The first appearance of the Internet filled a lot of people with ill-conceived trepidation about this unexplored and new environment. Many saw the net as a precarious and unmanageable place. True there will probably continue to be some areas of cyberspace that it is wise to stay away from, but this sort of circumspection also applies to the real world, and the Internet is overall is as protected an environs to do business in and to buy and sell goods as any other. If it wasn’t, then highly popular sites like Amazon and Ebay would not have reached the successful positions that they have.

            Regrettably, law-breaking on the streets continues to rise in many districts. The World Wide Web, as it gives people the option to shop online, is progressively viewed as a more dependable replacement for the high street. For elderly citizens, or those with frailties, it is a more protected and more functional way to see to business affairs or go shopping. Importantly, kids can commune with their acquaintances online on dark nights without hazarding being out when it’s late.

Qualify now for your FREE information Kit

            In spite of arguments in support of E-commerce a smattering of people will nonetheless view it as a place that is as forbidding as any woodland in an old legend. Realistically it serves as an amenable setting for billions of people daily to socialise in and buy and sell and operate their businesses from.

We need to protect ourselves in any environment and ensuring that online shopping online is transacted via secure servers is advised. Being mindful to patronise only reliable companies to pay for merchandise and services is always wise. But don’t be anxious about the necessity for taking such precautions, this sort of vigilance is no stranger than keeping your bank card’s pin code a secret. It’s just common sense. And keeping safe the passwords we use online is important too – again, this is a sensible safeguard against crime, like keeping our house keys protected.

These days the World Wide Web is appealing to a vast number of people and a large number of companies are choosing to adapt their pre-existing businesses to better function online. Similarly new web businesses are being launched on a daily basis. The verdict is that the Internet is an accepted and effectual virtual workplace, and one which is economical. In today’s fluctuating financial climate that’s a real bonus.

Qualify now for your FREE information Kit

Consequently, if we presume that people are comfortable buying and selling on the Internet (Ebay’s success illustrates this), what’s the best way for success to be augmented and vouched for?

            We all understand that a professionally constructed website really does wonders for a company’s image. The home page signifies the shop front or shop window. Each web page stands for the store’s interior, the place where services wares will be exhibited for sale. The store’s image should be planned to connect with the demographic of the designated customer group. What is the most effective way to attract custom to your internet site? Enlisting professional help brings many bonuses. A lot of people are adept enough to put together an elementary web page, but a wholly functional professional site, customized for a given business, calls for an upper-level of skill. It’s crucial too that a constant flow of visitors find their way to the web site. Even the most marvellous of web sites won’t be recognised unless search results list them as top rank.

One Internet company that aids businesses and works toward them accomplishing success on the net is WSI. WSI has been answering calls to solve corporate business problems online for over ten years and, as the techniques they use have been established to bring obvious results for their customers, they’ve been presented with the honour ‘No. 1 Internet and Technology Solutions Company in the World’. There are two ways that WSI demonstrates how victorious Internet commerce is: By helping business clients arrive at success and, their franchisees (Internet consultants) glean direct payoffs too from having gratifying and fruitful careers. WSI is really one of the companies that encompass the potency of e-marketing and the profits are justly shared: with clients flourishing and franchise holders with the company establishing estimable careers.

With reference to financial surety, the investment required for a WSI franchise is very low-priced, especially when counted against the far steeper costs of other sorts of franchise. WSI also fights against Internet rip-offs and have set up a scam coalition in order to allow people who have had disastrous experiences with Internet companies or bogus businesses to report particulars. By making certain that other people are mindful of the drawbacks of corrupt commercial enterprises, WSI sits at the epicentre of the efforts to defend Internet safety for all those who would like to go shopping, superintend their business or simply spend leisure time online.

           

           

Monitoring and Protection Software

When you have something as serious as child internet safety, parents want nothing but the best internet protection software. However, it may not be an easy task to manage. There are many software programs that claim to be the best one for internet protection.

In order to determine the best one, parents may have to try out several different software programs to see which one suits them. They should go through each one carefully, then make a decision which one best suited their needs.

