Unit 1

1. Introduction to Information Systems

Q1: What is an Information System? Explain its components.

Ans: An Information System (IS) is a system that collects, processes, stores, and distributes information
to support decision-making and business operations.

Components of an Information System:

1. Hardware – Physical devices like computers, servers, and networking equipment.

2. Software – Programs and applications that process data.

3. Data – Raw facts that are processed into useful information.

4. People – Users, IT professionals, and stakeholders who interact with the system.

5. Processes – Procedures followed to collect, process, and analyze data.

Information Systems help businesses improve efficiency, automate tasks, and support decision-making.

2. Types of Information Systems

Q2: Explain the different types of Information Systems with examples.

Ans: Information Systems are classified into different types based on their function:

1. Transaction Processing System (TPS) – Handles day-to-day transactions (e.g., ATM system, billing
system).

2. Management Information System (MIS) – Provides summarized reports for management

decision-making (e.g., sales reports, financial reports).

3. Decision Support System (DSS) – Helps in complex decision-making by analyzing data (e.g.,
weather forecasting, stock market analysis).

4. Enterprise Resource Planning (ERP) – Integrates different departments like HR, finance, and
production (e.g., SAP, Oracle ERP).

5. Knowledge Management System (KMS) – Stores and manages organizational knowledge (e.g.,
company knowledge base).

Each system plays a crucial role in improving business efficiency and decision-making.

3. Development of Information Systems

Q3: What is System Development Life Cycle (SDLC)? Explain its phases.
Ans: The System Development Life Cycle (SDLC) is a structured approach used to develop an
Information System. It consists of the following phases:

1. Planning – Identify the problem and define the objectives of the system.

2. Analysis – Gather requirements and analyze user needs.

3. Design – Create system architecture, database design, and user interfaces.

4. Implementation – Develop the system, test it, and deploy it for users.

5. Maintenance – Fix issues, update software, and improve system performance.

SDLC helps in developing reliable and efficient systems by following a step-by-step approach.

4. Introduction to Information Security & CIA Triad

Q4: What is Information Security? Explain the CIA Triad.

Ans: Information Security refers to the protection of data from unauthorized access, modification, or
destruction.

The CIA Triad is the foundation of Information Security and consists of three main principles:

1. Confidentiality – Ensures that only authorized users can access sensitive data. (e.g., password-
protected files)

2. Integrity – Ensures that data remains accurate and unchanged unless modified by authorized
users. (e.g., digital signatures, checksums)

3. Availability – Ensures that information is accessible when needed. (e.g., backup servers, disaster
recovery plans)

The CIA Triad helps organizations implement effective security measures to protect their information
systems.

5. Need for Information Security

Q5: Why is Information Security important? Explain its benefits.

Ans: Information Security is important because it protects data from cyber threats and unauthorized
access.

Benefits of Information Security:

1. Prevents Data Breaches – Protects sensitive personal and business data from hackers.

2. Ensures Business Continuity – Protects systems from cyber-attacks, ensuring smooth operations.

3. Maintains Customer Trust – Prevents identity theft and financial fraud, ensuring user
confidence.
 4. Protects Against Financial Losses – Cyber-attacks can lead to loss of money and business
reputation.

5. Ensures Compliance – Many industries have legal requirements to secure data (e.g., GDPR,
HIPAA).

Implementing strong security measures is essential to protect businesses from cyber threats and
financial losses.

6. Threats to Information Systems

Q6: What are the major threats to Information Systems? Explain with examples.
Ans: There are various cyber threats that can compromise the security of Information Systems.

1. Malware – Malicious software like viruses, worms, and ransomware that damage or steal data.
(e.g., WannaCry ransomware attack)

2. Phishing – Cybercriminals send fake emails to steal user credentials or financial information.

3. Denial-of-Service (DoS) Attacks – Overloading a system to make it unavailable for users. (e.g.,
website crashes due to excessive traffic)

4. Insider Threats – Employees misusing their access to leak or steal data.

5. Zero-Day Exploits – Attacks that target unknown vulnerabilities in software before a fix is
available.

Understanding these threats helps organizations implement better security measures to protect their
data.

