Home >>Information Security Cyber Law Tutorial >Cyber Law & IT Act Overview

Cyber Law & IT Act Overview

Cyber Law & IT Act Overview

Cyberspace

It is possible to describe cyberspace as an intricate environment involving interactions between people, software, and services. It maintains the worldwide distribution of devices and networks for information and communication technology.

Today, with the advantages of technological developments, cyberspace has become a popular pool used by people, businesses, critical information infrastructure, the military and governments in a way that makes it impossible for these various entities to establish clear boundaries. Cyberspace is expected to become much more difficult in the coming years, with the growth in connected networks and devices.

Cyber security

Cybersecurity refers to the technologies and procedures designed to secure computers, networks, and data from cyber criminals' unlawful entry, vulnerabilities, and attacks transported over the Internet.

ISO 27001 (ISO27001) is the international standard for cybersecurity that provides a model for the creation , implementation, function, monitoring , review, maintenance and improvement of an information security management system.

A plan outline called the National Cybersecurity Policy is issued by the Ministry of Communication and Information Technology under the government of India. The aim of this government body is to protect against cyber attacks on public and private infrastructure.

Cybersecurity Policy

The cybersecurity policy is a growth task that caters to the entire area of users and providers of Information and Communication Technology (ICT).
It requires

  • Users at home
  • Small, medium , and large enterprises
  • Entities of government and non-government

It acts as an authority structure that describes and guides cyberspace security-related activities. It helps all sectors and organisations to fulfil their requirements in the design of appropriate cybersecurity policies. To effectively protect information, information systems and networks, the policy provides an outline.

It offers an understanding of the government's approach to cyber space security in the country and its strategy. It also describes several measures to enable collaborative work to safeguard information and information systems across the public and private sectors. Therefore, the objective of this policy is to establish a structure for cybersecurity, leading to comprehensive measures and programs aimed at increasing the security of cyberspace shipping.

Cyber Crime

The term Cyber Crime is not identified or mentioned in the Information Technology Act 2000 or in any legislation in the country. It can be viewed globally as the gloomier face of technology. The only difference between a conventional crime and a cyber crime is that a computer-related crime involves cyber-crime. Let us see the example below to better understand it.

Traditional Theft - A thief breaks into Ram 's house and steals an item kept in the house.

Hacking - A cyber criminal / hacker sitting in his own home, hacks Ram 's computer from his computer, steals the data stored in Ram 's computer without accessing the computer physically or entering Ram 's house.

The terms are described by the I.T. Act, 2000-

  • Computer Network Access in section 2(a)
  • In Section 2(i) of the Computer
  • Network of computer in section (2j)
  • Section 2(0) data
  • Section 2(v) information.

You need to know these laws to understand the definition of cyber crime. In a cyber crime, the object of the offence or target is either the computer or the data contained in the computer.

Nature of Threat

The prevailing and possible threats in the field of cybersecurity are among the most severe challenges of the 21st century. Threats come from all kinds of sources and are characterised by disruptive activities affecting individuals , businesses, national infrastructure, and governments alike.

The implications of these threats express a significant risk for the following -

  • The Public Safety Sector
  • The Security of Nations
  • The Globally Connected International Community Stability

It is easily possible to conceal malicious use of information technology. The origins or the identity of the criminal is hard to determine. It is not even an easy task to find out the motive for the disruption. Only from the goal, the impact, or other circumstantial evidence can the offenders of these activities be worked out. Threat actors can operate from virtually anywhere with considerable freedom.

The causes for disruption may be something like −

  • Showing technical prowess simply
  • Money or information theft
  • State conflict extension, etc.

The origins of these threats are criminals, terrorists, and even the state itself. Different kinds of malicious instruments and approaches are used by criminals and hackers. Every day, with criminal activities taking new shapes, the risk of harmful behaviour propagates.

Enabling People

The lack of user knowledge of information security, which may be a basic school-going kid, a system administrator, a developer, or even a company's CEO, leads to a variety of cyber vulnerabilities.

The awareness policy describes the following measures and initiatives for user awareness, education and training purposes-

  • A complete program of awareness to be promoted at the national level.
  • A comprehensive training program capable of meeting national information security needs (IT security program at schools, colleges , and universities).
  • Improve the efficacy of the prevailing training program for information security. Plan domain-specific program of training ( e.g. Law Enforcement, Judiciary, E-Governance, etc.)
  • Endorse private-sector support for certifications for professional information security.

Information Technology Act

The Government of India has implemented the Information Technology Act with some of the following major objectives -

  • To provide legal recognition, usually referred to as electronic commerce or e-commerce, for transactions via electronic data interchange ( EDI) and other means of electronic communication. The goal was to use substitutions for paper-based methods of information communication and storage.
  • The Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934, and for matters connected with or incidental to it, to promote the electronic filing of documents with government agencies and further to amend the Indian Penal Code.

Consequently, the Information Technology Act of 2000 was enacted as Act No.21 of 2000. On June 9, 2000, the I. T. Act obtained the President 's approval and it became effective on October 17 , 2000. India became the 12th nation in the world to introduce a cyber law regime by adopting this Cyber Legislation.

Mission and Vision Cybersecurity Program

Mission

Cybersecurity is the following task -

  • To protect cyberspace information and information transport infrastructure.
  • To develop capabilities to avoid cyber threats and respond to them.
  • Via a combination of institutional systems, people, processes, technology, and cooperation, to reduce vulnerabilities and minimise damage from cyber incidents.

Vision

To create a cyberspace that is safe and robust for citizens, companies and the government.