2023 (for January sessivgfem oma 1" October, 2023 (for July session) Q1: (a) Explain the pillars of digital security. What are the pros and cons of digital security? ‘Ans. Cyber security is essentially one element that needs careful consideration, forming part of your organisations overarching information security management processes. Three main components: confidentiality, integrity and availability, Each ‘component represents a fundamental objective of information security. 1. Confidentiality: This component is often associated with secrecy and the use of encryption. Confidentiality in this context means that the data is only available to authorized parties. When information has been kept confidential it means that it has not been compromised by other parties; confidential data are not disclosed to people who do not require them or who should not have access to them. Ensuring confidentiality means that information is organized in terms of who needs to have access, as ‘well as the sensitivity of the data. A breach of confidentiality may take place through different means, for instance hacking or social engineering. 2. Integrity: Data integrity refers to the certainty that the data is not tampered with or degraded during or after submission. It is the certainty that the data has not been subject to unauthorized modification, either intentional or unintentional. There are ‘two points during the transmission process during which the integrity could be compromised: ‘transmission of data or during the storage of the document in the database or collection. luring the upload or 3. Availability: This means that the information is available to authorized users when itis needed. For a system to demonstrate availability, it must have properly functioning computing systems, Security controls and communication channels. Systems defined as critical (power generation, medical equipment, safety systems) often have extreme requirements related to availability. These systems must be resilient against cyber threats, and have safeguards against power outages, hardware Soturrand cng te PE emace tenant, 4m pros and cons of digital security:- ey oat Pros:- Deterring crime and preventing fraud are probably the best reasons to integrate surveillance at your workplace. A simple ‘camera system can monitor your store and prevent theft. Just letting store visitors know they are being recorded is likely to deter crime. This reduces the loss of inventory and makes it easier for managers to monitor the store. Alarm systems and motion detector systems can also make your store or office a lot safer. Constant monitoring can help you respond quickly to an ‘emergency at work and protect employees from harm Digital monitoring can be taken a step further to make employees more productive by tracking their hours and desktop activi ‘An integrated security system and constant surveillance could reduce the risk of harassment and unethical behavior at work. There’s plenty of reasons to monitor your statt for security and productivity. However, there are some downsides to surveillance systems, Const- Installing and maintaining a security system is expensive. Monitoring live video footage requires security staff and ‘ongoing maintenance. Systems built on weak infrastructures could also be vulnerable to cyberattack. A vulnerable system defeats the purpose of installing a security system. Ignou Study Helper Page 1fee.ys Toney Story HeLeee ‘www.ignousite.com Bh SMe Paonia Automation, cloud storage, artificial intelligence, and better encryption could help solve most*®f'these issues. Some newest security and alarm systems don’t need human intervention or file storage at all, The video is monitored by algorithms, the live feed can be accessed from smartphone apps, and all the data is securely stored on the cloud. Better encryption ensures hho one can hack into the system. {b) Explain the breach of digital security due to malware and phishing. ‘Ans. A security breach is any incident that results in unauthorized access to computer data, applications, networks or devices. It results in information being accessed without authorization, Typically, it occurs when an intruder is able to bypass security mechanisms. Technically, there's a distinction between a security breach and @ data bréach. A security breach is effectively a break-in, whereas a deta breach is defined as the cybercriminal getting away with information. Imagine a burglar; the security breach is shen he climbs through the window, and the data breach is when he grabs your pocketbook or laptop and takes it away. Malware is malicious software that attacks information systems. Ransomware, spyware and Trojans are examples of malware. Depending on the type of malicious code, malware could be used by hackers to steal or secretly copy sensitive data, block ‘access to files; disrupt system operations or make systems inoperable. Phishing occurs when hackers socially engineer email messages to entice recipients to open them. The messages trick recipients into downloading the malware within th la ne emhedded link The "200? State of the Phish’ report from cybersecurity and compliance