Unit--4th by-

Cyherlavw
Cyberlaw is the area of law that
deals with the
technological and Internet's relationship to
electronic elements, including computers,
and information systems (IS).Cyberlaw is also software, hardware
known as Cyber Law or Internet
[Link] prevent or reduce large scale damage from cybercriminal activilies
by protecting
intormation access,
(IP) and freedom of specch relatedprivacy, communications, intellectual propert
to the use of
computers, cell phonos, software and hardwarc, sucktheas Intcrnet, websites, ernali.
dete storage devICCs/ ne
increase in Internet traffic has led to a higher
proportion legal issues worldwide.
Because cyberlaws vary by jurisdiction and country, of
and restitution ranges from fines to enforcement is chailenging.
overall legal system that deals with theimprisonment/Cyber law is the part of the
legal issues. Cyber law covers a fairly Internet, cyberspace, and their respective
broad area, encompassing several
including freedom of expression, access to and ssage subtopics
of the Internet, and online
privacy. Generically, cyber law is referred to as the Law of
the Internet!
Why are cyber laws needed
Like any law) acyber law is created to help
protect people and organizations on the
Interret from malicious people on the Internet and help
breaks a cyber lavw or rule, it allows another person or maintain order. If someone
against that person or have them sentenced to: organization to take action
a punisiment,
What happens if youbreaka cyber law?
There are different forms of punishment depending on the
broke, who you offended, where you broke the law, type of cyber law you
and where
situations, breaking the rules on a website will result in your you live. in many
account becoming
suspended or banned and your IP addressed blocked. To determine the
consequençes of your action for minor offenses, we recommend reviewing the
companies terms of serviceor rules. If you've committed a more serious
.

such as hacking, attacking another person or website, or offense

causing another person or
company distress, additional action may be taken against you.
Happy Insan Sir 9694717940
Page 1
 Cyber Laws of India (
ln Simple way we can say that cyber crime is unlawful acts wherein the
computer
is either a tool or a target or both. Cyber crimes can involve criminal activities that
are traditional in nature, such as theft, fraud, forgery, defamation and mischiefl all
of which are subject to the Indian Penal Code. The abuse of
computers has also
given birth to agamut of new age crimes that are addressed by the Information
Technology Act, 2000.
We can categorize Cyber crimes in two ways
The Computer as a Target :-using a computer to attack other
computers.
egliacking, Virus/Worm attacks,DOS attack etc.
"Ihe computer as a weapon :-using a computer to commit real world crimes.
e.g. Cyber Terrorism, IPR violations, Credit card frauds,EFT frauds,
etc.
Pornography
Cyber law (also referred to as cyberlaw) is a term used to describe the legal
related to use of communications technology, particularly issues
"cyberspace", i.e. the
internet. lt is less a distinct field of law in the way that property or contract are as it
is an intersection of many legal fields, including
freedom of expression, and jurisdiction. In essence,intellectual property, privacy,
cyber law is an attempt to
integrate the ch¡llenges presented by human activity on the Internet
system of laws applicable to the physical with legacy

Cyberdaw in INDiA
When Internet was developed, the founding
inclination that Internet could transform itselffathers
of Internet hardly had any
into an all pervading revolution
which could be misused for criminal
activities and
Moday. there are many disturbing things happening inwhich required regulation.
onymous nature of the Internet, it is possible to engage cyberspace. Due to the
into a variety of criminal
activities with impunity and people with
this aspect of the Internet to perpetuate intelligence, have been grossly misusing
need for criminal activities in cyberspace. Hence the
Cyberlaws in India

Happy Insan Sir 9694717940

Page 2
 What is the importance of Cyberlav ?
aspects of transactions ard
yberlaw is important becausc it touches almost al
Wide Web and Cyberspace
activities on and concerning the Intermet, the World
may seem that Cyberlaws is a very technical ficld and that it does not
Initially it actual truth is that
Cyberspace. But the
have any bearing to most activitics in
realize it or not, every action
nothing could be further than the truth. Whether we
legal perspectives.
and every reaction in Cyberspace has some legal and Cyber

Advantages of Cyber Laws Act 1 .