8. Cyber Security

Q8: What is Cyber Security? Explain its key practices.

Ans: Cyber Security is the practice of protecting computer systems, networks, and data from cyber
threats such as hacking, phishing, and malware attacks.

Key Cyber Security Practices:

1. Use Strong Passwords – Use complex passwords and multi-factor authentication (MFA).

2. Install Antivirus Software – Protects systems from malware and viruses.

3. Keep Software Updated – Regular updates fix security vulnerabilities.

4. Enable Firewalls – Prevents unauthorized access to networks.

5. Beware of Phishing Attacks – Do not click on suspicious links or emails.

6. Backup Data Regularly – Ensures recovery in case of cyber-attacks or system failures.

 7. Use Encryption – Protects sensitive data from being accessed by hackers.

Unit 2
1. Application Security

Q1: What is Application Security? Explain security measures for databases, e-mail, and the internet.

Ans:
Application Security refers to the practices and technologies used to protect applications from cyber
threats. It ensures that software, databases, and communication systems remain secure from
unauthorized access, attacks, and vulnerabilities.

Security Measures for Different Applications:

1. Database Security:

o Use encryption to protect sensitive data.

o Implement access controls (only authorized users can access data).

o Perform regular backups to prevent data loss.

o Use firewalls and Intrusion Detection Systems (IDS) to monitor suspicious activity.

2. E-mail Security:

o Enable spam filters to block phishing emails.

o Use two-factor authentication (2FA) for e-mail login.

o Encrypt emails to prevent unauthorized access.

o Avoid opening suspicious attachments or links.

3. Internet Security:

o Use secure browsing (HTTPS websites).

o Install firewalls and antivirus software.

o Do not download files from untrusted sources.

o Keep the browser and system software updated.

Application security protects businesses and users from cyber threats such as hacking, malware, and
phishing.

2. Data Security Considerations

Q2: What are Data Security Considerations? Explain Backups, Archival Storage, and Disposal of Data.

Ans:
Data Security ensures that data is protected from unauthorized access, loss, or corruption. Three
important aspects of data security are Backups, Archival Storage, and Disposal of Data.

1. Backups:

o Creating copies of data to restore in case of data loss.

o Types: Full backup, Incremental backup, Differential backup.

o Backups should be stored in secure locations (cloud storage, external hard drives).

2. Archival Storage:

o Long-term storage of important data that is not frequently used.

o Used for legal records, financial data, medical records, etc.

o Stored in secure environments like data centers or cloud storage.

3. Disposal of Data:

o Deleting data securely to prevent unauthorized access.

o Methods: Shredding, degaussing (magnetic erasure), overwriting.

o Importance: Prevents identity theft, data breaches, and misuse.

Proper data security measures help protect sensitive information from cyber threats and accidental loss.

3. Security Technology

Q3: What is Security Technology? Explain Firewall, VPNs, and Intrusion Detection System.

Ans:
Security technologies protect networks and systems from cyber threats. Some essential security
technologies are:

1. Firewall:

o A security device that filters incoming and outgoing network traffic.

o Blocks unauthorized access while allowing legitimate traffic.

o Types: Hardware firewall, Software firewall.

o Example: Windows Defender Firewall.

2. Virtual Private Network (VPN):

o Encrypts internet traffic to protect data from hackers.

 o Provides secure remote access to private networks.

o Prevents IP tracking and geo-blocking bypass.

o Example: NordVPN, ExpressVPN.

3. Intrusion Detection System (IDS):

o Monitors network activity for suspicious behavior.

o Alerts security teams if an attack is detected.

o Types: Host-based IDS (HIDS), Network-based IDS (NIDS).

o Example: Snort, Cisco IDS.

Using security technologies like firewalls, VPNs, and IDS helps prevent cyber-attacks and protect sensitive
data.

4. Access Control

Q4: What is Access Control? Explain its types.

Ans:
Access Control ensures that only authorized users can access specific resources like systems, databases,
or applications. It helps prevent unauthorized access, data breaches, and cyber-attacks.

Types of Access Control:

1. Discretionary Access Control (DAC):

o Data owners decide who can access information.

o Example: A file owner sets permissions for reading or writing.

2. Mandatory Access Control (MAC):

o Access is controlled based on security classifications.

o Used in government and military systems.

3. Role-Based Access Control (RBAC):

o Users are assigned roles, and roles determine access rights.

o Example: An HR employee can access payroll data, but a sales employee cannot.

4. Attribute-Based Access Control (ABAC):

o Access is granted based on attributes (location, time, device, etc.).

o Example: A system allows access only from a company laptop, not personal devices.
Access control ensures data security by preventing unauthorized users from accessing sensitive
information.

5. Security Threats

Q5: Explain different types of Security Threats.

Ans:
Security threats are cyber-attacks or malicious activities that harm computer systems and networks.
Some common threats include:

1. Viruses:

o Malicious programs that attach to files and spread between computers.

o Example: File-infecting viruses that corrupt system files.

2. Worms:

o Self-replicating malware that spreads across networks without user action.

o Example: Conficker worm.

3. Trojan Horse:

o Malware disguised as a legitimate program to trick users.

o Example: A fake antivirus software that steals personal data.

4. Logic Bombs:

o Malicious code triggered by specific conditions (e.g., deleting files on a certain date).

5. Trapdoors (Backdoors):

o Hidden entry points in software that allow hackers to bypass security.

6. Spoofing:

o Attackers impersonate trusted entities (e.g., fake websites or emails) to steal data.

o Example: Fake banking website stealing login details.

7. E-mail Viruses:

o Malware spread through email attachments or links.

o Example: ILOVEYOU virus.

8. Macro Viruses:

o Infects macros in applications like MS Word and Excel.

o Example: A virus that modifies Word documents when opened.

 9. Malicious Software (Malware):

o Any harmful program designed to damage or steal data.

o Includes viruses, worms, Trojans, spyware, and ransomware.

10. Network Attacks:

 Attacks targeting network systems to steal or disrupt data.

 Example: Man-in-the-Middle (MITM) attack.

11. Denial of Service (DoS) Attack:

 Overloads a system with excessive traffic, making it unavailable.

 Example: DDoS attacks shutting down websites.

Unit 3
1. Introduction to E-Commerce

Q1: What is E-Commerce? Explain its advantages and disadvantages.

Ans:
E-Commerce (Electronic Commerce) refers to buying and selling goods or services over the internet. It
includes online shopping, electronic payments, and digital transactions.

Advantages of E-Commerce:

1. Convenience – Customers can shop 24/7 from anywhere.

2. Lower Costs – Businesses save on physical store expenses.

3. Wider Reach – Businesses can reach global customers.

4. Faster Transactions – Online payments and order processing are quick.

5. Personalization – Websites suggest products based on customer preferences.

Disadvantages of E-Commerce:

1. Security Risks – Cyber threats like hacking and fraud.

2. Lack of Personal Touch – No direct interaction with sellers.

3. Delivery Delays – Shipping takes time compared to physical stores.

4. Technical Issues – Website crashes or payment failures can occur.

E-Commerce is growing rapidly due to its ease of access and technological advancements.
2. Threats to E-Commerce

Q2: What are the major threats to E-Commerce?

Ans:
E-Commerce platforms face several security threats, including:

1. Hacking – Cybercriminals steal customer data, such as credit card details.

2. Phishing – Fraudulent emails trick users into providing sensitive information.

3. Denial-of-Service (DoS) Attacks – Overloading a website to make it inaccessible.

4. Identity Theft – Hackers misuse personal information for fraud.

5. Payment Fraud – Fake transactions using stolen credit card details.

6. Malware & Viruses – Malicious software infecting e-commerce websites.

7. Data Breaches – Leakage of customer information due to weak security.

To counter these threats, e-commerce sites use encryption, firewalls, and secure payment gateways.