Some software programs offer a trial version from a few weeks to a month. This way, it helps parents to make a decision without having to buy right away. Even if parents are using a trial, it’s good to have some type of internet protection software program installed.

There are some computers and some internet service providers that have internet protection software programs preinstalled. It’s a matter of the parents activating it when they turn on the computer. These programs are automated to send updates when needed. It’s important that the parents download the updates when they’re announced.

Even when parents decide on a program, it’s imperative that they keep the program updated. Parents can check for updates on their own, but it’s usually not necessary as the updates automatically appear.

Regardless of what internet protection program parents use, it should be operating in the computer at all times.

Parents can use filtering software that protects their child from accessing websites that are not age appropriate. When choosing filtering software, parents should choose one that is easy to install and navigate.

A parent will want to weigh out the pros and cons of using filtering software. They would want to make sure that it will be useful enough for the entire family.

Here are the pros for selecting filtering software:

• The child will not be able to access unauthorized websites (i.e. adult-oriented, gambling, etc.)

• Keeps sexual predators and perverts away from the child.

• The child can get on the internet with out parents by their side. Even with that, parents should still keep an eye out for suspicious activity.

Here are the cons for selecting filtering software:

• Even though filtering software does what it’s supposed to do, it can filter out some legitimate sites also. The parents may have to override some of the websites.

• Parents may not feel like it’s the real thing.

• If a child is technically inclined, they can find a loophole and go through the filters. Then they’ll be able to access sites they have no business accessing.

There are other things about filtering software that parents should know about. All filtering software is created differently. Parents may want to check around before they decide on a final product. Here are some things parents should look for:

• Being able to set time limits. This is especially important for the child. They don’t need to be surfing the internet all day and all night. They can be missing out on important stuff, like doing their homework or having dinner with the family.

• The computer and filtering software should be compatible with each other. The best way to find out is to read the requirements on the software package before buying.

• Whether or not they want user profiles. If they do, parents can create one for everybody in the family. Parents can decide how much the child can access.

• The filtering software should provide regular updates to your computer. This helps to keep the computer free of viruses, spyware and similar items.

• The filtering software should be able to provide parents with information they need to find out what they’re children have been doing online.

The software will also have to be customized as a child gets older. What’s good for a six year old may be out of reach for a twelve year old and vice versa.

Firewall protection is used to block specific websites that you don’t want people to get access to. These websites can be in a number of different categories. The most popular ones are adult-oriented and related sites.

Parents that have children who surf the internet need to have some type of firewall protection on their computer. The thought of a child gaining access to a website that is harmful for them can be frightening.

There are different types of firewall protection. Parents have to choose the one that is best for them and their child. If parents have a computer with Microsoft XP, the firewall protection comes with the operating program.

However, just having this may not be enough for some parents. Some of them may want something that has more features and can do more functions. One of the best kinds to get is one that can block websites on both ends.

This means the firewall should be able to block certain sites trying to get access. It should also check out certain sites that have been accessed.

Whether the parents want firewall protection software that is software-based or hardware-based is up to them. All firewall protection software is made different, and what may work for one parent, may not be suitable for another parent.

If the parents do choose the hardware route, they can get a wireless router that will have a firewall already installed. The parents have to know whether or not this type of hardware with the firewall protection will be adequate enough for them. If the parents find out that it’s not enough, they may have to add additional software for extra security.

However, for the most part, firewall protection made from hardware won’t be needed. The hardware costs more and if you’re not somewhat technically inclined, you may get frustrated trying to install it. When it comes to getting updates for hardware based firewall protection, they’re not as easy to access as software based updates.

For parents, software based firewall protection would be their best bet. It only takes a few minutes to install and doesn’t cost as much as hardware based firewall protection. It is also easy to install and the computer will receive automatic updates.

Depending on the parents’ needs, they may want to go with a single firewall protection product or a combination software product that includes firewall protection.

The parents will have to figure out exactly what they need to monitor their children’s access on the internet. Whether or not it is a single product or a combination product, the important thing is to have the firewall protection installed on the computer.