TtoTech deal with
The IT At 2000 attempts to change outdated laws and provides ways to
transactions
eyber crtmes. We need such laws so that people can perform purchase
the much
over the Net through credit cards without fear of misusc. The Act offers
needed legal framework so that information is not denied legal effect, validity or
enforccability, solely on the ground that it is in the form of clectronic records.
In view of the growth in transactions and communications carried out through
electronic records, Jthe Act seeks to empower government departments to accept
filing, creating and retention of official documents in the digital format. The Act
has also proposed a legal framework for the authentication and origin of electronie
records / communications through digital signature
YFrom the perspective of e-commerce in India, the IT Act 2000 and its provisions
contain many positive aspects. Firstly, the implications of these provisions for the
e-businesses would be that email would now be a valid and legal form of
communication in our country that can be duly produced and approved in a court
of law.
Gompanies shall now be able to carry out electronic commerce using the legal
infrastructure provided by the Act.
Digital signatures have been given legal validity and sanction in the Act.
"Ahe Act throws open the doors for the entry of corporate companies in the business
of being Certifying Authorities for issuing Digital Signatures Certificates.
Jhé Act now allows Government to issue notification on the web thus heralding e
governance.
The Act enables the companies to file any form, application or any other document
with any office, authority, body or agency owned or controlled by the appropriate

Happy Insan Sir 9694717940 Page 3

 GOvemnent in electronie torm by means of such
prescribed by the appropriate Government. electronic form as may be
he 1T Act also addresses the
osuecess of clectronic important issues of security, which are so critical to
transactions. (The Act given a legal definition to the
concept of secure digital signaturesyhat vwould has
through a system ofa securitý procedure, as be required to have been passed
date. stipulated by the Government at a later
Under the IT Act, 2000, it shall now be
possible for
Cemedy in case if anyone breaks into their computer corporates to have a statutory
damages or copies data. The remedy provided bysystems
or network and causes
the Act is in the form of
monetary damages, not exceeding Rs. 1 crore.

Information TechnologyAct, 2000 ITA 2oso

The Information Technology Act, 2000 or ITA, 2000 or IT Act, was
LOctober 17, 2000. It is the law that deals with cybercrime and notified on
India. electronic commerce in
In 1996, the United Nations
Commission on International Trade Law (UNCITRAL)
adopted the model law on electronic commerce
the law in different countries. (e-commerce) to bring uniformity in
further, the General Assembly of the United Nations
must consider this model law before making recommended that all countries
the 12th country to enable cyber law after it
changes to their own laws. India became
passed the
[Link] the first draft was created by the Ministry ofInformation Technology Act,
india as the ECommerce Act, 1998, it was Commerce, Government of
Bill, redrafted as the Information
Technology
1999, and passed in May 2000!

Objectives of thé Act

The Information Technology Act, 2000
Tone via electronic exchange of data and provides legal recognition tothe transaction
other electronic means of
electronic commerce transactionDs communication or

Happy Insan Sir 9694717940

Page 4
 This also involves the use of
storage to alternatives
and information to a
facilitate paper-based
the electronic filingmethod
of
communication
Govermment agencies. of documents with the
Further, this act amended the Indian
the Bankers' Books Penal Code 1860, the Indian
Îhe objectives of the Evidence Act 1891, and the
Reserve
Evidence Act 1872.
Act are as Bank of India Act 1934.
follows)
Grant legal recognition to all
or other
electronic means of transactions doneorvia electronic exchange of data
earlier paper-based method of communication e-commerce, in place of the
j Give legal recognition to communication.
digital signatures for the
information or matters requiring legal authentication authentication of any
i
Facilitate the electronic filing of
departments documents with Government agencies and also
. Facilitate the electronic storage of data
Give legal sanction and also
banks and financial facilitate the electronic transfer of funds
institutions between
. Grant legal recognition to
Reserve Bank of India Act,bankers under the Evidence Act, 1891 and
1934, for keeping the books of the
electronic form. accounts in
RSE
Features of the
Information Technology Act, 2000
. All electronic
valid.
contracts made through secure electronic
channels are legally
b. Legal recognition for digital
signatures.
Security measures for electronic records
and also digial
d. A procedure for the signatures are in place
appointment of adjudicating officers for holding inquiries
under the Act is fnalized

Happy Insan Sir 9694717940

Page 5
e. Povision for establishing a Cyber Regulatory Appellant
Act, Futher, this tribunal will Tribunal under the
handle all appeals made against
Controller or Adjudicating Officer. the order of the
An appeal against the order of the
Cyber Appellant Tribunal is possible only in
the High Court
. Digital Signatures will use an
function asymmetric cryptosystem' and also a hash
h. Provision for the appointment of the Controller of
10 license and regulate the working of Certifying Authorities (CCA)
act as a repository of all digital Certifying Authorities. The Controller to
signatures.
i. The Act applies to offences or contraventions
committed outside India
i. Senior police officers and
other officers can enter any public place and search
and arTest without warrant

k. Provisions for the constitution of a Cyber Regulations

advise the Central Government and Advisory Committee to
Controller
TTA
Digital Signature
[A digial signature Card
guarantees the authenticity of an electronic
message in digital communication and uses document or
of original and unmodified encryption techniques to provide proof
documentation.
Digital signatures are used in
transactions and other situations e-commerce, software
that rely on forgery ordistribution, financial
techniques. tampering detection
A digital signature is also
known as an electronic signature.
Adigital signature is
applied and verified, as follows:
The document or message sender
(signer) or
shares the public key with the end user(s). public/private key supplier
The sender, using his private key,
message or document. appends the encrypted signature to the
iiappy insan Sir 9694717940
Page 6
 The end user decrypts the document and verifies the
end user know that the document is from the signature, which lets the
original
Digital Signature is a process that guarantees that thesender.
have not been altered in transit. contents of a message

