Important Highlights of the subject

GC-102C CYBER LAWS AND SECURITY

UNIT 1History of Information Systems and its Importance, basics, Changing Nature of Information
Systems, Need of Distributed Information Systems, Role of Internet and Web Services,
Information System Threats and attacks, Classification of Threats and Assessing Damages
Security in Mobile and Wireless Computing- Security Challenges in Mobile
Devices, authentication Service Security, Security Implication for organizations,
Laptops Security Basic Principles of Information Security, Confidentiality, Integrity
Availability and other terms in Information Security, Information Classification and their
Roles.

1 There are 2 major types of ports in computer systems. These are physical ports
and logical ports.
2 The two key ingredients that need to be kept safe are: access control & file
permission in order to preserve data integrity
3 Increase your security for social media account by always logging out as you step
away from the system. This will reduce both remote hacking as well as physical
hacking.
4 Information Gathering about the system or the person or about organization or
network is not important so that as a hacker one can get to know well about the
target system or victim.
5 Information Security (abbreviated as InfoSec) is a process or set of processes used
for protecting valuable information for alteration, destruction, deletion or disclosure
by unauthorised users.
6 Information seems useful only when right people (authorised users) access it after
going through proper authenticity check. The key element availability ensures that
only authorised users are able to access the information.
7 For preventing data from data-loss, or damage data backup can be done and stored
in a different geographical location so that it can sustain its data from natural
disasters & unpredictable events.
8 Vulnerability is the term used to define weakness in any network or system that
can get exploited by an attacker. Exploiting the weakness can lead to the
unexpected & undesirable event in cyber security.
9 When cyber-criminal gain access to an authorized area and steal pen drives and
DVDs which contain sensitive information about an employee or about the
organization, then it can be said that the physical security of the organization is
weak.
10 With 2-Step Verification (which is also known as 2-factor authentication), users
can add an extra layer of security to your account. After login, it asks for your
existing phone number to send an OTP for layer-2 verification.
11 Use of pen drive to bring your work from home tasks to office systems may bring
worms and virus along with it (if your home system is infected with any malware
or infected programs) and may cause harm to your office systems.
12 Threat can be termed as a possible danger that may lead to breach the cyber
security and may cause possible harm to the system or the network.
13 Threats are anything that may cause damage or harm to a computer system,
individual or any information. Compromising of confidential information means
extracting out sensitive data from a system by illegal manner.
14 To do a security breaching in your system, your friend or anyone whom you deal
with may come up with a USB drive and will give you to take from you some data.
But that USB drive may contain Trojan that will get to your computer once
 triggered. So try using updated antivirus in your system.
15 Try to keep your passwords without meaning so that password guessing attack
becomes almost impossible to perform successfully. This will reduce the potential
to do both passwords guessing as well as dictionary attacks.
16 A computer virus is a malicious code which self-replicates by copying itself to
other programs. The computer virus gets spread by itself into other executable code
or documents. The intention of creating a virus is to infect vulnerable systems.
17 Always maintain a soft copy of all your passwords in your PC’ is not an
appropriate measure for securing your online accounts because, if your system got
accessed by anyone or anybody put spyware or screen-recording malware, then all
your passwords will get revealed.
18 A information only seems valuable if it is correct and do not get modified during
its journey in the course of arrival. The element integrity makes sure that the data
sent or generated from other end is correct and is not modified by any unauthorised
party in between.
19 An “attack” or “cyber-attack” is an attempt taken by attackers to alter, delete, steal
or expose any specific data by gaining unauthorized access.
20 An exploit can be any data, piece of code, a program, sequence of commands or
any software that uses the vulnerability or flaw of a system and helps attackers or
cyber-criminals cause unanticipated behaviour.
21 Attackers target large organizations and firms that consists of business firms,
financial corporations, medical and healthcare firms, government and secret
agencies, banking sectors. They’ve valuable information which can cost them huge
so major targets for hackers focuses such firms only.
