Information Security
Information Security
Introduction
Information security is a set of strategies for managing the processes, tools, and policies necessary to prevent, detect, document and counter threats to digital and non-digital information. Information security responsibilities include establishing a set of business processes that will protect information assets regardless of how the information is formatted or whether it is in transit, is being processed or is at rest in storage.
Introduction to Computer Crime
Similar to other various aspects of our lives, major crimes have gone high tech. But it’s important to remember that it’s not the computers that commit crimes - it’s the crime of people that use the computers, and the outcome of their mistake to business and society is huge.
Computer Crime is the name given to any type of electronic fraud, which covers credit and debit cards, electronic funds transfer, software piracy and any other general misuse of a computer system. Some crimes can remain undiscovered for long periods or are never reported at all and many companies that have been victims of fraud are thus unwilling to expose the fact.
The worldwide access to information through computers has let criminals carry out such negative actions without difficulty. Proper security measures, both technical and moral, should be implemented in practice to stop the future disasters that may take place.
Examples of Computer Crime
The following are some examples of computer crime:
Unauthorized use
Altering websites
Denial of service (DoS) attacks
Malicious computer programs: Viruses, hacking
Harassment & stalking Privacy defiance
Virus
A computer virus is malicious code that replicates by copying itself to another program, computer boot sector or document and changes how a computer works. The virus requires someone to knowingly or unknowingly spread the infection without the knowledge or permission of a user or system administrator. In contrast, a computer worm is stand-alone programming that does not need to copy itself to a host program or require human interaction to spread. Viruses and worms may also be referred to as malware.
A virus can be spread by opening an email attachment, clicking on an executable file, visiting an infected website or viewing an infected website advertisement. It can also be spread through infected removable storage devices, such USB drives. Once a virus has infected the host, it can infect other system software or resources, modify or disable core functions or applications, as well as copy, delete or encrypt data. Some viruses begin replicating as soon as they infect the host, while other viruses will lie dormant until a specific trigger causes malicious code to be executed by the device or system.
Types of viruses
File infectors. Some file infector viruses attach themselves to program files, usually selected .com or .exe files. Some can infect any program for which execution is requested, including .sys, .ovl, .prg, and .mnu files. When the program is loaded, the virus is loaded as well. Other file infector viruses arrive as wholly contained programs or scripts sent as an attachment to an email note.
Macro viruses. These viruses specifically target macro language commands in applications like Microsoft Word and other programs. In Word, macros are saved sequences for commands or keystrokes that are embedded in the documents. Macro viruses can add their malicious code to the legitimate macro sequences in a Word file
Overwrite viruses. Some viruses are designed specifically to destroy a file or application's data. After infecting a system, an overwriting virus begins overwriting files with its own code. These viruses can target specific files or applications or systematically overwrite all files on an infected device. An overwriting virus can install new code in files and applications that programs them to spread the virus to additional files, applications, and systems.
Resident viruses. This type of virus embeds itself in the memory of a system. The original virus program isn't needed to infect new files or applications; even if the original virus is deleted, the version stored in memory can be activated when the operating system loads a specific application or function. Resident viruses are problematic because they can evade antivirus and antimalware software by hiding in the system's RAM.
Rootkit viruses. A rootkit virus is a type of malware that installs an unauthorized rootkit on an infected system, giving attackers full control of the system with the ability to fundamentally modify or disable functions and programs. Rootkit viruses were designed to bypass antivirus software, which typically scanned only applications and files. More recent versions of major antivirus and antimalware programs include rootkit scanning to identify and mitigate these types of viruses.
System or boot-record infectors. These viruses infect executable code found in certain system areas on a disk. They attach to the DOS boot sector on diskettes and USB thumb drives or the Master Boot Record on hard disks. In a typical attack scenario, the victim receives storage device that contains a boot disk virus. When the victim's operating system is running, files on the external storage device can infect the system; rebooting the system will trigger the boot disk virus. An infected storage device connected to a computer can modify or even replace the existing boot code on the infected system so that when the system is booted next, the virus will be loaded and run immediately as part of the master boot record. Boot viruses are less common now as today's devices rely less on physical storage media.
