Unit 10: Policy and Procedures LH 3

• Computer Crime and Categories

• Cyber Crime
• Digital Forensics ( overview of (Digital Evidence, Investigation
Procedures, Categories of evidence (Impressions, Bioforensics,
Trace evidence, Material evidence))
• Intellectual Property Rights, Copyrights, Trademarks, Patents
Licenses, Agreements, Plagiarism, Digital rights management,
Privacy protection, Cyber Law, Electronic Transaction Act,
Electronics Transaction Rules, IT Policy, Information Security and
policies.
Computer Crime, Cyber Crime and Categories:

• Any illegal act involving a computer generally is referred to as a

computer crime.

• It is Offences that are committed against individuals or groups of

individuals with a criminal motive.

• Alternatively referred to as cyber crime, ecrime, electronic crime,

or hi-tech crime.

• Computer crime is an act performed by a computer Expert (hacker),

that illegally browses or steals a company's or individual's private
information.
• Common types of Computer Crime include
– Identity theft.
– Online predatory crimes and
– Unauthorized computer access.
– Hacking
– Phishing

Online predatory crimes:

– Online predators are internet users who exploit children and
teens for sexual and violent purposes. This may include child
grooming, engage in sexual activities, unwanted exposure of
materials and pictures, online harassment, threats to cause
fear or embarrassment.
Identity theft:
• This cybercrime occurs when a criminal gains access to a user’s
personal information to steal funds, access confidential information,
or participate in tax or health insurance fraud.
• They can also open a phone/internet account in your name, use your
name to plan a criminal activity and claim government benefits in
your name.
• They may do this by finding out user’s passwords through hacking,
retrieving personal information from social media, or sending
phishing emails.

Phishing:
• This type of attack involves hackers sending malicious email
attachments or URLs to users to gain access to their accounts or
computer.
• Cybercriminals are becoming more established and many of these .
Users are tricked into emails claiming they need to change their
password or update their billing information, giving criminals access.
Hacking
• Hackers steal or guess passwords to get into individual user
accounts, or exploit security weaknesses to steal large amounts of
data from companies.
• Major data breaches occur often, with companies losing their
customers’ personal or financial information, often costing a
company millions of dollars.

Unauthorized access
• When a person gains entry to a computer network, system,
application software, data, or other resources without
permission.
• Any access to an information system or network that violates the
owner or operator's stated security policy is considered unauthorized
access.
Computer Crime Categories
• Computer as the target
• Computer As the Instrumentality of the Crime
• Computer Is Incidental to Other Crimes
• Crimes Associated With the Prevalence of Computers.

Computer as the target:

• Crimes in which the computer is the target
include such offenses as theft of intellectual
property, theft of marketing information (e.g.,
customer lists, pricing data, or marketing plans),
or blackmail based on information gained from
computerized files (e.g., medical information,
personal history, or sexual preference).
Crimes Associated With the Prevalence of Computers
• The simple presence of computers, and notably the widespread
growth of microcomputers, generates new versions of fairly
traditional crimes.
• In these cases, technological growth essentially creates new crime
targets.
• Software piracy/ counterfeiting, copyright violation of computer
programs, counterfeit equipment, black market computer
equipment and programs, and theft of technological equipment fall
into this category of computer crime.
Computer As the Instrumentality of the Crime
• In this category, the processes of the computer, not the contents of
computer files, facilitate the crime.
• The criminal introduces a new code (programming instructions) to
manipulate the computer's analytical processes, thereby facilitating
the crime.
• Another method involves converting legitimate computer processes
for illegitimate purposes.

Computer Is Incidental to Other Crimes

• In this category of computer crime, the computer is not essential for
the crime to occur, but it is related to the criminal act.
• This means that the crime could occur without the technology;
however, computerization helps the crime to occur faster, permits
processing of greater amounts of information, and makes the crime
more difficult to identify and trace.
• Such crimes include money laundering, unlawful banking
transactions etc.
Cyber Crime
• Basically Computer crimes are related to criminal acts that are
committed through the use of computers.
• Cyber crime and Internet crime usually involves the use of
computers and the Internet or cyberspace.
Digital Forensics
• Digital Evidence
• Investigation Procedures
• Categories of evidence
– Impressions,
– Bio forensics,
– Trace evidence,
– Material evidence
Digital Forensics
• Digital forensic is a branch of forensic science that focuses on the
recovery and investigation of material found in digital devices
related to cybercrime.

