Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies

Published byΑριάδνη Κυπραίος Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies"— Presentation transcript:

1 Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies

2 Section 43. Penalty and Compensation for damage to computer, computer system, etc..- If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network -

3 UNAUTHORISED ACCESS (a) accesses or secures access to such computer, computer system or computer network or computer resource

4 UNAUTHORISED DOWNLOADING, COPYING OR EXTRACTION
(b) downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;

5 COMPUTER VIRUS, WORM CONTAMINANT
(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network;

6 DAMAGING A COMPUTER (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;

7 DISPRUPTION OF A COMPUTER
(e) disrupts or causes disruption of any computer, computer system or computer network;

8 DENIAL OF SERVICE (f) denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;

9 FACILITATING UNAUTHORISED ACCESS
(g) provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under,

10 TAMPERING OR MANIPULATING COMPUTER
(h) charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network,

11 DESTRUCTION, DELETION OR ALTERATION
(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means,

12 SOURCE CODE THEFT (j) steal, conceals, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage;

13 ......he shall be liable to pay damages by way of compensation to the person so affected.
Compensation upto Rs. 1 Crore.

14 FAILURE TO PROTECT DATA
43 A. Compensation for failure to protect data Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

15 The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 have been made under this section. They came into force on 11th April According to these rules, sensitive personal data or information of a person means such personal information Which consists of information relating to;— (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition;

16 (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise:

17 * Failure to protect data-compensation upto Rs. 5 Crores.
The following information is not regarded as sensitive personal data or information: (1) any information that is freely available or accessible in public domain (2) any information that is furnished under the Right to Information Act, or any other law for the time being in force. * Failure to protect data-compensation upto Rs. 5 Crores.

18 There have been many instances of database hacks like that of Zomato, J.P. Morgan, Adult friend finder, Ebay, Yahoo, etc. The list is endless, especially in the case of E- commerce companies, and hackers misuse this data for phishing scams, vishing scams and extortion.

19 TAMPERING WITH SOURCE CODE DOCUMENTS
SECTION 65. Tampering with computer source documents. Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

20 CASE LAW: Syed Asifuddin and Ors. Vs. The State of Andhra Pradesh & Anr. [2005CriLJ4314]
Summary of the case: Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65 of the Information Technology Act, 2000.

21 Cyber Defamation Indian Penal Code sections 499, 500, 501 and 502.

22 IDENTITY THEFT 66C. Punishment for identity theft.- Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.

23 CHEATING BY PERSONATION
66D. Punishment for cheating by personation by using computer resource.- Whoever, by means of any communication device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

24 DATA THEFT Perpetrators: Employees Vendors Hackers Competitors
IPR thieves

25 Methods of Mitigating Cyber Crimes in Corporates
Proactive Methods Cyber Disaster Plan & Management BYOD Policies & MDM Information Technology Law Compliance Audits Data Security and Privacy Law Compliance Audits Online Reputation Management Employee Sensitization

26 Information Technology Law Compliance Audits
We are the only organization in India offering a comprehensive Information Technology Law Compliance Audit. This audit would enable you to know the level of risk and compliance your organization currently has. Post the audit we also give recommendations for complete compliance and risk mitigation. Under the Information Technology Act, 2000 the penalty for failure to protect databases and failure to maintain reasonable security practices by Corporate is upto Rs. 5 Crores where the jurisdiction lies before the Adjudicating Officer and above Rs. 5 Crores where the jurisdiction is before the High Court for each non-compliance.

27 BYOD Policies & MDM Strong and well drafted BYOD.
MDM consents taken and Privacy issues resolved by getting employees to sign off on a separate MDM policy.

28 Data Security and Privacy Law Compliance Audits
Depending on nature of Business it must be conducted annually or bi-annually. Involves vetting of all Internal agreements, vendor agreements, Vendor standards of security, Company’s standards of security and compliance with Privacy and Data Protection laws.

29 Online Reputation Management
Is of key importance to reduce instances of Cyber defamation and Identity theft. Helps to protect Brand image and integrity in the market. Reduces liability towards users in Identity theft or spoofed brand cases.