company Proofpoint found that 83% of survey respondents said their organization experienced at least one successful phishing attack in 2024, up 46% over 2020. Moreover, the survey ako revealed that 78% of organizations sew an email-based ransomware attack in 2021 snail hy either opining an attacherd {c) What is meant by Cyber Security intrusion detection? Ans. Any illicit behavior on a digital network's known as a network intrusion. Network incursions frequently include the theft of important network resources, which virtually always compromise the network and/or data security, This can take the shape of more dangerous and pervasive threats like ransomware or unintended data leaks by workers or others on your network ‘An illegal entrance into your network or an address in your assigned domain is referred to as @ network intrusion. An intrusion can be passive (in which access is aU ieved quietly and unuletected) or aggressive (i which access is gained overtly detection) (in which changes to network resources are effected). 1 witout Intrusions might occur from the outside oF from within your network structure (an employee, customer, or business partner) ‘Some intrusions are just aimed to alert you that an intruder has entered your site and is defacing it with various messages or ‘obscene graphics. Others are more malevolent, attempting to harvest sensitive data on a one-time basis or as part of a long- term parasitic connection that will continue to siphon data until itis identified. ‘Some intruders will try to implant code that has been carefully developed. Others will infiltrate the network, stealthily siphoning out data on a regular basis or altering public-facing Web sites with varied messages. ‘An attacker can acquire physical access to your system (by physically accessing a restricted computer and its hard drive and/or B10), externally (by assaulting your Web servers or breaching your firewall), or internally (by physically accessing a restricted machine and its hard disc and/or 810S) (your own users, customers, or partners). ‘Any of the following can be considered an intrusion = + Malware, sometimes known as ransomware,isatypect computer virus. “Saray ‘+ Attempts to obtain unauthorized access to a system fom ‘© D005 (Distributed Denial of Service) attacks Ignou Study Helper-Sunil Poonia Page 2ye fs Tomou Stupy WeLeee suntan Stet ‘* Destruction of cyber-enabled equipment ‘+ Employee security breaches that are unintentional (like moving a secure file into a shared folder) ‘+ Untrustworthy users, both within and external to your company ‘+ Phishing campaigns and other methods of deceiving consumers with ostensibly genuine communication are examples of social engineering assaults. (a) What are Social Engineering attacks? What are the laws related to it? ‘Ans. Social engineering attacks typically involve some torm ot psychological manipulation, tooling otherwise unsuspecting users ‘or employees into handing over confidential or sensitive data. Commonly, social engineering involves email or other ‘communication that invokes urgency, fear, or similar emotions inthe victim, leading the victim to promptly reveal sensitive information, click 2 malicious link, or open @ malicious file. Because social engineering involves a human element, preventing these attacks, like preventing a phishing attack, can be challenging for enterprises. Social engineering is an attack vector that relies heavily on human interaction and often involves manipulating people into breaking normal security procedures and best practices to gain unauthorized access to systems, networks or physical locations fr for financial gain Social engineering isa popular tactic among attackers because its often easier to exaloit people than it sto find a network or software vulnerability. Hackers will often use social engineering tactics as a fist step in a larger campaign to infiltrate a system ‘or network and steal sensitive dota or disperse mohvarc. laws related to it: Social engineering is basically cheating which is defined under Section 415 of Indian Penal Code, 1860 (in short IPC), itsays when any person with intent to deceive another person dishonestly or fraudulently induces any person to deliver any property or retain any property or makes such person todo or omits to do any act which he would not have done unless deceived, thus, thereby causes harm or may cause harm to such person in body, mind, reputation or property. ‘Q2: Explain the following terms with the help of an example of each. {a) Substitution Ciphers: Substitution cipher, data encryption scheme in which units of the plaintext (generally single letters or pairs of letters of ordinary text] are replaced with other symbols or groups of symbols. ‘The ciphertext symbols do not have to be the same as the plaintext characters in a substitution cipher, as illustrated in Sir ‘Arthur Conan Doyle’s Adventure of the Dancing Men (1903), where Sherlock Ilolmes solves a monoalphebetic substitution cipher in which the ciphertext symbols are stick figures of a human in various dancelike poses. dann ae fos ‘Output: M eq wryhCmrk Hexe lrgvCtxmsr = z v Plain Text: ABCOEFGHUKLMNOPORSTUVWX¥2Z