When you, the server, digitally sign a document, you add a one-way hash
(encryption) of the message content using your public and private key pair. tvcte)
Your client can still read it, but the process creates a
the server's public key can decrypt. The client, using the"signature"
that only
can then validate the sender as well as the server's public key,
integrity of message contents.
Whether it's an email, an online order or a watermarked photograph on
eBay, if the transmission arrives but the digital signature does not match the
public key in the digital certificate, then the client knows that the
has been altered.
message

How does a Digital Signature Work?

|The digital signature can be considered as a numerical value that is represented as
a sequence of characters. The creation of a digital signature is a complex
mathematical process that can only be created by a computer
|Consider a scenario where Aliçe has to digitally sign a file or an email and send it
to Bob)
Alice selects the file to be digitally signed or clicks on 'sign' in her
email application
The hash value of the file content or the message is calculated by
Alice's computer
This hash value is encrypted with Alice's Signing Key (which is a Private
Key) to create the Digital Signature.
A Now, the original file or email message along with its Digital Signature are
sent to Bob.
After Bob receives the signed message, the associated application (such as
email application) identifies that the message has been signed. Bob's
computer then proceeds to:
a Decrypt the Digital Signature using Alice's Public Key
Page 7
Happy Insan Sir 9694717940
 Calculate the hash of the original message
Compare the (a) hash it has computed fromn the received message with
the (b) decrypted hash received with Alice's message.
Any difterence in the hash values would reveal ta1pering of the message

Digital Signature is a process that guarantees that the contents of a message have
not been altered in transit.
When you, the server, digitally sign a document, you add a one-way hash
(encryption) of the message content using your public and private key pair.
Your client can still read it, but the process creates a "signature" that
only the
server's public key can decrypt. The client, using the server's public key, can
validate the sender as well as the integrity of message then
contents.
Mhether it's an email, an online order or a watermarked
transmission arrives but the digital signature does not matchphotograph on eBay, if the
digital certificate, then the client knows that the the public key in the
message has been altered.
sdigital signature is basically a way to ensure that an Polt
spreadsheet, text file, etc.) is authentic. Authentic meanselectronic document (e-mail,
created the document and you know that you know who
that it has not been altered in
that person created it. any way since
Digital signatures rely on certain types of
Encryption is the process of taking all the dataenryption to ensure authentication.
another and encoding it into a form that that one computer is
decode. Authentication is the process of only the other computer will sending to
be able to
a trusted source.
These two processes workverifying that information is coming from
hand in hand for digital
ITAct Provisions Related to signatures.
Digital Signature
Section of IT Act, made the
3
recörds. provision for it as:
Authentication of electronic
3) Subject to the
electronic record byprovisions
affixing
of this section, any
his digital signatùre. subscriber may authenticate an
Happy Insan Sir 9694717940
Page 8
 Digital Signature Vs. Digital Certificate
Digital sigFatures are based on three pointers for authentication - Privacy, Non
repudiation and Integrity in the virtual world, while the objectives of digital
certificate are the authentication of documents, and bind the person
the digital signatur, which based on public key who is putting
cryptography requires two
separate keós, as sectèt ànd public. However, both the keys are linked together, one
key encrypts the plain text, and another decrypts the
can perform both the functions. The other cipher text, and neither key
difference is digital
electronic process of signing an electronic document while a Digital signature is an
computer based record which is the identification of certifying agency Certificate is a
or the
identity of subscriber
XDigital Signature Vs. Electronic Signature
The Information Technology Amendment Bill 2006,
replaces the word "Digital"
with the word "Electronic" at several places in the
principal act, which creates a
slight difference between the two, electronic signature is wide in
nature, while the
digital signature is one of the many kinds of electronic signature.
Section 2(ta) electronic signature" means authentication of any
by a subscriber by means of an electronic technique electronic record
specified in the second
schedule and includes digital signature and section 2(p) defined
Digital Signature
Certificate" means a Digital Signature Certificate issued Under sub-section
section 35.
(4) of

