SlideShare uma empresa Scribd logo

Cyber Ethics Notes.pdf

A
AnupmaMunshi

Best BCA colleges in Delhi NCR JIMS Vasant Kunj New Delhi. cyber ethics is a part of curriculum of BCA 6TH Sem of BESTBCACOLLGE IN DELHI NCR. JIMS Vasant KunjII is the Top institute for BCA. JIMS is one of the Best BCA Colleges in Delhi which offers best placements in Top IT Companies in Delhi NCR. It is amongst the top A+ Category highest ranked colleges in Delhi, provides 3 years Regular Degree from UGC Approved University

Educação
1 de 44
Baixar para ler offline
Cyber Ethics Notes What is Cyber Security? The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks, programs, and data. And security is concerned with the protection of systems, networks, applications, and information. In some cases, it is also called electronic information security or information technology security. Some other definitions of cybersecurity are: "Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access." "Cyber Security is the set of principles and practices designed to protect our computing resources and online information against threats." Types of Cyber Security Every organization's assets are the combinations of a variety of different systems. These systems have a strong cybersecurity posture that requires coordinated efforts across all of its systems. Therefore, we can categorize cybersecurity in the following sub-domains: o Network Security: It involves implementing the hardware and software to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization to protect its assets against external and internal threats.
o Application Security: It involves protecting the software and devices from unwanted threats. This protection can be done by constantly updating the apps to ensure they are secure from attacks. Successful security begins in the design stage, writing source code, validation, threat modeling, etc., before a program or device is deployed. o Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. o Identity management: It deals with the procedure for determining the level of access that each individual has within an organization. o Operational Security: It involves processing and making decisions on handling and securing data assets. o Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are unauthorized access, device loss or theft, malware, etc. o Cloud Security: It involves in protecting the information stored in the digital environment or cloud architectures for the organization. It uses various cloud service providers such as AWS, Azure, Google, etc., to ensure security against multiple threats. o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event. o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event. Why is Cyber Security important? Today we live in a digital era where all aspects of our lives depend on the network, computer and other electronic devices, and software applications. All critical infrastructure such as the banking system, healthcare, financial institutions, governments, and manufacturing industries use devices connected to the Internet as a core part of their operations. Some of their information, such as intellectual property, financial data, and personal data, can be sensitive for unauthorized access or exposure that could have negative consequences. This information gives intruders and threat
actors to infiltrate them for financial gain, extortion, political or social motives, or just vandalism. Cyber-attack is now an international concern that hacks the system, and other security attacks could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity strategy to protect sensitive information from high-profile security breaches. Furthermore, as the volume of cyber-attacks grows, companies and organizations, especially those that deal with information related to national security, health, or financial records, need to use strong cybersecurity measures and processes to protect their sensitive business and personal information. Cyber Security Goals Cyber Security's main objective is to ensure data protection. The security community provides a triangle of three related principles to protect the data from cyber-attacks. This principle is called the CIA triad. The CIA model is designed to guide policies for an organization's information security infrastructure. When any security breaches are found, one or more of these principles has been violated. We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is actually a security model that helps people to think about various parts of IT security. Let us discuss each part in detail. Confidentiality Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves
ensuring the data is accessible by those who are allowed to use it and blocking access to others. It prevents essential information from reaching the wrong people. Data encryption is an excellent example of ensuring confidentiality. Integrity This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by threat actors or accidental user modification. If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event. In addition, it indicates to make the source of information genuine. Availability This principle makes the information to be available and useful for its authorized people always. It ensures that these accesses are not hindered by system malfunction or cyber-attacks. Types of Cyber Security Threats A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data, gain access to a network, or disrupts digital life in general. The cyber community defines the following threats available today: Malware Malware means malicious software, which is the most common cyber attacking tool. It is used by
the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the important types of malware created by the hacker: o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and spreads throughout a computer system, infecting files, stoles information, or damage device. o Spyware: It is a software that secretly records information about user activities on their system. For example, spyware could capture credit card details that can be used by the cybercriminals for unauthorized shopping, money withdrawing, etc. o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into downloading and running. Its primary purpose is to corrupt or steal data from our device or do other harmful activities on our network. o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption. o Worms: It is a piece of software that spreads copies of itself from device to device without human interaction. It does not require them to attach themselves to any program to steal or damage the data. o Adware: It is an advertising software used to spread malware and displays advertisements on our device. It is an unwanted program that is installed without the user's permission. The main objective of this program is to generate revenue for its developer by showing the ads on their browser. o Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data theft without the user's permission. Phishing Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text message with a link to persuade them to click on that links. This link will redirect them to fraudulent websites to provide sensitive data such as personal information, banking and credit card information, social security numbers, usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers to control devices remotely.
Man-in-the-middle (MITM) attack A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a cybercriminal intercepts a conversation or data transfer between two individuals. Once the cybercriminal places themselves in the middle of a two-party communication, they seem like genuine participants and can get sensitive information and return different responses. The main objective of this type of attack is to gain access to our business or customer data. For example, a cybercriminal could intercept data passing between the target device and the network on an unprotected Wi-Fi network. Distributed denial of service (DDoS) It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services, or network's regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure with Internet traffic. Here the requests come from several IP addresses that can make the system unusable, overload their servers, slowing down significantly or temporarily taking them offline, or preventing an organization from carrying out its vital functions. Brute Force A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible combinations until the correct information is discovered. Cybercriminals usually use this attack to obtain personal information about targeted passwords, login info, encryption keys, and Personal Identification Numbers (PINS). SQL Injection (SQLI) SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for backend database manipulation to access sensitive information. Once the attack is successful, the malicious actor can view, change, or delete sensitive company data, user lists, or private customer details stored in the SQL database. Domain Name System (DNS) attack A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data from affected computers. It is a severe cybersecurity risk because the DNS system is an essential element of the internet infrastructure.
Latest cyber threats The following are the latest cyber threats reported by the U.K., U.S., and Australian governments: Romance Scams The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat through dating sites, chat rooms, and apps. They attack people who are seeking a new partner and duping them into giving away personal data. Dridex Malware It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the public, government, infrastructure, and business worldwide. It infects computers through phishing emails or existing malware to steal sensitive information such as passwords, banking details, and personal data for fraudulent transactions. The National Cyber Security Centre of the United Kingdom encourages people to make sure their devices are patched, anti-virus is turned on and up to date, and files are backed up to protect sensitive data against this attack. Emotet Malware Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our device. The Australian Cyber Security Centre warned national organizations about this global cyber threat in 2019. The following are the system that can be affected by security breaches and attacks: o Communication: Cyber attackers can use phone calls, emails, text messages, and messaging apps for cyberattacks. o Finance: This system deals with the risk of financial information like bank and credit card detail. This information is naturally a primary target for cyber attackers. o Governments: The cybercriminal generally targets the government institutions to get confidential public data or private citizen information. o Transportation: In this system, cybercriminals generally target connected cars, traffic control systems, and smart road infrastructure. o Healthcare: A cybercriminal targets the healthcare system to get the information stored at a local
clinic to critical care systems at a national hospital. o Education: A cybercriminals target educational institutions to get their confidential research data and information of students and employees. Benefits of cyber security The following are the benefits of implementing and maintaining cybersecurity: o Cyber attacks and data breach protection for businesses. o Data and network security are both protected. o Unauthorized user access is avoided. o After a breach, there is a faster recovery time. o End-user and endpoint device protection. o Regulatory adherence. o Continuity of operations. o Developers, partners, consumers, stakeholders, and workers have more faith in the company's reputation and trust. Cyber Safety Tips Let us see how to protect ourselves when any cyber-attacks happen. The following are the popular cyber safety tips: Conduct cybersecurity training and awareness: Every organization must train their staffs on cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be successful. If the staff does unintentional or intentional malicious activities, it may fail the best technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct security training and awareness for staff through seminars, classes, and online courses that reduce security violations. Update software and operating system: The most popular safety measure is to update the software and O.S. to get the benefit of the latest security patches. Use anti-virus software: It is also useful to use the anti-virus software that will detect and removes unwanted threats from your device. This software is always updated to get the best level of protection.
Perform periodic security reviews: Every organization ensures periodic security inspections of all software and networks to identify security risks early in a secure environment. Some popular examples of security reviews are application and network penetration testing, source code reviews, architecture design reviews, and red team assessments. In addition, organizations should prioritize and mitigate security vulnerabilities as quickly as possible after they are discovered. Use strong passwords: It is recommended to always use long and various combinations of characters and symbols in the password. It makes the passwords are not easily guessable. Do not open email attachments from unknown senders: The cyber expert always advises not to open or click the email attachment getting from unverified senders or unfamiliar websites because it could be infected with malware. Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use insecure networks because they can leave you vulnerable to man-in-the-middle attacks. Backup data: Every organization must periodically take backup of their data to ensure all sensitive data is not lost or recovered after a security breach. In addition, backups can help maintain data integrity in cyber-attack such as SQL injections, phishing, and ransom ware. The objective of Cybersecurity is to protect information from being stolen, compromised or attacked. Cybersecurity can be measured by at least one of three goals- 1. Protect the confidentiality of data. 2. Preserve the integrity of data. 3. Promote the availability of data for authorized users. These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. The CIA triad is a security model that is designed to guide policies for information security within the premises of an organization or company. This model is also referred to as the AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central Intelligence Agency. The elements of the triad are considered the three most crucial components of security. The CIA criteria are one that most of the organizations and companies use when they have installed a new application, creates a database or when guaranteeing access to some data. For data to be completely secure, all of these security goals must come into
effect. These are security policies that all work together, and therefore it can be wrong to overlook one policy. The CIA triad are- 1. Confidentiality Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information. It involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content. It prevents essential information from reaching the wrong people while making sure that the right people can get it. Data encryption is a good example to ensure confidentiality. Tools for Confidentiality
Encryption Encryption is a method of transforming information to make it unreadable for unauthorized users by using an algorithm. The transformation of data uses a secret key (an encryption key) so that the transformed data can only be read by using another secret key (decryption key). It protects sensitive data such as credit card numbers by encoding and transforming data into unreadable cipher text. This encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-key are the two primary types of encryption. Access control Access control defines rules and policies for limiting access to a system or to physical or virtual resources. It is a process by which users are granted access and certain privileges to systems, resources or information. In access control systems, users need to present credentials before they can be granted access such as a person's name or a computer's serial number. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security. Authentication An authentication is a process that ensures and confirms a user's identity or role that someone has. It can be done in a number of different ways, but it is usually based on a combination of- o something the person has (like a smart card or a radio key for storing secret keys), o something the person knows (like a password), o something the person is (like a human with a fingerprint). Authentication is the necessity of every organizations because it enables organizations to keep their networks secure by permitting only authenticated users to access its protected resources. These resources may include computer systems, networks, databases, websites and other network-based applications or services. Authorization Authorization is a security mechanism which gives permission to do or have something. It is used to determine a person or system is allowed access to resources, based on an access control policy, including computer programs, files, services, data and application features. It is normally preceded by authentication for user identity verification. System
administrators are typically assigned permission levels covering all system and user resources. During authorization, a system verifies an authenticated user's access rules and either grants or refuses resource access. Physical Security Physical security describes measures designed to deny the unauthorized access of IT assets like facilities, equipment, personnel, resources and other properties from damage. It protects these assets from physical threats including theft, vandalism, fire and natural disasters. 2. Integrity Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from unauthorized user modification. It is the property that information has not be altered in an unauthorized way, and that source of the information is genuine. Tools for Integrity Backups
Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in the event when the original data or data files are lost or destroyed. It is also used to make copies for historical purposes, such as for longitudinal studies, statistics or for historical records or to meet the requirements of a data retention policy. Many applications especially in a Windows environment, produce backup files using the .BAK file extension. Checksums A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words, it is the computation of a function that maps the contents of a file to a numerical value. They are typically used to compare two sets of data to make sure that they are the same. A checksum function depends on the entire contents of a file. It is designed in a way that even a small change to the input file (such as flipping a single bit) likely to results in different output value. Data Correcting Codes It is a method for storing data in such a way that small changes can be easily detected and automatically corrected. 3. Availability Availability is the property in which information is accessible and modifiable in a timely fashion by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized people. Tools for Availability o Physical Protections o Computational Redundancies Physical Protections Physical safeguard means to keep information available even in the event of physical challenges. It ensure sensitive information and critical information technology are housed in secure areas.
Computational redundancies It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve as fallbacks in the case of failures. Cyber Security Principles The UK internet industry and Government recognized the need to develop a series of Guiding Principles for improving the online security of the ISPs' customers and limit the rise in cyber-attacks. Cybersecurity for these purposes encompasses the protection of essential information, processes, and systems, connected or stored online, with a broad view across the people, technical, and physical domains. These Principles recognize that the ISPs (and other service providers), internet users, and UK Government all have a role in minimizing and mitigating the cyber threats inherent in using the internet. These Guiding Principles have been developed to respond to this challenge by providing a consistent approach to help, inform, educate, and protect ISPs' (Internet Service Provider's) customers from online crimes. These Guiding Principles are aspirational, developed and delivered as a partnership between Government and ISPs. They recognize that ISPs have different sets of customers, offer different levels of support and services to protect those customers from cyber threats. Some of the essential cybersecurity principles are described below- Skip Ad
1. Economy of mechanism 2. Fail-safe defaults 3. Least Privilege 4. Open Design 5. Complete mediation 6. Separation of Privilege 7. Least Common Mechanism 8. Psychological acceptability 9. Work Factor 10. Compromise Recording
1. Economy of mechanism This principle states that Security mechanisms should be as simple and small as possible. The Economy of mechanism principle simplifies the design and implementation of security mechanisms. If the design and implementation are simple and small, fewer possibilities exist for errors. The checking and testing process is less complicated so that fewer components need to be tested. Interfaces between security modules are the suspect area which should be as simple as possible. Because Interface modules often make implicit assumptions about input or output parameters or the current system state. If the any of these assumptions are wrong, the module's actions may produce unexpected results. Simple security framework facilitates its understanding by developers and users and enables the efficient development and verification of enforcement methods for it. 2. Fail-safe defaults The Fail-safe defaults principle states that the default configuration of a system should have a conservative protection scheme. This principle also restricts how privileges are initialized when a subject or object is created. Whenever access, privileges/rights, or some security-related attribute is not explicitly granted, it should not be grant access to that object. Example: If we will add a new user to an operating system, the default group of the user should have fewer access rights to files and services. 3. Least Privilege This principle states that a user should only have those privileges that need to complete his task. Its primary function is to control the assignment of rights granted to the user, not the identity of the user. This means that if the boss demands root access to a UNIX system that you administer, he/she should not be given that right unless he/she has a task that requires such level of access. If possible, the elevated rights of a user identity should be removed as soon as those rights are no longer needed. 4. Open Design
This principle states that the security of a mechanism should not depend on the secrecy of its design or implementation. It suggests that complexity does not add security. This principle is the opposite of the approach known as "security through obscurity." This principle not only applies to information such as passwords or cryptographic systems but also to other computer security related operations. Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a cryptographic algorithm that protects the DVD movie disks from unauthorized copying. 5. Complete mediation The principle of complete mediation restricts the caching of information, which often leads to simpler implementations of mechanisms. The idea of this principle is that access to every object must be checked for compliance with a protection scheme to ensure that they are allowed. As a consequence, there should be wary of performance improvement techniques which save the details of previous authorization checks, since the permissions can change over time. Whenever someone tries to access an object, the system should authenticate the access rights associated with that subject. The subject's access rights are verified once at the initial access, and for subsequent accesses, the system assumes that the same access rights should be accepted for that subject and object. The operating system should mediate all and every access to an object. Example: An online banking website should require users to sign-in again after a certain period like we can say, twenty minutes has elapsed. 6. Separation of Privilege This principle states that a system should grant access permission based on more than one condition being satisfied. This principle may also be restrictive because it limits access to system entities. Thus before privilege is granted more than two verification should be performed. Example: To su (change) to root, two conditions must be met- o The user must know the root password. o The user must be in the right group (wheel). 7. Least Common Mechanism
