Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies

Slides:



Advertisements
Similar presentations
Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.
Advertisements

Rohas Nagpal Asian School of Cyber Laws.  Information Technology Act, 2000 came into force in October 2000  Amended on 27 th October 2009  Indian Penal.
Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
ITA 2008: Law Enforcement & Incident Response -The way forward- By Talwant Singh Addl. Distt. & Sessions Judge Delhi
The Information Technology Act, 2000 and The Information Technology (amendment) Act, 2008 A Comparative analysis By – Sagar Rahurkar.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Wonga example Register Question- What risks do you think businesses face due to IT developments?
GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.
INFORMATION RETRIEVAL, INFORMATION ACCESS & BIG DATA- LEGAL PERSPECTIVES.
Privileged & Confidential 1 India: an up-date on Data Protection Legislation by Tejas Karia (BSL, LLM (LSE), Advocate, Solicitor Associate, Amarchand &
Cyber Laws in Pakistan. Cyber Crime Activity in which computers or networks are a tool, a target, or a place of criminal activity. Cyber crime also stated.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Indian Penal Code Act, 1860 Neeraj Aarora Advocate FICWA, LLB, MBA (IT), PGD (Cyber Law, DLTA & ADR), CFE (USA), BCFE (USA) Empanelled Legal Expert with.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
CONTROLLING INFORMATION SYSTEMS
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Chapter 8 Auditing in an E-commerce Environment
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
India Data Privacy Law – Its impact on Business Ecosystem Shivaji Rao, Regional General Counsel, Asia PAC and Sub-Saharan Africa, John Deere.
Cyber Law And Ethics And Ethics.
Protecting Yourself from Fraud including Identity Theft Advanced Level.
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
ACCEPTABLE USE POLICY: INFORMATION TECHNOLOGY RESOURCES IN THE SCHOOLS The school's information technology resources, including and Internet access,
Welcome to the ICT Department Unit 3_5 Security Policies.
Legal Aspects in IT Security Is Your Organisation Up-to-Date?? (Ref : IT Act, 2008 & IT Rules 2011) Adv Prashant Mali [BSc(Phy),MSc(Comp. Sci.),CNA,
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Information Security and Privacy in HRIS
Add video notes to lecture
Managing a Cyber Event Steven P. Gibson President
I S P S loss Prevention.
Cyber Crime.
Chapter 17 Risks, Security and Disaster Recovery
IT ACT 2000 and 2008 Important Sections Awareness Presentation
Lecture 14: Business Information Systems - ICT Security
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Computer Security Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Year 10 ICT ECDL/ICDL IT Security.
Cyber Issues Facing Medical Practice Managers
Move this to online module slides 11-56
Red Flags Rule An Introduction County College of Morris
General Data Protection Regulation
Planning and Security Policies
County HIPAA Review All Rights Reserved 2002.
INFORMATION SYSTEMS SECURITY and CONTROL
Protecting Yourself from Fraud including Identity Theft
HOW DO I KEEP MY COMPUTER SAFE?
Cyber security Policy development and implementation
Faculty of Science IT Department By Raz Dara MA.
Protecting Yourself from Fraud including Identity Theft
Tools & Approaches for Ongoing Privacy Compliance
Forensic and Investigative Accounting
How it affects policies and procedures
Premier Employee Program Version 4.0
Neopay Practical Guides #2 PSD2 (Should I be worried?)
LO1 - Know about aspects of cyber security
G061 - Network Security.
Protecting Yourself from Fraud including Identity Theft
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies

Section 43. Penalty and Compensation for damage to computer, computer system, etc..- If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network -

UNAUTHORISED ACCESS (a) accesses or secures access to such computer, computer system or computer network or computer resource

UNAUTHORISED DOWNLOADING, COPYING OR EXTRACTION (b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

COMPUTER VIRUS, WORM CONTAMINANT (c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

DAMAGING A COMPUTER (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

DISPRUPTION OF A COMPUTER (e) disrupts or causes disruption of any computer, computer system or computer network;

DENIAL OF SERVICE (f) denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;

FACILITATING UNAUTHORISED ACCESS (g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under,

TAMPERING OR MANIPULATING COMPUTER (h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

DESTRUCTION, DELETION OR ALTERATION (i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means,

SOURCE CODE THEFT (j) steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

......he shall be liable to pay damages by way of compensation to the person so affected. Compensation upto Rs. 1 Crore.