22 Browser hijacking is a technique that takes over your system’s browser settings
and the attack will redirect the websites you visit some other websites of its
preference.
23 Clickfraud is an attack technique used when artificial clicks get generated to
increase the revenue in ad-campaigns online.
24 Cyber attack can be defined as an attempt to steal, spy, damage or destroy
different components of cyberspace such as computer systems, associated
peripherals, network systems, and information.
25 Cyber attack is an umbrella term used to classify different computer & network
attacks or activities such as extortion, identity theft, email hacking, digital spying,
stealing hardware, mobile hacking and physical security breaching.
26 The Buffer overflow attack takes place when an excessive amount of data occurs
in the buffer, which it cannot handle and lead to data being over-flow into its
adjoined storage. This attack can cause a system or application crash and can lead
to malicious entry-point.
27 Reverse engineering is the technique used to enable a hacker to open a piece of
program or application (usually in a low-level language such as Assembly
language) and re-build it with further features & capabilities.
28 Physical ports are connections that connect two systems for their interactions.
LAN, PS2 and DVI are examples of physical ports.
29 Logical ports are also known as virtual ports which are part of TCP/IP
networking. The numbers of ports are pre-assigned by IANA (Internet Assigned
Numbers Authority) which ranges from 0 – 65536.
30 Logical ports are end-point to a logical connection. The numbers are pre-assigned
by IANA (Internet Assigned Numbers Authority) which ranges from 0 – 65536.
31 Mobile security also known as wireless security is the protection of smart-phones,
phablets, tablets, and other portable tech-devices, & the networks to which they
connect to, from threats & bugs.
32 Ransomware has become a popular attack since last few years, and the attacker
target board members, high-ranked officials and managing committee members of
 an organization; where the ransomware compromise the system by encrypting all
files and ask for some ransom in order to unlock or decrypt all files.
33 Ransomware is special types of malware that will infect your system, compromise
all data by encrypting them and will pop up asking you for a ransom which will be
in the form of Bitcoins (so that the attacker do not get tracked) and once the ransom
is paid, it will release all files.
34 Ethical Hacking is an ethical form of hacking done by white-hat hackers for
performing penetration tests and identifying potential threats in any organizations
and firms.
35 Different types of harmful software and programs that can pose threats to a
system, network or anything related to cyberspace are termed as Malware.
Examples of some common malware are Virus, Trojans, Ransomware, spyware,
worms, rootkits etc.
36 Dumpster diving is a social engineering technique used by hackers to grab your
personal and confidential data from that thrown-away file also. Using these data
attackers may use password guessing or fraud calls (if they find your personal
phone number).

UNIT 2 Security Threats to E Commerce, Virtual Organization, Business Transactions on Web, E

Governance and EDI, Concepts in Electronics payment systems, E Cash,Credit/Debit Cards.
Physical Security- Needs, Disaster and Controls, Basic Tenets of Physical Security and
Physical Entry Controls, Access Control- Biometrics, Factors in Biometrics Systems,
Benefits, Criteria for selection of biometrics, Design Issues in Biometric Systems, Intero-
perability Issues, Economic and Social Aspects, Legal Challenges

1 An authentication is typically based on passwords, smart card, fingerprint, etc.

2 Usually, cyber-criminals steal those data that are confidential and adds value once they
are sold to the dark-market or in different deep web sites. Even these days, different
companies buy customer data at large for analyzing data and gain profit out of it.
3 Access control policies are incorporated to a security system for restricting of
unauthorised access to any logical or physical system. Every security compliance program
must need this as a fundamental component. Those systems which lack this feature is
vulnerable
4 Card skimmer is hardware that is installed and setup in ATMs secretly so that when any
user will swipe or insert their card in the ATM, the skimmer will fetch all information
from the magnetic strip.
5 It is very important to block unknown, strange and infected sites within the corporate
network, by the network administrator so that any employee may not accidentally access
those sites or open infected sites by means of clickjacking or URL-redirection techniques.
