End sem

SECTION – A (Attempt all parts)

Q1. Define the following terms (1×5 = 5 Marks)

(a) What is NCHIPC?

NCHIPC stands for National Critical Information Infrastructure Protection
Centre.
It is an agency under the National Technical Research Organisation (NTRO)
responsible for:

Protecting India’s critical information infrastructure (CII) like power grids,

banking, telecom, transportation, and government networks.

Monitoring cyber threats and issuing alerts.

Coordinating with organizations to prevent large-scale cyber attacks.

(b) Needs and advantages of e-taxation

Needs:

To simplify tax collection and compliance.

To reduce corruption and human intervention.

To maintain digital records for transparency.

Faster processing of returns and refunds.

Advantages:

24×7 availability; taxpayers can file from anywhere.

Reduced paperwork and cost.

Accuracy in calculations and reduced errors.

Quicker refunds and real-time status tracking.

End sem 1
 Increased transparency and accountability.

(c) Define Cyber Terrorism

Cyber terrorism refers to use of computer systems, networks, or digital tools to
create fear, disrupt services, or cause harm to a nation or society.
Examples:

Attacks on power grids

Disruption of military networks

Crashing banking systems

Spreading panic through mass hacking

(d) Explain Virtual Banking Operations

Virtual banking (or e-banking) means banking services delivered through the
internet without physical branch interaction.
Operations include:

Online fund transfer (NEFT/RTGS/IMPS)

Account balance check and mini-statements

Online bill payments

E-KYC, loan applications

Online fixed/recurring deposits

Mobile banking services

(e) Define Online Payment Gateways

A payment gateway is a secure online service that authorizes and processes
digital payments made through debit cards, credit cards, UPI, wallets, and net
banking.
Functions:

Encrypts customer payment data

End sem 2
 Sends transaction details to the bank

Confirms success or failure of payment

Examples: Razorpay, PayU, PayPal.

Q2. Answer the following questions (1×5 =

5 Marks)
(a) How has the court handled phishing attack and data theft?
Courts in India treat phishing and data theft as punishable cyber offences under
the IT Act and IPC.
Handling includes:

Prosecution under IT Act Section 66C (identity theft) and 66D (cheating by
impersonation using computers).

Compensation to victims under Section 43 & 66 for unauthorized access and

data theft.

Courts direct banks/organizations to strengthen security.

Offenders can face imprisonment + fine depending on severity.

Case laws show courts relying on digital evidence, logs, IP address tracking,
and forensic reports.

(b) Classify different types of cyber-crime and ethical issues in

cyberspace.
Types of Cyber Crimes:

1. Financial crimes – credit card fraud, online banking fraud.

2. Hacking and unauthorized access.

3. Cyber stalking and harassment.

4. Identity theft.

End sem 3
 5. Malware attacks – viruses, worms, ransomware.

6. Cyber terrorism and cyber warfare.

7. Online piracy and intellectual property theft.

8. Phishing and spoofing.

Ethical Issues:

Privacy violation

Intellectual property misuse

Digital plagiarism

Unethical hacking

Cyber bullying

Data manipulation

Misuse of social media and misinformation

(c) How legal recognition is provided for electronic documents

and how they are authenticated?
Legal recognition:

Under Section 4 of the IT Act, 2000, electronic records are legally valid just
like paper documents.

Section 5 of the IT Act gives digital signatures the same legal status as
handwritten signatures.

Authentication:

Done through Digital Signatures issued by Certifying Authorities (CAs).

Uses Public Key Infrastructure (PKI).

Ensures:

Authenticity (sender is verified)

Integrity (document not altered)

Non-repudiation (sender cannot deny the action)

End sem 4
 (d) Explain the purpose of Cyber Swachhta Kendra.
Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) was
launched by CERT-In.
Purpose:

Detect botnets and malware infections in users’ systems.

Provide free tools for malware removal.

Increase public awareness on cybersecurity.

Promote secure digital practices across India.

Examples of tools: USB Pratirodh, AppSamvid, M-Kavach.

(e) Purpose of National Cyber Security Policy 2013

The NCSP 2013 aims to create a safe and secure cyber ecosystem in India.