Cybersitter is a great internet filter to use for your children, whether they are pre-teen or teenagers. The software is parent-friendly and has simple installation. It takes less than 60 seconds to install the software.

The software works by limiting internet access to questionable and adult-oriented websites that may pose harm to children. Cybersitter also allows parents to see what sites their children have visited.

In addition to that, the software provides over 35 subjects that can be filtered. The areas that parents filter out can be updated automatically. There may be times where there are sites that are filtered out accidentally. Parents can override websites that they feel don’t need to be filtered out by the software.

If you child participates in a chat room, adults are allowed to get copies of the conversations. They can get copies from the child’s end and the person to whom they’re speaking with. This can be done by using MSN, Yahoo or AOL Messenger.

With Cybersitter, the parents can determine how much time their children spend on the internet. They can also receive reports via e-mail to let them know which sites their children accessed and if they accessed any chat rooms.

Only people who are authorized to use the software will know it’s there. They will be the only ones that can change the settings, if need be. Parents can use a remote control to install more than one copy of the software. There is one flat fee and free filter file updates are included.

SnoopStick is software used to monitor your child’s internet access. Parents can do this from anywhere they have an internet connection and a computer, whether it’s a desktop or laptop.

The device is made like a flash drive, and it works by inserting it into an available USB drive on the computer you want to monitor. There is a setup installation and the process takes about one minute to complete. This installation contains the secret monitoring used to check on the children’s computer. The device can be removed after installation.

The software takes note of all accessed sites, records all conversations, notes all e-mail addresses for correspondence, and it savvy enough for screenshots. The SnoopStick is then inserted in a computer of the parent’s choice. After everything is set up, it will start compiling the reports they need.

SnoopStick allows parents to look at their children’s activity in real time. They can also download the activity logs for any specified period. There is a camera icon that will allow parents to take a snapshot of any webpage their children have accessed.

If parents decide to let your children know that they’re monitoring their internet access, they can do it in a way that will get their attention. Just like people use pop ups to get people to sign up for their newsletter, parents can use pop ups to let their children know that they’re being watched.

If they’re not doing what they’re supposed to be doing on the computer, parents will let them know with the pop up. This innovative idea would be a good way to let their children know that they’re being watched and that they can’t get away with sneaking around.

Parents also have the authority to shut off internet access to their children. They can also log off anyone and completely shut down the computer. Their children will think something is wrong with the computer when in reality, the parents have put the access in their control.

With the popular emergence of social networking, SnoopStick is designed to deny access to any social networking sites that parents choose. There are also games that parents may not want their children to play. Those can be blocked as well.

The best child internet protection software should be in line with the child’s age and the needs of the parent. Prior to buying, they should discuss their plans with their child. Once their child knows what’s going on, they may start to feel comfortable about coming to their parents with any concerns.

Parents hear the horror stories of children that get caught up online with sexual predators. To ensure that they don’t go through the same thing, they look to monitor their child’s online activity closely. However, is this considered spying on your children? Your children may think so.

In order for them to have the parents’ trust, the parents should lay down guidelines to be followed by the child. They should also let them know that they will be monitoring their online access on a consistent basis.

This can help to bridge the communication and trust gap between parents and their child. The child may not be as inclined to surf for an adult-themed website.

If parents want to find out what their child has surfed for online and don’t wand to spend any money just yet on a software program, there is a simple way where they can snoop on your child with Internet Explorer.

Parents can check the browser to find out what sites their child has visited.

• Go to the View section.

• Then go to Explorer Bar.

• After that choose History and the day you want to look at.

• Then click the page you want to look at.

This is the simplest way to find out what your child has been surfing for online and it doesn’t cost you a dime.

Parents can also use Internet Explorer to block access to some websites.

• Using the Tools section on the browser, go to Internet Options.

• Click the Content tab.

• Within the Content Advisor section, go to Enable.

This will open up the Content Advisor. Now parents can make their selections.

• In the Ratings tab section, parents can select the level that they want for language, nudity, sex and violence.

• In the Approved Sites tab, parents can select sites that block sites that they don’t want their child to look at.