6 CHAP stands for Challenge Handshake authentication protocol. Features of CHAP:
plaintext, memorized token. Protocol uses Telnet, HTTP.
7 IPSec (Secure Internet Protocol) is used for securing data at the network level by using 3
different protocols. These are Encapsulating Secure Payload (ESP), Authentication
Header, and Internet Key Exchange (IKE).
8 Confidentiality is what every individual prefer in terms of physical privacy as well as
digital privacy. This term means our information needs to be protected from getting
disclose to unauthorised parties, for which we use different security mechanisms like
password protection, biometric security, OTPs (One Time Passwords) etc.
9 Configuration of DNS needs to be done in a secure way, otherwise it is possible that
 cyber-criminals and hackers may take away lots of sensitive information from the
organization.
10 The point-of-sale system is a system where the retailer or company stores financial
records and card details of the e-commerce system or online business transactions.
11 Switching off the phone in the fear of preserving the confidentiality of data i s not a
proper solution for data confidentiality. Fingerprint detection, face recognition,
password-based authentication, two-step verifications are some of these.
12 Target of Evaluation is the term used when any IT infrastructure, system, network
require evaluation for security reasons or for fixing any bugs after being tested by
penetration testers.
13 UserID is a part of identification. UserID can be a combination of username, user student
number etc.
14 It is when HTTPS (Hyper Text Transfer Protocol Secure) connection is built an extended
validation certificate is installed in the website for security reasons.
15 Functional authorization is concerned with individual user rights. Authorization is the
function of specifying access rights to resources related to information security.
17 Hyper Text Transfer Protocol Secure (HTTPS) is a security protocol which maintains
security when data is sent from browser to server and vice versa. It denotes that all
communication setup between the browser and the server is encrypted.
18 If a suspicious gain access to server room or into any confidential area with a malicious
pen-drive loaded with malware which will get triggered automatically once inserted to
USB port of any employee’s PC; such attacks come under physical hacking, because that
person in gaining unauthorized physical access to any room or organization first, then
managed to get an employee’s PC also, all done physically – hence breaching physical
security.

UNIT 3Model of Cryptographic Systems, Issues in Documents Security, System of Keys, Public Key
Cryptography, Digital Signature, Requirement of Digital Signature System, Finger Prints,
Firewalls, Design and Implementation Issues, Policies Network Security-Basic Concepts,
Dimensions, Perimeter for Network Protection, Network Attacks, Need of Intrusion Monit-
oring and Detection, Intrusion Detection Virtual Private Networks-Need, Use of Tunneling
with VPN, Authentication Mechanisms, Types of VPNs and their Usage, Security Concerns
in VPN

1 The methods and processes in securing network data from unauthorized content
extraction are controlled by network-security protocols.
2 The four elements of security viz. confidentiality, integrity, authenticity & availability helps
in better understanding the pillars of security and its different components.
3 In the network layer, which is the third layer of the OSI (Open Systems Interconnection)
model, packet filtering firewalls are implemented.
4 In the session layer (which is the fifth layer) of the OSI model, circuit-level gateway
firewalls are deployed for monitoring TCP sessions for 3-way handshakes.
5 The Identification, Authentication and Access control are the objectives of network
security.
6 There are 4 desired & necessary security services are encryption, Message Authentication
Codes (MAC), digital signatures and hash functions. These help in securing the transmission
of data.
7 Network protocols are designed with mechanisms for identifying devices and make
 connections between them. In addition, some proper rules are defined as to how data
packets will be sent and received.
8 SMTP (is abbreviated as Simple Mail Transfer Protocol) is a standard protocol to transmit
electronic mail and is a widely used mail transmitting protocol.
9 The various cryptographic techniques are symmetric Key cryptography, public key
cryptography, and Hash functions based cryptography. Conventional cryptography is also
known as secret-key cryptography or symmetric-key encryption.
10 The means of storing or sending data in a specific format so that only intended users can
process it is called cryptography. Data which is easily readable & understandable without
any special algorithm or method is called plain text.
11 Cryptanalysis is the art & science of cracking the cipher-text without knowing the key. This
technique is also implemented for designing new cryptographic algorithms or to test their
strengths.
12 Cryptography helps in securing a specific format so that only intended users can
understand or process it. The method of reversing the encrypted text which is known as
cipher text to its original form i.e. plain text is known as decryption.
13 Cryptography helps in securing information in a specific format so that only intended users
can understand or process it. When plain text is converted to the unreadable format, that
type of text is termed as cipher-text.
14 Cryptography is a means of storing & transmitting information in a specific format so that
only those for whom it is planned can understand or process it. Cryptosystem which is also
known as a cipher system is execution of cryptographic algorithms & techniques.
15 Cryptography is the process or mechanism used for converting ordinary plain text into
garbled non-human readable text & vice-versa. It is a means of storing & transmitting
information in a specific format so that only those for whom it is planned can understand or
process it.
16 Encryption Algorithm is the mathematical procedure or algorithm which produces a cipher-
text for any specified plaintext. Inputs it takes are the plain text and the key.
17 The text that gets transformed is called plain text. The algorithm used is called cipher
18 Encryption-decryption in a cryptosystem is done in two ways. These are by Symmetric Key
Encryption and by Asymmetric Key Encryption. In Symmetric Key Encryption, same keys are
implemented for encrypting as well as decrypting the information.
19 Data encryption is the method of converting plain text to cipher-text and only authorised
users can decrypt the message back to plain text. This preserves the confidentiality of data.
20 Cryptography offers 4 fundamental information security features. These are
Confidentiality, Data Integrity, Authentication and non-repudiation.
21 An algorithm used in encryption is referred to as a cipher. cipher is an algorithm for
performing encryption or decryption
22 When plain text is converted to unreadable format through some algorithms, that type of
text is termed as cipher text. Cryptographic algorithms are based on mathematical
algorithms where these algorithms use the secret key for a secure transformation of data.
23 For a block cipher, a chain of actions is performed on this block after a block of plain-text.
In block ciphers procedure to add bits to the last block is termed as padding.
24 In stream ciphers, the plain-text is processed 1-bit at a time & a series of actions is carried
out on it for generating one bit of cipher-text.
25 The key element, authenticity helps in assuring the fact that the information is from the
original source.
26 The key intent of implementing cryptography is to offer the following 4 fundamental
information security features. These are Confidentiality, Data Integrity, Authentication and
non-repudiation.
27 In a block cipher, a sequence of actions is carried out on this block after a block of plain-
text bits is chosen for generating a block of cipher-text bits. Examples of block ciphers are
DES, IDEA, Twofish etc.
28 Caesar Cipher is the simplest type of substitution cipher with a mono-alphabetic encryption
code wherein each letter of plain-text is replaced by another letter in creating the cipher-
text.
29 Monoalphabetic cipher is a cipher formed out of substitution where for a given key-value
the cipher alphabet for every plain text remains fixed all through the encryption procedure.
30 In Asymmetric Key Encryption 2 different keys are implemented for encrypting as well as
decrypting that particular information. Inputs it takes are the plain text and 2 different key
31 In block cipher, a sequence of actions is carried out on this block after a block of plain-text
bits is chosen for generating a block of cipher-text bits. Blocks in these have fixed number of
bits.
32 Shift Cipher is the concept that tells us about the replacement of every alphabet by
another alphabet and the entire series gets ‘shifted’ by some fixed quantity (which is the
key) between 0 and 25.
33 A set of all probable decryption keys are collectively termed as key space. A mathematical
algorithm which produces a unique plain text for a given cipher text along with a decryption
key is called a decryption algorithm.
34 Data Encryption Standard is a block cipher which implements the Feistel Cipher which
employs 16 round of Feistel structure. The block size it uses is 64-bit.