3. Electronic Payment System

Q3: What is an Electronic Payment System? Explain different payment methods.

Ans:
An Electronic Payment System (EPS) enables secure financial transactions over the internet. It is used in
online shopping, bill payments, and banking.

Types of Electronic Payment Methods:

1. E-Cash – Digital money stored electronically (e.g., Paytm wallet, PayPal).

2. Credit/Debit Cards – Secure online transactions using card details (e.g., Visa, MasterCard).

3. Net Banking – Direct payment from a bank account to a merchant.

4. Mobile Payments – Payments using mobile apps (e.g., Google Pay, PhonePe).

5. Cryptocurrency – Digital currency transactions using blockchain (e.g., Bitcoin, Ethereum).

Electronic payments provide fast, secure, and cashless transactions, improving the e-commerce
experience.

4. Digital Signature & Cryptography

Q4: What is a Digital Signature? How does it work?

Ans:
A Digital Signature is an electronic verification of authenticity used in online transactions. It ensures:

1. Authentication – Confirms the sender’s identity.

2. Integrity – Ensures that the message is not altered.

3. Non-repudiation – Prevents the sender from denying the transaction.

Working of Digital Signature:

1. The sender encrypts a document using a private key.

2. The receiver decrypts it using the sender’s public key.

3. If the signature matches, the document is verified as authentic.

Digital signatures enhance security in e-commerce, online banking, and legal documents.

Q5: What is Cryptography? Explain its types.

Ans:
Cryptography is the practice of securing data by converting it into an unreadable format using
encryption techniques.

Types of Cryptography:

1. Symmetric Encryption – The same key is used for encryption and decryption (e.g., AES, DES).

2. Asymmetric Encryption – Uses a pair of public and private keys (e.g., RSA, ECC).

3. Hash Functions – Converts data into a fixed-length string (e.g., SHA-256).

Cryptography protects sensitive information from cyber threats in communication and transactions.

5. Developing Secure Information Systems

Q6: What are the steps in developing a secure information system?

Ans:
A Secure Information System (SIS) protects data and transactions from cyber threats.

Steps to Develop a Secure Information System:

1. Identify Security Requirements – Assess threats and vulnerabilities.

2. Design Secure Architecture – Use firewalls, encryption, and authentication.

3. Implement Security Controls – Apply access controls, IDS, and secure coding.

4. Perform Security Testing – Conduct penetration testing and vulnerability scans.

 5. Continuous Monitoring & Updates – Update software and monitor for attacks.

Developing secure systems helps prevent data breaches and cyber threats.

6. Information Security Governance & Risk Management

Q7: What is Information Security Governance? Explain its importance.

Ans:
Information Security Governance (ISG) involves policies and strategies to protect an organization’s data
and IT systems.

Importance of ISG:

1. Protects Sensitive Data – Ensures compliance with security laws.

2. Reduces Cyber Risks – Identifies and mitigates security threats.

3. Enhances Business Continuity – Prevents disruptions from cyber-attacks.

4. Improves Decision-Making – Helps organizations implement strong security measures.

Security governance is essential for organizations to maintain trust and compliance.

7. Security Architecture & Design

Q8: What is Security Architecture & Design? Explain key elements.

Ans:
Security Architecture & Design focuses on building secure IT systems by implementing security
measures at different layers.

Key Elements:

1. Network Security – Firewalls, VPNs, and IDS to protect data traffic.

2. Application Security – Secure coding practices to prevent vulnerabilities.

3. Data Security – Encryption and access controls for sensitive information.

4. Physical Security – Protecting servers and IT assets from theft or damage.

A strong security architecture ensures that IT systems remain protected from cyber threats.