Threats
A threat, in the context of computer security, refers to anything that has the potential to cause serious harm to a computer system. A threat is something that may or may not happen, but has the potential to cause serious damage. Threats can lead to attacks on computer systems, networks and more.
Types of threats
a. Malware
b. Computer Virus
c. Trojan Horse
d. Computer Worm
e. Spam
f. Phishing
Cyber and Telecommunication Laws
After the rapid and unregulated initiation of the Internet, cyber law is a new and even growing phenomenon that includes the wide variety of political, societal and legal issues related to the Internet.
The term refers to all the legal and regulatory aspects of the Internet and the World Wide Web. Anything concerned with or related to any legal aspects concerning any activity of citizens and others in Cyberspace (The space within the worldwide Internet) comes within the area of Cyberlaw. As the Internet is growing rapidly, Cyberspace, thus Cyber Law is becoming the preferred subject of a query for the entire world.
The following are some of the scopes that are covered by the boundary of Cyber Laws: Intellectual Property
Digital Signatures System
Computer Crime
Privacy
Freedom of Expression
Jurisdiction
Intellectual Property Law
It presents a set of exclusive rights in relation to the manner in which specific idea or information is expressed. It denotes the definite legal rights that the authors, investors and other Intellectual Property holders may hold an expertise. These laws are designed to protect various forms of intangible subject matters like
Copyright exists in many computer related creative works like software, source code discovery etc.
The patent right exists in software and hardware tasks that let the inventor exploit the invention right for a certain period of time.
Trademark is a distinctive sign that distinguishes the products and software of one business from that of another.
Industrial design right protects the appearance of one business from that of another (spare parts, textures etc).
A trade secret is a confidential information related to the work procedure of the organization.
Computer Crime Law
As the vast use of computers in business, education and personal use are expanding almost like nothing else, similar is the case in computer crimes and cyber faults. Computer crime is growing fast because the evolution of technology is fast, but the evolution of law is slow. While only limited number of nations has passed laws related to computer crime, the situation is an international problem that requires a long-term solution.
Protection measures such as hardware identification, access control software, disconnecting critical bank applications etc should be developed. However, computers don't commit crimes; people do, proper ethical and moral standards should be acted out to reduce the probabilities of fraud.
Jurisdiction Law
The term jurisdiction is synonymous with "power". Any court possesses jurisdiction over the matters only to the extent granted to it by the constitution on behalf of which it functions. The question of whether a given court has the power to determine a jurisdictional question is itself a jurisdictional question.
Digital Signatures
A digital signature is an electronic signature that is used to authenticate the identity of the sender of a message or the signer of a document, to ensure that the original content of the message or document is unchanged.
Cyber Law
Cyber Law is the law governing cyberspace which is a very wide term that includes computers, networks, software, data storage devices, the Internet, websites, emails and electronic devices such as cell phones, ATM machines etc.
Law includes the rules of conduct:
• Which have been approved by the government, and
• That is in force over a certain territory, and
• This must be obeyed by all persons on that territory.
Violation of these rules may lead to government action such as imprisonment or fine or an order to pay compensation.
Cyberlaw includes laws relating to:
1. Cyber Crimes
2. Electronic and Digital Signatures
3. Intellectual Property
4. Data Protection and Privacy
Cyber-crimes are illegal acts where the computer is used either as a tool or a target or both. The huge growths in electronic commerce and online share trading have led to a phenomenal spout in incidents of cyber-crime.
Electronic signatures are used to authorize electronic records. Digital signatures are one type of electronic signature. Digital signatures satisfy three major legal requirements – signer authorization, message authorization, and message integrity. The technology and efficiency of digital signatures make them more truthful than handwritten signatures.
Intellectual property is delegated to creations of the human mind e.g. a story, a song, a painting, a design etc. The similar of intellectual property which relates to cyberspace is covered by the cyber law.