• It is the process of identifying, preserving, analyzing, and

documenting digital evidence. This is done in order to present
evidence in a court of law when required.

• Digital Forensics helps the forensic team to

analyzes, inspect, identifies, and preserve the
digital evidence residing on various types of
electronic devices.
Steps of Digital Forensics
1. Identification
• First, find the evidence, noting where it is stored.
2. Preservation
• Next, isolate, secure, and preserve the data. This includes preventing
people from possibly tampering with the evidence.
3. Analysis
• Next, reconstruct fragments of data and draw conclusions based on
the evidence found.
4. Documentation
• Following that, create a record of all the data to recreate the crime
scene.
5. Presentation
• Lastly, summarize and draw a conclusion.
Digital Evidence

• Digital evidence, also known as electronic evidence, offers

information/data of value to a forensics investigation team.
• Some properties of Digital evidence are:
– Hidden, like fingerprints or DNA evidence
– Crosses jurisdictional borders quickly and easily
– Can be altered, damaged or destroyed with little effort
– Can be time sensitive
There are many sources of digital evidence but three major forensic
categories of devices where evidence can be found:
– Internet-based,
– stand-alone computers or devices, and
– mobile devices.
Categories of Digital Evidence

• Impression: Fingerprints, tool marks, footwear marks.

• Bio Forensics: Blood, body fluids, nail.
• Info Forensics: Binary Data fixed in any medium (Memory).
• Trace Evidence: This includes residues of thing used in the
committing of a crime.
• Material evidence: This includes physical materials such as folders,
letters, and scraps of papers that are found in the crime location.
Intellectual Property Rights:
• Intellectual property (IP) is any intangible asset that is created from an original
thought, such as an idea, name, content, design, invention or digital media.
• Intellectual property rights (IPR) refer to the rights of IP owners and authors.
• IP is divided into two categories:
▪ Industrial property
Invention
Patent
Trademark
Design
Service Marks
Goodwill
Geographical Indication
▪ Copyright
Plagiarism,
Literacy Creation,
Artistic Work ,
Performance,
Broadcasting
Copyrights:
• Copyright (or author’s right) is a legal term used to describe the
rights that creators have over their literary and artistic works.
• The creator has exclusive rights to determine and decide whether,
and under what conditions, this original work may be used by others
• Works covered by copyright range from books, music, paintings,
sculpture, and films, to computer programs, databases,
advertisements, maps, and technical drawings.
• Under current law in the U.S., works created after Jan. 1, 1978, are
afforded copyright protection for Lifetime of the author plus an
additional 70 years.
• A major limitation on copyright on ideas is that copyright protects
only the original expression of ideas, and not the underlying ideas
themselves
Trademark:
• A trademark can be any word, phrase, symbol, design, or a
combination of these things that identifies your goods or services.
It’s how customers recognize you in the marketplace and distinguish
you from your competitors.
• The trademark owner can be an individual, business organization,
or any legal entity

A trademark:
• Identifies the source of your goods or services.
• Provides legal protection for your brand.
• Helps you guard against counterfeiting and fraud.
Patent:
• A patent is a set of exclusive rights granted to an inventor or
assignee for a limited period (20 years) of time for any invention or
design.
• An invention is a solution to a specific technological problem and is
a product or a process.
• In basic terms, a patent allows the patent holder to stop others from
building his invention.
– Patent can be three types :
• Utility Patent
• Design Patent
• Plant Patent
Licensee
• A license is an agreement between two parties. The licensor allows
the licensee to do something (use the software, build an invention).
• In particular, a license may be issued by authorities, to allow an
activity that would otherwise be forbidden. It May require Paying a
fee and /or providing capability.
• Licensee Period for different organization is different:
Agreements:
• A negotiated and usually legally enforceable understanding between
two or more legally competent parties is called agreement.
• Although a binding contract can (and often does) result from an
agreement, an agreement typically documents the give and-take of a
negotiated settlement and a contract specifies the minimum
acceptable standard of performance.