8. Security Issues in Hardware, Data Storage & Downloadable Devices

Q9: What are security issues in hardware, data storage, and downloadable devices?
Ans:
Security risks exist in different areas of IT infrastructure:

1. Hardware Security Issues:

o Unauthorized access to servers and workstations.

o Physical theft of devices containing sensitive data.

2. Data Storage Security Issues:

o Data breaches from unprotected cloud storage.

o Loss of data due to hardware failure or cyber-attacks.

3. Downloadable Devices Issues:

o USB drives and external hard disks carrying malware.

o Data leakage through portable devices.

Security measures like encryption, physical locks, and controlled access prevent unauthorized use of IT
assets.

9. Physical Security of IT Assets

Q10: What are the security measures for protecting IT assets?

Ans:
Physical security ensures that IT assets like servers, networks, and storage devices remain safe from
theft, damage, or unauthorized access.

Key Security Measures:

1. Access Control – Restricting entry using biometric authentication, keycards, or passwords.

2. CCTV Surveillance – Monitoring critical areas to prevent unauthorized access.

3. Backup Security – Storing backup data in multiple secure locations.

4. Fire & Disaster Protection – Installing fire suppression systems and disaster recovery plans.

Implementing physical security measures helps prevent data loss, system downtime, and security
breaches.

Unit 4

1. Security Policies
Q1: What are Security Policies? Why should they be developed?

Ans:
A Security Policy is a set of rules and guidelines designed to protect an organization's data, IT systems,
and users from security threats.

Why Security Policies Should Be Developed?

1. Protects Sensitive Information – Prevents unauthorized access and data breaches.

2. Defines Security Responsibilities – Employees understand their security roles.

3. Ensures Compliance – Helps follow legal and industry security standards.

4. Reduces Security Risks – Identifies potential threats and mitigation strategies.

5. Improves Incident Response – Provides clear steps to handle security issues.

Security policies are essential for maintaining data integrity, confidentiality, and availability.

2. Policy Review Process

Q2: What is the Security Policy Review Process? Explain its steps.

Ans:
The Policy Review Process ensures that security policies remain effective and updated with evolving
threats.

Steps in the Policy Review Process:

1. Assessment of Current Policies – Analyze existing security policies and their effectiveness.

2. Identifying Security Gaps – Check for weaknesses or outdated measures.

3. Updating Policies – Modify policies to address new threats and technologies.

4. Approval & Documentation – Get management approval and formally document changes.

5. Employee Training & Awareness – Educate employees about updated policies.

6. Regular Audits & Monitoring – Continuously review and refine policies.

Regular policy reviews help organizations stay ahead of cyber threats and regulatory changes.

3. Publication and Notification Requirement of Policies

Q3: How should security policies be published and communicated within an organization?

Ans:
After a security policy is developed, it must be published and communicated properly to ensure
compliance.
Methods of Publishing Security Policies:

1. Official Documents – Policies are documented and stored in internal portals.

2. Employee Handbooks – Security rules included in company handbooks.

3. Email Notifications – Sending policy updates via official emails.

4. Training Sessions – Conducting workshops to educate employees.

5. Posters & Notices – Displaying important policies in workplaces.

Notification Requirements:

 Employees should acknowledge they have read and understood the policies.

 Regular reminders about security policies should be sent out.

 Any updates should be communicated immediately.

Proper publication and notification ensure that employees follow security guidelines effectively.

4. Types of Security Policies

Q4: What are different types of security policies? Explain with examples.

Ans:
Security policies vary based on the organization’s needs. The main types of security policies are:

1. WWW (World Wide Web) Policies:

 Define rules for internet usage in the workplace.

 Example: Employees should not visit unauthorized or unsafe websites.

2. Email Security Policies:

 Establish guidelines for using company email securely.

 Example: Employees should not open suspicious email attachments or share sensitive data via
email.

3. Corporate Security Policies:

 Covers all aspects of IT security, including data protection, access control, and incident response.

 Example: Employees must use strong passwords and multi-factor authentication (MFA).

4. Access Control Policies:

 Define who can access different levels of company data.