This principle states that in systems with multiple users, the mechanisms allowing resources shared by more than one user should be minimized as much as possible. This principle may also be restrictive because it limits the sharing of resources. Example: If there is a need to be accessed a file or application by more than one user, then these users should use separate channels to access these resources, which helps to prevent from unforeseen consequences that could cause security problems. 8. Psychological acceptability This principle states that a security mechanism should not make the resource more complicated to access if the security mechanisms were not present. The psychological acceptability principle recognizes the human element in computer security. If security- related software or computer systems are too complicated to configure, maintain, or operate, the user will not employ the necessary security mechanisms. For example, if a password is matched during a password change process, the password changing program should state why it was denied rather than giving a cryptic error message. At the same time, applications should not impart unnecessary information that may lead to a compromise in security. Example: When we enter a wrong password, the system should only tell us that the user id or password was incorrect. It should not tell us that only the password was wrong as this gives the attacker information. 9. Work Factor This principle states that the cost of circumventing a security mechanism should be compared with the resources of a potential attacker when designing a security scheme. In some cases, the cost of circumventing ("known as work factor") can be easily calculated. In other words, the work factor is a common cryptographic measure which is used to determine the strength of a given cipher. It does not map directly to cyber security, but the overall concept does apply. Example: Suppose the number of experiments needed to try all possible four character passwords is 244 = 331776. If the potential attacker must try each experimental password at a terminal, one might consider a four-character password to be satisfactory. On the other hand, if the potential attacker could use an astronomical computer capable of trying a million passwords per second, a four-letter password would be a minor barrier for a potential intruder. 10. Compromise Recording
The Compromise Recording principle states that sometimes it is more desirable to record the details of intrusion that to adopt a more sophisticated measure to prevent it. Example: The servers in an office network may keep logs for all accesses to files, all emails sent and received, and all browsing sessions on the web. Another example is that Internet-connected surveillance cameras are a typical example of a compromise recording system that can be placed to protect a building. Cyber Laws in India and Information Technology Act – o  Cyber law is important because it touches almost all aspects of transactions and activities and on involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal angles.  With the Computer and internet taking over every aspect of our life, there was a need for strong cyber law. The article aims to understand the cyber legislations in India and the offences relating to the use of or concerned with the abuse of computers or other electronic gadgets.  Cyber law in India is not a separate legal framework. It is a combination of contract, intellectual property, data protection, and privacy laws.  Cyber laws supervise the digital circulation of information, software, information security, e-commerce, and monetary transactions. Introduction: The dawn of cyber laws in India started with the boom in globalization and computerization in India. The number of cyber-crimes registered each year in India is shocking and it is only getting worse. This is because the pool of gullible prey for cyber
conmen has shot up with India going digital. This calls for a basic understanding of the laws that govern the cyber space in India. The Cyber Laws in India or the Information Technology Act, 2000 was amended in 2008 to include cyber-crimes related to banking and financial transactions. Cyber Law Regulatory framework under the Information Technology Act in India: India enacted the Information Technology Act, 2000 (“IT Act”) on 09 June 2000. The IT Act now becomes the law of land in India which in general terms is also known as Cyber Law. The IT Act is based on the UNCITRAL model law on e-commerce. The preamble of the IT Act simply indicates that the Act is centered on affording legal recognition to transactions carried out electronically. However, the scope of the IT Act goes much beyond its preamble. It covers multiple areas including data protection and security, cybercrimes, adjudication of cyber disputes, government mandated surveillance of digital communication, and intermediary liability. The following Act, Rules, and regulations are included under cyber laws. 1. Information Technology Act,2000 2. Information Technology (Certifying Authorities) Rules,2000 3. Information Technology (Security Procedure) Rules, 2004 4. Information Technology (Certifying Authority) Regulations, 2001 5. The Indian Evidence Act, 1872 6. The Bankers Books Evidence Act, 1891 Emerging technologies, explosion of digital business models and a substantial increase in the instances of cybercrimes have triggered the government to take steps to fast track the process of amending the IT Act. In a cyber-crime, computer or the data itself is the target or the object of offence or a tool in committing some other offence, providing the necessary inputs for that offence. All such acts of crime will come under the broader definition of cyber-crime. Cyber law encompasses laws relating to:
 Cyber crimes  Electronic and digital signatures  Intellectual property  Data protection and privacy Penalty for Damage to Computer, Computer Systems, etc. under the IT Act: Under this law, there is a provision for imposition of penalty in case of any non- compliance. The following are some of the penalty provisions as prescribed under the law.  Tampering with Computer source documents: -Hazardous chemical processing units have to ensure that vessels, pipes, valves should be tested periodically to curb down such accidents.  Sending offensive messages through communication service: -Imprisonment, which may extend up to three years with fine.  Violation of Privacy: -Imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.  Publication for fraudulent purposes: -Imprisonment up to two years or with fine which may extend up to one lakh rupees, or with both  Publishing of Absence information in electronic form: -Imprisonment up to ten years, or with fine which may extend up to two lakh rupees, or with both. Importance of Cyber Law in India: In today’s techno-savvy environment, the internet is treated as a research and information sharing tool. Since the number of internet users is on the rise, it gives birth to Cyber Crimes. All issues relating to cybercrime or internet crime are dealt with through Cyber Law. So, to get the remedy against Cyber Crime, the need for Cyber-law arises.
Cyber-law is important in a country like India where the internet is used to a large extent. The law is enacted to save people and organizations from cybercrime and other internet- related crimes. It protects the privacy of every individual and organization. Before the enactment of Cyber-law, no specific law existed in India to deal with cybercrime. As per rules and regulations of the Cyber-law, a person who commits cybercrime is liable to get punishment. If anyone violates and breaks the provisions of the law, then it allows another person or organization to take legal action against that person. The requirement of Cyber Law can arise as under:  o  Nowadays as all the transactions related to shares are done in Demat form, anyone who is associated with these transactions requires internet and protection under Cyber Law in case of any fraudulent transaction.  Most of the companies in India keep their official data in electronic form. To avoid the misuse of such data, a company can need the assistance of this law.  Due to the rapid growth of technology, various Government forms like ITR return, Service tax returns are filled in electronic form. Anyone can by hacking the government portal sites easily misuse those forms. Only under cyber law, you are eligible to get remedy against this type of fraud.  People are using credit cards and debit cards for shopping purposes. However, some frauds through the internet clone those credit cards and debit cards. Card cloning is a technique where someone with the help of the internet easily obtains your card details. With the help of Cyber law, you can easily trace such criminals.  Digital Signatures and e-contracts are the most common methods of transacting business. Anyone who is associated with such digital Signatures and e-contracts can easily make fraud by misusing them. Cyber law protects you against such type of fraud. Prevention of Cyber Crime: Anyone using the internet should exercise some basic precautions. Following are some basic precautions:  a) Use a full-service internet security suite: For instance, Norton Security provides real- time protection against existing and emerging malware including ransomware and viruses, and helps protect your private and financial information when you go online.  b) Use strong passwords.
 c) Keep your software updated.  d) Manage your social media settings. Conclusion: With the adoption of the IT Act, India is now one of the few countries in the world that have a separate law to deal with IT issues and crimes. This has now paved the way for incredible growth in the fields of e-commerce and internet transactions which has, in turn, resulted in advanced economic growth. Regardless, the implementation of the Act along with its counterpart, the IT Rules, has been successful in tackling cyber-crimes so far. With the ever-growing world of new technology and expanding cyberspace, we aren’t yet aware of what kind of cyber- crimes may arise. Cyber law is the appropriate law to provide a remedy against Cybercrime. At present, people who commit cyber-crime offenses think twice about the cyber law, before committing any such offenses. The law helps in decreasing the rate of cybercrime offenses. Cyberspace Cyberspace can be defined as an intricate environment that involves interactions between people, software, and services. It is maintained by the worldwide distribution of information and communication technology devices and networks. With the benefits carried by the technological advancements, the cyberspace today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups. The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it. Cyber security
Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents. ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System. The Ministry of Communication and Information Technology under the government of India provides a strategy outline called the National Cybersecurity Policy. The purpose of this government body is to protect the public and private infrastructure from cyber- attacks. Cybersecurity Policy The cybersecurity policy is a developing mission that caters to the entire field of Information and Communication Technology (ICT) users and providers. It includes −  Home users  Small, medium, and large Enterprises  Government and non-government entities It serves as an authority framework that defines and guides the activities associated with the security of cyberspace. It allows all sectors and organizations in designing suitable cybersecurity policies to meet their requirements. The policy provides an outline to effectively protect information, information systems and networks. It gives an understanding into the Government’s approach and strategy for security of cyber space in the country. It also sketches some pointers to allow collaborative working across the public and private sectors to safeguard information and information systems. Therefore, the aim of this policy is to create a cybersecurity framework, which leads to detailed actions and programs to increase the security carriage of cyberspace. Cyber Crime The Information Technology Act 2000 or any legislation in the Country does not describe or mention the term Cyber Crime. It can be globally considered as the gloomier face of technology. The only difference between a traditional crime and a cyber-crime is that the cyber-crime involves in a crime related to computers. Let us see the following example to understand it better − Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the house. Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer, hacks the computer of Ram and steals the data saved in Ram’s computer without physically touching the computer or entering in Ram’s house. The I.T. Act, 2000 defines the terms −
 access in computer network in section 2(a)  computer in section 2(i)  computer network in section (2j)  data in section 2(0)  information in section 2(v). To understand the concept of Cyber Crime, you should know these laws. The object of offence or target in a cyber-crime are either the computer or the data stored in the computer. Nature of Threat Among the most serious challenges of the 21st century are the prevailing and possible threats in the sphere of cybersecurity. Threats originate from all kinds of sources, and mark themselves in disruptive activities that target individuals, businesses, national infrastructures, and governments alike. The effects of these threats transmit significant risk for the following −  public safety  security of nations  stability of the globally linked international community Malicious use of information technology can easily be concealed. It is difficult to determine the origin or the identity of the criminal. Even the motivation for the disruption is not an easy task to find out. Criminals of these activities can only be worked out from the target, the effect, or other circumstantial evidence. Threat actors can operate with considerable freedom from virtually anywhere. The motives for disruption can be anything such as −  simply demonstrating technical prowess  theft of money or information  extension of state conflict, etc. Criminals, terrorists, and sometimes the State themselves act as the source of these threats. Criminals and hackers use different kinds of malicious tools and approaches. With the criminal activities taking new shapes every day, the possibility for harmful actions propagates.
Enabling People The lack of information security awareness among users, who could be a simple school going kid, a system administrator, a developer, or even a CEO of a company, leads to a variety of cyber vulnerabilities. The awareness policy classifies the following actions and initiatives for the purpose of user awareness, education, and training −  A complete awareness program to be promoted on a national level.  A comprehensive training program that can cater to the needs of the national information security (Programs on IT security in schools, colleges, and universities).  Enhance the effectiveness of the prevailing information security training programs. Plan domain-specific training programs (e.g., Law Enforcement, Judiciary, E-Governance, etc.)  Endorse private-sector support for professional information security certifications. Information Technology Act The Government of India enacted The Information Technology Act with some major objectives which are as follows −  To deliver lawful recognition for transactions through electronic data interchange (EDI) and other means of electronic communication, commonly referred to as electronic commerce or E-Commerce. The aim was to use replacements of paper-based methods of communication and storage of information.  To facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the
Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto. The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I. T. Act got the President’s assent on June 9, 2000 and it was made effective from October 17, 2000. By adopting this Cyber Legislation, India became the 12th nation in the world to adopt a Cyber Law regime. Intellectual property rights are the legal rights that cover the privileges given to individuals who are the owners and inventors of a work, and have created something with their intellectual creativity. Individuals related to areas such as literature, music, invention, etc., can be granted such rights, which can then be used in the business practices by them. The creator/inventor gets exclusive rights against any misuse or use of work without his/her prior information. However, the rights are granted for a limited period of time to maintain equilibrium. The following list of activities which are covered by the intellectual property rights are laid down by the World Intellectual Property Organization (WIPO) −  Industrial designs  Scientific discoveries  Protection against unfair competition  Literary, artistic, and scientific works  Inventions in all fields of human endeavor  Performances of performing artists, phonograms, and broadcasts  Trademarks, service marks, commercial names, and designations  All other rights resulting from intellectual activity in the industrial, scientific, literary, or artistic fields
Types of Intellectual Property Rights Intellectual Property Rights can be further classified into the following categories −  Copyright  Patent  Patent  Trade Secrets, etc. Advantages of Intellectual Property Rights Intellectual property rights are advantageous in the following ways −  Provides exclusive rights to the creators or inventors.  Encourages individuals to distribute and share information and data instead of keeping it confidential.  Provides legal defense and offers the creators the incentive of their work.  Helps in social and financial development. Intellectual Property Rights in India To protect the intellectual property rights in the Indian territory, India has defined the formation of constitutional, administrative and jurisdictive outline whether they imply the copyright, patent, trademark, industrial designs, or any other parts of the intellectual property rights. Back in the year 1999, the government passed an important legislation based on international practices to safeguard the intellectual property rights. Let us have a glimpse of the same −
 The Patents (Amendment) Act, 1999, facilitates the establishment of the mail box system for filing patents. It offers exclusive marketing rights for a time period of five years.  The Trade Marks Bill, 1999, replaced the Trade and Merchandise Marks Act, 1958  The Copyright (Amendment) Act, 1999, was signed by the President of India.  The sui generis legislation was approved and named as the Geographical Indications of Goods (Registration and Protection) Bill, 1999.  The Industrial Designs Bill, 1999, replaced the Designs Act, 1911.  The Patents (Second Amendment) Bill, 1999, for further amending the Patents Act of 1970 in compliance with the TRIPS. Intellectual Property in Cyber Space Every new invention in the field of technology experiences a variety of threats. Internet is one such threat, which has captured the physical marketplace and have converted it into a virtual marketplace. To safeguard the business interest, it is vital to create an effective property management and protection mechanism keeping in mind the considerable amount of business and commerce taking place in the Cyber Space. Today it is critical for every business to develop an effective and collaborative IP management mechanism and protection strategy. The ever-looming threats in the cybernetic world can thus be monitored and confined. Various approaches and legislations have been designed by the law-makers to up the ante in delivering a secure configuration against such cyber-threats. However it is the duty of the intellectual property right (IPR) owner to invalidate and reduce such mala fide acts of criminals by taking proactive measures. Salient Features of I.T Act The salient features of the I.T Act are as follows −  Digital signature has been replaced with electronic signature to make it a more technology neutral act.  It elaborates on offenses, penalties, and breaches.  It outlines the Justice Dispensation Systems for cyber-crimes.
 It defines in a new section that cyber café is any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.  It provides for the constitution of the Cyber Regulations Advisory Committee.  It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.  It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957. Scheme of I.T Act The following points define the scheme of the I.T. Act −  The I.T. Act contains 13 chapters and 90 sections.  The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with the amendments to the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 were deleted.  It commences with Preliminary aspect in Chapter 1, which deals with the short, title, extent, commencement and application of the Act in Section 1. Section 2 provides Definition.  Chapter 2 deals with the authentication of electronic records, digital signatures, electronic signatures, etc.  Chapter 11 deals with offences and penalties. A series of offences have been provided along with punishment in this part of The Act.  Thereafter the provisions about due diligence, role of intermediaries and some miscellaneous provisions are been stated.  The Act is embedded with two schedules. The First Schedule deals with Documents or Transactions to which the Act shall not apply. The Second Schedule deals with electronic signature or electronic authentication technique and procedure. The Third and Fourth Schedule are omitted. Application of the I.T Act As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents or transactions specified in First Schedule. Following are the documents or transactions to which the Act shall not apply −  Negotiable Instrument (Other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881;
 A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;  A trust as defined in section 3 of the Indian Trusts Act, 1882;  A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition;  Any contract for the sale or conveyance of immovable property or any interest in such property;  Any such class of documents or transactions as may be notified by the Central Government. Amendments Brought in the I.T Act The I.T. Act has brought amendment in four statutes vide section 91-94. These changes have been provided in schedule 1-4.  The first schedule contains the amendments in the Penal Code. It has widened the scope of the term "document" to bring within its ambit electronic documents.  The second schedule deals with amendments to the India Evidence Act. It pertains to the inclusion of electronic document in the definition of evidence.  The third schedule amends the Banker's Books Evidence Act. This amendment brings about change in the definition of "Banker's-book". It includes printouts of data stored in a floppy, disc, tape or any other form of electromagnetic data storage device. Similar change has been brought about in the expression "Certified-copy" to include such printouts within its purview.  The fourth schedule amends the Reserve Bank of India Act. It pertains to the regulation of fund transfer through electronic means between the banks or between the banks and other financial institution. Intermediary Liability Intermediary, dealing with any specific electronic records, is a person who on behalf of another person accepts, stores or transmits that record or provides any service with respect to that record. According to the above mentioned definition, it includes the following −  Telecom service providers  Network service providers  Internet service providers  Web-hosting service providers  Search engines  Online payment sites
 Online auction sites  Online market places and cyber cafes Highlights of the Amended Act The newly amended act came with following highlights −  It stresses on privacy issues and highlights information security.  It elaborates Digital Signature.  It clarifies rational security practices for corporate.  It focuses on the role of Intermediaries.  New faces of Cyber Crime were added. Cyber Forensics or Computer Forensics is the application of investigation that makes use of analysis techniques to gather and preserve data as evidence from particular computing devices. The computing devices must be a suitable machine or device that is presentable in the court of law. The main objective or goal of Cyber Forensics is to perform a structured investigation process through the maintenance of a documented evidence chain to find out the situation of what happened on a computing device and the person responsible for it. Investigators majorly use cyber Forensic. Investigators use a variety of proprietary softwares and techniques that have forensic applications and use these applications to examine or search hidden copies or folders and unallocated disc spaces of multiple damaged, deleted, or encrypted files or folders. Investigators use all the evidence found as a digital copy and then document it as a ‘finding report’ and later verify them with the initial preparation for a presentation at legal proceedings that involve actual litigation or discovery, or depositions. Computer or Cyber forensics has evolved as a well-known area of scientific expertise, with accompanying certification and coursework.