35 DES which is abbreviated as Data Encryption Standard falls under the category of a block
cipher that implements the Feistel Cipher which employs 16 round of Feistel structure.
36 Vigenere Cipher employs a text string as a key that is implemented to do a series of shifts
on the plain-text. Here the sender & the receiver settle on a single key.
37 Digital certificates are used for certifying the ownership of a public key and the entity who
issue those certificates is the Certificate Authority.
38 Digital Privacy is a combined term which encompasses 3 sub-pillars; information privacy,
individual privacy, and communication privacy where all of them deal with the protection of
an individual’s information.
39 Firewalls are used to protect the computer network and restricts illicit traffic. Denial of
Service (DoS) attack is one such automated attack which a firewall with proper settings and
the updated version can resist and stop from getting executed
40 Firewalls are of three kinds – one is the hardware firewalls, another is software firewalls
and the other is a combination of both hardware and software.
41 Firewalls examines each data packets that are entering or leaving the internal network
which ultimately prevents unauthorized access.
42 Software firewalls are those kinds of firewalls that are installed in the system using internet
connection as we install normal applications and update them. Some operating system
vendors provide default firewalls with their operating systems.
43 Packet filtering firewalls are also called the first generation firewalls. It came into the
picture around the 1980s. Packet filtering technique cannot support the complex models of
rules and is spoofing attack-prone in some cases as well.
44 Packet Filtering Firewalls are applied within routers which connect the internal Network
system with the outside net work using the internet. It works effectively if the internal network
is smaller in size.
45 Packet filtering firewalls are deployed on routers that help in connecting internal network
worldwide via the internet.
46 Packet filtering firewalls are more advantageous because they are less costly and they use
fewer resources and are used effectively in small networks.
47 All VPNs are formed with a combination of tunnelling protocols as well as encryption
 techniques for maintaining privacy and security.
48 VPN systems have specific protocols for tunnelling the traffic, secure remote access
connectivity as well as make sure how many levels of security it is providing for private data
communication.
49 VPNs allow its users to attach to the internet via a remote or virtual server which preserves
privacy. If you are using VPN, the data between your device & the server gets securely
transmitted.
50 VPNs are of two types. These are remote access VPNs & Site-to-site VPNs. Remote Access
VPNs are used for business & home users. Site-to-site VPNs are mainly used in companies
and firms with different geographical locations.
51 VPNs are used for hiding user’s browsing activities and maintain anonymity. This also helps
in preventing user’s personal browsing data leakage and protects the leakage of browsing
habits.
52 VPNs are used for hiding your physical location which helps in maintaining anonymity.
Using IP address and browsing habits, link search, your physical location can be traced.
53 VPNs are used for masking user’s IP address and maintain anonymity. This protects leakage
of IP address that almost every website grabs when a user opens a website.
54 With the help of VPN, users can access and connect to sites that are kept blocked by the
ISPs based on a specific geographic location
55 Remote access VPN allows individual users to connect to private networks at home and
access resources remotely.
56 A remote-access VPN typically depends on either Secure Sockets Layer (SSL) or IP Security
(IPsec) for a secure connection over public network.
57 A Virtual Private Network i.e. VPN is a technique used in networking or other intermediate
networks for connecting computers and making them isolated remote computer networks,
maintaining a tunnel of security and privacy.
58 A Virtual Private Network i.e. VPN is a technique used in networking or other intermediate
networks for connecting computers and making them isolated remote computer networks,
maintaining a tunnel of security and privacy.
59 There are six types of protocols used in VPN. These are Internet Protocol Security or IPSec,
Layer 2 Tunnelling Protocol (L2TP), Point – to – Point Tunnelling Protocol (PPTP), Secure
Sockets Layer (SSL), OpenVPN and Secure Shell (SSH).
60 Site-to-site VPN architecture is also known as extranet based VPNs because these type of
VPNs are typically used to connect firms externally between different branches of the same
company.