Key: 4 Output: EFGHUKLMNOPORSTUVWXYZabed {b) Function-based Cryptography: A cryptographic hash function is a mathematical function used in cryptography. Typical hash functions take inputs of variable lengths to return outputs of a fixed length. ‘Acryptographic hash function combines the message-passing capabilities of hash functions with security properties. Ignou Study Helper Page 3gets Tamou Stvvy Here ‘www. ignousite.com vee Sumit Pasuia Hash functions are commonly used data structures in computing systems for tasks, such as ch&King the Integrity of messages and authenticating information. While they are considered cryptograghically "weak" because they can be solved in polynomial time, they are not easily decipherable. Examples: Cryptographic hash functions are widely used in cryptocurrencies to pass transaction information anonymously. For ‘example, Bitcoin, the original and largest eryptocurrency, uses the SHA-256 cryptographic hash function in its algorithm, Similarly, 1OTA, @ platfor efor Une Inber wet OF Things, tyson alyplugraplic has functivn, called Curl {€) Symmetric key cryptography: Symmetric key cryptography is’ type of encryption scheme in which the similar key is used both to encrypt and decrypt messages, Such an approach of encoding data has been largely used in the previous decades to facilitate secret communication between governments and militaries, ‘Symmetric-Key cryptography is called a shared:-key, secret-key, single-Key, one-Key and eventually private-key cryptography. ‘With this form of cryptography, its clear that the key should be known to both the sender and the receiver that the shared. ‘The complexity with this approach is the distribution of the key. ‘Symmetric key cryptography schemes are usually categorizad such as stream ciphers or block ciphers. Stream ciphers work on a single bit (byte or computer word) at a time and execute some form of feedback structure so that the key is repeatedly changing. Example: BlowTish,AES, RC4, OES, RCS, and RCS are examples of symmetric encryption. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256. {d) Data Encryption Standard: Date encryption standard (DES) has been found vulnerable to very powerful attacks and therefore, the popularity of DES has been found slightly on the decline. DES is a block cipher and encrypts data in blocks of size of 64 bits each, which means 64 bits of plain text go as the input to DES, which produces 64 bits of ciphertext. The same algorithm and key are used for encryption and decryption, with minor differences. Example: if the round numbers 1, 2, 9, or 16 the shift is done by only one position for other rounds, the circular shift is done by two positions. The number of key bits shifted per round. {e) Electronie Signatures: Electronic signature or e-sign is the modern technology method of signing the documents or say any data/content by putting the signature through the digital device. Electron signature provides the same authenticity as the original signature on the data/content given by physical handwriting. They are proof that the owner has ead the document/content and has no objection to the content. Electronic signatures are accepted legally and they hold the same level of importance as the physical signature. There are many ‘apps and tools available online that provide the feature of signing the documents/ content electronically. Examples : + Digital certificates issued by a ccrtificote authority + Token, Aithough considered an example of a digital signature, itis not widely used today and exists primarily in the banking sector. stvoy ‘* Identification and signing using biometric data, A * Username and password authentication (in either one or two steps). = Adigitized handwritten signature. Noone Ignou Study Helper-Sunil Poonia Page 4GES. Tau Sete wennignoustecon So awe een {f) Pseudorandom numbers and sequences: Pseudo Random Number Generator(PRNG) refer that uses mathematical formulas to produce sequences of random numbers. PRNGs generate a sequence of numbers approximating the properties of random numbers. A PRNG starts from an arbitrary starting state using a seed state. Many numbers are generated ina short time and can also be reproduced later, ifthe starting point in the sequence is known, Hence, the numbers are deterministic and efficient. Example: squaring the number "1111" yields "1234321", which can be written as "01234321", an 8-digit number being the ido square uf a digit number. This gives "2343" as Une result, and so on, rurnber. Repeating Unis procedure gives "A896" as tne next Q3: (a) Explain the data security requirements for a database. ‘Ans. Security of databases refers to the array of controls, tools, and procedures designed to ensure and safeguard confidentiality, integrity, and accessibility. This tutorial will concentrate on confidentiality because its @ component that is most at risk in data security breaches, Security for databases must cover and safeguard the following aspects The dita hag ata fey © Database management systems (DBMS) e390 oe ‘+ Any applications that are associated with it ‘+ Physical database servers or the database server