• In the General tab, you can permit or forbid your child to look at unrated sites.

• A Password should be created. For an older child, if they try to access a site that is blocked, they can get access with the password. The parents have the say-so as to whether or not they will allow their child to access the site.

Steve Cownley
http://allsortsofbits.comoj.com/

Information Technology act 2000

The Information Technology Act, 2000 is India’s mother legislation regulating the use of computers, computer systems and computer networks as also data and information in the electronic format. The said legislation has provided for the legality of the electronic format as well as electronic contracts. This legislation has touched varied aspects pertaining to electronic authentication, digital signatures, cybercrimes and liability of network service providers.

Information technology act 2000 deals with various computer systems like

 Electronic forms. (online money transfer, online income tax payment, online application)

 Online transfer of data.

 Online banking

 Storage of data

 Computer Virus

 Hacking

 Emailing.

 Unauthorized access of computer system

The Act provides for:

 Legal Recognition of Electronic Documents

 Legal recognition of Electronic commerce Transactions

 Admissibility of Electronic data/evidence in a Court of Law

 Legal Acceptance of digital signatures

 Punishment for Cyber obscenity and crimes

 Establishment of Cyber regulations advisory Committee and the Cyber Regulations Appellate Tribunal.

 Facilitation of electronic filing maintenance of electronic records.

Before knowing information technology act 2000, one need to know some technical terminology related to computer systems.

Person’s signature on the document is necessary to prove that the document is belonging to him. Signature is the evidence to prove that the document belong to the particular person.

DIGITAL SIGNATURE

Definition 1

A digital signature (not to be confused with a digital certificate) is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document,

Definition 2

A digital signature is basically a way to ensure that an electronic document (e-mail, spreadsheet, text file, etc.) is authentic. Authentic means that you know who created the document and you know that it has not been altered in any way since that person created it.

Uses of digital signature

1. Issuing forms and licences

2. Filing tax returns online

3. Online Government orders/treasury orders

4. Registration

5. Online file movement system

6. Public information records

7. E-voting

8. Railway reservations & ticketing

9. E-education

10. Online money orders

11. Secured emailing

How do you get a Digital Signature Certificate

The Office of Controller of Certifying Authorities (CCA), issues Certificate only to Certifying Authorities.CA issue Digital Signature Certificate to end-user. You can approach any one of the eight CAs for getting Digital Signature Certificate. The website addresses are given below.

a. www.safescrypt.com

b. www.nic.in

c. www.idrbtca.org.in

d. www.tcs-ca.tcs.co.in

e. www.mtnltrustline.com

f. www.icert.gov.in

g. www.ncodesolutions.com

h. www.e-Mudhra.com

Different Classes of Digital Signature Certificates

Class 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.

Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user’s name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.

Class 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.

Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.

[Sec 5] legal recognition of the digital signature

According to this section, signature of the person need no to be in writing, it can be in the form of the following.

 With rubber stamp

 With pen

 With pencil

 With thumb impression

 With digital signature which is issued by the certifying authority (government body) and stored in the computer in the file format

Digital signature is not like hand writing signature. It is not normally readable. Not like general hand writing signature. Digital signatures have equal legal recognition compared with non-digital signatures. Digital signature will be different for each e document.  Digital signature is issued by the certifying authority.

Sec 15

According to this section

 digital signature is secure

 Digital signature will be used as identification of the subscriber.

License procedure of the digital signature certificate

Section 2 (q) “Digital Signature Certificate” means a Digital Signature Certificate issued under subsection (4) of section 35;

Sec21

Any person can apply for the digital signature certification having certain qualification prescribed by government under the act.

Sec22 application

 Any person can apply for digital signature with filling of application.

 Any other documents attached if needed, should be genuine

 Fee of rupees 2500/-

[Sec23]

License can be renewed before the 45 days of expiry date of 5 years. Renewal fees is 5000/-. After the expiry of the date, late fee will be collected in addition to the renewal fee.