Handling of digital evidence In the private sector, the response to cybersecurity incidents (e.g., a distributed denial of service attack, unauthorized access to systems, or data breach) includes specific procedures that should be followed to contain the incident, to investigate it and/or to resolve the cybersecurity incident (Cyber Security Coalition, 2015). There two primary ways of handling a cybersecurity incident: recover quickly or gather evidence (Cyber Security Coalition, 2015): The first approach, recover quickly, is not concerned with the preservation and/or collection of data but the containment of the incident to minimize harm. Because of its primary focus on swift response and recovery, vital evidence could be lost. The second approach, monitors the cybersecurity incident and focuses on digital forensic applications in order to gather evidence of and information about the incident. Because of its primary focus of evidence collection, the recovery from the cybersecurity incident is delayed. These approaches are not exclusive to the private sector. The approach taken by the private sector varies by organization and the priorities of the organization. Digital evidence is volatile and fragile and the improper handling of this evidence can alter it. Because of its volatility and fragility, protocols need to be followed to ensure that data is not modified during its handling (i.e., during its access, collection, packaging, transfer, and storage). These protocols delineate the steps to be followed when handling digital evidence. There are four phases involved in the initial handling of digital evidence: identification, collection, acquisition, and preservation Identification In the identification phase, preliminary information is obtained about the cybercrime case prior to collecting digital evidence. This preliminary information is similar to that which is sought during a traditional criminal investigation. The investigator seeks to answer the following questions:  Who was involved?  What happened?  When did the cybercrime occur?  Where did the cybercrime occur?  How did the cybercrime occur?
The answers to these questions will provide investigators with guidance on how to proceed with the case. For example, the answer to the question "where did this crime occur?" - that is, within or outside of a country's - will inform the investigator on how to proceed with the case (e.g., which agencies should be involved and/or contacted). In the identification phase, cybercrime investigators use many traditional investigative techniques especially with respect to information and evidence gathering. For example, victims, witnesses, and suspects of a cybercrime are interviewed to gather information and evidence of the cybercrime under investigation. Undercover law enforcement investigations have also been conducted to identify, investigate, and prosecute cybercriminals .Additionally, cybercrime investigators have conducted covert surveillance. This tactic is a "particularly intrusive method for collecting evidence. The use of covert surveillance measures involves a careful balancing of a suspect's right to privacy against the need to investigate serious criminality. Provisions on covert surveillance should fully respect "the rights of the suspect. There have been various decisions of international human rights bodies and courts on the permissibility of covert surveillance and the parameters of these measures" (UNODC, 2010, p. 13). Even malware has been used by law enforcement agencies to conduct surveillance in order to gather information about and evidence of cybercrime. Before digital evidence collection begins, the investigator must define the types of evidence sought. Digital evidence can be found on digital devices, such as computers, external hard drives, flash drives, routers, smartphones, tablets, cameras, smart televisions, Internet-enabled home appliances (e.g., refrigerators and washing machines), and gaming consoles (to name a few), as well as public resources (e.g., social media platforms, websites, and discussion forums) and private resources (e.g. Internet service providers logs of user activity; communication service providers business records; and cloud storage providers records of user activity and content). Many applications, websites, and digital devices utilize cloud storage services. Users' data can thus be stored wholly or in fragments by many different providers in servers in multiple locations Because of this, retrieving data from these providers is challenging The evidence sought will depend on the cybercrime under investigation. If the cybercrime under investigation is identity-related fraud, then digital devices that are seized will be searched for evidence of this crime (e.g., evidence of a fraudulent transactions or fraudulent transactions).
Collection With respect to cybercrime, the crime scene is not limited to the physical location of digital devices used in the commissions of the cybercrime and/or that were the target of the cybercrime. The cybercrime crime scene also includes the digital devices that potentially hold digital evidence, and spans multiple digital devices, systems, and servers. The crime scene is secured when a cybercrime is observed, reported, and/or suspected. The first responder by isolating the users of all digital devices found at the crime scene (e.g., holding them in a separate room or location). The users must not be given the opportunity to further operate the digital devices. Neither should the first responder nor the investigator seek the assistance of any user during the search and documentation process. The investigator, if different from the first responder, searches the crime scene and identifies the evidence. Before evidence is collected, the crime scene is documented. Documentation is needed throughout the entire investigative process (before, during, and after the evidence has been acquired). This documentation should include detailed information about the digital devices collected, including the operational state of the device - on, off, standby mode - and its physical characteristics, such as make, model, serial number, connections, and any markings or other damage (Casey, 2011; Sammons, 2012; Maras, 2014; Nelson, Phillips, and Steuart, 2015). In addition to written notes, sketches, photographs and/or video recordings of the crime scene and evidence are also needed to document the scene and evidence (Maras, 2014, pp. 230-233). Acquisition Different approaches to performing acquisition exist. The approach taken depends on the type of digital device. For example, the procedure for acquiring evidence from a computer hard drive is different from the procedure required to obtain digital evidence from mobile devices, such as smartphones. Unless live acquisition is performed, evidence is extracted from the seized digital devices at the forensic laboratory (i.e., static acquisition). At the forensics laboratory, digital evidence should be acquired in a manner that preserves the integrity of the evidence (i.e., ensuring that the data is unaltered); that is, in a forensically
sound manner (see Cybercrime Module 4 on Introduction to Digital Forensics). To achieve this, the tools and techniques used to acquire digital evidence must prevent alterations to the data or when this is not possible, at the very least minimize them (SWGDE Best Practices for Computer Forensic Acquisitions, 2018). The tools and techniques used should be valid and reliable (NIST, n.d.; SWGDE Recommended Guidelines for Validation Testing, 2014; US National Institute of Justice, 2007b). The limitations of these tools and techniques should be identified and considered before their use (SWGDE Best Practices for Computer Forensic Acquisitions, 2018). The US National Institute of Standards and Technology has a searchable digital forensics tools database with tools with various functionalities (e.g., cloud forensics tools, among others) (for more information on digital forensics tools, see Cybercrime Module 4 on Introduction to Digital Forensics). Preservation Evidence preservation seeks to protect digital evidence from modification. The integrity of digital evidence should be maintained in each phase of the handling of digital evidence (ISO/IEC 27037). First responders, investigators, crime scene technicians, and/or digital forensics experts must demonstrate, wherever possible, that digital evidence was not modified during the identification, collection, and acquisition phase; the ability to do so, of course, depends on the digital device (e.g., computer and mobile phones) and circumstances encountered by them (e.g., need to quickly preserve data). To demonstrate this, a chain of custody must be maintained. The chain of custody is "the process by which investigators preserve the crime (or incident) scene and evidence throughout the life cycle of a case. It includes information about who collected the evidence, where and how the evidence was collected, which individuals took possession of the evidence, and when they took possession of it" (Maras, 2014, 377; Cybercrime Module 4 on Introduction to Digital Forensics). In the chain of custody, the names, titles, and contact information of the individuals who identified, collected, and acquired the evidence should be documented, as well as any other individuals the evidence was transferred to, details about the evidence that was transferred, the time and date of transfer, and the purpose of the transfer. Analysis and Reporting
In addition to the handling of digital evidence, the digital forensics process also involves the examination and interpretation of digital evidence ( analysis phase), and the communication of the findings of the analysis ( reporting phase). During the analysis phase, digital evidence is extracted from the device, data is analysed, and events are reconstructed. Before the analysis of the digital evidence, the digital forensics analyst in the laboratory must be informed of the objectives of the search, and provided with some background knowledge of the case and any other information that was obtained during the investigation that can assist the forensics analyst in this phase (e.g., IP address or MAC addresses). Various forms of analyses are performed depending on the type of digital evidence sought, such as network, file system, application, video, image, and media analysis Files are analysed to determine their origin, and when and where the data was created, modified, accessed, downloaded, or uploaded, and the potential connection of these files on storage devices to, for example, remote storage, such as cloud-based storage (Carrier, 2005). The type of digital evidence (e.g., emails, text messages, geolocation, Word processing documents, images, videos, and chat logs) sought depends on the cybercrime case. Generally, there are four types of analyses that can be performed on computers: time- frame analysis; ownership and possession analysis; application and file analysis; and data hiding analysis. The time-frame analysis seeks to create a timeline or time sequence of actions using time stamps (date and time) that led to an event or to determine the time and date a user performed some action (US National Institute of Justice, 2004b). This analysis is performed to attribute a crime to a perpetrator or at the very least attribute an act that led to a crime to particular individual (US National Institute of Justice, 2004b); there are, however, challenges in validating time-frame analysis results (see "Note" box). The ownership and possession analysis is used to determine the person who created, accessed, and/or modified files on a computer system (US National Institute of Justice, 2004b). For instance, this analysis may reveal an image of child sexual abuse material (i.e., the "representation, by whatever means, of a child engaged in real or simulated explicit sexual activities or representation of the sexual parts of a child for primarily sexual purposes"; Article 2, United Nations Optional Protocol to the Convention on the Rights of the Child on the Sale of Children, Child Prostitution, and Child Pornography of 2000) on a suspect's device. This piece of information alone is not enough to prove ownership of child sexual abuse material. Further evidence is needed to prove this such as exclusive use of the computer where the material was found. The application and file analysis is performed to examine applications and files on a computer system to
determine the perpetrator's knowledge of and intent and capabilities to commit cybercrime (for example, the labelling or name of the file may indicate the contents of the file; e.g., the file name can be the cybercrime victim's name) (US National Institute of Justice, 2004b). Deleted Files When a file is deleted on a computer, it is placed in the Recycle Bin or Trash. If the Recycle Bin or Trash of trash is emptied (i.e., by the deletion of content), the files that were deleted are removed from the file allocation table, which archives file names and locations on hard drives (Maras, 2014). The space where the file resides is marked as free space (i.e., unallocated space) after it is deleted but the file still resides in that space (at least until it is fully or partially overwritten by new data) (Maras, 2014) As the US National Institute of Justice concluded, "[i]n and of themselves, results obtained from any one of these ….[analyses] may not be sufficient to draw a conclusion. When viewed as a whole, however, associations between individual results may provide a more complete picture" (p. 18). The purpose of these analyses is crime reconstruction (or event reconstruction). Event reconstruction seeks to determine who was responsible for the event, what happened, where did the event occur, when did the event take place, and howthe event unfolded, through the identification, collation, and linkage of data (revealing the "big picture" or essence of an event). Event reconstruction can involve a temporal analysis (i.e., the determination of the time events occurred and the sequence of these events), relational analysis (i.e., the determination of the individuals involved and what they did, and the association and relationships between these individuals), and functional analysis (i.e., assessment of the performance and capabilities of systems and devices involved in events) (Casey, 2010; Casey, 2011; Kao, 2016). Overall, event reconstruction is performed to prove or disprove a working hypothesis concerning the case (i.e., educated guess concerning the sequence of acts that led to an event) (ENFSI, 2015). Digital forensics The digital forensics process involves the: search, acquisition, preservation, and maintenance of digital evidence; description, explanation and establishment of the origin of digital evidence and its significance; the analysis of evidence and its validity,
reliability, and relevance to the case; and the reporting of evidence pertinent to the case (Maras, 2014). Various digital forensics methodologies have been developed and adopted. In 2001, the Digital Forensic Research Workshop, "a non-profit, volunteer organization, ….[dedicated to] sponsoring technical working groups, annual conferences and challenges to help drive the direction of research and development," developed a model based on the United States Federal Bureau of Investigation's protocol for physical crime scene searches, which includes seven phases: identification, preservation, collection, examination, analysis, presentation, and decision (Palmer, 2001, p. 14) (see Figure 1). Figure 1. Palmer, Gary. (2001). DFRWS Technical Report: A Road Map for Digital Forensic Research. Digital Forensic Research Workshop. Utica, New York. p. 24 In 2002, another digital forensics model was proposed, which was based on the 2001 Digital Forensic Research Workshop model and the United States Federal Bureau of
Investigation's crime scene search protocol (for physical crime scenes) (Reith, Carr, and Gunsch, 2002). This model ("The Abstract Digital Forensics Model") had nine phases (Baryamureeba and Tushabe, 2004, 3):  identification (i.e., "recognizes an incident from indicators and determines its type");  preparation (i.e., "preparation of tools, techniques, search warrants, and monitoring authorizations and management support");  approach strategy (i.e., "develops a procedure to use in order to maximize the collection of untainted evidence while minimizing the impact to the victim");  preservation (i.e., "the isolation, securing and preservation of the state of physical and digital evidence");  collection (i.e., "recording of the physical scene and duplicate digital evidence using standardized and accepted procedures");  examination (i.e., "an in-depth systematic search of evidence relating to the suspected crime");  analysis (i.e., "determination of the significance, reconstructing fragments of data and drawing conclusions based on evidence found");  presentation (i.e., "summary and explanation of conclusions"); and  returning evidence (i.e., "physical and digital property is returned to proper owner"). In 2003, the Integrated Digital Investigation Model (see Figure 2) was proposed, which is a more holistic investigative approach that has five basic stages, each with its own phases readiness (i.e., assess ability of operations and infrastructure to support investigation); deployment (i.e., incident detected, appropriate personnel notified, and authorization for investigation is obtained - e.g., legal order for law enforcement investigations, supervisor authorization for private investigations); physical crime scene investigation (i.e., secure crime scene, identify relevant physical evidence, document crime scene, collect physical evidence at crime scene, examine this evidence, reconstruct crime scene events, and present findings in court); digital crime scene investigation (i.e., secure and identify relevant digital evidence, document the evidence, acquire, and analyse it, reconstruct events, and present findings in court); and review(i.e., once the investigation is concluded, an assessment is made to identify lessons learned).
Figure 2. Integrated Digital Investigation Process Phases: Carrier, Brian D. and Eugene H. Spafford. (2003). Getting physical with the digital investigation process. International Journal of Digital Evidence, Vol. 2(2), p. 6. In 2006, the United States National Institute of Standards and Technology proposed a four-phase digital forensics model (see Figure 3) the collection phase, which includes the identification of evidence at the scene, and its labelling, documentation, and ultimate collection; examination phase wherein the appropriate forensic tools and techniques to be used to extract relevant digital evidence, while preserving its integrity, are determined; analysis phase whereby the evidence extracted is evaluated to determine its usefulness and applicability to the case; and the reporting phase, which includes the actions performed during the digital forensics process and the presentation of the findings. Figure 3. National Institute of Standards and Technology, four-phase digital investigation model proposed in SP 800-86: Kent, Karen et al. (2006). Guide to Integrating Forensic Techniques into Incident Response. National Institute of Standards and Technology. p. 25. The above-mentioned models are based on the assumptions that all of the phases are completed for each crime and cybercrime investigation (Rogers et al., 2006). In practice, however, this is not always the case. Because the volumes of data and the digital devices collecting, storing, and sharing data have exponentially expanded, resulting in more criminal cases involving some type of digital device, it is increasingly being considered impractical to conduct in-depth examinations of each digital device. As
Casey, Ferraro, and Nguyen (2009) pointed out, "few [digital forensics laboratories] can still afford to create a forensic duplicate of every piece of media and perform an in-depth forensic examination of all data on those media… It makes little sense to wait for the review of each piece of media if only a handful of them will provide data of evidentiary significance" (p. 1353). In view of that, digital forensics process models have been developed that take this into consideration. For instance, Rogers et. al (2006) proposed the Cyber Forensic Field Triage Process Model (CFFTPM), "an onsite or field approach" digital forensics process model "for providing the identification, analysis and interpretation of digital evidence in a short time frame, without the requirement of having to take the system(s)/media back to the lab for an in-depth examination or acquiring a complete forensic image(s)" (p. 19). Building on this model, Casey, Ferraro, and Nguyen (2009) proposed "three levels of forensic examination" that can be used in the field or in the lab:  Survey/triage forensics inspection. This inspection is conducted to quickly review potential sources of evidence and prioritize certain sources for examination based on the importance of the type of evidence they could contain and the volatility of the evidence (Casey, Ferraro, and Nguyen, 2009, pp. 1353 and 1356).  Preliminary forensic examination. To speed up the digital forensics process, a preliminary forensic examination is conducted on the sources identified during the survey/triage forensics inspection phase to find information that could be used in the investigation to obtain direct, circumstantial, or other corroborative evidence of a matter asserted (Casey, Ferraro, and Nguyen, 2009, pp. 1353 and 1356-1359). The failure to find forensic artefacts (i.e., data that may be relevant to a digital forensics investigation) during this examination, which could potentially happen because they were overlooked, does not automatically mean that an in-depth forensic examination will not be conducted (this depends on the case and policies and procedures of those conducting the examination).  In-depth forensic examination. All sources of evidence are examined. This type of examination is often conducted "when evidence destruction is suspected, when additional questions arise and when a case nears trial" (Casey, Ferraro, and Nguyen, 2009, p. 1359). The viability and relevance of each model and its components continues to be debated today (Valjarevic and Venter, 2015; Du, Le-Khac, and Scanlon, 2017). The reality is that each country follows its own digital forensics standards, protocols and procedures. However, differences in processes serve as an impediment to international cooperation in law enforcement investigations
Ethics can be understood from a normative and prescriptive perspective. It refers to a body of well-based standards of right and wrongs that prescribe what humans must do in terms of rights, obligations, fairness, virtues and benefits. Ethical standards includes the right to choose, the right to privacy, the right to freedom and expression among others that are founded and supported by well-founded reasons. The second definition is founded on the continuous effort to access the moral beliefs and conducts of society and can be defined as the study and development of personal standards, behavior, feelings, laws and regulations. Overview In the Internet, people can feel invisible and do things they normally would not do in person or in public – things they understand it is wrong to do. The Internet is becoming an indispensable tool in life and it is becoming increasingly important to dust off the concept of cyberspace ethics. Common terms such as cyber citizenship, cyber ethics and netiquette are becoming commonly used to refer to cyber social behavior. The terms refer to the things that people do online when no one is watching. Children are using Internet at an increased rate than before and cyber ethics as emerged as a common denominator to instilling good e-habits at an early age. The unfortunate thing is that children armed with computers can instill serious damages and harm irrespective of whether they are trying to be mischievous or intentionally commit cybercrimes. Cybercrime is not limited to young people who are getting to know technological offerings alone. Government agencies, businesses, consumers and the general public have become victims of cyber-attacks. Attacks on US infrastructure in 2008 originating from Middle East and causing serious digital beachhead as well the case of Bradley Manning, a US Military specialist who leaked thousands of classified information to Whistle-blowing website Wikileak highlight just a few of the cyber crimes and their damaging effects. The recent attack on Target that saw 70 million customers encrypted PIN stolen is another wakeup call for policy makers and businesses demonstrating the magnitude of cyber war. Though these attacks can be thought as spanning a wide spectrum, they just highlight the difficulties of enforcing cyber etiquette (Sembok, 2013). There has been contention as to whether there is a difference between ethics in the real world and
that in online platforms. While the answer to some might seem obvious, there is a greater disconnect between ethics in the real world and cyberspace. For instance, in a poll conducted on elementary and middle school kids, half of them reported that they don’t believe that hacking is a real crime. This assertion emanating from a tender age group just highlights the divide between real world and online ethics and stress on the need for parents and educational groups to initiate intensive programs on ethical behavior especially in the cyber space