4Cyber security and organizational implications

Living in a world where everything and everybody is connected, protection and
security of data has grown all the more critical. As long as one is
Internet, anyone can become a viable victim to a cyber attack, thus connected to the
proper protection must be installed to prevent any wariness-and
from protecting user data against the growing
detrimental incidents. Thus,
number of
continuity of businesses, cybersecurity-or measures takenthreats
to
to ensuring the
system against unauthorized attacks-is an essential element forprotect a computer
any organization)
With the advance of the Internet and alike, security
threats and cyber-attacks are
Happy Insan Sir 9694717940
Page 9
multiplying acutely all over the globe, targeting
these threats and attacks continue to
mount, individuals and targets alike. A.
risks have become critical issues for
leadersunderstanding and
in both businessmanaging security
Below are |several essential facts that and
landscapé define the current
informationgovernment .
security
he estimated annual cost
for cybercrime
billion dollars. committed globally adds up to 100
Currently, there are more than 6 billion social
more than 64% of internet network
users accessing social usersworldwide with
Social media is the most media services online.
media users are victims ofvulnerable means cyberattacks. One in 10
of
social
From 2016 to 2019 global
cyberattacks and the numbers are on a
rise.
cyber crime costs are
Leaching US 1trillion dollars. expected to greatly increase,
US government spent US
14 billion dollars on
plans to spend US 19 billion dollars in cyber security in 2016 with
2017.
As it can be seen, the
and governments alike,implicaions, both financially and
are reedOUs. Take, internally for
Sony and Target's breaches forfexample, a few recentcompanies
incidents:
impact on information earlier in 2014 and 2013,
against the government technology security respectively,
It was evident that
had the biggest
Target werehigh-profile
and companies like Sony and hacks
legislative inaction and administrative
cyber [Link] breach of uncertainty on how best to largely met with
details of least 21.5 million the Office of address evolving
Personnel Management exposed the
claims of Russian and
Chinese government employees. Additionally, repeated
agencies continued to surface as an hacking of American businesses and public
as reports ongoing issue
indicating that several thousand FBI within the public sphere, as well
following such an attack. Accordingly, staffers had their data leaked
AHeiean who uses the Internet in order such(security
to
is important to
every
remain protected. ensure that their
case, those who tryUnfortunately, there are always going to be communications H
to steal people's "bad guys" in this att
gain. Thus, as these threats information for their own financial or personal
continue
security risk_ have become critical to mount, understanding and managing
government. issues for leaders in both business and

Happy Insan Sir 9694717940

Page 10
Cyber crisis management
We should start by defining what acybersecurity crisis is. Typically, it might be
confused with an incident response plan and although they are definitely diferent,
the way wve manage the incidentresponse process mightend up in a serious crisis.

An incident response plan refers to a methodology to cope with day-to-day cyber

security events, like vìrus infections, malwares, DDoS andphishing attacks etc...

the-ease e a crisis, we are facing a situation that might seriously impact the
onganization, its reputation, financial stabilitynd even its viability as a business.

Whatis at stake, the potential reputation and business impact

During the crisis, the executive management team and particularly the CEO are
going to be put in the spotlight in aprocess that in some cases might be very quick
and quite difficult to manage without the right preparation. /

A sequence of discussions within the company among the different teams

involved, as well as interactions with regulators, the media, supervisory authorities
and potentially to the data subject or affected individuals might take place in a
short period of time.

Astrong communication plan willnot only help protect customers, but also heln
your company mitigate any brand image danmage and loss of revenue.

Keyelements of a crisis management plan

Identification of the key executive stakeholders including representation from
legal, privacy,risk, IT, compliance and corporate communications
Clear definition of roles and responsibilities of each stakeholder
Explore "What if' scenarios evaluating the potential impact, planned
response activities and resulting recovery processes. This analysis will enable
the organization to define severity levels and the definition of specific
response protocols

Happy Insan Sir 9694717940

Page 11
 Templates of statements tailored for customers,
external agencies; business partners, mediz ard
Pre-crafted communication templates for breach
applicable privacy laws, for
notifications as required by
Cxample GDPR
Arrangements to immediately provide identity and
credít protection
to affected individuals if
servives
1eeded.
dentification of
forensics experts that might help in
mitigating data breaches. investigating or
Identification of potential negotiation experts, for example in the
ransomware. case of

The cybersecurity crisis management process

Every crisis is different.
Nevertheless, we can approach them following this
structured process with important activities before, during and after the crisis híts.
We divide the process in four
different phases as highlighted by the US
Lestitute of Standards and Technology (NIST) and also in National
Canada Cyber Security Event Management Plan the Government of