virtual, and the hardware that runs it. ‘©The infrastructure for computing or network that is used to connect to the database. Security of databases is a complicated and challenging task that requires all aspects of security practices and technologies. This, is inherently at odds with the accessibility of databases. The more usable and accessible the database is, the more susceptible ‘we are to threats from security. The more vulnerable itis to attacks and threats, the more difficult itis to access and utilize {b) What are the three core elements of data security? Explain. ‘Ans. There are three core elements to data security that all organizations should adhere to: Confidentiality, Integrity, and Availability. These concepts are also referred to as the CIA Triad, functioning as a security model and framework for top-notch data security. Heré’s what each core element means in terms of keeping your sensitive data protected from unauthorized access and data exiltration, ‘+ Confidentiality. Ensures that data is accessed only by authorized users with the proper credentials. ‘+ Integrity. Ensure that all data stored is reliable, accurate, and not subject to unwarranted changes. ‘+ Availability, Ensures that data is readily — and safely — accessible and available for ongoing business needs. {c) List at least four most recent attacks relating to cyber security. ‘Ans. There are many varieties of cyber-attacks that happen in the world today. if we know the various types of cyberattacks, it becomes easier for us to protect our networks and systems against them. Here; we will closely examine the top four cyber- attacks that can affect an individual, or a large business, depending on the scale. llat’s ctatt with the four types of eyherattarks on 01 list- 11, Malware Attack: This is one of the most common types of cyberattacks. “Malware” refers to malicious software viruses including worms, spyware, ransomware, adware, and trojans. ‘The trojan virus disguises itself as legitimate software. Ransomware blocks access to the network's key components, whereas. ‘Spyware is software that steals all your confidential data without your knowledge, Adware is software that displays advertising content such as banners on a user's screen, Ignou Study Helper-Sunil Poonia Page Sgets Tamou Stuy Here ‘www. ignousite.com ee, Sumit Poon 2. Phishing Attack: Phishing attacks are one of the most prominent widespread types of cybePatfacks It type of social engineering attack wherein an attacker impersonates to be a trusted contact and sends the victim fake mails. Unaware of this, the victim opens the mall and clicks on the malicious link or opens the mall's attachment. By doing so, attackers gain access to confidential information and account credentials, They can also Install malware through a phishing attack 3. Password Attack: Its a form of attack wherein a hacker cracks your password with various programs and password cracking tools like Aircrack, Cain, Abel, John the Ripper, Hasheat, etc. There are different types of password attacks like brute force attacks, dictionary attacks, and keylogger attacks, 4, Man-in-the-Middle Attack: A Man-in-the-Middle Attack (MITM) is also known as an eavesdropping attack. In this attack, an attacker comes in between a two-party communication, ie., the attacker hijacks the session between a client and host. By doing so, hackers steal and manipulate data. Zz * (eyelets security poy and security ava, PPA ans. Noe ‘Security Policy: A security policy should outline the key items in an orgenization that need to be protected, This might include the company’s network, its physical building, and more. It also needs to outline the potential threats to those items. Ifthe document focuses on cyber security, threats could include those from the inside, such as possibility that disgruntled employees will steal important information or launch an internal virus on the company's network. Alternatively, a hacker from outside the ‘company could penetrate the system and cause loss of data, change data, or steal it. Finally, physical damage to compuiter systems could occur. Security Audit: A security audit is a comprehensive assessment of your organization's information system; typically, this assessment measures your information system's security against an audit checKlist of industry best practices, externally established standards, or federal regulations. A comprehensive Security auclt will assess an organization's security controls relating to the following. 