 Example: Only HR personnel can access employee salary details.

5. Mobile Device Security Policies:

 Ensure secure usage of mobile devices connected to company networks.

 Example: Employees must use VPNs when accessing company data from personal devices.

6. Sample Security Policies:

Example of a Password Policy:

 Passwords must be at least 12 characters long.

 Employees must change their passwords every 90 days.

 Multi-factor authentication (MFA) should be enabled for critical systems.

Different security policies help organizations maintain a safe and secure IT environment.

5. Case Study – Corporate Security

Q5: Explain a case study on Corporate Security.

Ans:

Case Study: XYZ Corporation – Strengthening Corporate Security

Background:

XYZ Corporation is a multinational IT company handling sensitive client data. Recently, they experienced
a cyberattack where hackers accessed confidential customer information.

Security Issues Identified:

1. Weak password policies leading to unauthorized access.

2. No encryption used for sensitive data storage.

3. Employees falling victim to phishing attacks.

4. Lack of regular security audits.

Steps Taken to Improve Security:

1. Implemented Strong Password Policies – Enforced complex passwords and two-factor

authentication.

2. Data Encryption – Secured stored and transmitted data using AES encryption.

3. Employee Training – Conducted security awareness programs on phishing and cyber threats.

4. Regular Security Audits – Performed system-wide security assessments to find vulnerabilities.

5. Incident Response Plan – Established a team to handle security breaches effectively.

Outcome:

 Cyberattacks reduced by 80%.

 No major data breaches after implementing new security measures.

 Employees became more aware of cyber threats and followed security best practices.

Lessons Learned:

 Proactive security measures prevent cyber threats.

 Regular employee training is crucial for maintaining security.

 Continuous monitoring ensures security policies remain effective.

Unit 5

1. Information Security Standards

Q1: What are Information Security Standards? Explain ISO standards for Information Security.

Ans:
Information Security Standards are guidelines and best practices that help organizations protect their
data, systems, and networks from security threats.

ISO Standards for Information Security:

ISO (International Organization for Standardization) provides globally recognized security standards.

1. ISO 27001:

o Defines best practices for an Information Security Management System (ISMS).

o Helps organizations identify, assess, and manage security risks.

o Requires regular audits and continuous improvements.

2. ISO 27002:

o Provides guidelines for implementing security controls.

o Covers areas like access control, cryptography, and network security.

3. ISO 27701:

o Focuses on Privacy Information Management Systems (PIMS).

o Helps organizations comply with data protection regulations (e.g., GDPR).

ISO standards help organizations strengthen security, reduce risks, and comply with legal requirements.

2. IT Act & Copyright Act

Q2: What is the IT Act 2000? Explain its key provisions.

Ans:
The Information Technology (IT) Act 2000 is India’s primary law dealing with cybercrime and electronic
commerce.

Key Provisions of the IT Act 2000:

1. Legal Recognition of Electronic Transactions – Digital signatures and electronic records are
legally valid.

2. Cyber Crime Punishments – Defines penalties for hacking, identity theft, and data breaches.

3. Data Protection & Privacy – Protects sensitive personal information from misuse.

4. Regulation of Cyber Cafés – Ensures cyber cafes maintain records of users.

5. Establishment of CERT-In – The Computer Emergency Response Team (CERT-In) monitors cyber
threats in India.

The IT Act 2000 was later amended in 2008 to address evolving cyber threats.

Q3: What is the Copyright Act? How does it protect digital content?

Ans:
The Copyright Act, 1957 protects original works like books, music, films, and software from unauthorized
use.

Protection of Digital Content:

1. Software Protection – Prevents illegal copying or distribution of software.

2. Online Content Protection – Protects digital books, music, and videos from piracy.

3. Penalty for Copyright Infringement – Fines and imprisonment for unauthorized use of
copyrighted material.

4. Digital Rights Management (DRM) – Controls access to copyrighted content using encryption.

The Copyright Act ensures that creators retain rights over their work and prevent software piracy.