[Sec25]

According to this section license will be cancelled if the applicant provides any false information

DIGITAL SIGNATURE

Section 2 (p) “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;

Authentication of electronic records. [Sec 3]

According to this section any person can use and affix his digital signature to the electronic record (message or data on computer) to prove/ confirm (authenticate) such electronic is created by him

only and belong to him only. Affixing digital signature to the electronic record will be a proof that belongs to a specific person.

“Electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche; [Sec 2(t)]

[sec3 (2)]

This section deals with the computer online process of sending data or message securely and safely from sender to the receiver. And also deals with the assuring of message or data to receiver and sender.

Section 2 (f) “asymmetric crypto system” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;

Cryptographic system

Cryptographic mechanism process done by the computer system.

 The message or data send out will be encrypt by a cryptographic mechanism. (the procedures and methods of making and using secret languages, as codes)

  Cryptographic mechanism includes private key and public key which are cryptographic methods provided certifying authorities. (Private Key encryption is essentially the same as a secret code that the two computers must each know in order to decode the information. The code would provide the key to decoding the message)

(To decode an encrypted message, a computer must use the public key provided by the originating computer and its own private key.)

 Public key and private key or both mathematically related to each other.

 Therefore private key is being used to encode the data/message and a public key is being used to decode the data/ message.

 Private key will be with sender only

 Private Key with public will be with sender.

  Public will be with receiver of data or message.

Hash function=checksum/message digest

Hash function process is done by the computer system

Hash function which mean algorithm is a mathematical function/formula that converts a large, possibly variable-sized amount of data into a small datum. This is called as hash result and message digest.

 To sign a document, sender by software will crunch down the data or message into just a few lines by a process called “hashing algorithm/ hash function”. These few lines are called a message digest/ hash result.

 Any modification in message or data changes the hash result.

 With the hash result we cannot construct the original message or data.

Digital signature verification.

 Sender by software then encrypts the message digest with his private key. The result is the digital signature.

 Finally, sender software attaches / affixes the digital signature to data or message. All of the data that was hashed has been signed.

 Receiver by software will decrypts the signature (using sender public key) changing it back into a message digest.

 If this worked, then it proves that sender has only signed the document, because only sender has his relating private key.

 Receiver by software then hashes the data or message into a message digest/ hash result. If the message digest/ hash result is the same as the message digest created when the signature was decrypted, then receiver knows that the signed data has not been changed.

[A digital signature is another means to ensure integrity, authenticity, and non-repudiation. A digital signature is derived by applying a mathematical function to compute the message digest of an electronic message or document, and then encrypt the result of the computation with the signer's private key. Recipients can verify the digital signature with the use of the sender's public key.]

How It Works

Assume you were going to send the draft of a contract to your lawyer in another town. You want to give your lawyer the assurance that it was unchanged from what you sent and that it is really from you.

1. You copy-and-paste the contract (it’s a short one!) into an e-mail note.

2. Using special software, you obtain a message hash (mathematical summary) of the contract.

3. You then use a private key that you have previously obtained from a public-private key authority to encrypt the hash.

4. The encrypted hash becomes your digital signature of the message. (Note that it will be different each time you send a message.)

At the other end, your lawyer receives the message.

1. To make sure it’s intact and from you, your lawyer makes a hash of the received message.

2. Your lawyer then uses your public key to decrypt the message hash or summary.

3. If the hashes match, the received message is valid.

ATM CARDS

 The Private Key is generated in the crypto module residing in the smart card.

 The key is kept in the memory of the smart card.

 The key is highly secured as it doesn’t leave the card, the message digest is sent inside the card for signing, and the signatures leave the card.

 The card gives mobility to the key and signing can be done on any system. (Having smart card reader)

[Sec 40]

Subscriber will generate the key pair (public key and private key) by certain security process by through the controller of certifying authorities  Public key with hash algorithm is listed in the digital signature certificate for verification process. Private Key is kept secret.

[Sec  35]

Certifying Authority to issue Digital Signature Certificate.

(1) Any person may make an application to the Certifying Authority for the issue of a Digital Signature Certificate in such form as may be prescribed by the Central Government

(2) Every such application shall be accompanied by such fee not exceeding twenty five thousand rupees as may be prescribed by the Central Government, to be paid to the Certifying Authority:

Provided that while prescribing fees under sub-section (2) different fees may be prescribed for different classes of applicants’.

