CYBER L AW irtual or online The vit World of ; ; z space and the laws governing i sted 'S know ge the Greek word ‘Kybernetog "Cyber law..c s law is a branch cyber neh of law that Fi , relating to use of internet on wih legal ology: In short the law governs aes computer, any system and internet that is 4 ion of colecting information. source for The advancement in science and re technol aticularly the Progress in information technology popularly called as LT. is helping to collect any information, grvice sitting in any corner through the system likes computers, laptop, smart phone etc, Cyber world is sharing knowledge, information and helping in conducting various activities likes education, commerce, health, travel, etc. Cyber law is branch of law that deals with frauds, crimes undertaken through online transactions. Cyber law includes laws relating to - TN as iss © Cyber crimes * Electronic and digital signatures * Intellectual property * Data protection and privacy Cyber law addresses two category of Cyber Crimes, *Y are as follows154 Business Regulatory Framework a. Any illegal act or behavior undertaken by means of electronic operations that targets the security of computer systems and the data processed. b. Sharing, Circulating, Megal information, Misuse of system through online. A wide variety of scams operate in the online environment, like fraudulent lottery schemes, travel and credit-related’ tactics, modem and web page hijacking, and identity theft (ID theft) etc.CYBER SECURITY Cyber security refers to every aspect of protecting an organization and its employees and assets against cyber threats. As cyber attacks are becoming more common and sophisticated networks have become complex. A variety of cyber security solutions are required to mitigate complicated cyber risk and crime.“ The Different Types of Cyber Security Cyber security is a wide field covering several disciplines. It can be divided into seven main pillars: 1, Network Security : Most attacks occur over the network. Network security solutions are designed to identify and. block these attacks. These solutions include data and access controls such as Data Loss Prevention (DLP), IAM (Identity Access Management), NAC (Network Access: Control), and “NGFW (Next-Generation Firewall) application controls to enforce safe web use policies. Advanced and multi-layered network _ threat prevention technologies include IPS (Intrusion PreventionNS 156 Business Regulatory Framework System), NGAV (Next-Gen Antivirus), Sandboxing, and CDR (Content Disarm and Reconstruction). Also important are network analytics, threat hunting, and automated SOAR (Security Orchestration and Response) technologies. 2. Cloud Security : Cloud means connectivity like gathering of clouds in the sky, the people, organization are connected ‘clouded’ with another through systems, smart phones over the internet. As organizations increasingly adopt cloud computing, securing the cloud becomes a major priority. While many cloud providers offer security solutions, these are often inadequate to the task of achieving enterprise-grade security in the cloud. Supplementary third- party solutions are necessary to protect against data breaches and targeted attacks in cloud environments. 3. Endpoint Security : The zero-trust security model prescribes creating micro-segments around data wherever it may be. One way to do that with a mobile workforce is using endpoint security. With end point security, companies can secure end-user devices such as desktops and laptops with data and network security controls, advanced threat prevention such as anti-phishing and anti-ransomware, and technologies that provide forensics such as endpoint detection and response (EDR) solutions. 4. Mobile Security : Often overlooked, mobile devices such as tablets and smartphones have access to corporate data, exposing businesses to threats from malicious apps, zero-day, phishing, and IM (Instant Messaging) attacks. Mobile security prevents these attacks and secures the operating systems and devices from rooting and jailbreaking. When included with an MDM (Mobile Device Management) solution, this enables enterprises to ensure only compliant mobile devices have access to corporate assets.Business Regulatory Framework 157 5, loT Security : While using Internet of Things (IoT) devices certainly delivers productivity benefits, it also exposes organizations to new cyber threats. Threat actors seek out vulnerable devices inadvertently connected to the Internet for nefarious uses such as a pathway into a corporate network or for another bot in a global bot network. IoT security protects these devices with discovery and classification of the connected devices, auto-segmentation to control network activities, and using IPS as a virtual patch to prevent exploits against vulnerable oT devices. In some cases, the firmware of the device can also be augmented with small agents to prevent exploits and runtime attacks. 6. Application Security : Web applications, like anything else directly connected to the Internet, are targets for threat actors. Since 2007, OWASP has tracked the top 10 threats to critical web application security flaws such as injection, broken authentication, misconfiguration, and cross-site scripting to name a few. With application security, the OWASP Top 10 attacks can be stopped. Application security also prevents bot attacks and stops any malicious interaction with applications and APIs. With continuous learning, apps will remain protected even as DevOps releases new content. 7. Zero Trust : The traditional security model is perimeter-focused, building walls around an organization’s valuable assets like a castle. However, this approach has several issues, such as.the potential for insider threats and the rapid dissolution of the network perimeter. As corporate assets move off-premises as part of cloud adoption and remote work, a new approach to security is needed. Zero trust takes a more granular approach to security, protecting individual resources through a combination of micro-segmentation, monitoring, and enforcement of role-based access controls.Some types of cyber crimes found in India are: 1. Cyber pornography : This include pornographic websites; Pornographic magazines produced using computers (to publish and print the material) and the Internet (to download and transmit pornographic pictures, photos, writings etc). 2. Sale of illegal articles: This includes sale oi narcotics, weapons and wildlife etc., by posting information on websites, auction websites, or simply by using email communication, E.g. many of the auction sites even in India are believed to be selling cocaine in the name of ‘honey’. 3. Online Gambling: There are millions of websites; all hosted on servers abroad, that offer online gambling. In fact, it is believed that many of these websites are actually ‘fronts’ ie. they provide opportunities for money laundering. Cases of hawala transactions and money laundering over the Internet have been reported. 4. Intellectual Property crimes : These include software piracy, copyright infringement, trademarks violations, theft of computer source code etc. In other words this is also referred to as cyber squatting. 