1¢ physical components af your information system and the anuirnament in which the information system is housed ‘+ applications and software, including security patches your systems administrators have already implemented. ‘+ network vulnerabilities, including evaluations of information asit travels between different points within, and external of, your organization's network ‘= the human dimension, inclucing how employees collect, share, and store ly sensitive information. {Q4: (a) List the reasons for regulating cyberspace. ‘Ans. In “Code and other Laws of Cyberspace”, Lawrence Lessing argues that the architecture (code) of the internet i.e. The hardware and software of Cyberspace that define the system can be a form of regulation, It is a set of rules implemented or codified in the software by the code writers, requiting the constant certification of identity. i) Privatization: The state can use a private body to achieve those goals which it could not get directly and then implement that body's decision through mandatory technological arrangements, For €.g:for Copyright enforcement in Cyberspace, the Clinton administrations original plan was to make Internet Service Providers (ISPs) strictly liable for copyright violations by their subscribers ~ thus creating a private police force, largely free of statutory and constitutional privacy constraints with strong incentives to come up with innovative surveillance and technical enforcement measures. i) Propertization: According to him, first ofall an attempt is to be made to extend and then protect intellectual property rights online. This will produce many technical methods of enforcement. Ignou Study Helper-Sunil Poonia Page 6&y Wy STvpy HELPER wr ignousite.com ay ma Paonia at iil) Technological: Controls the system is to be designed so as to hardware in desired regulato¥WTeatures, For e.g. Digital texts and music could be encoded to a particular person. Detection devices could be builtin to players, so that others cannot play ‘one’s music. Unique identifiers could be built into computer chips, so that a person's computer would broadcast 2 universal |D With an associated set of legal characteristics as you roamed the net. {b) What are the roles of filtering devices and rating systems in a cyberspace regulatory framework? Explai Ans. Filtering devices: Filtering devices are software or hardware tool that use of Internet filters to block constitutionally protected speett, i rena Freectonns ave Une ig content om social networking and yaraing sites, comiprarnises First Asie core values of librarianship. Internet safety for children and adults is best addressed through educational programs that teach people how to find and evaluate information. Research demonstrates that filters consistently both over- and underblock the content they claim to filter. Filters often block adults and minors from accessing a wide range of constitutionally protected speech, Content filters are unreliable because computer code and algorithms are still unable to adequately interpret, assess, and categorize the complexities of human ‘communication, whether expressed in text or in image. Rating systems: Ratings or cybersecurity ratings are a data-driven, objective, and dynamic measurement of an organization's security posture. They are Created by a trusted, independent security rating platform making them valuable as an objective indicator of an organization's cybersecurity performance, Justa credit ratings and FICO scores aim (o provide a ‘quantitative measure of credit fisk, security ratings aim to provide a quantitative measure of cyber risk. The higher the security rating, the better the organization's security posture. Thousands of organizations like yours use security ratings as @ tool to understand and mitigate a variety of critical, interconnected internal and external security risks. Filters are software tools used to block access to unwanted material. By the 1990's, concerns about problematic content on on- line services had prompted the development of a range of content filter software and rating systems including the Platform for Internet Content Selection (’PICS'); for example, E-mail filters automatically deletes the bulk of unread e-mail messages ‘commonly known as ‘spam’ and can also be customized to delete incoming messages from particular sources. There can be site blocking fitters to screen out specified websites or websites containing specified keywords that the system presumes to relate to other objectionable content, Site blocking filters also may use 2 protocol. {€) list the classification of policies and laws regulating the content of the Internet. ‘Ans. The FFB published the Draft Online Regulation Policy on 4 March 2015 for public comment. With the increase in the use of portable devices for gaming and social networking, and the rise of highspeed broadband intemet, more content is accessible to all of us. The downside is that illegal and harmful content is more easily available than ever. This cantent can be especially harmful to children and that is why this policy is proposed. swor, ‘+ Anyone who distributors content (like Google or Apple), neue ‘+ Anyone who creates content for a commercial basis like online and gaming distributors, film distributors, or even someone who has their own blog), and ‘+ Internet users of the content, ‘Some Key Parts of the Online Regulation Policy ‘+ Asingle legislative regime that creates obligations to classify content across all media platforms ‘+ Clarity on the types of content to be classified (including self-generated content like uploaded images and videos) ‘+ Oversight and guidance from the Film and Publication Board Ignou Study Helper Page 7gets Tamou Stuy Here ‘www.ignousite.com Law) Sunt. Paonia 2 Covfegulation between the industry and