(3) Every such application shall be accompanied by a certification practice statement or where there is no such statement, a statement containing such particulars, as may be specified by regulations.

(4) On receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the certification practice statement or the other statement under subsection (3) and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the application: Provided that no Digital Signature Certificate shall be granted unless the Certifying

Authority is satisfied that—

(b) the applicant holds the private key corresponding to the public key to be listed in the Digital Signature Certificate;

(c) the applicant holds a private key, which is capable of creating a digital signature;

(d) the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the applicant: Provided further that no application shall be rejected unless the applicant has been given a reasonable opportunity of showing cause against the proposed rejection.

ELECTRONIC GOVERNANCE

(E-Governance or e-gov is broadly defined as an “application of Information technology to the functioning of the Government”. E-gov relies heavily on the effective use of Internet and other emerging technologies to receive and deliver information and services easily, quickly, efficiently and inexpensively.)

Sec 6

Government can file, create, use of electronic records in certain format for issue license, permits, any approval, receipt and payment of money.

Sec 7

Electronic records should be stored in the format which they were created and also information in electronic records should not be altered. They should be stored for the specific period for the future reference whenever needed

Sec 10

According to this section central government has power to make rule in respect of digital signatures

 Type of digital signature

 Format of digital signature

 Procedure which facilitate identification of the person affixing the digital signature

 Control on the security and confidentiality of the electronic records.

Acknowledge of receipt

Sec12

Addressee should indicate sender on the receipt of the electronic record. If acknowledgement is not received by the sender, it is deemed that electronic record is not send Eg: email

Sec13

If Addressee has designated the specific computer source for the receipt of the electronic record eg: email address. In such case electronic record is deemed to be receipt by addressee. If the addressee has not designated the any specific computer to the sender eg: email. It is deemed to receipt when the addressee retrieve the information.  Retrieve of information can be done from home or at the business place.

Sec 17

Central government appoints the controller of certifying authorities for the purpose of this act, they discharge their function according to this act.

Function of the controller

Sec 18

(a)  exercising supervision over the activities of the Certifying Authorities;

(b)  certifying public keys of the Certifying Authorities;

(c)  laying down the standards to be maintained by the Certifying Authorities;

(d)  specifying the qualifications and experience which employees of the Certifying Authorities should possess;

(e)  specifying the conditions subject to which the Certifying Authorities shall conduct their business;

(f)  specifying the contents of written, printed or visual materials and advertisements that may be  distributed or used in respect of a Digital Signature Certificate and the public key;

(g)  Specifying the form and content of a Digital Signature Certificate and the key,

(h) Specifying the form and manner in which accounts shall be maintained by the Certifying Authorities;

(i) Specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them;

(j) Facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems;

(k) Specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;

(l) Resolving any conflict of interests between the Certifying Authorities and the subscribers;

(m) Laying down the duties of the Certifying Authorities;

(n) Maintaining a data base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.

Sec 19

According to this section Digital signatures by foreign certifying authorities is not valid in the our country

Sec 20

Controller will be the custodian of all the digital signatures certificates issued under this act. He has to store and retrieve certificates and other Information in need.

Sec 28

Controller has power to investigate in any person and things go opposite to the act. He can inspect records of company and seize.

Sec 28

If the controller is under the doubt and have suspect, he can check the computer system, computer networks, data, apparatus and other material connected to the computer system.

Duties of subscriber

[Sec 40]

 Subscriber should generate key pair, private key and public key.

 Subscriber should hold the private key

 Subscriber should take care about the private key which he holds

 Private Key hold with him should have relationship with the public key affix in the digital signature certificate.

 Subscriber only should affix the digital signature

[Sec 43]

Any person without the permission of the owner should not do the following activities

(a) Should access the computer system or computer network.

(b) Should not download the data or make copies of it.

(c) Should not introduce virus in to the computer system

(d) Should damage the computer system or network or nay computer program.