30 Cyber Disaster Plan & Management
Businesses should develop an IT disaster recovery plan. It begins by compiling an inventory of hardware (e.g. servers, desktops, laptops and wireless devices), software applications and data. The plan should include a strategy to ensure that all critical information is backed up. Identify critical software applications and data and the hardware required to run them. Using standardized hardware will help to replicate and reimage new hardware. Ensure that copies of program software are available to enable re-installation on replacement equipment. Prioritize hardware and software restoration. Document the IT disaster recovery plan as part of the business continuity plan. Test the plan periodically to make sure that it works. Management of Cyber Crisis

31 Employee Sensitization
Case of data theft through Chinese take away menu. Employee is the weakest link Awareness of Cyber Crimes among employees Novel methods of creating awareness Training programes

32 Advocate Puneet Bhasin Cyberjure Legal Consulting
Cyber Law Expert Proprietor Cyberjure Legal Consulting

Download ppt "Cyber Crime Laws and Mitigation of Cyber Crimes in Corporate Companies"

Similar presentations

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.
Rohas Nagpal Asian School of Cyber Laws.  Information Technology Act, 2000 came into force in October 2000  Amended on 27 th October 2009  Indian Penal.

Rohas Nagpal Asian School of Cyber Laws.  Information Technology Act, 2000 came into force in October 2000  Amended on 27 th October 2009  Indian Penal.
Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.

Rohas Nagpal, Asian School of Cyber Laws.  Information Technology Act, 2000  Imprisonment upto 10 years  Compensation upto Rs 1 crore  Indian Penal.
Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.

Data Security and legal issues Starter :- 5 Minutes Make a list of all the companies and organisations that you believe holds data on you. Write down what.
ITA 2008: Law Enforcement & Incident Response -The way forward- By Talwant Singh Addl. Distt. & Sessions Judge Delhi

ITA 2008: Law Enforcement & Incident Response -The way forward- By Talwant Singh Addl. Distt. & Sessions Judge Delhi
The Information Technology Act, 2000 and The Information Technology (amendment) Act, 2008 A Comparative analysis By – Sagar Rahurkar.

The Information Technology Act, 2000 and The Information Technology (amendment) Act, 2008 A Comparative analysis By – Sagar Rahurkar.
Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.

Cyber Law & Islamic Ethics CICT3523 COMPUTER CRIMES.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.

2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
I NFORMATION T ECHNOLOGY A CT 2000. B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.

I NFORMATION T ECHNOLOGY A CT B ACKGROUND 1. Drew inspiration from Model Law on Electronic Commerce adopted by the United Nations Commission of.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Wonga example Register Question- What risks do you think businesses face due to IT developments?

Wonga example Register Question- What risks do you think businesses face due to IT developments?
GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.

GROUP 7 RAHUL JIMMY RONEY GEORGE SHABNAM EKKA SHEETHAL JOSEPH Cyber Laws in India- IT Act, 2000; 2004.
INFORMATION RETRIEVAL, INFORMATION ACCESS & BIG DATA- LEGAL PERSPECTIVES.

INFORMATION RETRIEVAL, INFORMATION ACCESS & BIG DATA- LEGAL PERSPECTIVES.
Privileged & Confidential 1 India: an up-date on Data Protection Legislation by Tejas Karia (BSL, LLM (LSE), Advocate, Solicitor Associate, Amarchand &

Privileged & Confidential 1 India: an up-date on Data Protection Legislation by Tejas Karia (BSL, LLM (LSE), Advocate, Solicitor Associate, Amarchand &
Cyber Laws in Pakistan. Cyber Crime Activity in which computers or networks are a tool, a target, or a place of criminal activity. Cyber crime also stated.

Cyber Laws in Pakistan. Cyber Crime Activity in which computers or networks are a tool, a target, or a place of criminal activity. Cyber crime also stated.
© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.
Indian Penal Code Act, 1860 Neeraj Aarora Advocate FICWA, LLB, MBA (IT), PGD (Cyber Law, DLTA & ADR), CFE (USA), BCFE (USA) Empanelled Legal Expert with.

Indian Penal Code Act, 1860 Neeraj Aarora Advocate FICWA, LLB, MBA (IT), PGD (Cyber Law, DLTA & ADR), CFE (USA), BCFE (USA) Empanelled Legal Expert with.
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.

Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Similar presentations

Ads by Google