Recomendados

Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber SecurityPrashant Sharma
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer CrimeAlexander Zhuravlev
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Hacking
HackingHacking
HackingSharique Masood
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsRitikaSharma238
 

Recomendados

Cyber Crime And Cyber Security
Cyber Crime And Cyber SecurityCyber Crime And Cyber Security
Cyber Crime And Cyber SecurityPrashant Sharma
 
Internet security powerpoint
Internet security powerpointInternet security powerpoint
Internet security powerpointArifa Ali
 
Cyber crime types
Cyber crime typesCyber crime types
Cyber crime typeskiran yadav
 
Types Of Computer Crime
Types Of Computer CrimeTypes Of Computer Crime
Types Of Computer CrimeAlexander Zhuravlev
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and SecurityNoushad Hasan
 
Hacking
HackingHacking
HackingSharique Masood
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsRitikaSharma238
 
Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Cyberspace
CyberspaceCyberspace
CyberspaceUtchi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101April Mardock CISSP
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Securitymfaheemakhtar
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber CrimeMazhar Nazik
 
cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888 cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888Varun Mathur
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And EthicsMadhushree Shettigar
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber TerrorismShivam Lohiya
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethicsiallen
 
Digital property rights
Digital property rightsDigital property rights
Digital property rightsHimanshu Pathak
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime AwarenessSibesh Singh
 
Cyber crime
Cyber crime Cyber crime
Cyber crime Jayant Raj
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKaushal Solanki
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethicspoonam.rwalia
 
cyber crime
cyber crimecyber crime
cyber crimeSaba MuShtaq
 
Cyber Space
Cyber SpaceCyber Space
Cyber SpaceDINESH KAMBLE
 
Cyber security
Cyber securityCyber security
Cyber securityPihu Goel
 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docxTanushreeChakraborty27
 

Mais conteúdo relacionado

Mais procurados

Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security9784
 
Cyberspace
CyberspaceCyberspace
CyberspaceUtchi
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and securitySharath Raj
 
Cyber threats
Cyber threatsCyber threats
Cyber threatskelsports
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Securitymfaheemakhtar
 
cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888 cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888Varun Mathur
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethicsiallen
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime AwarenessSibesh Singh
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber securityKaushal Solanki
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapanTapan Khilar
 
Cyber security
Cyber securityCyber security
Cyber securityPihu Goel
 

Mais procurados (20)

Presentation on cyber security
Presentation on cyber securityPresentation on cyber security
Presentation on cyber security
 
Cyberspace
CyberspaceCyberspace
Cyberspace
 
Cyber crime and security
Cyber crime and securityCyber crime and security
Cyber crime and security
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
Cyber threats
Cyber threatsCyber threats
Cyber threats
 
Basic Internet Security
Basic Internet SecurityBasic Internet Security
Basic Internet Security
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888 cyber crime and privacy issues by varun call for assistence 8003498888
cyber crime and privacy issues by varun call for assistence 8003498888
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And Ethics
 
Cyber Terrorism
Cyber TerrorismCyber Terrorism
Cyber Terrorism
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
Digital property rights
Digital property rightsDigital property rights
Digital property rights
 
Cybercrime Awareness
Cybercrime AwarenessCybercrime Awareness
Cybercrime Awareness
 
Cyber crime
Cyber crime Cyber crime
Cyber crime
 
Cyber crime and cyber security
Cyber crime and cyber securityCyber crime and cyber security
Cyber crime and cyber security
 
Cyber crime & security final tapan
Cyber crime & security final tapanCyber crime & security final tapan
Cyber crime & security final tapan
 
Computer Ethics
Computer EthicsComputer Ethics
Computer Ethics
 
cyber crime
cyber crimecyber crime
cyber crime
 
Cyber Space
Cyber SpaceCyber Space
Cyber Space
 
Cyber security
Cyber securityCyber security
Cyber security
 

Semelhante a Cyber Ethics Notes.pdf

Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
 
Exposing Cybercriminals Tactics: Understanding the Threat Landscape
Exposing Cybercriminals Tactics: Understanding the Threat LandscapeExposing Cybercriminals Tactics: Understanding the Threat Landscape
Exposing Cybercriminals Tactics: Understanding the Threat Landscapecyberprosocial
 
Chapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxChapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxAschalewAyele2
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxSkippedltd
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxInfosectrain3
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityIllumeo
 
Information security
Information securityInformation security
Information securityIshaRana14
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptxmuskaangoel15
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxSharmilaMore5
 
Exploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat LandscapeExploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat Landscapecyberprosocial
 

Semelhante a Cyber Ethics Notes.pdf (20)

Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
 
Exposing Cybercriminals Tactics: Understanding the Threat Landscape
Exposing Cybercriminals Tactics: Understanding the Threat LandscapeExposing Cybercriminals Tactics: Understanding the Threat Landscape
Exposing Cybercriminals Tactics: Understanding the Threat Landscape
 
Chapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptxChapter 5 Selected Topics in computer.pptx
Chapter 5 Selected Topics in computer.pptx
 
Module 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptxModule 1Introduction to cyber security.pptx
Module 1Introduction to cyber security.pptx
 
Cybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptxCybersecurity Vs Information Security.pptx
Cybersecurity Vs Information Security.pptx
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
 
Shailendra Pandey.ppt
Shailendra Pandey.pptShailendra Pandey.ppt
Shailendra Pandey.ppt
 
Information security
Information securityInformation security
Information security
 
ppt on securities.pptx
ppt on securities.pptxppt on securities.pptx
ppt on securities.pptx
 
THESIS-2(2)
THESIS-2(2)THESIS-2(2)
THESIS-2(2)
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptxChap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
Chap 1 Fundamentals of Cyber Security _ Intr to Cyber types.pptx
 
Infocrimeppt
InfocrimepptInfocrimeppt
Infocrimeppt
 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
 
Exploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat LandscapeExploring Cyber Attack Types: Understanding the Threat Landscape
Exploring Cyber Attack Types: Understanding the Threat Landscape
 

Último

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 

Último (20)