Objectives:

Protect public and private infrastructure.

Reduce cyber threats and improve incident response.

Strengthen laws, security standards, and awareness.

Promote R&D and skill development in cyber security.

Encourage public-private partnerships.

Safeguard citizens’ personal data and online privacy.

Q.3 (i) (a)

Define the terms moral, ethics and law. Briefly
explain the understanding about code of ethics.

End sem 5
 Morals
Morals are personal principles and values that define what an individual
considers right or wrong.

They are influenced by culture, religion, upbringing, and personal beliefs.

Ethics
Ethics refers to rules and standards that guide the behavior of individuals or
groups in a professional or social context.

Ethics are more structured than morals and ensure fairness, honesty, and
responsibility.

Law
Law is a set of formal rules enacted by the government to maintain order,
protect rights, and ensure justice.

Violation of law leads to legal punishment.

Code of Ethics – Meaning and Understanding

A code of ethics is a formal document that outlines:

Acceptable professional conduct

Ethical responsibilities

Standards to maintain integrity and accountability

Purpose:

To guide professionals in decision-making

To prevent unethical practices

To maintain trust between organization and society

Examples: ACM Code of Ethics, IEEE Code of Conduct.

Q.3 (i) (b)

End sem 6
 Explain the various challenges faced for cybercrime
trials and investigation.
Cybercrime trials and investigation face multiple challenges:

1. Jurisdiction Issues
Cybercrimes often occur across borders.

Determining which country’s law applies becomes difficult.

2. Anonymity and Identity Masking

Criminals use VPNs, proxies, Tor browser, fake identities.

Tracing the real attacker becomes complex.

3. Lack of Technical Expertise

Police and judiciary often lack advanced cyber-forensics knowledge.

Requires skilled digital investigators.

4. Evidence Collection Problems

Digital evidence is volatile and easily deleted or modified.

Maintaining chain of custody is challenging.

5. Slow Legal Processes

Traditional courts are slow and not fully equipped for technical cases.

Delays reduce effectiveness of prosecution.

6. Encryption and Advanced Tools

Encrypted devices and apps restrict investigation.

Ransomware investigations become extremely difficult.

7. Lack of International Cooperation

Different countries follow different cyber laws.

End sem 7
 Requires treaties, mutual agreements, which take time.

Q.3 (ii) (a)

Critically analyze the issues relating to the
governance of internet.
Internet governance deals with policies, rules, standards, and practices that
coordinate global internet usage.
Key issues:

1. Absence of Central Authority

No single global body controls the internet.

Creates disputes on jurisdiction and control.

2. Privacy & Data Protection

Massive collection of user data by companies (Google, Meta).

Lack of uniform global privacy laws (ex: GDPR vs Indian laws).

3. Cybersecurity Threats
Increasing malware, hacking, cyber terrorism.

No global consensus on how to handle cyber warfare.

4. Digital Divide
Unequal access to internet between developed and developing countries.

Affects fair representation in governance bodies.

5. Control of Critical Internet Resources

ICANN (USA-based) manages domain names and IPs.

Developing nations argue for more equal governance rights.

End sem 8
 6. Freedom of Speech Issues
Countries differ on censorship policies.

Balancing freedom and security remains a challenge.

7. Intellectual Property Issues

Rising software piracy, copyright violations.

Need for better global regulatory frameworks.

Q.3 (ii) (b)

Explain the risks involved in running E-Business
sites.
Running an e-business site involves multiple risks:

1. Security Risks
Hacking, SQL injection, brute-force attacks.

Theft of customer data (passwords, cards).

2. Financial Risks
Payment frauds, chargebacks, phishing scams.

Loss from fake transactions.

3. Server Downtime Risks

Website crashes during peak traffic → customer loss.

Hosting failures impact revenue.

4. Privacy Risks
Leakage of personal data can lead to lawsuits.

Unethical use of customer data damages reputation.

End sem 9
 5. Operational Risks
Errors in order processing, logistics, inventory mismatch.

Dependence on third-party delivery services.

6. Legal/Compliance Risks
Need to follow IT Act, consumer laws, taxation laws.

Non-compliance results in penalties.

7. Reputation Risks
Negative reviews, bad user experience, delays spoil trust.

Competitors gain advantage.

8. Technological Risks
outdated technology may fail under load

compatibility issues across devices

Q.4 (i) (a) Explain Section 43 under the IT

Act, 2000.
Section 43 of the Information Technology Act, 2000 deals with penalties for
damage to computer systems, data, or networks.

It covers anyone who, without permission of the owner, does any of the
following:

Acts covered under Section 43:

1. Accesses or secures access to a computer, system, or network.

2. Downloads, copies, or extracts data, information, or databases.

3. Introduces computer contaminants (viruses, malware) or causes damage.

End sem 10
 4. Disrupts or causes denial of access to a computer or network (DoS attacks).

5. Damages or deletes computer resources or data.

6. Tampering with computer settings or network configuration.

7. Stealing, destroying, or altering information stored in any computer.

8. Unauthorised use of a computer for charging services without permission.

9. Assisting someone in unauthorized access or activities mentioned above.

Penalty under Section 43:

Compensation up to ₹1 crore to the affected person/company.

It is a civil offence, not a criminal one.

Purpose:
To protect computer systems from unauthorized access, data theft, and damage.

Q.4 (i) (b) OR — Explain in brief about

Indian Legal System.
The Indian Legal System is one of the world’s largest legal systems.
It is mainly derived from:

British Common Law

Constitution of India

Customs and religious laws

Judicial decisions (precedents)

Key Features:
1. Written Constitution
Indian Constitution is the supreme law guiding rights and duties.

2. Judicial Hierarchy

Supreme Court

End sem 11
 High Courts

District & Sessions Courts

Subordinate Courts

3. Common Law System

Judgments of higher courts act as precedents for lower courts.

4. Separation of Powers
Legislature → creates laws
Executive → implements laws

Judiciary → interprets laws

5. Fundamental Rights and Duties

Provides personal liberties, right to equality, freedom, etc.

6. Criminal & Civil Laws

Criminal: IPC, CrPC

Civil: Contract Act, Evidence Act, Company Law, etc.

7. Special Laws

IT Act 2000, Consumer Protection Act, RTI Act, etc.

Q.4 (ii) (a) Summarize in brief how cyber

forensics is performed.
Cyber forensics involves scientific methods to collect, analyze, and preserve
digital evidence for legal use.

Steps in Cyber Forensics:

1. Identification

Locate digital evidence: devices, logs, servers, emails, disks.

2. Preservation

Secure the crime scene digitally

End sem 12
 Prevent tampering using write blockers

Maintain chain of custody

3. Collection

Acquire data legally

Use forensic imaging tools (FTK Imager, EnCase)

Make bit-by-bit copies

4. Examination

Recover deleted files

Extract metadata, browsing history, chats, logs

Identify malicious files

5. Analysis

Study attack pattern

Reconstruct timeline

Identify suspects and their activities

6. Documentation

Prepare detailed forensic reports

Maintain evidence integrity

Screenshot proofs, logs, timestamps

7. Presentation

Present findings in court

Explain technical evidence in simple terms

Ensure reports follow legal admissibility

Q.4 (ii) (b) OR — Explain the nature and

types of cyber evidences in brief.

End sem 13
 Cyber evidence refers to any data stored or transmitted in digital form used in
cybercrime investigation.

Nature of Cyber Evidence:

Digital and intangible (cannot be touched)

Easily modifiable or erasable

Requires proper chain of custody

Must be authentic, reliable, and admissible in court

Often spread across multiple devices or networks

Types of Cyber Evidence:

1. Computer-based Evidence
Hard disks, SSDs

Files, documents, deleted data

System logs

2. Network Evidence
IP logs, firewall logs

Router logs, packets captured

Server access logs

3. Mobile Evidence
Call logs, SMS, WhatsApp chats

Location data

App activity

4. Cloud Evidence
Emails, cloud storage files

SaaS logs

End sem 14
 Online transaction data

5. Multimedia Evidence
Photos, videos, audio files

CCTV recordings

6. Internet-based Evidence
Social media posts

Website browsing history

Online transactions

Cookies and cache

7. Metadata Evidence
Timestamps (created, modified, accessed)

Device info

File properties

SECTION C

Q.5 (a)
Describe a potential whistle-blower situation at
workplace/school and steps you would take.
Example Situation (Whistle-Blower Scenario)
Imagine you are working in a software company or studying in a college.
A situation arises where:

End sem 15
 A senior employee/administrator is misusing students’/employees’ personal
data,

Or manipulating internal marks,

Or installing unapproved software to spy on system activities,

Or tampering with financial records,

Or engaging in harassment or discrimination.

This becomes a potential whistle-blower situation because the act:

Violates ethics and law

Harms students/employees

Breaks privacy and trust

Can cause legal consequences for the institution

Steps to Take as a Whistle-Blower

1. Observe and Verify the Information

Collect facts, dates, and incidents.

Avoid assumptions—only rely on provable evidence.

2. Preserve Evidence Securely

Emails, screenshots, logs, documents.

Ensure the integrity of evidence so it is legally usable.

3. Follow Institutional Policy First

Most companies and schools have whistle-blower policies.
Follow the official reporting hierarchy.

4. Report to Appropriate Internal Authority

Depending on situation, report to:

HR Department

End sem 16
 Internal Ethics Committee

Compliance/Legal Officer

Department Head / Dean

Data Protection Officer (for privacy issues)

Cybersecurity Cell (if data misuse is technical)

5. Request Confidentiality
Ask management to keep your identity protected.

Whistle-blower laws support confidentiality.

6. Escalate Externally (if internal fails)

If the institution ignores the issue or tries to hide it, then escalate to:

Government whistle-blower helpline

Police/Cybercrime cell (for data theft or fraud)

Regulatory bodies (UGC, AICTE, or IT authorities)

7. Avoid Retaliation & Maintain Professionalism

Do not discuss with outsiders or social media.

Keep calm and cooperate with investigation teams.

Conclusion
A whistle-blower must act responsibly, preserve evidence, and report the issue
through proper channels to protect the organization and maintain ethical integrity.

Q.5 (b)
Explain the term “Cyber Squatting” and protections
available to consumers.

End sem 17
 Definition of Cyber Squatting
Cyber Squatting is the illegal practice of registering someone else’s trademark,
brand name, or popular domain name with the intention of:

Selling it at a high price

Creating confusion

Misleading users

Damaging the real brand

Example:
Someone registering [Link] or [Link] and later trying to sell it to the
original brand.

Types of Cyber Squatting

1. Typo Squatting – misspelled domains

2. Identity Squatting – using names of celebrities or individuals

3. Company Name Squatting – registering business names before the business

does

4. Reverse Domain Hijacking – falsely claiming domain infringement

Protections Available to Consumers / Brand Owners

1. IT Act 2000
Cyber squatting is punishable under:

Section 66 (fraud and deception)

Section 43 (unauthorized access, misuse)

Provides compensation for damages.

2. Trademarks Act, 1999

If domain uses a registered trademark, the owner can:

End sem 18
 File a case for infringement and passing off

Claim compensation

Demand removal/transfer of domain

Court cases like Yahoo! Inc. vs Akash Arora protect trademark owners.

3. ICANN Domain Dispute Resolution – UDRP

International protection mechanism:

Uniform Domain Name Dispute Resolution Policy (UDRP)

Allows trademark owners to file dispute complaints

Domain can be transferred or cancelled without going to court

4. INDRP for .IN domains

For Indian domains:

“IN Domain Name Dispute Resolution Policy” (INDRP)

Handles disputes related to .in, .[Link], .[Link] domains

Protects Indian companies and consumers

5. Civil Remedies
Victims can approach civil court for:

Compensation

Permanent injunction

Domain transfer orders

6. Criminal Remedies
If malicious intent exists (fraud, phishing),

Complaint can be filed for:

Cheating (IPC 420)

End sem 19
 Fraudulent impersonation

IT Act offences

Conclusion
Cyber Squatting is a major digital trademark violation, and consumers are
protected through IT Act, Trademark Act, and dispute resolution mechanisms like
UDRP/INDRP.