Preparation: involving general

events. During this phase, roles readiness to a broad range of
and cybersecurity
defined and tested and teams trained. responsibilities are defined, procedures
Detection and Assessment: involves
sources, discovery of cyber events, monitoring of diverse information
reporting from affected departments and
aninitial assessment of the impact level.
Kontainment, eradication and
required to mitigate impact, recovery:andincludes all response actions
analysis and investigation. containment eradication and root cause
Rost-event analysis: covering lessons learned analysis,
and procedures review of processes
recommending
management capability.
changes to continuously improve the crisis

Happy Insan Sir 9694717940

Page 12
 4Phases of Cyber Crisis Management
four phases in Cyber Crisis Management, namcly Detection, Responsc,
There are glimpse of the four phases.
Containment &ampnp; Recovery. Here is a

RCsponse Containment Recovery

tccion
Deto

Detection Phase:
external sources, such as - customer
Input to this phase comes both from
any other third party; and also from internal
complaint, regulator complaint, and
engaged for Security Incident
sources like helpdesk team and the team
Management Procedure".

Response /Containment / Recovery Phase:

stakeholders under
Various activities which will be carried out by the respective
this phase include:

Cyber Crisis Management Team (CCMT)

4. Chief Information Officer (CIO) "Coordinates the IT implementation efforts with
the technology team within the bank and with the third parties who are maintaining
or managing the IT infrastructure
A Chief Information Security Officer (CISO) "Coordinates the security controls
evaluation and implementation efforts with the Information Security Team within
the bank and with the third parties who are maintaining or managing the T
infrastructure "To coordinate with Business Heads and advise them on the situation

Ai. Chief Risk Officer (CRO) "CRO will be directly involved fir the Risk
Assessment phases and give guidance to the CCMT during the crisis management
10

AV. Chief Financial Officer (CEO)"Provide the justified approval / guidance on the
investments/ expenses during the crisis situation "Monitor cost-to-benefit ratio for
the efforts and IT/ controls
implementation
Happy Insan Sir 9694717940
Page 13
 . Chief
team for Technology Officer (CTO) / Head (IT
isolating systems affected /
Infrastrifuctnecessary
restoring backups
intrastructure and application related operational ure) "Engageand allwith
vi. Head (Legal) / issues othe,
Legal Counsel *Provide
bank during the Cyber
security
standing of the decisions taken crisis consultation on the legal
situation standíng of the
legal support during the by the Board Provide consultation on the Jegl
litigation or law suit members and/or CCMT "Provide
Ni. Head
(Corporate
with the Board Communi cation) / Public
members and CCMT Relations Officer (PRO) "Consult
preparing an
appropriate public members on understanding the crisis
the externmal
parties and media onresponse for the situation - if required Work with and
situation *Continuously provide providing the bank's stand on the Cyber
on the curent internal communication and
situation and appropriate
crisis
update employees
steps to be taken by them to
vim. Respective
Business Heads Continuously work with
address the concerns and issues of the their respective teams to
customers
Anti cvbercrime straegies
Kecurity can no longer be an
presence. [Link] ACUivesafterthought
need to
when building your
company's online
in short, they must build focus on cybersecurity as a core
before they happen. systems now to detect breaches and feature:
deal with hacks
ahejp protect your business from
Irom Forbes cybercrime, a panel of
Technology
potential threats. Council weigh in on the strategies technology executives
they've used to combat
Lrotect Your Most Visible Asset: Your
Websites are the most visible and Website
hackers scan the Internet nonstop vulnerable part of a company's
in search of
overlook this vulnerable entry point in weaknesses, companies infrastructure.
should
As
not
Products like eiwae ald their cybersecurity defense
cun hcip yoç guard this strategy
vulnerabiliy scanners and web-application firewatts
inportant asset that is the face of your brand.
2, Focus_on Effects
Happy Insan Sir 9694717940
Page 14
 Today, it's clear that orpanizations can't prevent 100 percent of intrusiong. A
sophisticated and determined adversary will eventually pet in. This is why
companies should focus on detecting the effects (also called indicators of attack) of
malware and adversary activity, and not just lock out for known bad signatures
(known as indicators of compromise).
Remember That People Are Your Weakest Link
Even the most advanced technology can't prevent a great employee from
accidentally opening yor doors to cybercrime. Say "Mary" calls her assistant,
asking for aserver password after hours and he obliges. Their strong, alphanumeric
32-character password is now exposed in a plaintext email,/These unintentional
slip-ups happen; combat them by reiterating common sense practices to all of your
employees.
4. Isolate Threats to Eliminate Data Breaches
We must adopt technology that is more secure by design. For exampic, isolating
threats by segmenting the enterprise networks makes it harder for malware to
penetrate an organization. Virtualization takes this a step further by making
applications more resilient to attack.