61 Site-to-site VPNs are also known as Router-to-router VPNs which are typically used in
companies and firms for connecting remotely different branches with different geographical
locations.
62 Site-to-site VPNs are also known as Router-to-router VPNs. They are mainly used in
companies and firms with different geographical locations.
63 There is a suitable solution for preserving privacy is by using privacy-focussed search
engines, and by using VPNs. VPNs allow its users to attach to the internet via a remote or
virtual server which preserves privacy.
64 In IP Address, IP is abbreviated as Internet Protocol. It acts as a unique address or identifier
of any computer or device in the internet.
65 Hardware firewalls are those firewalls that need to be connected as additional hardware
between the device through which the internet is coming to the system and the network
used for connecting to the internet.
UNIT 4 Security metrics- Classification and their benefits Information Security & Law, IPR,
Patent Law, Copyright Law, Legal Issues in Data mIning Security, Building Security
into Software Life Cycle Ethics- Ethical Issues, Issues in Data and Software Privacy
Cyber Crime Types & overview of Cyber Crimes

1 Cyber crimes are one of the most threatening terms that is an evolving phase. It is
said that major percentage of the World War III will be based on cyber-attacks by
cyber armies of different countries.
2 Cyber- terrorism is the term used to describe internet terrorism, where individuals
and groups are anonymously misusing ethnicities, religions as well as threaten any
technology user, which may lead to even loss of life.
3 Cyber Terrorists are very expert programmers and cyber criminals who hide
themselves while doing malicious activities over the internet and they are smart
enough to hide themselves or their tracks of action. They are hired for gaining
unauthorised access to nation’s data centres or break into the network of intelligence
agencies.
4 Nation / State sponsored hackers are specific individuals who are employed or hired
by the government of that nation or state and protect the nation from cyber terrorists
and other groups or individuals and to reveal their plans, communications and
actions.
5 Cyber-criminals and black hat hackers do one common form of cyber-crime that is a
misuse of digital signatures. The law for this fraudulent act comes under section 72 of
the Indian IT Act.
6 Cyber-criminals are involved in activities like accessing online accounts in
unauthorized manner; use Trojans to attack large systems, sending spoofed emails.
But cyber-criminals do not report any bug is found in a system, rather they exploit the
bug for their profit.
7 Cyber-criminals target browsers for breaching information security. If a user
establishes a remote browsing by isolating the browsing session of end use r, cyber-
criminals will not be able to infect the system along with browser with malware,
ultimately reducing the attack surface area.
8 Cyber-laws were incorporated in our law book not only to punish cyber criminals but
to reduce cyber crimes and tie the hands of citizens from doing illicit digital acts that
harm or damage other’s digital property or identity.
9 Data breach an activity that takes place when cyber-criminals infiltrates any data
source and takes away or alters sensitive information. This is either done using a
network to steal all local files or get access physically to a system.
10 Data breach is the term used when the cyber-security incident takes place where
sensitive information is accessed without authority.
11 In most of the cases, the attacker uses automated brute force tools for
compromising your PIN or password. This makes fetching of your password easier by
a combination of different letters as a trial-and-error approach.
12 Hacktivism is an act of defacing a website, or any network or system. Systems and
networks are compromised with a political or social agenda.
13 Disaster, eavesdropping and information leakage come under information security
threats whereas not changing the default password of any system, hardware or any
software comes under the category of vulnerabilities that the user may pose to its
system.
14 Social networking sites are the most used sites and the most viral section of the
internet. So users must keep their accounts secure and safe from getting into wrong
hands.
15 Sometimes cyber-criminals anonymize their identity or network to perform criminal
activities so that it becomes difficult by forensic investigators or cyber cell to identify
them.
16 Stealing of digital files, e-documents from any system or cloud or electronic device is
a punishable offense that comes under section 66 – C of the Indian IT Act.
17 Identity theft is the term used when a cyber-thief uses anybody’s personal
information to impersonate the victim for their benefit. In this type of cyber-crime,
information like social security number, personal details, and images, hobbies and
passion details, driving license number and address details are compromised.
