CS SONU LAKHANI AEO, ICSI CYBER CRIME PREVENTION & DETECTION.

Slides:



Advertisements
Similar presentations
Rohas Nagpal Asian School of Cyber Laws.  Information Technology Act, 2000 came into force in October 2000  Amended on 27 th October 2009  Indian Penal.
Advertisements

Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.
Texas Code of Criminal Procedure. Terminal Objective Upon completion of this module, the participant will be knowledgeable about the sections of the Code.
ITA 2008: Law Enforcement & Incident Response -The way forward- By Talwant Singh Addl. Distt. & Sessions Judge Delhi
The Information Technology Act, 2000 and The Information Technology (amendment) Act, 2008 A Comparative analysis By – Sagar Rahurkar.
AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.
Inquiry, Inspection & investigation, Compounding
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 5-1.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Chapter 5 Computer Fraud Copyright © 2012 Pearson Education 5-1.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
Cyber-safety January 21, 2011 UFO. Cyber-safety Social Networking is a way of life.
Cyber Crime: Judicial Perspective By Talwant Singh Addl. Distt. & Sessions Judge Delhi
I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
Nigel, Lochie, Anika and Martin. As the internet is becoming the most popular area of crime, countries around the world are struggling to update the law.
Access to Electronic Media Acceptable Use Policy August 8, 2011 Meece Middle School.
Introduction to Information Technology, 2nd Edition Turban, Rainer & Potter © 2003 John Wiley & Sons, Inc Introduction to Information Technology.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.
Minimum Wages Act History of Minimum Wages ILO Convention no26 in1928 Recommended Machinery for Fixation of minimum wages The Standing Labour Committee.
Cyber Laws in Pakistan. Cyber Crime Activity in which computers or networks are a tool, a target, or a place of criminal activity. Cyber crime also stated.
The Payment Of Bonus Act, 1965
WhatsApp – Tweaking Security -The new face of Information Technology Services 1.
INFORMATION TECHNOLOGY ACT. Connectivity via the Internet has greatly abridged geographical distances and made communication even more rapid. While activities.
Information Technology Act India is one of the few countries other than U.S.A, Singapore, Malaysia in the world that have Information Technology.
HIPAA PRIVACY AND SECURITY AWARENESS.
Prepared by: Dinesh Bajracharya Nepal Security and Control.
Employee Guidelines for Acceptable Use of Technology Resources.
C OMPANIES ACT,2013 CA. Arun Saxena Saxena & Saxena Chartered Accountants 811, Ansal Bhawan 16, Kasturba Gandhi Marg, New Delhi – Mob.:
Mrs. Stern Computer Applications II. What is Computer Crime?  Criminals Can Operate Anonymously Over the Computer Networks.  Be careful about talking.
Indian Penal Code Act, 1860 Neeraj Aarora Advocate FICWA, LLB, MBA (IT), PGD (Cyber Law, DLTA & ADR), CFE (USA), BCFE (USA) Empanelled Legal Expert with.
Best practices in combating hate crime on the ground osce.org/odihr.
Computer Security Management: Assessment and Forensics Session 8.
OFFENCES AND PENALTIES
BEING CYBERSMART! ABOUT ONLINE SAFETY AND SECURITY AT SCHOOLS Redelivery Part 1: The AUP.
"Share Our Pride" Our Mission Statement "To educate students for the future through collaborative efforts of students, families, staff and community."
October 21, 2008 Jennifer Q.; Loriane M., Michelle E., Charles H. Internet Safety.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Minimum Wages Act 1948.
Criminal Law Lecture 5 Sources  Criminal Code (CAP 154) – Includes all major offences and criminal responsibility  Criminal Procedure Law (CAP 155)
Chichester School District is providing students access to the district’s electronic network. This network includes Internet access, computer services,
Cyber Law And Ethics And Ethics.
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
Issues for Computer Users, Electronic Devices, Computer and Safety.
CYBER AND SECURITY. CYBER LAW The primary source of cyber law in India is information technology act,2000(IT act) which came into force on 17 october.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
1 24. “(1) The Certification Council may grant accreditation to certification service provider, its cryptography services, electronic signature or advanced.
Somerset ISD Online Acceptable Use Policy. Somerset Independent School District Electronic Resources Acceptable Use Policy The purpose of this training.
Seminar by: Guided By: Nidhi Anand Sandhya Rani Sahoo Regd No:
1. Block the bully's access to your online accounts Perhaps the easiest way to stop cyber bullies is to block the bully's access to your online accounts.
Information Systems Security
Acceptable Use Policy (Draft)
IT Security  .
Seminar On Cyber Crime Submitted To: Submitted By:
Being CyberSmart! About Online Safety and Security At Schools
Data Compromises: A Tax Practitioners “Nightmare”
Chapter 17 Risks, Security and Disaster Recovery
IT ACT 2000 and 2008 Important Sections Awareness Presentation
Teaching Internet Safety
Year 10 ICT ECDL/ICDL IT Security.
Information Security Footprint.
Red Flags Rule An Introduction County College of Morris
Disability Services Agencies Briefing On HIPAA
What is Computer Crime? Identity Theft Cyber-Bulling Hacking
Harmful Digital Communications Act 2015 URLs
OHSC 2018 CONSULTATIVE WORKSHOPS CERTIFICATION AND ENFORCEMENT
Government Data Practices & Open Meeting Law Overview
Government Data Practices & Open Meeting Law Overview
Digital Empowerment of Women in KP
Introduction to Digital Forensics
Presentation transcript:

