CYBER SECURITY LAWS

AND STANDARDS
NAME- ATUL BHIMRAO MAHALE
ROLL NO- 201837
TYBHMCT
 Brief about Cyber Law
“The modern thief can steal more with a computer than with a gun.
Tomorrow’s extremist may do more damage with a keyboard than or
with a bomb”

• Cyber space creates moral, civil and criminal wrongs. It has now given
a new way to express criminal tendencies

• Information technologies is encompassing all walks of life all over the

world

• Internet has dramatically changed the way we think, the way we

govern, the way we do commerce and the way we perceive ourselves
cyber space is open to participation by all.

• It has brought transition from paper to paperless world

 IT Act Amendment 2008
 The information technology amendment act 2008 has been
passed by the parliament on 23rd December 2008.
 It received the assent of president of India on 5th February
2009.
 The IT act 2008 has been notified on 27th October 2009.
 IT act 2008 is a new version old IT act 2000.
 Provides additional focus on information security.
 Added several new sections on offences including cyber
terrorism & data protection.
 124 sections & 14 chapters.
 Digital signature has been replaced with electronic signature.
 Sec 67 of the old act is amended.
 Amended Sec 69 gives power to the state.
 Cyber law
 Cyber law is the law governing cyber space
 Cyber space includes computers, networks, soft wards,
data storage devices (such as hard disks, USB disks), the
internet, websites, emails and even cell phones, ATM
machines

 Cyber law deals with

* Cyber crimes
* Electronic or digital signatures
* Intellectual properties
* Data protection & privacy
 Information Technology Act 2000
1. The Indian cyber laws are governed by the Information Technology Act, penned down back in 2000. The
principal impetus of this Act is to offer reliable legal inclusiveness to eCommerce, facilitating registration
of real-time records with the Government. But with the cyber attackers getting sneakier, topped by the
human tendency to misuse technology, a series of amendments followed.
The IT Act is the salient one, guiding the entire Indian legislation to govern cyber crimes rigorously:
● Section 43 - Applicable to people who damage the computer systems without permission from the owner.
The owner can fully claim compensation for the entire damage in such cases.
● Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing any act
referred to in section 43. The imprisonment term in such instances can mount up to three years or a fine of
up to Rs. 5 lakh.
● Section 66B - Incorporates the punishments for fraudulently receiving stolen communication devices or
computers, which confirms a probable three years imprisonment. This term can also be topped by Rs. 1
lakh fine, depending upon the severity.
● Section 66C - This section scrutinizes the identity thefts related to imposter digital signatures, hacking
passwords, or other distinctive identification features. If proven guilty, imprisonment of three years might
also be backed by Rs.1 lakh fine.
● Section 66 D - This section was inserted on-demand, focusing on punishing cheaters doing impersonation
using computer resources.
 Indian Penal Code (IPC) 1980
Identity thefts and associated cyber frauds are embodied in the
Indian Penal Code (IPC), 1860 - invoked along with the
Information Technology Act of 2000.
The primary relevant section of the IPC covers cyber frauds:
● Forgery (Section 464)
● Forgery pre-planned for cheating (Section 468)
● False documentation (Section 465)
● Presenting a forged document as genuine (Section 471)
● Reputation damage (Section 469)
 Companies Act of 2013
The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation
necessary for the refinement of daily operations. The directives of this Act cements all the
required techno-legal compliances, putting the less compliant companies in a legal fix.
The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds
Investigation Office) to prosecute Indian companies and their directors. Also, post the
notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has
become even more proactive and stern in this regard.
The legislature ensured that all the regulatory compliances are well-covered, including
cyber forensics, e-discovery, and cybersecurity diligence. The Companies (Management
and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity
obligations and responsibilities upon the company directors and leaders.
 NIST Compliance
The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards
and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable
global certifying body.
NIST Cybersecurity Framework encompasses all required guidelines, standards, and best
practices to manage the cyber-related risks responsibly. This framework is prioritized on
flexibility and cost-effectiveness. It promotes the resilience and protection of critical
infrastructure by:
● Allowing better interpretation, management, and reduction of cybersecurity risks – to
mitigate data loss, data misuse, and the subsequent restoration costs
● Determining the most important activities and critical operations - to focus on securing
them
● Demonstrates the trustworthiness of organizations who secure critical assets
● Helps to prioritize investments to maximize the cybersecurity ROI
● Addresses regulatory and contractual obligations
● Supports the wider information security program
 Cyber Security Standards
Cyber Security standard may be defined as the set of rules that an organization has to comply in
order to gain right for some particular things like for accepting online payment, for storing patient
data and so on. The standards consist of some of the basic rules that the organization is supposed
to obey in order to maintain compliance with any of the cybersecurity standards. Based on the
requirement of the enterprise or the organization, there are several different standards that they
can opt for to bring special capabilities. In some places, the government has its own standard that
anyone has to obey who is willing to work for the government.

1. ISO 27001: This is one of the common standards that adhere to the organization to
implement an Information security management system. It is comprised of the set of
procedures that states the rules and requirements which has to be satisfied in order to get
the organization certified with this standard. As per this standard, the organization is
supposed to keep all the technology up to date, the servers should exist without
vulnerabilities and the organization has to be audited after the specified interval to
remain compiled to this standard. It is an international standard and every organization
that serves other organization that complies with this standard is supposed to comply
with ISMS policy that is covered under ISO 27001 practice.
2. PCI DSS: PCI DSS stands for Payment Card Industry Data Security Standard. This
can be considered as the standard that has to be opted by the organization that accepts
payment through their gateway. The businesses that store user data like their name and
card related information must have to adopt this standard in their organization. As per
this compliance, the technologies used by the organization should be up-to-date and their
system should continuously undergo the security assessment to ensure that it is not
having any severe vulnerability. This standard was developed by the cluster of card
brands(American Express, Visa, MasterCard, JCB, and Discover).

3. HIPAA: HIPAA stands for Health Insurance Portability and Accountability Act. It is
the standard that the hospitals are supposed to follow to ensure that their patient’s data
are fully protected and cannot be leaked anyway. In order to comply with this standard,
the hospital must have a strong network security team who takes care of all the security
incidents, their quarterly security reports should be healthy, all the transaction has to be
done in encrypted mode and so on. This standard ensures that the critical health-related
information of the patient will remain secure so that the patient can feel safe about their
health.
4. FINRA: FINRA stands for Financial Industry Regulatory Authority. This standard is all about
making things secure for the financial bodies that handle the funds or aggressively engaged in
financial transactions. In this standard, the system is supposed to be highly secure and to comply with
this standard, various measures have to be considered in terms of data security and the user’s data
protection. It is one of the most essential standards that all the organizations based on finance are
supposed to comply with.

5. GDPR: GDPR stands for General Data Protection Regulation. It is a standard defined by the
European government which is concerned about the data protection of all the users. In this standard,
the body that has to manage the compliance has to make sure that the user’s data is secure and cannot
be accessed without proper authorization. As the name states, this standard mainly focuses on the
safety of the user’s data so that they can feel safe while sharing it with any of the organizations that
are complying with the General Data Protection Regulation.
THANK YOU