the FPB (content may be dassfied by online Meritage gO classification guidelines and the Act, but subject to FPB’s oversight and review) The potential for breaches of online privacy has grown significantly over the years. There is no single law regulating online privacy. Instead, a patchwork of federal and state laws apply. Some key federal laws affecting online privacy include: + TheFederal trade Commision Aa -TOLISH4] a + Electronic Communications Privacy Act (EcPA) (1986) * Sal) ‘= Computer Fraud & Abuse Act (CFAA) [1986] ee ‘+ Children’s Online Privacy Protection Act (COPPA) [1998] '* Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) [2003] Financial Services Modernization Act (GLBA) [1999] © Fair and Accurate Credit Transactions Act (FACTA) [2003] Many states have also adopted laws affecting online privacy, for example, consumer protection statutes, laws that protect certain categories of P, information security laws, and data breach notification lave. {d) What are the regulations for cyberspace content in India? ‘Ans. In Inca, Information Technology Act, 2000 is the legistation which covers the domain of cyber law. The main objective of the Act is to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as ecommerce, which involve the use of alternatives to paper-based methods ‘of communication and storage of information to facilitate electronic filing of documents with the Government agencies Signatures: Any subscriber (i.e, a person in whose name the Digital Signature Certificate is issued) may authenticate ‘electronic record by affixing his Digital Signature. Electronic record means data record or data generated image or sound, stored, received or sent in an electronic form or microfilm or computer generated microfiche. Electronic Governance: Where any law provides submission of information in writing or in the typewritten or printed form, it will be sufficient compliance of law, if the same is sent in an electronic form. Further, if any statute provides for affixation of signature in any document, the some can be done by means of Digital Signature. Similarly, the filing of any form, application or any other doctiments with the Government Authorities and issue or grant of any licence, permit, sanction ar approval and any receipt acknowledging payment can be done by the Government offices by means 6f electronic form. Retention of documents, records, or information as provided in any law, can be done by maintaining electronic records, Any rule, regulation, order, by- law or notification can be published in the Official Gazette or Electronic Gazette. However, no Ministry or Department of Central Government or the state Government or any Authority established under any law can be insisted upon acceptance of a document only in the form of electronic record. Regulation of Certifying Authorities: The Central Government may appoint a Controller of Certifying Authority who shall ‘exercise supervision over the activities of Certifying Authorities: Digital Signature Certificate: Any person may make an application to the Certifying Authority for issue of Digital Signature Certificate, The Certifying Authority while issuing such certificate shall certify that it has complied with the provisions of the Act. Penalties and Adjudication: If any person without the permission of the owner, accesses the owner's computer, computer system or computer net-work or downloads copies or any extract or introduces any computer virus or damages computer, Ignou Study Helper Page 8Wy STuey HELPER wr ignousite.com = ae Poona va ‘computer system or computer net work data etc. he/ she shall be lable to pay damage by ‘compensation not exceeding Rupees One Crore to the person so effected, ‘The Appellate Tribunal: The section 48 of IT Act provides ‘that The Telecom Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatary Authority of India Act, 1997 shall, on and from the commencement of Part XIV of Chapter VI of the Finance Act, 2017, be the Appellate Tribunal for the purposes of this Act and the said Appellate Tribunal shall exercise the jurisdiction, powers and authority conferred on it by or under this Act. However, the Central Government shall specify, by notification, the matters and places in relation to which the Appellate Tribunal, may exercise Jurisdiction’. Under the act, the Central Government has the power to establish the Cyber Regulations Appellate Tribunal having power to entertain the cases of any person aggrieved by the Order made by the Controller of Certifying Authority or the Adjudicating Officer. {Q5: (a) What is cybercrime? Explain with the help of examples. List the classification of cyberetimes. ‘Ans. Cybercrime: Cybercrime is any criminal activity that involves @ computer, networked device ora network. ‘While most cybercrimes are carried out in order to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them. Feample of Cybercr 10" Hore, are same mast commonly nectiering Cyhiacrrimec: ‘+The fraud did by manipulating computer network iver, > euthapued acess tdarmotic ain of deta or arlcation ff eye ‘+ Intellectual property theft that includes software piracy fone ‘+ Industrial spying