CS SONU LAKHANI AEO, ICSI CYBER CRIME PREVENTION & DETECTION

 Cyber crime is the latest and perhaps the most complicated problem in the cyber world.  “Cyber crime may be said to be those species, of which, genus is the conventional crime, and where either the computer is an object or subject of the conduct constituting crime”

 Internet has offered us a much more convenient way to share information across time and place.  Cyberspace also opened a new venue for criminal activities. ◦Cyber attacks ◦Distribution of illegal materials in cyberspace Contd……

◦Computer-mediated illegal communications within big crime groups or terrorists  Cyber crime has become one of the major security issues for the law enforcement community.  The ambiguity of cyberspace makes identity tracing a significant problem which hinders investigations.

 PREVENTIVE STEPS FOR INDIVIDUA LS  CHILDREN: Children should not give out identifying information such as Name, address, School Name or Telephone Number information about parents in a chat room. They should not respond to messages, which are threatening, and not to arrange a face-to -face meeting without telling parents or guardians. They should remember that people online might not be who they seem.

 Parent should use content filtering software on PC to protect children from pornography, gambling, hate speech, drugs and alcohol.  There is also software to establish time controls for use of limpets (for example blocking usage after a particulars time) and allowing parents to see which site item children have visited. Use this software to keep track of the type of activities of children.

 Don’t delete harmful communications ( s, chats etc). They will provide vital information about system and address of the person behind these  ƒ If you feel any immediate physical danger contact your local police.  Avoid getting into huge arguments online during chat and discussions with other users.  Remember that all other Internet users are strangers; you do not know who you are chatting with. So be careful.

 Do not share personal information in public space online; do not give it to strangers.  ƒSave all communications for evidence. Do not edit it in any way. Also, keep a record of your contacts and inform Law Enforcement Officials

PHYSICAL SECURITY:  Physical security is most sensitive component, as prevention from cyber crime Computer network should be protected from the access of unauthorized persons.

 Access Control system is generally implemented using firewalls, which provide a centralized point from which to permit or allow access.  Firewalls allow only authorized communications between the internal and external network.

 Proof of identity is an essential component to identify intruder. The use of passwords in the most common security for network system including servers, routers and firewalls.  Password should be changed with regular interval of time and it should be alpha numeric and should be difficult to judge.

 As a general rule, If you think you are in immediate danger, then contact your local law police station and let them know what happened, depending on the scope of the crime, it will be investigated by special cyber crime investigation cell.

 Copy of defaced web page in soft copy as well as hard copy format, if website is defaced  If data is compromised on server or computer or any other network equipment, soft copy of original data and soft copy of compromised data.  Access control mechanism details i.e.- who had what kind of the access to the compromised system

 List of suspects – if the victim is having any suspicion on anyone.  All relvant information leading to the answers to following questions –  what ? (what is compromised)  who? (who might have compromised system)  when?(when the systme was compromised)

 why?(why the system might have been compromised)  where?(where is the impact of attack- identifying the target system from the network)  How many?(How many systems have been compromised by the attack)

 Extract the extended headers of offending e- mail  Bring soft copy as well hard copy of offending .  Do not delete the offending from e- mail box.  Save the copy of offending on computers hard drive.

