Information Security and Cyber Law

HOW TO PREVENT CYBERCRIME

By Megha Malhotra:-

The best way to protect yourself against cybercrime is to exercise sensible digital habits. Here are some common-sense browsing habits that will help you defend yourself daily:

1. Be wary of emails with sketchy links or attachments you didn’t expect.
2. Don’t download anything from unknown sources.
3. Check to make sure you’re on a legitimate websitebefore entering any personal info.
4. Always apply software updatesimmediately (they fix security vulnerabilities).
5. Don’t use unencrypted public Wi-Fi (in coffee shops, airports, etc.) without a VPN.
6. Use strong, unique passwords — don’t reuse the same password across multiple accounts.
7. Use two-factor authenticationwhenever possible.
8. Boost your router security to protect your home network.

INFORMATION SECURITY

It refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption. The basic components of information security are most often summed up by the so-called CIA triad: confidentiality, integrity, and availability. Ideally your data should always be kept confidential, in its original state, and available. Practically you often need to make choices about which information security principles to emphasize based onassessing your data. If you’re securing sensitive medical information, for instance, you’ll focus on confidentiality, whereas a financial institution might emphasize data integrity to ensure that nobody’s bank account is credited or debited incorrectly.

Information security measures

the technical measures associated with cybersecurity touch on information security to a certain extent, but it is worthwhile to think about infosec measures in a big-picture way:

• Technical measuresinclude the hardware and software that protects data — everything from encryption to firewalls
• Organizational measuresinclude the creation of an internal unit dedicated to information security, along with making infosec part of the duties of some staff in every department
• Human measuresinclude providing awareness training for users on proper infosec practices
• Physical measuresinclude controlling access to the office locations and, especially, data centres.

CYBER LAWS                                    

Cyber law is the part of the overall legal system that deals with the Internet, cyberspace, and their respective legal issues. Cyber law covers a fairly broad area, encompassing several subtopics including freedom of expression, access to and usage of the Internet, and online privacy. Generically, cyber law is referred to as the Law of the Internet.

INTERNATIONAL PERSPECTIVE :

1.G8

Group of Eight (G8) is made up of the heads of eight industrialized countries: the U.S., the United Kingdom, Russia, France, Italy, Japan, Germany, and Canada.

In 1997, G8 released a Ministers’ Communiqué that includes an action plan and principles to combat cybercrime and protect data and systems from unauthorized impairment. G8 also mandates that all law enforcement personnel must be trained and equipped to address cybercrime, and designates all member countries to have a point of contact on a 24/7.

2.United Nations

In 1990 the UN General Assembly adopted a resolution dealing with computer crime legislation. In 2000 the UN GA adopted a resolution on combating the criminal misuse of information technology. In 2002 the UN GA adopted a second resolution on the criminal misuse of information technology.

3.ITU

The International Telecommunication Union (ITU), as a specialized agency within the United Nations, plays a leading role in the standardization and development of telecommunications

and cybersecurity issues. The ITU was the lead agency of the World Summit on the Information Society (WSIS).In 2003, Geneva Declaration of Principles and the Geneva Plan of Action were released, which highlights the importance of measures in the fight against cybercrime. IN 2005, the Tunis Commitment and the Tunis Agenda were adopted for the Information Society.

4.Council of Europe

Council of Europe is an international organisation focusing on the development of human rights and democracy in its 47 European member states. In 2001, the Convention on Cybercrime, the first international convention aimed at Internet criminal behaviours, was co-drafted by the Council of Europe with the addition of USA, Canada, and Japan and signed by its 46 member states. But only 25 countries ratified later. It aims at providing the basis of an effective legal framework for fighting cybercrime, through harmonization of cybercriminal offences qualification, provision for laws empowering law enforcement and enabling international cooperation.

The major regional responses to cybercrime includes :

1.APEC

Asia-Pacific Economic Cooperation (APEC) is an international forum that seeks to promote promoting open trade and practical economic cooperation in the Asia-Pacific Region. In 2002, APEC issued Cybersecurity Strategy which is included in the Shanghai Declaration. The strategy outlined six areas for co-operation among member economies including legal developments, information sharing and co-operation, security and technical guidelines, public awareness, and training and education.

2.OECD

The Organisation for Economic Co-operation and Development (OECD) is an international economic organisation of 34 countries founded in 1961 to stimulate economic progress and world trade. In 1990, the Information, Computer and Communications Policy (ICCP) Committee created an Expert Group to develop a set of guidelines for information security that was drafted until 1992 and then adopted by the OECD Council. In 2002, OECD announced the completion of “Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security”.

3.Commonwealth

In 2002, the Commonwealth of Nations presented a model law on cybercrime that provides a legal framework to harmonise legislation within the Commonwealth and enable international cooperation. The model law was intentionally drafted in accordance with the Convention on Cybercrime.

CYBER LAWS IN INDIA

Cyber crimes are a new class of crimes which are increasing day by day due to extensive use of internet these days. To combat the crimes related to internet The Information Technology Act, 2000 was enacted with prime objective to create an enabling environment for commercial use of I.T.  The IT Act specifies the acts which have been made punishable. The Indian Penal Code, 1860 has also been amended to take into its purview cyber crimes.The various offenses related to internet which have been made punishable under the IT Act and the IPC are enumerated below:

1. Cyber crimes under the IT Act :

• Tampering with Computer source documents – Sec.65
• Hacking with Computer systems, Data alteration – Sec.66
• Publishing obscene information – Sec.67
• Un-authorised access to protected system Sec.70 Breach of Confidentiality and Privacy – Sec.72
• Publishing false digital signature certificates – Sec.73

2. Cyber Crimes under IPC and Special Laws :

• Sending threatening messages by email – Sec 503 IPC
• Sending defamatory messages by email – Sec 499 IPC
• Forgery of electronic records – Sec 463 IPC
• Bogus websites, cyber frauds – Sec 420 IPC
• Email spoofing – Sec 463 IPC
• Web-Jacking – Sec. 383 IPC
• E-Mail Abuse – Sec.500 IPC

3. Cyber Crimes under the Special Acts:

• Online sale of Drugs under Narcotic Drugs and Psychotropic Substances Act
• Online sale of Arms Arms Act