[Link] Sure Security Isn't an Afterthought

Think about security upfront, not as an afterthought -- cybercrime is on the rise and
we need to think in terms of creating an immune system to detect and fight off
infections rather than the impossible task of blocking 100 percent of attacks.
6. Include Information Security Early in Your Product and
Service Design
Including data security practices early on in your product design or service process
1s the prevention that can save you the pain and losses of a data breach. Paying
respect to data security guidelines like those imposed on regulated industries such
as finance and healthcare can be a starting point for best practices.

[Link] AII Systems Up-to-Date

Happy Insan Sir 9694717940 Page 15
 A
breach at the
patch up your OS,application or system level is the casiest of all
update is available. databases,
Don't server-side scripts, CMS, hacks. Upgrade or
framework plugins, etc. as soon as an
that gives you reinvent the wheel -- applications
plan for adequate should make use of a
maintenance projects, andprotection
these out of the box. You
have a dedicated team for should always
8. Have them.
Internal Audits
Most companies wait until
audits. At that point, they they are more mature to
are typically far engage in SOC2 or SSAE 16
initiation,
to have
have proper protocol and behind where they should be.
separation of duties, rememberprocedures in mind. Even if From
that you will once you you are too
hit a certain [Link]
How toprotect
yourself against cybercrime
Anyone using the internet should
you can se to help exercise
protect yourself againstsome basic
the range ofprecautions. Here are 11 tips
KÜse aa cybercrimes
full-service internet security suite out there.
For instance,
Norton Securityprovides real-time
emerging malware including protection against existing and
private and financial ransomware
information when
and viruses,
you go online. and helps protect your
2Use strong
Don't repeat your passwords’ Apltett NUeet sleuesyt
passwords on different sites,
regularly. Make them complex. That and change your
of atpasswords
letters, numbers, and means using a
to keep your symbols. password
A
passwords locked down.
combination least 10
management application can help you

3. Keep your
This is especially
software updated
software. important with your operating systems
Cybercri
to gain access m i
to your
nals frequently use known
and internet security
exploits, flaws, in your software
or
likely that you'll becomesystem. Patching those
a
cybercrime target. exploits and flaws can make it less
Happy Insan Sir 9694717940
Page 16
 [Link] your social media settings
Keep your personal and
private
engineering cybercriminals cân often get yourinformation down. Social
locked

data points, so the less you share personal information with just a few
publicly, the better. For instance, if you post your
net's name or reveal your mother S
maiden name, you might expose the answers to
two common security questions.

5,8trengthen your home network

It's a good idea to start vwith a strong encryption
password as well as a virtual
private network. A VPN Will encrypt all traffic leaving your devices until it arrives
at its destination. If cybercriminals do manage to hack your
communication line,
they won't intercept anything but encrypted data. It's a good idea to use a VPN
whenever you a public Wi-Fi network, whether it's in a library, café, hotel, or
airport.
6Talk to your children about theËnternet
You can teach your kids about acceptable use of the internet without shutting down
communication channels. Make sure they know that they can come to you if
they're experiencing any kind of online harassment, stalking, or bullying.
Keep up todate on major security breaches
If you do business with amerchant or have an account on a website that's been
impacted by a security breach, find out what information the hackers accessed and
change your password immediately.
8Take measures to help protect yourself against identity
theft phishid
ldentity theft occurs when someone wrongfully obtains your personal data in a way
that involves fraud or deception, typically for economic gain. How? You might be
uicked Into giving personal information over the internet, for instance, or a thief
Might steal your mail to access account information. That's why it's important to
guard your personal data, A VPN short for virtual private network can also
neip to protect the data you send and receive online, especially when accessing the
internet on public Wi-Fi.
Page 17
Happy Insan Sir 9694717940
 9, Know that identity theft can
happen anywhere
It's smart toknow how to protect your identity
even
of things you can do to help keep criminals from when traveling. There ar a lot
getting your
on the road. These include
keeping your travel plans off socialprivate
media
information
and being
using VPN when accessing the internet over your
a
hotel's Wi-Fi network.
Je. Keep an eye on the kids
Just like you'll want to talk to your
kids about
protect them against identity theft. Identity the internet, you'llalso want to help
their Social Security number and thieves often target children because
You can help guard against
credit histories frequently represent a clean
identity theft by slate.
being careful when
smart to know what to look forsharing
child's personal information. It's also your
suggest your child's identity has been that might
compromised.
1. Know what to doif you
become a victim
If you believe that
you've become a
local police and, in some cases, the victim of a cybercrime, you need to alert the
FBI and the ederal Trade
important even if the crime seems minor. Your
report may
Commission. This is
investigations or may help to thwart criminals from assist authorities in their
people in the future. If you think taking advantage of other
are among the steps you cybercriminals stolen your identity. These
should consider.
have

Contact the companies and banks where you

Place fraud alerts and get your know fraud occurred.
" Report identity theft to the credit reports.
FTC.