and access to or theft of computer materials tras ‘+ Writing or spreading computer viruses or malware ‘+ Digitally distributing child pornography Classifications of Cybercrimes: Cybercrimes in general can be classified into four categories: individual Cyber Crimes: This type is targeting individuals. it includes phishing, spoofing, spam, cyberstalking, and more. 2. Organisation Cyber Crimes: The main target here is organizations, Usually, this type of crime is done by teams of criminals including malware attacks and denial of service attacks: . Property Cybercrimes: This type targets property like credit cards or even intellectual property rights 4, Society Cybercrimes: This is the most dangerous form of cybercrime as it includes cyber-terrorism, {b) What are the Penalties as per the Section 43 of the Information Technology Act 2000? Explain the word contaminant in this context, ‘Ans. Information Technology Act. 2000 was enacted on 17th May, 2000 to provide legal recognition for electronic transactions ‘and facilitate E-Commerce, It was later amended by passing Information Technology (Amendment) Act, 2008, The following are the important objectives of Information Technology Act, 2000 : ‘+ Grant legal recognition to E-Transactions ‘+ Provide legal recognition to Digital Signatures for authentication ‘+ Facilitate E-Filing of data and information + Allow Electronic storage of data Ignou Study Helper-Sunil Poonia Page 9gets Tamou Stuy Here ‘www. ignousite.com Sumit Paonia ‘© Grant recognition to maintenance of books of accounts in Electronic Form Penalties, Compensation and Adjudication under Information Technology Act, 2000: Section 43: Where a person without the permission of owner or any other person-in-charge damage the Computer, ot ‘Computer System, or Computer Network, the he shall be liable for Penalty and Compensation to such person so affected ‘Any person committing dishonesty and fraudulence under the Act as specified in Section 43 above would be forced to remit a penalty of up to INR 5,00,000 and/or imprisonment of up to three years. (c) Describe in brief the procedure for adjudication under the Information Technology Act, 2000, ‘Ans. The Information Technology Act, 2000 was enacted by the Indian parliament to facilitate transactions carried out through the means of electronic data interchange, facilitate international trade, and as an alternative to paper-based methods of ‘communication and storage of information. The Act primarily provides legal acknowledgment to “electronic commerce” or “e- commerce” and provides a redressal mechanism even to the owner of a single computer, computer system, or computer network located in India that has been violated by a person belonging to any nationality. Here a brief the procedure for adjudication under the Information Technology Act, 2000. 2. Complaint filling: The first step in the adjudication process is to fle a complaint with the appropriate adjudicating officer. ‘The complaint must be in writing and should provide all the necessary details related to the dispute or violation. 2, Notice to the respondent: Once the complaint is received, the adjudicating officer issues a notice to the respondent, The notice will be containing the details of the complaint, the date and time of the hearing and other relevant information. 3, Hearing: The next step is the hearing, which is conducted by the adjusticating officer. The complaint and the respondent are required to appear before the officer and present their argument and evidence. 4. Order: After hearing both parties the adjudicating officer issues an order. The order may direct the respondent to pay ‘compensation impose penalties or fines or take any other necessary actions to resolve the dispute 5. Appeal: if any party is not satisfied with the order, they can file an appeal with the appropriate authority within 45 day of the order. In Conclusion, adjudication is an essential legal process under the IT Act, which provides a mechanism for resolving disputes ‘and violations related to information technology. It is a quasi-judicial process in which an adjudicating officer appointed by the government decided and violations of the IT Act. The process involves filling 3 Complaint, hearing and issuing an order, which can be appesled if any part is not satisfied with it {d) List various offences as per information Technology Act, 2000. ‘Ans. The increased rate of technology in computers has led to the enactment of Information Technology Act 2000. The converting of the paperwork into electronic records, the storage of the electronic data, has tremendously changed the scenario of the country. Offenses: Cyber offenses are the unlawful acts which aré carried in’ very Sophisticated manner in which either the computer is the tool or target or both, Cybercrime usually includes: (aj Unauthorized access of the computers (b) Data diddling (c] Virus/worms attack (d) Theft of computer system (e) Hacking (F} Denial of attacks (g) Logic bombs (h) Trojan attacks () Internet time theft () Web jacking (k) Email bombing (I) Salami attacks (m) Physically damaging computer system. setenesncistn eras non weastson epg