Agreement may refer to:

• Agreement (linguistics) , a change in the form of a word depending
on grammatical features of another word
• Gentlemen's agreement, not enforceable by law
• Trade agreement, between countries
• Contract, enforceable in a court of
Plagiarism:
• Plagiarism is the "wrongful appropriation" and "stealing and
publication" of another author's "language, thoughts, ideas, or
expressions" and the representation of them as one's own original
work.
• Basically, plagiarism means: to steal and pass off (the ideas or words
of another) as one's own to use (another's production) without
crediting the source to commit literary theft to present as new and
original idea or product derived from an existing source
• In other words, plagiarism is an act of fraud.
• It involves both stealing someone else's work and lying about it
afterward.
Digital rights management (DRM)

• Digital rights management (DRM) is a systematic approach to

copyright protection for digital media.

• DRM technologies try to control the use, modification, and

distribution of copyrighted works (such as software and multimedia
content), as well as systems within devices that enforce these
policies.

• The purpose of DRM is to prevent unauthorized redistribution of

digital media and restrict the ways consumers can copy content
they've purchased.
• DRM products were developed in response to the rapid increase in
online piracy of commercially marketed material,

• Typically DRM is implemented by embedding code that prevents

copying, specifies a time period in which the content can be accessed
or limits the number of devices the media can be installed on.
Maintain DRM
• Limited Installation Activation:
– Activate with online server for Limited system

• Persistent Online Authentication

– Should activate by using company generated temporary key

• Product Keys
– Hardware Protection Like as Play station
Privacy protection:

Privacy protection is keeping the information you'd like to keep to

yourself from getting into the hands of companies, hackers,
government organizations, and other groups

Advantages of Privacy Protection

• Protect Your Personal Data
• Stop Unwanted Solicitations
• Protect Your Email Address

Disadvantages to Privacy Protection

• Privacy-Focused Products Cost Money
• Potential for Abuse
Cyber law
• Cyber law is also known as Internet Law.
• Cyber laws prevent or reduce large scale damage from
cybercriminal activities by protecting information access, privacy,
communications, intellectual property (IP) and freedom of speech
related to the use of the Internet, websites, email, computers, cell
phones, software and hardware, such as data storage devices.
• Cyber law applies to the internet and internet-related technologies.
• Cyber law provides legal protections to people using the internet.
• This includes both businesses and everyday citizens.
• Cyber law vary by jurisdiction and country, enforcement is
challenging.
Electronic Transaction Act(ETA):
• In Nepal ETA, 2063 establish legal provisions for the authentication and
regularization of the recognition, validity, integrity, and reliability of the
generation, production, processing, storage, communication, and transmission
system of electronic records by ensuring the reliability and security of transactions
carried out through electronic data exchange or any other means of electronic
communications.

Electronic Transaction Act 2063 has 12 chapters:

1. Preliminary Statement
2. The provisions related to electronic records and digital signatures
3. Provisions relating to Dispatch, Receipt, and Acknowledgement of Electronic
Records.
4. Provisions relating to controller and Certifying Authority
5. Provisions relating to Digital Signature and Certificates
6. Functions, Duties and Rights of Subscriber
7. Electronic record and government use of digital signature
8. Provisions relating to network service
9. Offence relating to computer
10. Provisions relating to Information Technology Tribunal
11. Provisions relating to Information technology Appellate Tribunal
12. Miscellaneous
Electronics Transaction Rules
• This rule, also called the Electronic Data Interchange, or EDI,
specifies how certain electronic transactions are transferred from
one computer to another.

Basic ETA Rules Are

• To Certify Electronic Record:
• Verification of Digital Signature:
• Secured Electronic Signature and Record:
• Quality Standard Concerning Information Technology to be
maintained by the Certifying Authority:
• Receipt of Acknowledgement of Electronic Record:
Cyber Law Issues In Nepal
• Cyber law differs from different countries and is the issues related to the activities over the
internet and other communication technology.