(e) Should not cause disruption to computer system or its network.

(f) hacking

(g) Should not help/ assist any person to affect the computer system or computer networks.

(h) Should not manipulate the computer system or computer network.

Penalties

Sec 44 penalties

Any person who ever fails to provide required document by the certifying authorities, such person is liable for penalty up to 150000/-.

Any person who ever fails to provide required information by the certifying authorities, such person is liable for penalty up to 5000/-.

Any person who ever fails to maintain records and account books, such person is liable for penalty up to 10000/-.

[Sec45] Any person who disobey or be oppose to this law or act shall be liable for penalty of 25000/-.

Adjudication officer

[Sec 46]

Deals with appointment of adjudication officer by central government, who have experience in field of information technology, for the purpose of holding enquiry on the matters like violation of rules of the act, etc. he can impose penalty or award compensation.

Cyber regulation appellate tribunal

[Sec48]

Deals with the establishment of cyber regulation appellate tribunal for the purpose of supervising the adjudicating officer

[Sec 49]

Appellate tribunal consists of one presiding officer who is having technical knowledge and legal back ground

[Sec 50]

Presiding officer should have certain qualification like

 Qualified to be the high court judge

 Or has been member of Indian legal services hold post in grade 1 for at least 3 years.

[Sec 51]

Presiding officer term of office is 5 years or until he attains age of 65 years. Whichever is earlier.

Sec 56

There shall be necessary employees in cyber appellate tribunal appoint by the central government.

[Sec 57]

Any person aggrieved by controller or adjudicating office can appeal to the cyber regulation appellate tribunal in reasonable time/period.

[Sec 58]

Cyber appellate tribunal shall have certain power like

 Summoning the person

 Examining the witness

 Receiving the evidence

 Examining the documents and the electronic records, etc.

[Sec 62] appeal to high court

Any person aggrieved with cyber appellate tribunal can appeal to the high court with in sixty days or in case of delay, by showing sufficient case.

Offences like hacking, publish prone or immoral websites

[Sec 65]

Any person intentionally destroys or disturbs the computer source code (computer program), computer system computer network and unethical hacking of computer.

 Shall be punishable up to 3 years of imprisonment.

 Or fine up to 2 lakhs

 Or with both

[Sec 65]

Any person who ever publishing prone websites in photos format or in text format or immoral websites , shall be liable for punishment of 5 years of imprisonment and with fine of 1 lakh rupees. If it is repeated for second time punishment 10 years of imprisonment and fine with 2 lakhs rupees.

[Secs 73, 74, 75]

Any person illegally creates, publish or misuse digital signature certificate, shall be punished with 2 years of imprisonment or with fine of 1 lakh, or both.

Power police office and officer and other officer

[Sec 80]

Police officer above the rank of deputy superintendent of police has power to search suspicious places. And can arrest suspected persons.

Organized crime seems too be extremely active in the scam known as “phishing” in which they send emails under the guise of being a financial institution or other legitimate organization. In the email they ask unsuspecting victims to verify personal information such as account numbers and passwords. They will target home users who have become the weakest link and they target their victims much more closely than before, by tracking down full names and personal interests. They also skim social networking sites and personal websites where most people have left a digital footprint that can be mined. According to research scientist, Ollie Whitehouse, “Organized crime is here and they are very interested in phishing. They target home users who have become the weakest link,”

Cybercriminals are increasingly trying to trick citizens into giving them their bank account details, according to a published survey which showed such “phishing” attempts almost doubled in the first six months. Over 157,000 unique phishing messages were sent out around the world in the first half of 2006, an increase of 81 percent compared with the six-month period to end-December 2005. Each message can go to thousands or hundreds of thousands of consumers, according to the bi-annual Internet Security Threat Report from security software vendor Symantec.

Another trend in the first half of the year is that phishers have become more sophisticated, dodging spam filters and other defense mechanisms designed by service providers and software companies to keep out the criminals.