Cybercrime and Cyberterrorism

Cyberterrorism is defined by U.S. Federal
premeditated attackagainst a computer system, Bureau of Investigation as a
information with the sole aim of computer data, programs and other
violence
subnational groups. The main aim behind against clandestine agents and
destruction. cyberterrorism is to cause harm and
Happy Insan Sir 9694717940
Page 18
opeterrorisn can be explaind as intemet
temris, With the adyent of the
internet, individuals and gops are misusing the
anonymity to tlhreaten
individuals, certain gnups, elgions, ethnicities or beliefs,
broadly categorizedunder three major categories: Cylberterrorism can be
sfmole: This consists ot basic attacks incuding the hacking of an individual
system.
/Advancad: These ar more sophisticated attacks and can involve hacking
multiple svstems andor networks.
Complex: These are coordinated attacks that can have a large-scale impact
and makeuse of sophisticated tools.
Cyberterrorism is the use of the Intermet to conduct violent acts that result in, or
Threaten. loss of life or significant bodily harm, in order to achieve political or
ideological gains through threat or intimidation. It is also sometimes considered an
act of Internet terTOr0Sm where terrorist activities, including acts of deliberate,
large-scale disruption of computer networks, especially of personal computers
attached to the Intermet by means of tools such as computer viruses,computer
worms, phishing, and other malicious software and hardware methods and
programming scripts
Cvberterrorism is a controversial term. Some authors opt for a very narrow
definition, relating to deployment by known terrorist organizations of disruption
attacks against information systems for the primary purpose of creating alam.
panic, or physical disruption. Other authors prefer a broader definition, which
includes cvbercrime. Participating in a cyberatack affects the terror threat
perception, even if it isn't done with a violent approach. By some definitions, it
might be difficult to distinguish which instances of online activities are
cyberterrorism or cybercrime.
use of computers, networks,
Cyberterrorism can be also defined as the intentional
and harm for personal objectives.
and public internet to cause destruction
Experienced cyberterrorists, who are very skilled in terms of hacking can cause
national security
massive damage to government systems, hospital records, and
organization in turmoil and
Programs, whích might leave a country, community or
may be political or
In fear of further attacks, The objectives of such terrorists
ideological since this can be considered a form of terror.
Page 19
Happy Insan Sir 9694717940
 Thane i much concern irom
damage that could be caused bygovernment and media sources about potential
wemment agencies such as cyberterrorism,
the
and this has
Federal Bureau of prompted efforts by
the Central
yherterrorism, Intelligence Agency (CIA) to put an end to Investigations (FBI) and
cyber attacks and
There have been several
Qaeda utilized the internet to major and minor instances of
communicate
members. Estonia, a Baltic country which is with supporters andcyberterrorism. AI
even to recruit new
technology, became a battleground for constantly evolving in terms of
regarding
Tallinn
the removal of a
WWIl soviet cyberterror in April, 2007 after disputes
statue located in Estonia's
capital
According the U.S. Federal Bureau of
to
"premeditated,
computer programs,
Investigation, cyberterrorism
politically motivated attack against is any
and data which
1argets by sub-national groups information,
results in violence againstcomputer systems,
Unlike a nuisance virus or
or
clandestine
agents." non-combatant
the FBI computer attack that results in a denial of
defines a cyberterrorist
harm to individuals. atack as explicitly service (DoS),
According to the U.S. Commissiondesigned
Protection, possible cyberterrorist
to
of Critical
cause physical
installations, power plants,
targets include the banking Infrastructure
there is no current air traffic control centers and water industry, military
consensus
security community on what betweenas various governments andsystems) However,
qualifies an act of the
cyberterrorism. information
While the FBI defines
egregious attacks, other cyberterrorismandnarrowly, excluding all but the
attacks can also be organizations experts suggest that many less most
are intended to be considered to be
as long as the harmful
acts of
cases, the disruptive or to cyberterrorism,
further the attackers' attacks
differentiation
cybercrime activity lies iH thebetween cyberterrorism political
attacks and
stance. In some
intention: the primary motivation for more ordinary
attacks is to disrupt or harm the
harm or cause victims, even if the attacks do not
cybert errorism
extreme financial harm. result in physical
In other cases, the
differentiation
infosec experts believe an incident
is tied to the
outcome of a cyberattack; many
should be considered a
Happy Insan Sir 9694717940
cyberterrorism attack if
Page 20
 Xresults in physieal harm o
loss of Iife, cither directly or
damage or disruption to critical indirectly through
ham is not aprenquisite tor intiastructure. However, others believe physical
classifying
North Atlantie Treaty Oranization acyberattack as a
ferrorist event. The
cyberterorism as "a cyberattack using or(NATO), for example, has defined
networks to cause sutlicient destruction exploiting computer or communication
or disruption to
intimidatea society into an ideological goal," generate fear or to

yberterorism is sometimes retered to as clectronic terrorism.