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 

Cyber Ethics Notes.pdf

  • 1. Cyber Ethics Notes What is Cyber Security? The technique of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is security. Cyber refers to the technology that includes systems, networks, programs, and data. And security is concerned with the protection of systems, networks, applications, and information. In some cases, it is also called electronic information security or information technology security. Some other definitions of cybersecurity are: "Cyber Security is the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, theft, damage, modification or unauthorized access." "Cyber Security is the set of principles and practices designed to protect our computing resources and online information against threats." Types of Cyber Security Every organization's assets are the combinations of a variety of different systems. These systems have a strong cybersecurity posture that requires coordinated efforts across all of its systems. Therefore, we can categorize cybersecurity in the following sub-domains: o Network Security: It involves implementing the hardware and software to secure a computer network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps an organization to protect its assets against external and internal threats.
  • 2. o Application Security: It involves protecting the software and devices from unwanted threats. This protection can be done by constantly updating the apps to ensure they are secure from attacks. Successful security begins in the design stage, writing source code, validation, threat modeling, etc., before a program or device is deployed. o Information or Data Security: It involves implementing a strong data storage mechanism to maintain the integrity and privacy of data, both in storage and in transit. o Identity management: It deals with the procedure for determining the level of access that each individual has within an organization. o Operational Security: It involves processing and making decisions on handling and securing data assets. o Mobile Security: It involves securing the organizational and personal data stored on mobile devices such as cell phones, computers, tablets, and other similar devices against various malicious threats. These threats are unauthorized access, device loss or theft, malware, etc. o Cloud Security: It involves in protecting the information stored in the digital environment or cloud architectures for the organization. It uses various cloud service providers such as AWS, Azure, Google, etc., to ensure security against multiple threats. o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event. o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization responds when any malicious activity is causing the loss of operations or data. Its policies dictate resuming the lost operations after any disaster happens to the same operating capacity as before the event. Why is Cyber Security important? Today we live in a digital era where all aspects of our lives depend on the network, computer and other electronic devices, and software applications. All critical infrastructure such as the banking system, healthcare, financial institutions, governments, and manufacturing industries use devices connected to the Internet as a core part of their operations. Some of their information, such as intellectual property, financial data, and personal data, can be sensitive for unauthorized access or exposure that could have negative consequences. This information gives intruders and threat
  • 3. actors to infiltrate them for financial gain, extortion, political or social motives, or just vandalism. Cyber-attack is now an international concern that hacks the system, and other security attacks could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity strategy to protect sensitive information from high-profile security breaches. Furthermore, as the volume of cyber-attacks grows, companies and organizations, especially those that deal with information related to national security, health, or financial records, need to use strong cybersecurity measures and processes to protect their sensitive business and personal information. Cyber Security Goals Cyber Security's main objective is to ensure data protection. The security community provides a triangle of three related principles to protect the data from cyber-attacks. This principle is called the CIA triad. The CIA model is designed to guide policies for an organization's information security infrastructure. When any security breaches are found, one or more of these principles has been violated. We can break the CIA model into three parts: Confidentiality, Integrity, and Availability. It is actually a security model that helps people to think about various parts of IT security. Let us discuss each part in detail. Confidentiality Confidentiality is equivalent to privacy that avoids unauthorized access of information. It involves
  • 4. ensuring the data is accessible by those who are allowed to use it and blocking access to others. It prevents essential information from reaching the wrong people. Data encryption is an excellent example of ensuring confidentiality. Integrity This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized modification by threat actors or accidental user modification. If any modifications occur, certain measures should be taken to protect the sensitive data from corruption or loss and speedily recover from such an event. In addition, it indicates to make the source of information genuine. Availability This principle makes the information to be available and useful for its authorized people always. It ensures that these accesses are not hindered by system malfunction or cyber-attacks. Types of Cyber Security Threats A threat in cybersecurity is a malicious activity by an individual or organization to corrupt or steal data, gain access to a network, or disrupts digital life in general. The cyber community defines the following threats available today: Malware Malware means malicious software, which is the most common cyber attacking tool. It is used by
  • 5. the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following are the important types of malware created by the hacker: o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files and spreads throughout a computer system, infecting files, stoles information, or damage device. o Spyware: It is a software that secretly records information about user activities on their system. For example, spyware could capture credit card details that can be used by the cybercriminals for unauthorized shopping, money withdrawing, etc. o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into downloading and running. Its primary purpose is to corrupt or steal data from our device or do other harmful activities on our network. o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for decryption. o Worms: It is a piece of software that spreads copies of itself from device to device without human interaction. It does not require them to attach themselves to any program to steal or damage the data. o Adware: It is an advertising software used to spread malware and displays advertisements on our device. It is an unwanted program that is installed without the user's permission. The main objective of this program is to generate revenue for its developer by showing the ads on their browser. o Botnets: It is a collection of internet-connected malware-infected devices that allow cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized access, and data theft without the user's permission. Phishing Phishing is a type of cybercrime in which a sender seems to come from a genuine organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a target or targets via email, phone, or text message with a link to persuade them to click on that links. This link will redirect them to fraudulent websites to provide sensitive data such as personal information, banking and credit card information, social security numbers, usernames, and passwords. Clicking on the link will also install malware on the target devices that allow hackers to control devices remotely.
  • 6. Man-in-the-middle (MITM) attack A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a cybercriminal intercepts a conversation or data transfer between two individuals. Once the cybercriminal places themselves in the middle of a two-party communication, they seem like genuine participants and can get sensitive information and return different responses. The main objective of this type of attack is to gain access to our business or customer data. For example, a cybercriminal could intercept data passing between the target device and the network on an unprotected Wi-Fi network. Distributed denial of service (DDoS) It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers, services, or network's regular traffic by fulfilling legitimate requests to the target or its surrounding infrastructure with Internet traffic. Here the requests come from several IP addresses that can make the system unusable, overload their servers, slowing down significantly or temporarily taking them offline, or preventing an organization from carrying out its vital functions. Brute Force A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all possible combinations until the correct information is discovered. Cybercriminals usually use this attack to obtain personal information about targeted passwords, login info, encryption keys, and Personal Identification Numbers (PINS). SQL Injection (SQLI) SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for backend database manipulation to access sensitive information. Once the attack is successful, the malicious actor can view, change, or delete sensitive company data, user lists, or private customer details stored in the SQL database. Domain Name System (DNS) attack A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data from affected computers. It is a severe cybersecurity risk because the DNS system is an essential element of the internet infrastructure.
  • 7. Latest cyber threats The following are the latest cyber threats reported by the U.K., U.S., and Australian governments: Romance Scams The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat through dating sites, chat rooms, and apps. They attack people who are seeking a new partner and duping them into giving away personal data. Dridex Malware It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the public, government, infrastructure, and business worldwide. It infects computers through phishing emails or existing malware to steal sensitive information such as passwords, banking details, and personal data for fraudulent transactions. The National Cyber Security Centre of the United Kingdom encourages people to make sure their devices are patched, anti-virus is turned on and up to date, and files are backed up to protect sensitive data against this attack. Emotet Malware Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our device. The Australian Cyber Security Centre warned national organizations about this global cyber threat in 2019. The following are the system that can be affected by security breaches and attacks: o Communication: Cyber attackers can use phone calls, emails, text messages, and messaging apps for cyberattacks. o Finance: This system deals with the risk of financial information like bank and credit card detail. This information is naturally a primary target for cyber attackers. o Governments: The cybercriminal generally targets the government institutions to get confidential public data or private citizen information. o Transportation: In this system, cybercriminals generally target connected cars, traffic control systems, and smart road infrastructure. o Healthcare: A cybercriminal targets the healthcare system to get the information stored at a local
  • 8. clinic to critical care systems at a national hospital. o Education: A cybercriminals target educational institutions to get their confidential research data and information of students and employees. Benefits of cyber security The following are the benefits of implementing and maintaining cybersecurity: o Cyber attacks and data breach protection for businesses. o Data and network security are both protected. o Unauthorized user access is avoided. o After a breach, there is a faster recovery time. o End-user and endpoint device protection. o Regulatory adherence. o Continuity of operations. o Developers, partners, consumers, stakeholders, and workers have more faith in the company's reputation and trust. Cyber Safety Tips Let us see how to protect ourselves when any cyber-attacks happen. The following are the popular cyber safety tips: Conduct cybersecurity training and awareness: Every organization must train their staffs on cybersecurity, company policies, and incident reporting for a strong cybersecurity policy to be successful. If the staff does unintentional or intentional malicious activities, it may fail the best technical safeguards that result in an expensive security breach. Therefore, it is useful to conduct security training and awareness for staff through seminars, classes, and online courses that reduce security violations. Update software and operating system: The most popular safety measure is to update the software and O.S. to get the benefit of the latest security patches. Use anti-virus software: It is also useful to use the anti-virus software that will detect and removes unwanted threats from your device. This software is always updated to get the best level of protection.
  • 9. Perform periodic security reviews: Every organization ensures periodic security inspections of all software and networks to identify security risks early in a secure environment. Some popular examples of security reviews are application and network penetration testing, source code reviews, architecture design reviews, and red team assessments. In addition, organizations should prioritize and mitigate security vulnerabilities as quickly as possible after they are discovered. Use strong passwords: It is recommended to always use long and various combinations of characters and symbols in the password. It makes the passwords are not easily guessable. Do not open email attachments from unknown senders: The cyber expert always advises not to open or click the email attachment getting from unverified senders or unfamiliar websites because it could be infected with malware. Avoid using unsecured Wi-Fi networks in public places: It should also be advised not to use insecure networks because they can leave you vulnerable to man-in-the-middle attacks. Backup data: Every organization must periodically take backup of their data to ensure all sensitive data is not lost or recovered after a security breach. In addition, backups can help maintain data integrity in cyber-attack such as SQL injections, phishing, and ransom ware. The objective of Cybersecurity is to protect information from being stolen, compromised or attacked. Cybersecurity can be measured by at least one of three goals- 1. Protect the confidentiality of data. 2. Preserve the integrity of data. 3. Promote the availability of data for authorized users. These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. The CIA triad is a security model that is designed to guide policies for information security within the premises of an organization or company. This model is also referred to as the AIC (Availability, Integrity, and Confidentiality) triad to avoid the confusion with the Central Intelligence Agency. The elements of the triad are considered the three most crucial components of security. The CIA criteria are one that most of the organizations and companies use when they have installed a new application, creates a database or when guaranteeing access to some data. For data to be completely secure, all of these security goals must come into
  • 10. effect. These are security policies that all work together, and therefore it can be wrong to overlook one policy. The CIA triad are- 1. Confidentiality Confidentiality is roughly equivalent to privacy and avoids the unauthorized disclosure of information. It involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content. It prevents essential information from reaching the wrong people while making sure that the right people can get it. Data encryption is a good example to ensure confidentiality. Tools for Confidentiality
  • 11. Encryption Encryption is a method of transforming information to make it unreadable for unauthorized users by using an algorithm. The transformation of data uses a secret key (an encryption key) so that the transformed data can only be read by using another secret key (decryption key). It protects sensitive data such as credit card numbers by encoding and transforming data into unreadable cipher text. This encrypted data can only be read by decrypting it. Asymmetric-key and symmetric-key are the two primary types of encryption. Access control Access control defines rules and policies for limiting access to a system or to physical or virtual resources. It is a process by which users are granted access and certain privileges to systems, resources or information. In access control systems, users need to present credentials before they can be granted access such as a person's name or a computer's serial number. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security. Authentication An authentication is a process that ensures and confirms a user's identity or role that someone has. It can be done in a number of different ways, but it is usually based on a combination of- o something the person has (like a smart card or a radio key for storing secret keys), o something the person knows (like a password), o something the person is (like a human with a fingerprint). Authentication is the necessity of every organizations because it enables organizations to keep their networks secure by permitting only authenticated users to access its protected resources. These resources may include computer systems, networks, databases, websites and other network-based applications or services. Authorization Authorization is a security mechanism which gives permission to do or have something. It is used to determine a person or system is allowed access to resources, based on an access control policy, including computer programs, files, services, data and application features. It is normally preceded by authentication for user identity verification. System
  • 12. administrators are typically assigned permission levels covering all system and user resources. During authorization, a system verifies an authenticated user's access rules and either grants or refuses resource access. Physical Security Physical security describes measures designed to deny the unauthorized access of IT assets like facilities, equipment, personnel, resources and other properties from damage. It protects these assets from physical threats including theft, vandalism, fire and natural disasters. 2. Integrity Integrity refers to the methods for ensuring that data is real, accurate and safeguarded from unauthorized user modification. It is the property that information has not be altered in an unauthorized way, and that source of the information is genuine. Tools for Integrity Backups
  • 13. Backup is the periodic archiving of data. It is a process of making copies of data or data files to use in the event when the original data or data files are lost or destroyed. It is also used to make copies for historical purposes, such as for longitudinal studies, statistics or for historical records or to meet the requirements of a data retention policy. Many applications especially in a Windows environment, produce backup files using the .BAK file extension. Checksums A checksum is a numerical value used to verify the integrity of a file or a data transfer. In other words, it is the computation of a function that maps the contents of a file to a numerical value. They are typically used to compare two sets of data to make sure that they are the same. A checksum function depends on the entire contents of a file. It is designed in a way that even a small change to the input file (such as flipping a single bit) likely to results in different output value. Data Correcting Codes It is a method for storing data in such a way that small changes can be easily detected and automatically corrected. 3. Availability Availability is the property in which information is accessible and modifiable in a timely fashion by those authorized to do so. It is the guarantee of reliable and constant access to our sensitive data by authorized people. Tools for Availability o Physical Protections o Computational Redundancies Physical Protections Physical safeguard means to keep information available even in the event of physical challenges. It ensure sensitive information and critical information technology are housed in secure areas.
  • 14. Computational redundancies It is applied as fault tolerant against accidental faults. It protects computers and storage devices that serve as fallbacks in the case of failures. Cyber Security Principles The UK internet industry and Government recognized the need to develop a series of Guiding Principles for improving the online security of the ISPs' customers and limit the rise in cyber-attacks. Cybersecurity for these purposes encompasses the protection of essential information, processes, and systems, connected or stored online, with a broad view across the people, technical, and physical domains. These Principles recognize that the ISPs (and other service providers), internet users, and UK Government all have a role in minimizing and mitigating the cyber threats inherent in using the internet. These Guiding Principles have been developed to respond to this challenge by providing a consistent approach to help, inform, educate, and protect ISPs' (Internet Service Provider's) customers from online crimes. These Guiding Principles are aspirational, developed and delivered as a partnership between Government and ISPs. They recognize that ISPs have different sets of customers, offer different levels of support and services to protect those customers from cyber threats. Some of the essential cybersecurity principles are described below- Skip Ad
  • 15. 1. Economy of mechanism 2. Fail-safe defaults 3. Least Privilege 4. Open Design 5. Complete mediation 6. Separation of Privilege 7. Least Common Mechanism 8. Psychological acceptability 9. Work Factor 10. Compromise Recording
  • 16. 1. Economy of mechanism This principle states that Security mechanisms should be as simple and small as possible. The Economy of mechanism principle simplifies the design and implementation of security mechanisms. If the design and implementation are simple and small, fewer possibilities exist for errors. The checking and testing process is less complicated so that fewer components need to be tested. Interfaces between security modules are the suspect area which should be as simple as possible. Because Interface modules often make implicit assumptions about input or output parameters or the current system state. If the any of these assumptions are wrong, the module's actions may produce unexpected results. Simple security framework facilitates its understanding by developers and users and enables the efficient development and verification of enforcement methods for it. 2. Fail-safe defaults The Fail-safe defaults principle states that the default configuration of a system should have a conservative protection scheme. This principle also restricts how privileges are initialized when a subject or object is created. Whenever access, privileges/rights, or some security-related attribute is not explicitly granted, it should not be grant access to that object. Example: If we will add a new user to an operating system, the default group of the user should have fewer access rights to files and services. 3. Least Privilege This principle states that a user should only have those privileges that need to complete his task. Its primary function is to control the assignment of rights granted to the user, not the identity of the user. This means that if the boss demands root access to a UNIX system that you administer, he/she should not be given that right unless he/she has a task that requires such level of access. If possible, the elevated rights of a user identity should be removed as soon as those rights are no longer needed. 4. Open Design
  • 17. This principle states that the security of a mechanism should not depend on the secrecy of its design or implementation. It suggests that complexity does not add security. This principle is the opposite of the approach known as "security through obscurity." This principle not only applies to information such as passwords or cryptographic systems but also to other computer security related operations. Example: DVD player & Content Scrambling System (CSS) protection. The CSS is a cryptographic algorithm that protects the DVD movie disks from unauthorized copying. 5. Complete mediation The principle of complete mediation restricts the caching of information, which often leads to simpler implementations of mechanisms. The idea of this principle is that access to every object must be checked for compliance with a protection scheme to ensure that they are allowed. As a consequence, there should be wary of performance improvement techniques which save the details of previous authorization checks, since the permissions can change over time. Whenever someone tries to access an object, the system should authenticate the access rights associated with that subject. The subject's access rights are verified once at the initial access, and for subsequent accesses, the system assumes that the same access rights should be accepted for that subject and object. The operating system should mediate all and every access to an object. Example: An online banking website should require users to sign-in again after a certain period like we can say, twenty minutes has elapsed. 6. Separation of Privilege This principle states that a system should grant access permission based on more than one condition being satisfied. This principle may also be restrictive because it limits access to system entities. Thus before privilege is granted more than two verification should be performed. Example: To su (change) to root, two conditions must be met- o The user must know the root password. o The user must be in the right group (wheel). 7. Least Common Mechanism