• It also maintains the privacy of the end user so that they would be safe from being a victim of
cybercrime.

• Cyber laws design a secure platform and also a standard model for
the advancement of cyber security.
•
• In Nepal, cyber law is also known as ETA (Electronic Transaction Act)
which deals with issues related to cybercrime and also help in making
and implementing laws over cybercrime.

• It has made different laws so that if anyone found having cybercrime

he/she will be punished according to the scene of the crime.

• He /she can be jailed for minimum from 6 months to maximum of 3

years and has to pay penalty according to the crime.
• The strongest challenge in the field of cyberlaw in Nepal is the
challenge of implement cyber laws.
• For the implementation of the law, people over the internet in Nepal
should have proper knowledge about the cybercrime and its
consequences.
• Without the knowledge of the cyber crimes and law people will have
no awareness of them.
• Maintaining the privacy in the cyberspace, creating the strong
passwords, updating the security software, updating password are
some of the techniques to keep secure him /her.
Information Technology (IT)Policy:
The policies to be pursued for the implementation of IT strategies
shall be as follows:
• To declare information technology sectors a prioritized sector.

• To follow a single-door system for the development of information

technology.

• To prioritize research and development of information technology.

• To create a conducive environment that will attract investment in

the private sector, keeping in view the private sector's role in the
development of information technology.

• To provide internet facilities to all Villages of the country in

phases.

• To render assistance to educational institutions and encourage

native and foreign training as a necessity of fulfilling the
requirement of qualified manpower in various fields pertaining to
information technology.
• To computerize the records of each governmental office and build
websites for them for the flow of information.

• To increase the use of computers in the private sector.

• To develop physical and virtual information technology park in

various places with the private sector's participation for the
development of information technology.

• To use information technology to promote e-commerce, e-education,

e-health, among others, and to transfer technology in rural areas.

• To establish National Information Technology Centre.

• To draft necessary laws that provides legal sanctions to the use of

information technology.
• To establish a national level fund by mobilizing the resources
obtained from Nepal Government, donor agencies, and private
sectors so as to contribute to research and development of
information technology and other activities pertaining to it.

• To establish venture capital funds with the joint participation of

public and private sectors

• To include computer education in the curriculum from the school

level and broaden its scope.

• To establish Nepal in the global market through the use of

information technology.
Information security and policies:
• Information security policy is a set of policies issued by an
organization to ensure that all information technology users within
the domain of the organization or its networks comply with rules
and guidelines related to the security of the information stored
digitally at any point in the network or within the organization's
boundaries of authority.

• In business, a security policy is a document that states in writing

how a company plans to protect the company's physical and
information technology (IT) assets.

• A security policy is often considered to be a "living document",

meaning that the document is never finished, but is continuously
updated as technology and employee requirements change.
• A company's security policy may include an acceptable use policy, a
description of how the company plans to educate its employees
about protecting the company's assets, an explanation of how
security measurements will be carried out and enforced, and a
procedure for evaluating the effectiveness of the security policy to
ensure that necessary corrections will be made.

• Every organization needs to protect its data and also control how it
should be distributed both within and without the organizational
boundaries.

• This may mean that information may have to be encrypted,

authorized through a third party or institution and may have
restrictions placed on its distribution with reference to a
classification system laid out in the information security policy.
• An example of the use of an information security policy might be in a
data storage facility which stores database records on behalf of medical
facilities.

• These records are sensitive and cannot be shared, under penalty of law,
with any unauthorized recipient whether a real person or another
device.

• An information security policy would be enabled within the software

that the facility uses to manage the data they are responsible for.

• In addition, workers would generally be contractually bound to comply

with such a policy and would have to have sight of it prior to operating
the data management software.

• A business might employ an information security policy to protect its

digital assets and intellectual rights in efforts to prevent theft of
industrial secrets and information that could benefit competitors.
• IT Policy : 2057
• First Cyber Law 30th Bhadra 2061
B.S. ( 15th September 2004 ).
• ETA, 2063