Examples of cyberterrorism
lActs of cyberterrorism can be
carried out over private computer
devices and networks visible through the public servers, againsi
govermment networks or other restricted [Link] as well as against secured
computer systems can introduce viruses to vulnerable Hackers who break into
launch networkS, deface websites,
denial-of-service attacks and/or make terroristic threats electronically.
Examples of cyberterrorism include:
Global terror networks disrupting major
websites to create public
nuisances/inconveniences
hackers disagree with.
or to stop traffic to websites that publish content the

0nternational cyberterrorists accessing and disabling or modifying the

that control military technology. signals
yberterrorists targeting critical
a water treatment plant, cause a infrastructure systems, for example, to disable
regional power outage, or
refinery or fracking operation. This type of cyberattack disrupt a pipeline, oil
cities, cause a public could disrupt major
health crisis, endanger the public safety of millions of
people as well as cause massive panic and fatalities,

Cyberespionage, as carried out by governments using hackers to spy on rival

nations' intelligence communications to learn about the
a tactical locations of troops or gain
advantage at war, is not necessarily considered to be
unless the spying is carried out with the intent to eyberterrorism
execute a cyberterrorist atack.
Happy Insan Sir 9694717940
Page 21
 sources about potential
from government and media prompted efforts by
There is much conçen this has
cyberterrorism,and Investigations (FBI) and
damage that could be caused by of
agencies such as the Federal Bureau cyber attacks and
govemnent end to
Agency (CIA) to put an
the Central lntelligence
cyberterroris1m,Bl cyberterrorism. Al-
minor instances of
There have been several major and and even to recruit new
with supporters
aeda utilized the internet to communicate constantly evolving in terms of
country which is
mbers, Estonia, a Baltic in April, 2007 after disputes
battleground for cyberterror
nology, became a soviet statue located in Estoniía's capital
ding the removal of a WWIl

U.S. Federal Bureau of Investigation, cyberterrorism is any

ng to the
information, computer systems,
tated, politically motivated attack against
against non-combatant
programs, and data which results in violence
ub-national groups or clandestine agents."
denial of service (DoS).
sance virus or computer attack that results in a
physical
nes a cyberterrorist attack as explicitly designed to cause
duals. According to the U.S. Commission of Critical Infrastructure
sible cyberterrorist targets include the banking industry, military
er plants, air traffic control centers and water systems) However,
tconsensus between various governments and the information
on what qualifies as an act of cyberterroris1m.

nes cyberterrorism narrowly, excluding all but the most

r organizations and experts suggest that many less harmful
sidered to be acts of cyberterrorism, as long as the attacks
Dtive or to further the attackers' political stance. In some
iCtoyberfurtherter otheirrist po. between cyberterrorism attacks and more ordinary
intention: the primary motivation for cyberterrorism
he victims, even if the attacks do not result in
l harm.
physical

...G n is tied to the

tshould be
outcome of a cyberattack; many
considered a cyberterrorism attack if

Page 20
Happy Insan Sir
9694717940
 Metiods of cyberterrorisn

Cyberterror operations can use many different attack methods, including:

Advanced persistent threat (APT) actors may use sophisticated and
concentraled network attacks in which they gain access to anetwork and stay
there undetected for a long period of time with the intention of stealing data,
rather than cause dannage to the network or organization. APT attacks target
organizn: ii secias w2 hiuh-value information, such as rationai defense,
nanuacutiug Auiine inaiai industry.
Viruses, computer wOns and malware targeting control systems can affect
waler supplies, transportation systems, power grids, critical infrastructure and
nilitary systems and may be used to further cyberterrorist goals.
DoS atacks, cybersecurity events that occur when attackers take action to
prevent legitimate users from accessing targeted computer systems, devices or
other network iesources.

Hacking and theft of critical data from institutions, governments and

businesses.
Ransonware that holds computer systems hostage until ihe victims pay ransc i.
i c n n s o coilect info:antion o2
silsgl! ai, which hey can then usu to access systems or sieai the
Vicums' ideniies.

Cyberterrorist attackers can use virtually any attack method used by cybercriminals
tofurther their political or social goals.

..GOD Bless U.......

Happy lnsan Sir 9694717940

Page 22