How much financial damage phishers have caused is unclear and usually at an individual level, which is why phishing does not get the same media attention as “denial of service attacks” aimed to take out a specific web site, or email worms which can shut down millions of computers in a digital equivalent of a carpet bombing. The Internet is still under fire from such attacks, taking about 6,110 different denial of service hits every a day, but unlike a few years ago they cause less damage.

“A successful ‘denial of server’ attack or worm can have ramifications far beyond phishing. Worms have taken down electricity grids. That’s why critical infrastructure is now much more resilient. Information technology managers are better prepared and networks are more robust,” Mr. Whitehouse further stated.

Increased focus on security, and a willingness from software companies to own up to their mistakes has dramatically cut down the time that computers are at risk, Symantec found. For example, Internet Explorer, the world’s most popular browser from Microsoft, has cut the number of days in which hackers can exploit a security flaw to nine days from 25 days six months earlier. Security holes in browsers from Opera and Mozilla Firefox are patched within two days and one day respectively.

Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.

They leave you with three choices:

1. Do nothing and hope their attacks, risks, and threats don’t occur on your computer.

2. Do research and get training to protect yourself, your family, and your business.

3. Get professional help to lockdown your system from all their attacks, risks, and threats.

Remember: When you say “No!” to hackers and spyware, everyone wins! When you don’t, we all lose!

© MMVII, Etienne A. Gibbs, MSW, Internet Safety Advocate and Educator

CCITO, India under Raj. B. Lonsane’s stewardship is set to launch cyber crime prevention and information security governance for Indian IT Industry. Raj. B. Lonsane says that proper information security governance is imperative in achieving optimum data protection and prevent operational discontinuity. According to Raj. B. Lonsane, the benefits of realistic information security governance are considerable. When an organization is known for best practices in information security governance, stocks and shares of the company readily achieve significant increase in value. Besides an increase in goodwill, security governance provides operational and administrative fluidity by increasing predictability and reducing uncertainty of business operations.

Raj. B. Lonsane opines that this is the result of lowering inherent risks in information security to foreseeable and tolerable limits. Containment of security threats to predictable and acceptable levels significantly helps in effective allocation of limited security resources without compromising ability to prompt incidence response related to information security threats. An effective security policy is being assured along with its compliance enhancing ability to protect sensitive information during crucial business negotiations such as mergers or acquisitions.

According to Raj. B. Lonsane, effective information security governance adds value to the organisation by increasing level of assurance in decision making based on predictable outcomes which in turn improve customer and trading partner relationships due to low probability of a confidentiality breach. It also helps in developing new ways and means for executing electronic transactions and mitigating risk in process disruptions thereby reducing cost of operations.

Well organised information security governance provides protection from potential claims or legal liabilities that may result from negligence or absence of due diligence, increase ability in responding swiftly to security incidences. Raj. B. Lonsane says that prompt and credible responses to regulatory compliance notices or queries can help in protecting and maintaining organisation’s reputation and avoid damages due to non availability of sufficient information or delayed response.

Raj. B. Lonsane believes that CCITO, India can lead the path towards effective and realistic information security governance for preventing cyber crimes by insiders. With help of Information Technology professionals specialising in information security Raj.B.Lonsane has invited to join Cyberhawk India’s venture and by collaborating with the major players such as public and private sectors, state authorities and law enforcement agencies Raj. B. Lonsane expects to achieve his goal.

The Mission of the CCITO, India is to spread Awareness about Cyber Crime, Impart Training to the Police Departments and The Law Enforcement Agencies and also offer services to the Corporates for prevention of cyber crimes from Insiders.

Raj B Lonsane is a founder member of CCITO, India formed in collaboration with professionals from the IT and Cyber Crime domain with the specific intention of imparting awareness on cyber crimes and cyber laws, Obviation of cyber crimes by insiders, assistance to fight cybercrimes with the help of respective cyber cells, law enforcement agencies and other concerned players.

The other directors of the company are Divyendu Chandurkar, Ex Director, TechDefence, Nashik, Sneha Hire, Ex Director, TechDefence, Nashik. On board also are International Cyber Crime investigators, Cyber Law Advocates including international law firms, Labour law Advocates, Clinical psychologists and Corporate trainers.