18 Any digital content which is either lascivious is not acceptable by the society or
viewers or that digital item corrupts the minds of the audience, then the creator of
such contents falls under the cyber-crime of section 67 of the Indian IT Act.
19 Download copy, extract data from an open system done fraudulently is treated as
according to section 66 of the Indian IT Act.
20 In the year 2008, the IT Act, 2000 was updated and came up with a much broader
and precise law on different computer-related crimes and cyber offenses.
21 In the year 2008, the IT Act, 2000 was updated and came up with a much broader
and precise law on different computer-related crimes and cyber offenses.
22 Information Technology Act -2000 (ITA-2000), came into existence on 17th Oct 2000,
that is dedicated to cyber-crime and e-commerce law in India.
23 IT Act 2008 make cyber-crime details more precise where it mentioned if anyone
publishes sexually explicit digital content then under section 67 – A he/she has to pay
a legitimate amount of fine and imprisonment of five years.
24 On 17th Oct 2000, the Indian legislature thought of adding a chapter that is
dedicated to cyber law, for which India’s Information Technology (IT) Act, 2000 came
into existence.
25 Any cyber-crime that comes under section 66 of the Indian IT Act, the person
accused of such cyber-crime gets fined of around five lacs rupees and 3 years of
imprisonment.
26 Any cyber-crime that comes under section 66 of the Indian IT Act, the person
accused of such cyber-crime gets fined of around five lacs rupees.
27 Under section 66 of IT Act, 2000 which later came up with a much broader and
precise law (as IT Act, 2008) says that if any individual access anyone’s Wi -Fi network
without the permission of the owner or for doing a malicious activity, it is a cyber-
crime.
28 Under section 66 of IT Act, 2000 which later came up with a much broader and
precise law (as IT Act, 2008) says that if any individual steals the identity or misuse
any victim’s identity for his/her own profit, it is a cyber-crime.
29 Under section 66 of IT Act, 2000 which later came up with a much broader and
precise law says that cracking or illegally hacking into any victim’s computer is a
crime. It covers a wide range of cyber-crimes under this section of the IT Act
30 Under section 66 of IT Act, 2000 which later came up with a much broader and
precise law says that without prior authorization or permission, if any individual
access any computer system, it is a cyber-crime.
31 Sending an offensive message, emails o any digital content through an electronic
medium to your recipient is a punishable offense that comes under section 66 – A of
the Indian IT Act, 2008.
32 Using of spy cameras in malls and shops to capture private parts of any person,
without the concern of that victim, then it comes under section 67 of IT Act, 2008 as a
punishable offense.
33 Using of spy cameras in malls and shops to capture private parts of any person,
 without the concern of that victim, then it comes under section 67 of IT Act, 2008
where the person doing such crime is punished with a fine of Rs. 5 Lacs.
34 The punishment in India for stealing computer documents, assets or any software’s
source code from any organization, individual, or from any other means is 3 years of
imprisonment and a fine of Rs. 500,000.
35 The Indian legislature thought of adding a chapter that is dedicated to cyber law.
This finally brought India’s Information Technology (IT) Act, 2000 which deals with the
different cyber-crimes and their associated laws.
36 The term data tampering is used when integrity is compromised in any security
model and checking its integrity later becomes costlier. Example: let suppose you sent
$50 to an authorised person and in between a Man in the Middle (MiTM) attack takes
place and the value has tampered to $500. This is how integrity is compromised.
37 Flood comes under natural disaster which is a threat to any information and not acts
as a vulnerability to any system.
38 Data masking is the method used for developing or creating a structurally similar
version of data of any organization that is not authentic. These types of unauthentic
data are purposefully created for protecting the actual data.
39 DDoS (Distributed Denial of Service), IPR violation, online payment sites are mass
attacks done using a computer. Spying someone using keylogger is an example of
peer-to-peer attack.