This include:
1. copyright law in relative to computer software, computer source code, websites, cell phone content etc.,
2. software and source code licenses
3. Trademark law with relative to domain names, Meta tags, mirroring, framing, linking etc.
4. Semi-conductor law that relates to the protection of semiconductor integrated circuits design and layouts,
5. Patent law in relative to computer hardware and software.
Computer Ethics
It is a branch of practical principles that deal with how the computer experts should make decisions in regard to the social and professional behavior. The term was first devised by Mr. Walter Maner in mid-70s. But, only since the beginning of the 90s, it started being incorporated in professional and intellectual development sceneries.
With the rapid growth of the Internet, privacy issues, as well as technological concerns, have called into question ethical behavior in technology. The core issues of Computer Ethics incorporate:
Technological impact on the society
Plagiarism
Intellectual property rights
Copyrights
Piracy
Hacking
Internet Pornography & Adult Sites
Harassment & Stalking etc.
Copyrights
At its most general, it is literally "the right to copy" an original creation. In most cases, these rights are of limited duration.
Copyright law covers only the particular form or manner in which ideas or information have been manifested, the "form of material expression". It is not designed or intended to cover the actual idea, concepts, facts, styles, or techniques which may be embodied in or represented by the copyrighted work.
Harassment
It is irritating the defendant by sending obscenities and insulting comments, focusing on gender, race, religion, nationality etc. This often occurs in chat rooms, through newsgroups, and by sending hate e-mail to interested parties.
Hacking
It defined as, "deliberately gaining unauthorized access to an information system" and, in extreme cases, it may amount to industrial espionage or a national security crime when the defendant accesses commercially or nationally sensitive materials.
Types:
1. White Hacking: The hackers motivate the Information Holders to further secure their data by pointing to their flaws without doing any kind of offensive destruction.
2. Black Hacking: The hackers break into other's information system to have an unauthorized access. The terms grey hackers or brown hackers are often used to describe ones, who lie on the borderline of above two. Hacking frequently involves people acting in different states.
Piracy
The theft of software, the copying of licensed software without permission, and software counterfeiting are some examples of piracy. These are not only a matter for the security personnel’s but can also involve customs officers, agencies tasked to protect consumers and holders, and agencies responsible for ensuring that advertising is not misleading.
Privacy
Privacy is the ability of an individual or group to stop information about themselves from becoming known to people other than those whom they choose to give the information. Sometimes it may be voluntarily sacrificed, normally in exchange for perceived benefits, very often with specific dangers and losses.
Plagiarism
It is the use of another person’s work (this could be his or her words, products or ideas) for personal advantage, without proper acknowledgment of the original work, and with the intention of passing it off as one's own work.
It may occur deliberately (with the intention to deceive) or accidentally (due to poor referencing). It encompasses copying material from a book, copying and pasting information from the World Wide Web, receiving help from unauthorized sources on coursework, and copying answers from a fellow student during an examination (presuming the copied work isn’t attributed). Plagiarism and cheating are not the same; cheating takes many forms, including but not limited to deliberate plagiarism.
Internet Pornography
It is pornography (the representation of the human body or human sexual behavior with the goal of sexual stimulation) that is distributed via the Internet, primarily via websites, peer-to-peer file sharing software and through newsgroups. While pornography had been traded over the Internet via individuals in the 1980s and early 1990s, it was the invention of the World Wide Web in 1993 as well as the opening of the Internet to the general public around the same time that led to an explosion in pornography over the Internet.
Ethical Standards
A number of definitive sets of ethics have been developed to restrict the professionals in making harsh decisions and redirect them towards the right behavioral approach. Some of them include:
Association for Computing Machinery (ACM) codes of ethics is a four-point standard that governs the ethical behavior among the computer professionals.
Uniform Computer Information Transaction Act (UCITA) defines a set of standards related to the legal and ethical behavior during the computer contract process.
Click Here to get in pdf form
Thank You !
Thank You !
No comments: