A survey of Indian Cyber crime and law and its pre- vention approach

More documents

Recommendations

Info

International Journal of Advanced Computer Technology (IJACT)ISSN:2319-7900Attribution, Acknowledgement and Dispatchof Electronic RecordsThis chapter of the Act specifies the time of dispatch andreceipt to electronic record. An electronic record with a securedigital signature will automatically be considered as asecure electronic record. It will also be considered as a secureif security procedures have been applied to it. Suchsecurity may be in the form of encryption.Regulation of certifying Authorities“Certifying Authority” means a person who has beengranted a license to issue a Digital Signature Certificate undersection24.Digital Signature CertificateIt means a certificate issued under sub-section (4) of section35Duties of SubscribersSubscriber checks any electronic record by means of an electronicmethod or procedure.Penalties and AdjudicationThe penalty for tampering source code is imprisonment for aterm not exceeding 3 years and/or a fine not exceeding Rs.200000. In order to enforce the punishments, central governmentwill appoint an Adjusting Officer who will havepowers of civil court.The Cyber Regulations Appellate TribunalThe Act contemplates the constitution of the Cyber regulationAppellate Tribunal, having a Presiding Officer. Tribunalwill hear appeals from orders passed by adjusting Officer.The party may appeal to High Court of any state within 60days, if unsatisfied with the order of Tribunal.Prevention of Computer Misuse Prevention, detection, and deterrence measuresshall be implemented to safeguard the security ofcomputers and computer information from misuse.The measures taken shall be properly documentedand reviewed regularly. Each organization shall provide adequate informationto all persons, including management, systemsdevelopers and programmers, end users, and thirdparty users warning them against misuse of computers. Effective measures to deal expeditiously withbreaches of security shall be established withineach organization. Such measures shall include:(i) Prompt reporting of suspected breach;(ii) Proper investigation and assessment of thenature of suspected breach;(iii) Secure evidence and preserve integrity ofsuch material as relates to the discoveryof any breach;(iv) Remedial measures. All incidents related to breaches shall be reported tothe System Administrator or System Security Administratorfor appropriate action to prevent futureoccurrence. Procedure shall be set-up to establish the nature ofany alleged abuse and determine the subsequent actionrequired to be taken to prevent its future occurrence.Such procedures shall include:(i) The role of the System Administrator, SystemSecurity Administrator and management;(ii) Procedure for investigation;(iii) Areas for security review; and(iv) Subsequent follow-up action.Use of Security Systems or Facilities Security controls shall be installed and maintainedon each computer system or computer node to preventunauthorized users from gaining entry to theinformation system and to prevent unauthorizedaccess to data. Any system software or resource of the computersystem should only be accessible after being authenticatedby access control system.INTERNATIONAL JOURNAL OF ADVANCED COMPUTER TECHNOLOGY | VOLUME 1, NUMBER 2, 53
International Journal of Advanced Computer Technology (IJACT)ISSN:2319-7900System Access Control Access control software and system software securityfeatures shall be implemented to protect resources.Management approval is required to authorizeissuance of user identification (ID) and resourceprivileges. Access to information system resources like memory,storage devices etc. Sensitive utilities and dataresources and program files shall be controlled andrestricted based on a "need-to-use" basis with propersegregation of duties. The access control software or operating system ofthe computer system shall provide features to restrictaccess to the system and data resources. Theuse of common passwords such as “administrator”or “president” or “game” etc. to protect access tothe system and data resources represents a securityexposure and shall be avoided. All passwords usedmust be resistant to dictionary attacks.Password Management Certain minimum quality standards for passwordshall be enforced. The quality level shall be increasedprogressively. The following control featuresshall be implemented for passwords:(i) Minimum of eight characters without leadingor trailing blanks;(ii) Shall be different from the existing passwordand the two previous ones;(iii) Shall be changed at least once every ninetydays; for sensitive system, passwordshall be changed at least once everythirty days; and(iv) Shall not be shared, displayed or printed. Password retries shall be limited to a maximum ofthree attempted logons after which the user IDshall then be revoked; for sensitive systems, thenumber of password retries should be limited to amaximum of two. Passwords which are easy-to-guess (e.g. user name,birth date, month, standard words etc.) should beavoided.ConclusionComputer crime is a multi-billion dollar problem. Law enforcementmust seek ways to keep the drawbacks from overshadowingthe great promise of the computer age. But stillon day‟s cyber crime is happening in India. Due to advancemeant of technology people apply their multiple or multilabeltalent to misuse of technology and also make it harmfulto other point of view. So this kind of crime not solved fullyby establishing different law, also need to develop humanmorality, value and ethics proper manner.Reference[1] Cyber Law, Morals & Ethics.[2] Role of Cyber Law and its Usefulness in Indian ITIndustry, Apurba Kumar Roy[3] New Amendments to IT Act 2000[4] S. Hinde, “The law, cybercrime, risk assessment andcyber protection”, Computers & Security, vol. 22, issue 2,pp. 90-95, February 2003.[5] C. Scheideler, “Theory of network communication”,Johns Hopkins University, September 2002.[6] Adv. Prashant Mali, “Types of cyber crimes & cyber lawin India”, CSI Communication, Vol. 35, issue 8, pp. 33-34,November 2011.[7] Q. Yeh and A. Chang, “Threats and countermeasures forinformation system security: A cross-industry study”, Information& Management, vol. 44, pp. 480-491, 2007.[8] A. Bequai, “A guide to cyber-crime investigations”,Computers & Security, vol. 17, issue 7, pp.579-582, 1998.[9] D. Denning, “An intrusion detection model”, IEEE TransSoftw Eng, Vol.13, issue 2, pp.222-232, 1987.[10] www.cyberlawportal.com[11] www.cert.org/archive/pdf/defcappellimoore0804.pdf[12] http://www.cylab.cmu.edu/BiographiesFIRST A. ANGSHUMAN JANA received the B.tech degreein Computer Science and engineering from the WestBengal University of Technology, Kolkata, West Bengal,2011.Pursuing M.Tech degree in software EngineeringA survey of Indian Cyber crime and law and its prevention approach 54
Page 1 and 2: International Journal of Advanced C
Page 3 and 4: International Journal of Advanced C
Page 5: International Journal of Advanced C

A survey of Indian Cyber crime and law and its pre- vention approach

Create successful ePaper yourself

Delete template?

Save as template?