CYBER LAW AUTHORITIES CERTIFYINGAUTHORITIES CENTRAL GOVT. STATE GOVT. ADVISORY BOARD

 An adjudicating officer shall be adjudging whether a person has committed a contravention of any of the provisions of the said Act, by holding an inquiry.  Principles of audi alterum partum and natural justice are enshrined in the said section which stipulates that a reasonable opportunity of making a representation shall be granted to the concerned person who is alleged to have violated the provisions of the IT Act.

 The said Act stipulates that the inquiry will be carried out in the manner as prescribed by the Central Government  All proceedings before him are deemed to be judicial proceedings, every Adjudicating Officer has all powers conferred on civil courts  Appeal to cyber Appellate Tribunal- from decision of Controller, Adjudicating Officer {section 57 IT act}

 Section 47 of the Act lays down that while adjudging the quantum of compensation under this Act, the adjudicating officer shall have due regard to the following factors, namely-  (a) the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;  (b) the amount of loss caused to any person as a result of the default;  (c) the repetitive nature of the default

 Most important asset of software companies  “Computer Source Code" means the listing of programmes, computer commands, design and layout  Ingredients ◦Knowledge or intention ◦Concealment, destruction, alteration ◦computer source code required to be kept or maintained by law

 Section 78 & 80 : Power to investigate offences :Notwithstanding anything contained in the Code of Criminal Procedure, 1973, a police officer not below the rank of Inspector shall investigate any offence under this Act. He may enter any public place and search and arrest without warrant any person found therein who is reasonably suspected of having committed or of committing or of being about to commit any offence under this act.

 Sending pornographic or obscene s are punishable under Section 67 of the IT Act.  An offence under this section is punishable on first conviction with imprisonment for a term, which may extend to five years and with fine, which may extend to One lakh rupees.  In the event of a second or subsequent conviction the recommended punishment is imprisonment for a term, which may extend to ten years and also with fine which may extend to Two lakh rupees.

 s that are defamatory in nature are punishable under Section 500 of the Indian PenalCode (IPC), which recommends an imprisonment of upto two years or a fine or both.  Threatening s are punishable under the provisions of the IPC pertaining to criminal intimidation, insult and annoyance (Chapter XXII), extortion (Chapter XVII)  spoofing spoofing is covered under provisions of the IPC relating to fraud, cheating by personation (Chapter XVII), forgery (Chapter XVIII)

CYBER LAWS & INFORMATION TECHNOLOGY ACT ' 2000 S No. OffencePenalty 1 Intentional Tampering with Computer resource and docs. Upto 2 Lacs fine &/ or 3 yrs. Imprisonment 2Hacking Upto 2 Lacs fine &/ or 3 yrs. Imprisonment 3 Controller issuing directions to Certifying auth./ its employee to take measures compliance with law & failure of complying with such directions Upto 2 Lacs fine &/ or 3 yrs. Imprisonment 4Penalty for Misrepresentation Upto 1 Lac fine &/ or 2 yrs. Imprisonment

5 Penalty for Breach of Confidentiality Upto 1 Lac fine &/ or 2 yrs. Imprisonment 6 Penalty for publishing false Digital Signature Certificate Upto 1 Lac fine &/ or 2 yrs. Imprisonment 7 Penalty for fraudulent publication of Digital Signature Certificate Upto 1 Lac fine &/ or 2 yrs. Imprisonment 8 Publishing of Informn. Obscene in electronic form 1st Conviction: Upto 1 Lac fine &/ or 5 yrs. Imprisonment 2nd Conviction: Upto 2 Lac fine &/ or 10 yrs. Imprisonment 9 Appropriate Govt. may declare by notificn. any C/CS/CN to be a protected system & unauthorised access into such system Fine or 10 yrs. Imprisonment

 No specific enforcement agencies to combat various cyber-crimes.  Lack of skilled law enforcement personnel.  No report by the victims.  Jurisdictional problems

 E-security programs.  Identification of internal and external sources of threats.  Security awareness programs for all users.  No sharing of user accounts.  Network security from external sources.  Antivirus softwares.  Data backup and disaster recovery plans.

 Review of the existing legislations and statutes.  Continuous monitoring of the cyber cafes.  Raising awareness about cyber crimes.  Co-operation at international level.  Establishment of International Tribunals.  Need for trained professionals.  Special courses in cyber security

Source

Disclaimer Clause: Views expressed in this presentation views of the author do not necessary reflect those of the Institute