Q.6 (a)
Describe in detail a hypothetical situation in which
the action you take is NOT legal, but it IS ethical.
A situation can arise where breaking the law becomes ethically justified because
it protects people, prevents harm, or upholds moral responsibility.

Here is a detailed hypothetical example:

Hypothetical Situation
You work in a hospital as a junior IT administrator.
You discover that:

The hospital management is hiding a major data breach,

Patients' medical records (including HIV status, psychological reports,

financial details) were accessed by hackers,

Management instructs all staff to stay silent and not report the breach,
fearing legal penalties and loss of reputation.

However, this secrecy is illegal, because:

Hospitals must report breaches under data protection rules.

Patients have a right to know their data has been leaked.

End sem 20
 Your Action
You anonymously inform the state cybercrime cell and send proof of breach.
You also alert a health regulatory authority so they can force the hospital to
notify affected patients.

Why Your Action is Not Legal

You violated the confidentiality clause in your employment contract.

You disclosed internal information to outside authorities without permission.

Management may claim breach of NDA or unauthorized disclosure.

Legally, you could face:

Disciplinary action

Termination

Civil liability for breach of contract

Why Your Action is Ethical

You protected thousands of patients from identity theft and blackmail.

You upheld public safety and transparency.

You prevented further misuse of sensitive data.

You acted in alignment with professional ethics, such as:

Duty of care

Integrity

Preventing harm (Non-maleficence)

Whistle-blower ethics

Conclusion
This situation shows that an act can be illegal but still ethically correct when it
protects human rights, public safety, and justice. Ethical decision-making
sometimes requires going beyond the limitations of written law.

End sem 21
 Q.6 (b)
Explain how patents, copyrights and plagiarism
prevention help develop “Unique Thinking” in
individuals and increase contribution to society.
Intellectual Property Rights (IPR) such as patents, copyrights, and plagiarism
control play a major role in encouraging innovation, creativity, and ethical
behavior.

(1) Patents – Encouraging Innovation

What patents do:
Protect inventions (machines, processes, chemicals, devices).

Give the inventor exclusive rights for 20 years.

Prevent others from copying the invention.

How patents promote unique thinking:

Individuals try to create new solutions, not copy existing ones.

Research and development increases.

Inventors focus on technical creativity and problem-solving.

Companies invest more in innovation because they can earn profit legally.

Societal Contribution:
New medicines, better technologies, improved machines, safer products.

Economic growth and improved quality of life.

End sem 22
 (2) Copyrights – Encouraging Creative
Expression
What copyrights protect:
Books, software, music, movies, artworks, research papers, etc.

How copyrights promote unique thinking:

Creators produce original content instead of copying others.

Writers, artists, developers think independently and build unique ideas.

Protects the creator’s hard work and gives motivation to innovate.

Societal Contribution:
More educational content

More cultural and artistic works

Growth of media, literature, entertainment industries

(3) Plagiarism Prevention – Promoting

Ethical Creativity
What is plagiarism control:
Ensuring individuals do not copy others’ work without credit.

Academic institutions use plagiarism checks to ensure originality.

How plagiarism prevention builds unique thinking:

Students and researchers create their own arguments, ideas, and designs.

They learn to think critically instead of blindly copying.

Improves research quality and academic integrity.

Encourages learning, analysis, and conceptual understanding.

End sem 23
 Societal Contribution:
High-quality research

Trustworthy educational systems

More honest, skilled individuals entering the workforce

Overall Impact on Society

1. Encourages Creativity & Innovation
People are motivated to build new products, books, inventions, and technologies.

2. Protects Effort & Investment

IP laws ensure creators and scientists are rewarded.

3. Supports Economic & Technological Growth

Innovation leads to startups, industries, patents, exports.

4. Builds Ethical Culture

Anti-plagiarism encourages honesty, originality, and professionalism.

5. Generates Knowledge for Society

More original research → better solutions → improved social welfare.

Conclusion
Patents, copyrights, and plagiarism control together create a culture of originality,
ethical behavior, and unique thinking, which ultimately benefits the entire society
through innovation, creativity, and progress.

End sem 24