  • 18. This principle states that in systems with multiple users, the mechanisms allowing resources shared by more than one user should be minimized as much as possible. This principle may also be restrictive because it limits the sharing of resources. Example: If there is a need to be accessed a file or application by more than one user, then these users should use separate channels to access these resources, which helps to prevent from unforeseen consequences that could cause security problems. 8. Psychological acceptability This principle states that a security mechanism should not make the resource more complicated to access if the security mechanisms were not present. The psychological acceptability principle recognizes the human element in computer security. If security- related software or computer systems are too complicated to configure, maintain, or operate, the user will not employ the necessary security mechanisms. For example, if a password is matched during a password change process, the password changing program should state why it was denied rather than giving a cryptic error message. At the same time, applications should not impart unnecessary information that may lead to a compromise in security. Example: When we enter a wrong password, the system should only tell us that the user id or password was incorrect. It should not tell us that only the password was wrong as this gives the attacker information. 9. Work Factor This principle states that the cost of circumventing a security mechanism should be compared with the resources of a potential attacker when designing a security scheme. In some cases, the cost of circumventing ("known as work factor") can be easily calculated. In other words, the work factor is a common cryptographic measure which is used to determine the strength of a given cipher. It does not map directly to cyber security, but the overall concept does apply. Example: Suppose the number of experiments needed to try all possible four character passwords is 244 = 331776. If the potential attacker must try each experimental password at a terminal, one might consider a four-character password to be satisfactory. On the other hand, if the potential attacker could use an astronomical computer capable of trying a million passwords per second, a four-letter password would be a minor barrier for a potential intruder. 10. Compromise Recording
  • 19. The Compromise Recording principle states that sometimes it is more desirable to record the details of intrusion that to adopt a more sophisticated measure to prevent it. Example: The servers in an office network may keep logs for all accesses to files, all emails sent and received, and all browsing sessions on the web. Another example is that Internet-connected surveillance cameras are a typical example of a compromise recording system that can be placed to protect a building. Cyber Laws in India and Information Technology Act – o  Cyber law is important because it touches almost all aspects of transactions and activities and on involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal angles.  With the Computer and internet taking over every aspect of our life, there was a need for strong cyber law. The article aims to understand the cyber legislations in India and the offences relating to the use of or concerned with the abuse of computers or other electronic gadgets.  Cyber law in India is not a separate legal framework. It is a combination of contract, intellectual property, data protection, and privacy laws.  Cyber laws supervise the digital circulation of information, software, information security, e-commerce, and monetary transactions. Introduction: The dawn of cyber laws in India started with the boom in globalization and computerization in India. The number of cyber-crimes registered each year in India is shocking and it is only getting worse. This is because the pool of gullible prey for cyber
  • 20. conmen has shot up with India going digital. This calls for a basic understanding of the laws that govern the cyber space in India. The Cyber Laws in India or the Information Technology Act, 2000 was amended in 2008 to include cyber-crimes related to banking and financial transactions. Cyber Law Regulatory framework under the Information Technology Act in India: India enacted the Information Technology Act, 2000 (“IT Act”) on 09 June 2000. The IT Act now becomes the law of land in India which in general terms is also known as Cyber Law. The IT Act is based on the UNCITRAL model law on e-commerce. The preamble of the IT Act simply indicates that the Act is centered on affording legal recognition to transactions carried out electronically. However, the scope of the IT Act goes much beyond its preamble. It covers multiple areas including data protection and security, cybercrimes, adjudication of cyber disputes, government mandated surveillance of digital communication, and intermediary liability. The following Act, Rules, and regulations are included under cyber laws. 1. Information Technology Act,2000 2. Information Technology (Certifying Authorities) Rules,2000 3. Information Technology (Security Procedure) Rules, 2004 4. Information Technology (Certifying Authority) Regulations, 2001 5. The Indian Evidence Act, 1872 6. The Bankers Books Evidence Act, 1891 Emerging technologies, explosion of digital business models and a substantial increase in the instances of cybercrimes have triggered the government to take steps to fast track the process of amending the IT Act. In a cyber-crime, computer or the data itself is the target or the object of offence or a tool in committing some other offence, providing the necessary inputs for that offence. All such acts of crime will come under the broader definition of cyber-crime. Cyber law encompasses laws relating to:
  • 21.  Cyber crimes  Electronic and digital signatures  Intellectual property  Data protection and privacy Penalty for Damage to Computer, Computer Systems, etc. under the IT Act: Under this law, there is a provision for imposition of penalty in case of any non- compliance. The following are some of the penalty provisions as prescribed under the law.  Tampering with Computer source documents: -Hazardous chemical processing units have to ensure that vessels, pipes, valves should be tested periodically to curb down such accidents.  Sending offensive messages through communication service: -Imprisonment, which may extend up to three years with fine.  Violation of Privacy: -Imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.  Publication for fraudulent purposes: -Imprisonment up to two years or with fine which may extend up to one lakh rupees, or with both  Publishing of Absence information in electronic form: -Imprisonment up to ten years, or with fine which may extend up to two lakh rupees, or with both. Importance of Cyber Law in India: In today’s techno-savvy environment, the internet is treated as a research and information sharing tool. Since the number of internet users is on the rise, it gives birth to Cyber Crimes. All issues relating to cybercrime or internet crime are dealt with through Cyber Law. So, to get the remedy against Cyber Crime, the need for Cyber-law arises.
  • 22. Cyber-law is important in a country like India where the internet is used to a large extent. The law is enacted to save people and organizations from cybercrime and other internet- related crimes. It protects the privacy of every individual and organization. Before the enactment of Cyber-law, no specific law existed in India to deal with cybercrime. As per rules and regulations of the Cyber-law, a person who commits cybercrime is liable to get punishment. If anyone violates and breaks the provisions of the law, then it allows another person or organization to take legal action against that person. The requirement of Cyber Law can arise as under:  o  Nowadays as all the transactions related to shares are done in Demat form, anyone who is associated with these transactions requires internet and protection under Cyber Law in case of any fraudulent transaction.  Most of the companies in India keep their official data in electronic form. To avoid the misuse of such data, a company can need the assistance of this law.  Due to the rapid growth of technology, various Government forms like ITR return, Service tax returns are filled in electronic form. Anyone can by hacking the government portal sites easily misuse those forms. Only under cyber law, you are eligible to get remedy against this type of fraud.  People are using credit cards and debit cards for shopping purposes. However, some frauds through the internet clone those credit cards and debit cards. Card cloning is a technique where someone with the help of the internet easily obtains your card details. With the help of Cyber law, you can easily trace such criminals.  Digital Signatures and e-contracts are the most common methods of transacting business. Anyone who is associated with such digital Signatures and e-contracts can easily make fraud by misusing them. Cyber law protects you against such type of fraud. Prevention of Cyber Crime: Anyone using the internet should exercise some basic precautions. Following are some basic precautions:  a) Use a full-service internet security suite: For instance, Norton Security provides real- time protection against existing and emerging malware including ransomware and viruses, and helps protect your private and financial information when you go online.  b) Use strong passwords.
  • 23.  c) Keep your software updated.  d) Manage your social media settings. Conclusion: With the adoption of the IT Act, India is now one of the few countries in the world that have a separate law to deal with IT issues and crimes. This has now paved the way for incredible growth in the fields of e-commerce and internet transactions which has, in turn, resulted in advanced economic growth. Regardless, the implementation of the Act along with its counterpart, the IT Rules, has been successful in tackling cyber-crimes so far. With the ever-growing world of new technology and expanding cyberspace, we aren’t yet aware of what kind of cyber- crimes may arise. Cyber law is the appropriate law to provide a remedy against Cybercrime. At present, people who commit cyber-crime offenses think twice about the cyber law, before committing any such offenses. The law helps in decreasing the rate of cybercrime offenses. Cyberspace Cyberspace can be defined as an intricate environment that involves interactions between people, software, and services. It is maintained by the worldwide distribution of information and communication technology devices and networks. With the benefits carried by the technological advancements, the cyberspace today has become a common pool used by citizens, businesses, critical information infrastructure, military and governments in a fashion that makes it hard to induce clear boundaries among these different groups. The cyberspace is anticipated to become even more complex in the upcoming years, with the increase in networks and devices connected to it. Cyber security
  • 24. Cybersecurity denotes the technologies and procedures intended to safeguard computers, networks, and data from unlawful admittance, weaknesses, and attacks transported through the Internet by cyber delinquents. ISO 27001 (ISO27001) is the international Cybersecurity Standard that delivers a model for creating, applying, functioning, monitoring, reviewing, preserving, and improving an Information Security Management System. The Ministry of Communication and Information Technology under the government of India provides a strategy outline called the National Cybersecurity Policy. The purpose of this government body is to protect the public and private infrastructure from cyber- attacks. Cybersecurity Policy The cybersecurity policy is a developing mission that caters to the entire field of Information and Communication Technology (ICT) users and providers. It includes −  Home users  Small, medium, and large Enterprises  Government and non-government entities It serves as an authority framework that defines and guides the activities associated with the security of cyberspace. It allows all sectors and organizations in designing suitable cybersecurity policies to meet their requirements. The policy provides an outline to effectively protect information, information systems and networks. It gives an understanding into the Government’s approach and strategy for security of cyber space in the country. It also sketches some pointers to allow collaborative working across the public and private sectors to safeguard information and information systems. Therefore, the aim of this policy is to create a cybersecurity framework, which leads to detailed actions and programs to increase the security carriage of cyberspace. Cyber Crime The Information Technology Act 2000 or any legislation in the Country does not describe or mention the term Cyber Crime. It can be globally considered as the gloomier face of technology. The only difference between a traditional crime and a cyber-crime is that the cyber-crime involves in a crime related to computers. Let us see the following example to understand it better − Traditional Theft − A thief breaks into Ram’s house and steals an object kept in the house. Hacking − A Cyber Criminal/Hacker sitting in his own house, through his computer, hacks the computer of Ram and steals the data saved in Ram’s computer without physically touching the computer or entering in Ram’s house. The I.T. Act, 2000 defines the terms −
  • 25.  access in computer network in section 2(a)  computer in section 2(i)  computer network in section (2j)  data in section 2(0)  information in section 2(v). To understand the concept of Cyber Crime, you should know these laws. The object of offence or target in a cyber-crime are either the computer or the data stored in the computer. Nature of Threat Among the most serious challenges of the 21st century are the prevailing and possible threats in the sphere of cybersecurity. Threats originate from all kinds of sources, and mark themselves in disruptive activities that target individuals, businesses, national infrastructures, and governments alike. The effects of these threats transmit significant risk for the following −  public safety  security of nations  stability of the globally linked international community Malicious use of information technology can easily be concealed. It is difficult to determine the origin or the identity of the criminal. Even the motivation for the disruption is not an easy task to find out. Criminals of these activities can only be worked out from the target, the effect, or other circumstantial evidence. Threat actors can operate with considerable freedom from virtually anywhere. The motives for disruption can be anything such as −  simply demonstrating technical prowess  theft of money or information  extension of state conflict, etc. Criminals, terrorists, and sometimes the State themselves act as the source of these threats. Criminals and hackers use different kinds of malicious tools and approaches. With the criminal activities taking new shapes every day, the possibility for harmful actions propagates.
  • 26. Enabling People The lack of information security awareness among users, who could be a simple school going kid, a system administrator, a developer, or even a CEO of a company, leads to a variety of cyber vulnerabilities. The awareness policy classifies the following actions and initiatives for the purpose of user awareness, education, and training −  A complete awareness program to be promoted on a national level.  A comprehensive training program that can cater to the needs of the national information security (Programs on IT security in schools, colleges, and universities).  Enhance the effectiveness of the prevailing information security training programs. Plan domain-specific training programs (e.g., Law Enforcement, Judiciary, E-Governance, etc.)  Endorse private-sector support for professional information security certifications. Information Technology Act The Government of India enacted The Information Technology Act with some major objectives which are as follows −  To deliver lawful recognition for transactions through electronic data interchange (EDI) and other means of electronic communication, commonly referred to as electronic commerce or E-Commerce. The aim was to use replacements of paper-based methods of communication and storage of information.  To facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the
  • 27. Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto. The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000. The I. T. Act got the President’s assent on June 9, 2000 and it was made effective from October 17, 2000. By adopting this Cyber Legislation, India became the 12th nation in the world to adopt a Cyber Law regime. Intellectual property rights are the legal rights that cover the privileges given to individuals who are the owners and inventors of a work, and have created something with their intellectual creativity. Individuals related to areas such as literature, music, invention, etc., can be granted such rights, which can then be used in the business practices by them. The creator/inventor gets exclusive rights against any misuse or use of work without his/her prior information. However, the rights are granted for a limited period of time to maintain equilibrium. The following list of activities which are covered by the intellectual property rights are laid down by the World Intellectual Property Organization (WIPO) −  Industrial designs  Scientific discoveries  Protection against unfair competition  Literary, artistic, and scientific works  Inventions in all fields of human endeavor  Performances of performing artists, phonograms, and broadcasts  Trademarks, service marks, commercial names, and designations  All other rights resulting from intellectual activity in the industrial, scientific, literary, or artistic fields
  • 28. Types of Intellectual Property Rights Intellectual Property Rights can be further classified into the following categories −  Copyright  Patent  Patent  Trade Secrets, etc. Advantages of Intellectual Property Rights Intellectual property rights are advantageous in the following ways −  Provides exclusive rights to the creators or inventors.  Encourages individuals to distribute and share information and data instead of keeping it confidential.  Provides legal defense and offers the creators the incentive of their work.  Helps in social and financial development. Intellectual Property Rights in India To protect the intellectual property rights in the Indian territory, India has defined the formation of constitutional, administrative and jurisdictive outline whether they imply the copyright, patent, trademark, industrial designs, or any other parts of the intellectual property rights. Back in the year 1999, the government passed an important legislation based on international practices to safeguard the intellectual property rights. Let us have a glimpse of the same −
  • 29.  The Patents (Amendment) Act, 1999, facilitates the establishment of the mail box system for filing patents. It offers exclusive marketing rights for a time period of five years.  The Trade Marks Bill, 1999, replaced the Trade and Merchandise Marks Act, 1958  The Copyright (Amendment) Act, 1999, was signed by the President of India.  The sui generis legislation was approved and named as the Geographical Indications of Goods (Registration and Protection) Bill, 1999.  The Industrial Designs Bill, 1999, replaced the Designs Act, 1911.  The Patents (Second Amendment) Bill, 1999, for further amending the Patents Act of 1970 in compliance with the TRIPS. Intellectual Property in Cyber Space Every new invention in the field of technology experiences a variety of threats. Internet is one such threat, which has captured the physical marketplace and have converted it into a virtual marketplace. To safeguard the business interest, it is vital to create an effective property management and protection mechanism keeping in mind the considerable amount of business and commerce taking place in the Cyber Space. Today it is critical for every business to develop an effective and collaborative IP management mechanism and protection strategy. The ever-looming threats in the cybernetic world can thus be monitored and confined. Various approaches and legislations have been designed by the law-makers to up the ante in delivering a secure configuration against such cyber-threats. However it is the duty of the intellectual property right (IPR) owner to invalidate and reduce such mala fide acts of criminals by taking proactive measures. Salient Features of I.T Act The salient features of the I.T Act are as follows −  Digital signature has been replaced with electronic signature to make it a more technology neutral act.  It elaborates on offenses, penalties, and breaches.  It outlines the Justice Dispensation Systems for cyber-crimes.
  • 30.  It defines in a new section that cyber café is any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.  It provides for the constitution of the Cyber Regulations Advisory Committee.  It is based on The Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.  It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957. Scheme of I.T Act The following points define the scheme of the I.T. Act −  The I.T. Act contains 13 chapters and 90 sections.  The last four sections namely sections 91 to 94 in the I.T. Act 2000 deals with the amendments to the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 were deleted.  It commences with Preliminary aspect in Chapter 1, which deals with the short, title, extent, commencement and application of the Act in Section 1. Section 2 provides Definition.  Chapter 2 deals with the authentication of electronic records, digital signatures, electronic signatures, etc.  Chapter 11 deals with offences and penalties. A series of offences have been provided along with punishment in this part of The Act.  Thereafter the provisions about due diligence, role of intermediaries and some miscellaneous provisions are been stated.  The Act is embedded with two schedules. The First Schedule deals with Documents or Transactions to which the Act shall not apply. The Second Schedule deals with electronic signature or electronic authentication technique and procedure. The Third and Fourth Schedule are omitted. Application of the I.T Act As per the sub clause (4) of Section 1, nothing in this Act shall apply to documents or transactions specified in First Schedule. Following are the documents or transactions to which the Act shall not apply −  Negotiable Instrument (Other than a cheque) as defined in section 13 of the Negotiable Instruments Act, 1881;
  • 31.  A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;  A trust as defined in section 3 of the Indian Trusts Act, 1882;  A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition;  Any contract for the sale or conveyance of immovable property or any interest in such property;  Any such class of documents or transactions as may be notified by the Central Government. Amendments Brought in the I.T Act The I.T. Act has brought amendment in four statutes vide section 91-94. These changes have been provided in schedule 1-4.  The first schedule contains the amendments in the Penal Code. It has widened the scope of the term "document" to bring within its ambit electronic documents.  The second schedule deals with amendments to the India Evidence Act. It pertains to the inclusion of electronic document in the definition of evidence.  The third schedule amends the Banker's Books Evidence Act. This amendment brings about change in the definition of "Banker's-book". It includes printouts of data stored in a floppy, disc, tape or any other form of electromagnetic data storage device. Similar change has been brought about in the expression "Certified-copy" to include such printouts within its purview.  The fourth schedule amends the Reserve Bank of India Act. It pertains to the regulation of fund transfer through electronic means between the banks or between the banks and other financial institution. Intermediary Liability Intermediary, dealing with any specific electronic records, is a person who on behalf of another person accepts, stores or transmits that record or provides any service with respect to that record. According to the above mentioned definition, it includes the following −  Telecom service providers  Network service providers  Internet service providers  Web-hosting service providers  Search engines  Online payment sites
  • 32.  Online auction sites  Online market places and cyber cafes Highlights of the Amended Act The newly amended act came with following highlights −  It stresses on privacy issues and highlights information security.  It elaborates Digital Signature.  It clarifies rational security practices for corporate.  It focuses on the role of Intermediaries.  New faces of Cyber Crime were added. Cyber Forensics or Computer Forensics is the application of investigation that makes use of analysis techniques to gather and preserve data as evidence from particular computing devices. The computing devices must be a suitable machine or device that is presentable in the court of law. The main objective or goal of Cyber Forensics is to perform a structured investigation process through the maintenance of a documented evidence chain to find out the situation of what happened on a computing device and the person responsible for it. Investigators majorly use cyber Forensic. Investigators use a variety of proprietary softwares and techniques that have forensic applications and use these applications to examine or search hidden copies or folders and unallocated disc spaces of multiple damaged, deleted, or encrypted files or folders. Investigators use all the evidence found as a digital copy and then document it as a ‘finding report’ and later verify them with the initial preparation for a presentation at legal proceedings that involve actual litigation or discovery, or depositions. Computer or Cyber forensics has evolved as a well-known area of scientific expertise, with accompanying certification and coursework.