3. Intellectual Property Rights (IPR) & Related Laws

Q4: What is Intellectual Property Rights (IPR)? Explain its importance.

Ans:
Intellectual Property Rights (IPR) are legal rights that protect creative works and innovations.

Importance of IPR:

1. Encourages Innovation – Protects inventors and creators.

2. Prevents Unauthorized Use – Ensures only the owner can benefit from their work.

3. Boosts Economic Growth – Encourages investment in new technologies.

4. Legal Protection – Owners can take legal action against patent or copyright violations.

IPR includes Copyrights, Patents, Trademarks, and Trade Secrets.

Q5: What are the key laws under Intellectual Property Rights (IPR)?

Ans:
India has several laws to protect Intellectual Property (IP):

1. Copyright Law (Copyright Act, 1957)

o Protects original works like books, music, and software.

o Prevents unauthorized reproduction or distribution.

2. Patent Law (Patent Act, 1970)

o Grants exclusive rights to inventors for new products/processes.

o Patent protection lasts 20 years.

3. Trademark Law (Trademarks Act, 1999)

o Protects brand names, logos, and slogans.

o Example: Nike's swoosh logo is trademarked.

4. Semiconductor Law (Semiconductor Integrated Circuits Layout-Design Act, 2000)

o Protects the design of computer chips and circuits.

These laws ensure that innovators and businesses retain exclusive rights over their creations.

4. Cyber Crimes & Cyber Laws in India

Q6: What are Cyber Crimes? Explain different types with examples.

Ans:
A Cyber Crime is a criminal activity involving computers, networks, or digital data.

Types of Cyber Crimes:

 1. Hacking – Unauthorized access to computer systems (Example: Bank account hacking).

2. Identity Theft – Stealing personal information to commit fraud (Example: Using stolen Aadhaar
details).

3. Phishing – Fake emails tricking users into giving sensitive information (Example: Fraudulent bank
emails).

4. Cyber Bullying – Online harassment or threats (Example: Abusive social media messages).

5. Online Fraud – Fake e-commerce websites scamming buyers.

6. Ransomware Attacks – Malware that locks data and demands ransom (Example: WannaCry
attack).

Cyber crimes are increasing, making cyber laws essential for protecting individuals and businesses.

Q7: What are the key Cyber Laws in India?

Ans:
India has several Cyber Laws to address online crimes and digital security.

1. IT Act 2000 – Main law for cyber security, covering hacking, fraud, and privacy.

2. Indian Penal Code (IPC) Section 420 – Deals with online fraud and cheating.

3. Personal Data Protection Bill (PDPB) – Focuses on data privacy and protection.

4. Cyber Security Framework by CERT-In – Issues guidelines for cyber security best practices.

Cyber laws ensure that criminal activities in the digital space are properly addressed.

5. Software Piracy & Software License

Q8: What is Software Piracy? Explain its types.

Ans:
Software Piracy is the illegal copying, distribution, or use of software without a proper license.

Types of Software Piracy:

1. End-User Piracy – Installing software on multiple devices without permission.

2. Counterfeit Software – Selling fake copies of branded software.

3. Internet Piracy – Downloading paid software from unauthorized websites.

4. Softlifting – Using one software license on multiple computers.

5. Client-Server Overuse – Exceeding the allowed number of users in a network.

Software piracy leads to financial losses, security risks, and legal issues.

Q9: What is a Software License? Explain its types.

Ans:
A Software License is a legal agreement between the software developer and the user, defining how the
software can be used.

Types of Software Licenses:

1. Proprietary License – The software is owned by a company, and users need permission to use it
(Example: Windows OS).

2. Open-Source License – Free software with modifiable source code (Example: Linux OS).

3. Freemium License – Basic version is free, but advanced features need payment (Example:
Spotify).

4. Enterprise License – Allows multiple users within an organization (Example: Microsoft Office 365
for companies).

5. Trial License – Free software for a limited period (Example: Adobe Photoshop 30-day trial).