5. Email spoofing : It is imitation of other email or misuse of others email account. A spoofed email is one that appears to originate from one source but actually has been sent from another source. E.g. X has an e-mail address160 Business Regulatory Framework [email protected]. His enemy, Y spoofs his e-mail and sends obscene messages to all his contacts and friends. Since the e-mails appear to have originated from x, his friends could take offence and relationships could be spoiled for life. Email spoofing can also cause monetary damage. 6. Forgery : Counterfeit currency notes, postage and revenue stamps, mark sheets etc. can be forged using sophisticated computers, printers and scanners. Outside many colleges across India, one finds agents selling the fake mark sheets or even certificates. These are made using computers, and high quality scanners and printers. 7. Cyber Defamation: This occurs when defamation takes place with the help of computers and / or the Internet. E.g. someone publishes defamatory matter about someone on a website or sends e-mails containing defamatory information to all of that person’s friends. 8. Cyber stalking : Cyber stalking means repeated use of electronic communication to harries frighten someone. Similarly unwanted messages, obscene emails etc. are sent to his account to disturb the person. 9. Hacking : Unauthorized access are use of computer systems or networks. 10. Email bombing : Email bombing refers to sending a large number of emails to the victim resulting in the victim’s email account (in case of an individual) or mail servers (in casé of a company or an email service provider) crashing 12. Data Diddling : This kind of an attack involves altering raw data just before it is processed by a computer and then changing it back after the processing is completed. Electricity Boards in India have been victims to data diddling programs inserted when private parties were computerizing their systems.capcs Regulatory Framework | F 161 43. Salami Attacks : These ; games, The key here is to make attacks are used in financial 5 & the alterati sua annes patina single case it would go completely pane eer Eg. a bank employee inserts 3 " 's servers, that detiucts a email BF program, into the month) fro; oe holder vat eee fen customer: No bank ‘employee will unauthorized debit, but the pioyee make a sizeable amount of money every month, _14. Denial of Service attack : This involves flooding a computer resource with more requests than it can handle. This causes the resource (e.g. a web server) to crash thereby denying authorized users the service offered by the resource. This is similar to e-mail bombing. It is very difficult to control such attacks. The attack is initiated by sending excessive demands to the victim's computer(s), exceeding the’ limit that the victim’s servers can support and making the servers crash. Denial-of-service attacks have had an impressive history having, in the past, brought down websites like Amazon, CNN, Yahoo and. eBay!. , 45, Virus / Worm Attacks: Viruses are programs that attach themselves to a computer or a file and then-circulate themselves to other files and. to other computers‘ ona network. They. usually affect the data on a computer, either by altering or deleting it. 16. Trojan attacks: A Trojan as this program is aptly called. is an ‘unauthorized program which functions from inside what: seems to be an authorized program, thereby concealing what it is actually doing. There are many simple of installing a Trojan in someone's computer. 18. Internet time theft: It is illegal use of another person’s'internet facility. The bill of internet service his paid by one Mr. Xitis misused by other ie. Mr. Y. joney (say waysNeed for Cyber Law The existing laws in India are not enough to punish the crimes committed on online or Cyberspace. Increasing use of internet for every kind of transaction, whether, Social, Financial, Medical etc., has led to its misuse and crimes. To control this a separate law was felt. The need for cyber law is for following reasons. Transactions in investments are in demat form. Almost all companies extensively depend upon their computer networks and keep their valuable data in electronic form. Government forms including income tax returns, company law forms etc. are now filled in electronic form. Consumers are increasingly using credit cards for shopping. Most people are using email, cell phones and SMS messages for communication. ; Even in "non-cyber crime" cases, important evidence is found in computers / cell phones e.g. in cases of divorce, murder, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit currency etc. Cyber crime cases such as online banking frauds, online share trading fraud, source code theft,.credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of service, hacking, pornography etc are becoming common. Digital signatures and e-contracts are fast replacing conventional methods of transacting business.Features of Cyber Law and IT Act Cyber law and LT. act 2000 have following features. The act is applicable to all online, cyber transaction in India. 1. The act encourages helps every activity in society to carry online business, commerce, education, Health. Any service transactions can be carried on easily. The web system connects suppliers and users of information to avail the service, wherever they act.164 Business Regulatory Framework Business organisations expand their business through online. Companies, MNC’s can render their service to the customer in any corner of the world. Cyber Jaw provides security to the business that is carried online. A security system is installed to protect like interest of participants. The receipts, payments services every transactions mentioned is regulated through proper authorities. It has a legal system to control cyber crimes. Cyber regulation authority is established that monitors all cyber, online acts. Fake acts are detected, controlled punished through that system. Validation of digital Signatures : Every act is certified by signature by the parties. In case of cyber acts, digital signature of the parties is with regularity authorities. The authorities legal cell acts through digital signatures and control the fake transactions. “Cyber law has its legal system to lake action against parties. That commit cyber crimes. Parties who are penalized under cyber law, have right to appeal the High court if they have opinion that justice is not done to them under cyber law. Cyber law has provision for appointment of controller of certifying authorities, depository of digital signatures. The system has separate cyber Regulations authority to monitor control all cyber acts. Police has right of inspection, search of any officer, establishment to verify cyber acts and crimes. The act of cyber law is not applicable under for following activities. a, Execution of negotiable instruments like Bills, Promisely notes etc. but however, it is applicable to transactions in cheque and bank installments. b. Execution of power of authorizes under power of