  • 33. Handling of digital evidence In the private sector, the response to cybersecurity incidents (e.g., a distributed denial of service attack, unauthorized access to systems, or data breach) includes specific procedures that should be followed to contain the incident, to investigate it and/or to resolve the cybersecurity incident (Cyber Security Coalition, 2015). There two primary ways of handling a cybersecurity incident: recover quickly or gather evidence (Cyber Security Coalition, 2015): The first approach, recover quickly, is not concerned with the preservation and/or collection of data but the containment of the incident to minimize harm. Because of its primary focus on swift response and recovery, vital evidence could be lost. The second approach, monitors the cybersecurity incident and focuses on digital forensic applications in order to gather evidence of and information about the incident. Because of its primary focus of evidence collection, the recovery from the cybersecurity incident is delayed. These approaches are not exclusive to the private sector. The approach taken by the private sector varies by organization and the priorities of the organization. Digital evidence is volatile and fragile and the improper handling of this evidence can alter it. Because of its volatility and fragility, protocols need to be followed to ensure that data is not modified during its handling (i.e., during its access, collection, packaging, transfer, and storage). These protocols delineate the steps to be followed when handling digital evidence. There are four phases involved in the initial handling of digital evidence: identification, collection, acquisition, and preservation Identification In the identification phase, preliminary information is obtained about the cybercrime case prior to collecting digital evidence. This preliminary information is similar to that which is sought during a traditional criminal investigation. The investigator seeks to answer the following questions:  Who was involved?  What happened?  When did the cybercrime occur?  Where did the cybercrime occur?  How did the cybercrime occur?
  • 34. The answers to these questions will provide investigators with guidance on how to proceed with the case. For example, the answer to the question "where did this crime occur?" - that is, within or outside of a country's - will inform the investigator on how to proceed with the case (e.g., which agencies should be involved and/or contacted). In the identification phase, cybercrime investigators use many traditional investigative techniques especially with respect to information and evidence gathering. For example, victims, witnesses, and suspects of a cybercrime are interviewed to gather information and evidence of the cybercrime under investigation. Undercover law enforcement investigations have also been conducted to identify, investigate, and prosecute cybercriminals .Additionally, cybercrime investigators have conducted covert surveillance. This tactic is a "particularly intrusive method for collecting evidence. The use of covert surveillance measures involves a careful balancing of a suspect's right to privacy against the need to investigate serious criminality. Provisions on covert surveillance should fully respect "the rights of the suspect. There have been various decisions of international human rights bodies and courts on the permissibility of covert surveillance and the parameters of these measures" (UNODC, 2010, p. 13). Even malware has been used by law enforcement agencies to conduct surveillance in order to gather information about and evidence of cybercrime. Before digital evidence collection begins, the investigator must define the types of evidence sought. Digital evidence can be found on digital devices, such as computers, external hard drives, flash drives, routers, smartphones, tablets, cameras, smart televisions, Internet-enabled home appliances (e.g., refrigerators and washing machines), and gaming consoles (to name a few), as well as public resources (e.g., social media platforms, websites, and discussion forums) and private resources (e.g. Internet service providers logs of user activity; communication service providers business records; and cloud storage providers records of user activity and content). Many applications, websites, and digital devices utilize cloud storage services. Users' data can thus be stored wholly or in fragments by many different providers in servers in multiple locations Because of this, retrieving data from these providers is challenging The evidence sought will depend on the cybercrime under investigation. If the cybercrime under investigation is identity-related fraud, then digital devices that are seized will be searched for evidence of this crime (e.g., evidence of a fraudulent transactions or fraudulent transactions).
  • 35. Collection With respect to cybercrime, the crime scene is not limited to the physical location of digital devices used in the commissions of the cybercrime and/or that were the target of the cybercrime. The cybercrime crime scene also includes the digital devices that potentially hold digital evidence, and spans multiple digital devices, systems, and servers. The crime scene is secured when a cybercrime is observed, reported, and/or suspected. The first responder by isolating the users of all digital devices found at the crime scene (e.g., holding them in a separate room or location). The users must not be given the opportunity to further operate the digital devices. Neither should the first responder nor the investigator seek the assistance of any user during the search and documentation process. The investigator, if different from the first responder, searches the crime scene and identifies the evidence. Before evidence is collected, the crime scene is documented. Documentation is needed throughout the entire investigative process (before, during, and after the evidence has been acquired). This documentation should include detailed information about the digital devices collected, including the operational state of the device - on, off, standby mode - and its physical characteristics, such as make, model, serial number, connections, and any markings or other damage (Casey, 2011; Sammons, 2012; Maras, 2014; Nelson, Phillips, and Steuart, 2015). In addition to written notes, sketches, photographs and/or video recordings of the crime scene and evidence are also needed to document the scene and evidence (Maras, 2014, pp. 230-233). Acquisition Different approaches to performing acquisition exist. The approach taken depends on the type of digital device. For example, the procedure for acquiring evidence from a computer hard drive is different from the procedure required to obtain digital evidence from mobile devices, such as smartphones. Unless live acquisition is performed, evidence is extracted from the seized digital devices at the forensic laboratory (i.e., static acquisition). At the forensics laboratory, digital evidence should be acquired in a manner that preserves the integrity of the evidence (i.e., ensuring that the data is unaltered); that is, in a forensically
  • 36. sound manner (see Cybercrime Module 4 on Introduction to Digital Forensics). To achieve this, the tools and techniques used to acquire digital evidence must prevent alterations to the data or when this is not possible, at the very least minimize them (SWGDE Best Practices for Computer Forensic Acquisitions, 2018). The tools and techniques used should be valid and reliable (NIST, n.d.; SWGDE Recommended Guidelines for Validation Testing, 2014; US National Institute of Justice, 2007b). The limitations of these tools and techniques should be identified and considered before their use (SWGDE Best Practices for Computer Forensic Acquisitions, 2018). The US National Institute of Standards and Technology has a searchable digital forensics tools database with tools with various functionalities (e.g., cloud forensics tools, among others) (for more information on digital forensics tools, see Cybercrime Module 4 on Introduction to Digital Forensics). Preservation Evidence preservation seeks to protect digital evidence from modification. The integrity of digital evidence should be maintained in each phase of the handling of digital evidence (ISO/IEC 27037). First responders, investigators, crime scene technicians, and/or digital forensics experts must demonstrate, wherever possible, that digital evidence was not modified during the identification, collection, and acquisition phase; the ability to do so, of course, depends on the digital device (e.g., computer and mobile phones) and circumstances encountered by them (e.g., need to quickly preserve data). To demonstrate this, a chain of custody must be maintained. The chain of custody is "the process by which investigators preserve the crime (or incident) scene and evidence throughout the life cycle of a case. It includes information about who collected the evidence, where and how the evidence was collected, which individuals took possession of the evidence, and when they took possession of it" (Maras, 2014, 377; Cybercrime Module 4 on Introduction to Digital Forensics). In the chain of custody, the names, titles, and contact information of the individuals who identified, collected, and acquired the evidence should be documented, as well as any other individuals the evidence was transferred to, details about the evidence that was transferred, the time and date of transfer, and the purpose of the transfer. Analysis and Reporting
  • 37. In addition to the handling of digital evidence, the digital forensics process also involves the examination and interpretation of digital evidence ( analysis phase), and the communication of the findings of the analysis ( reporting phase). During the analysis phase, digital evidence is extracted from the device, data is analysed, and events are reconstructed. Before the analysis of the digital evidence, the digital forensics analyst in the laboratory must be informed of the objectives of the search, and provided with some background knowledge of the case and any other information that was obtained during the investigation that can assist the forensics analyst in this phase (e.g., IP address or MAC addresses). Various forms of analyses are performed depending on the type of digital evidence sought, such as network, file system, application, video, image, and media analysis Files are analysed to determine their origin, and when and where the data was created, modified, accessed, downloaded, or uploaded, and the potential connection of these files on storage devices to, for example, remote storage, such as cloud-based storage (Carrier, 2005). The type of digital evidence (e.g., emails, text messages, geolocation, Word processing documents, images, videos, and chat logs) sought depends on the cybercrime case. Generally, there are four types of analyses that can be performed on computers: time- frame analysis; ownership and possession analysis; application and file analysis; and data hiding analysis. The time-frame analysis seeks to create a timeline or time sequence of actions using time stamps (date and time) that led to an event or to determine the time and date a user performed some action (US National Institute of Justice, 2004b). This analysis is performed to attribute a crime to a perpetrator or at the very least attribute an act that led to a crime to particular individual (US National Institute of Justice, 2004b); there are, however, challenges in validating time-frame analysis results (see "Note" box). The ownership and possession analysis is used to determine the person who created, accessed, and/or modified files on a computer system (US National Institute of Justice, 2004b). For instance, this analysis may reveal an image of child sexual abuse material (i.e., the "representation, by whatever means, of a child engaged in real or simulated explicit sexual activities or representation of the sexual parts of a child for primarily sexual purposes"; Article 2, United Nations Optional Protocol to the Convention on the Rights of the Child on the Sale of Children, Child Prostitution, and Child Pornography of 2000) on a suspect's device. This piece of information alone is not enough to prove ownership of child sexual abuse material. Further evidence is needed to prove this such as exclusive use of the computer where the material was found. The application and file analysis is performed to examine applications and files on a computer system to
  • 38. determine the perpetrator's knowledge of and intent and capabilities to commit cybercrime (for example, the labelling or name of the file may indicate the contents of the file; e.g., the file name can be the cybercrime victim's name) (US National Institute of Justice, 2004b). Deleted Files When a file is deleted on a computer, it is placed in the Recycle Bin or Trash. If the Recycle Bin or Trash of trash is emptied (i.e., by the deletion of content), the files that were deleted are removed from the file allocation table, which archives file names and locations on hard drives (Maras, 2014). The space where the file resides is marked as free space (i.e., unallocated space) after it is deleted but the file still resides in that space (at least until it is fully or partially overwritten by new data) (Maras, 2014) As the US National Institute of Justice concluded, "[i]n and of themselves, results obtained from any one of these ….[analyses] may not be sufficient to draw a conclusion. When viewed as a whole, however, associations between individual results may provide a more complete picture" (p. 18). The purpose of these analyses is crime reconstruction (or event reconstruction). Event reconstruction seeks to determine who was responsible for the event, what happened, where did the event occur, when did the event take place, and howthe event unfolded, through the identification, collation, and linkage of data (revealing the "big picture" or essence of an event). Event reconstruction can involve a temporal analysis (i.e., the determination of the time events occurred and the sequence of these events), relational analysis (i.e., the determination of the individuals involved and what they did, and the association and relationships between these individuals), and functional analysis (i.e., assessment of the performance and capabilities of systems and devices involved in events) (Casey, 2010; Casey, 2011; Kao, 2016). Overall, event reconstruction is performed to prove or disprove a working hypothesis concerning the case (i.e., educated guess concerning the sequence of acts that led to an event) (ENFSI, 2015). Digital forensics The digital forensics process involves the: search, acquisition, preservation, and maintenance of digital evidence; description, explanation and establishment of the origin of digital evidence and its significance; the analysis of evidence and its validity,
  • 39. reliability, and relevance to the case; and the reporting of evidence pertinent to the case (Maras, 2014). Various digital forensics methodologies have been developed and adopted. In 2001, the Digital Forensic Research Workshop, "a non-profit, volunteer organization, ….[dedicated to] sponsoring technical working groups, annual conferences and challenges to help drive the direction of research and development," developed a model based on the United States Federal Bureau of Investigation's protocol for physical crime scene searches, which includes seven phases: identification, preservation, collection, examination, analysis, presentation, and decision (Palmer, 2001, p. 14) (see Figure 1). Figure 1. Palmer, Gary. (2001). DFRWS Technical Report: A Road Map for Digital Forensic Research. Digital Forensic Research Workshop. Utica, New York. p. 24 In 2002, another digital forensics model was proposed, which was based on the 2001 Digital Forensic Research Workshop model and the United States Federal Bureau of
  • 40. Investigation's crime scene search protocol (for physical crime scenes) (Reith, Carr, and Gunsch, 2002). This model ("The Abstract Digital Forensics Model") had nine phases (Baryamureeba and Tushabe, 2004, 3):  identification (i.e., "recognizes an incident from indicators and determines its type");  preparation (i.e., "preparation of tools, techniques, search warrants, and monitoring authorizations and management support");  approach strategy (i.e., "develops a procedure to use in order to maximize the collection of untainted evidence while minimizing the impact to the victim");  preservation (i.e., "the isolation, securing and preservation of the state of physical and digital evidence");  collection (i.e., "recording of the physical scene and duplicate digital evidence using standardized and accepted procedures");  examination (i.e., "an in-depth systematic search of evidence relating to the suspected crime");  analysis (i.e., "determination of the significance, reconstructing fragments of data and drawing conclusions based on evidence found");  presentation (i.e., "summary and explanation of conclusions"); and  returning evidence (i.e., "physical and digital property is returned to proper owner"). In 2003, the Integrated Digital Investigation Model (see Figure 2) was proposed, which is a more holistic investigative approach that has five basic stages, each with its own phases readiness (i.e., assess ability of operations and infrastructure to support investigation); deployment (i.e., incident detected, appropriate personnel notified, and authorization for investigation is obtained - e.g., legal order for law enforcement investigations, supervisor authorization for private investigations); physical crime scene investigation (i.e., secure crime scene, identify relevant physical evidence, document crime scene, collect physical evidence at crime scene, examine this evidence, reconstruct crime scene events, and present findings in court); digital crime scene investigation (i.e., secure and identify relevant digital evidence, document the evidence, acquire, and analyse it, reconstruct events, and present findings in court); and review(i.e., once the investigation is concluded, an assessment is made to identify lessons learned).
  • 41. Figure 2. Integrated Digital Investigation Process Phases: Carrier, Brian D. and Eugene H. Spafford. (2003). Getting physical with the digital investigation process. International Journal of Digital Evidence, Vol. 2(2), p. 6. In 2006, the United States National Institute of Standards and Technology proposed a four-phase digital forensics model (see Figure 3) the collection phase, which includes the identification of evidence at the scene, and its labelling, documentation, and ultimate collection; examination phase wherein the appropriate forensic tools and techniques to be used to extract relevant digital evidence, while preserving its integrity, are determined; analysis phase whereby the evidence extracted is evaluated to determine its usefulness and applicability to the case; and the reporting phase, which includes the actions performed during the digital forensics process and the presentation of the findings. Figure 3. National Institute of Standards and Technology, four-phase digital investigation model proposed in SP 800-86: Kent, Karen et al. (2006). Guide to Integrating Forensic Techniques into Incident Response. National Institute of Standards and Technology. p. 25. The above-mentioned models are based on the assumptions that all of the phases are completed for each crime and cybercrime investigation (Rogers et al., 2006). In practice, however, this is not always the case. Because the volumes of data and the digital devices collecting, storing, and sharing data have exponentially expanded, resulting in more criminal cases involving some type of digital device, it is increasingly being considered impractical to conduct in-depth examinations of each digital device. As
  • 42. Casey, Ferraro, and Nguyen (2009) pointed out, "few [digital forensics laboratories] can still afford to create a forensic duplicate of every piece of media and perform an in-depth forensic examination of all data on those media… It makes little sense to wait for the review of each piece of media if only a handful of them will provide data of evidentiary significance" (p. 1353). In view of that, digital forensics process models have been developed that take this into consideration. For instance, Rogers et. al (2006) proposed the Cyber Forensic Field Triage Process Model (CFFTPM), "an onsite or field approach" digital forensics process model "for providing the identification, analysis and interpretation of digital evidence in a short time frame, without the requirement of having to take the system(s)/media back to the lab for an in-depth examination or acquiring a complete forensic image(s)" (p. 19). Building on this model, Casey, Ferraro, and Nguyen (2009) proposed "three levels of forensic examination" that can be used in the field or in the lab:  Survey/triage forensics inspection. This inspection is conducted to quickly review potential sources of evidence and prioritize certain sources for examination based on the importance of the type of evidence they could contain and the volatility of the evidence (Casey, Ferraro, and Nguyen, 2009, pp. 1353 and 1356).  Preliminary forensic examination. To speed up the digital forensics process, a preliminary forensic examination is conducted on the sources identified during the survey/triage forensics inspection phase to find information that could be used in the investigation to obtain direct, circumstantial, or other corroborative evidence of a matter asserted (Casey, Ferraro, and Nguyen, 2009, pp. 1353 and 1356-1359). The failure to find forensic artefacts (i.e., data that may be relevant to a digital forensics investigation) during this examination, which could potentially happen because they were overlooked, does not automatically mean that an in-depth forensic examination will not be conducted (this depends on the case and policies and procedures of those conducting the examination).  In-depth forensic examination. All sources of evidence are examined. This type of examination is often conducted "when evidence destruction is suspected, when additional questions arise and when a case nears trial" (Casey, Ferraro, and Nguyen, 2009, p. 1359). The viability and relevance of each model and its components continues to be debated today (Valjarevic and Venter, 2015; Du, Le-Khac, and Scanlon, 2017). The reality is that each country follows its own digital forensics standards, protocols and procedures. However, differences in processes serve as an impediment to international cooperation in law enforcement investigations
  • 43. Ethics can be understood from a normative and prescriptive perspective. It refers to a body of well-based standards of right and wrongs that prescribe what humans must do in terms of rights, obligations, fairness, virtues and benefits. Ethical standards includes the right to choose, the right to privacy, the right to freedom and expression among others that are founded and supported by well-founded reasons. The second definition is founded on the continuous effort to access the moral beliefs and conducts of society and can be defined as the study and development of personal standards, behavior, feelings, laws and regulations. Overview In the Internet, people can feel invisible and do things they normally would not do in person or in public – things they understand it is wrong to do. The Internet is becoming an indispensable tool in life and it is becoming increasingly important to dust off the concept of cyberspace ethics. Common terms such as cyber citizenship, cyber ethics and netiquette are becoming commonly used to refer to cyber social behavior. The terms refer to the things that people do online when no one is watching. Children are using Internet at an increased rate than before and cyber ethics as emerged as a common denominator to instilling good e-habits at an early age. The unfortunate thing is that children armed with computers can instill serious damages and harm irrespective of whether they are trying to be mischievous or intentionally commit cybercrimes. Cybercrime is not limited to young people who are getting to know technological offerings alone. Government agencies, businesses, consumers and the general public have become victims of cyber-attacks. Attacks on US infrastructure in 2008 originating from Middle East and causing serious digital beachhead as well the case of Bradley Manning, a US Military specialist who leaked thousands of classified information to Whistle-blowing website Wikileak highlight just a few of the cyber crimes and their damaging effects. The recent attack on Target that saw 70 million customers encrypted PIN stolen is another wakeup call for policy makers and businesses demonstrating the magnitude of cyber war. Though these attacks can be thought as spanning a wide spectrum, they just highlight the difficulties of enforcing cyber etiquette (Sembok, 2013). There has been contention as to whether there is a difference between ethics in the real world and
  • 44. that in online platforms. While the answer to some might seem obvious, there is a greater disconnect between ethics in the real world and cyberspace. For instance, in a poll conducted on elementary and middle school kids, half of them reported that they don’t believe that hacking is a real crime. This assertion emanating from a tender age group just highlights the divide between real world and online ethics and stress on the need for parents and educational groups to initiate intensive programs on ethical behavior especially in the cyber space