FAILURE TO PROTECT DATA 43 A. Compensation for failure to protect data Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 have been made under this section. They came into force on 11th April 2011. According to these rules, sensitive personal data or information of a person means such personal information Which consists of information relating to;— (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition;

(iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:

* Failure to protect data-compensation upto Rs. 5 Crores. The following information is not regarded as sensitive personal data or information: (1) any information that is freely available or accessible in public domain (2) any information that is furnished under the Right to Information Act, 2005 or any other law for the time being in force. * Failure to protect data-compensation upto Rs. 5 Crores.

There have been many instances of database hacks like that of Zomato, J.P. Morgan, Adult friend finder, Ebay, Yahoo, etc. The list is endless, especially in the case of E- commerce companies, and hackers misuse this data for phishing scams, vishing scams and extortion.

TAMPERING WITH SOURCE CODE DOCUMENTS SECTION 65. Tampering with computer source documents. Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

CASE LAW: Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh & Anr. [2005CriLJ4314] Summary of the case: Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65 of the Information Technology Act, 2000.

Cyber Defamation Indian Penal Code sections 499, 500, 501 and 502.

IDENTITY THEFT 66C. Punishment for identity theft.- Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

CHEATING BY PERSONATION 66D. Punishment for cheating by personation by using computer resource.- Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

DATA THEFT Perpetrators: Employees Vendors Hackers Competitors IPR thieves

Methods of Mitigating Cyber Crimes in Corporates Proactive Methods Cyber Disaster Plan & Management BYOD Policies & MDM Information Technology Law Compliance Audits Data Security and Privacy Law Compliance Audits Online Reputation Management Employee Sensitization

Information Technology Law Compliance Audits We are the only organization in India offering a comprehensive Information Technology Law Compliance Audit. This audit would enable you to know the level of risk and compliance your organization currently has. Post the audit we also give recommendations for complete compliance and risk mitigation. Under the Information Technology Act, 2000 the penalty for failure to protect databases and failure to maintain reasonable security practices by Corporate is upto Rs. 5 Crores where the jurisdiction lies before the Adjudicating Officer and above Rs. 5 Crores where the jurisdiction is before the High Court for each non-compliance.

BYOD Policies & MDM Strong and well drafted BYOD. MDM consents taken and Privacy issues resolved by getting employees to sign off on a separate MDM policy.

Data Security and Privacy Law Compliance Audits Depending on nature of Business it must be conducted annually or bi-annually. Involves vetting of all Internal agreements, vendor agreements, Vendor standards of security, Company’s standards of security and compliance with Privacy and Data Protection laws.

Online Reputation Management Is of key importance to reduce instances of Cyber defamation and Identity theft. Helps to protect Brand image and integrity in the market. Reduces liability towards users in Identity theft or spoofed brand cases.

Cyber Disaster Plan & Management Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up. Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration. Document the IT disaster recovery plan as part of the business continuity plan. Test the plan periodically to make sure that it works. Management of Cyber Crisis

Employee Sensitization Case of data theft through Chinese take away menu. Employee is the weakest link Awareness of Cyber Crimes among employees Novel methods of creating awareness Training programes

Advocate Puneet Bhasin Cyberjure Legal Consulting Cyber Law Expert Proprietor Cyberjure Legal Consulting adv.puneet@cyberjure.com 9223186357 www.puneetbhasin.in www.cyberjure.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.