2. Cyber Theft: It is the use of computers and c in electronic format. It is a popular cyber crime becau. through little efforts so it is the most common and most repported of all the cyber crimes.
3. Unauthorised Use at Work: Use of computers and organisations to carry on their business and also by the employ The unauthorised use of computer systems and networks is also called as range from doing private consulting, personal finances or playing video games to unau the Internet on company networks. The other for software downloading, message boardposting, unauthorised blogging, etc. Transmission of confidential data, pornography, leisure use of Internet, usage of external Internet service providers, etc. are the different forms of Internet abuses at work place.
4. Piracy: It is an act of copying, selling, distributing, acquiring or transferring the software or other intellectual property by any method. Software piracy and piracy of intellectual property are the two types of computer-based piracy.
5. Computer Viruses: These are parasitic programs that infects other programs which are called hosts. The virus modifies the host to infect the host program so that it contains a copy of the virus. The different types of viruses are:
(a) Macro-viruses: It spreads by infecting documents and is often present into common application programs.
(b) Network Viruses: They spread through LAN and sometimes throughout the Internet. These viruses multiply through shared resources like shared drives and folders.
(c) Logic Bombs: It is a piece of code that is inputted into a software system.
(d) Boot Sector Viruses: They hide in the boot sector either in the bootable disk or the hard drive and hampers the hard disk itself.
(e) Multipartite Viruses: They spread through infected media and usually hide in the memory.
6. Computer Worms: The programs that reproduce, execute independently and travel across the network connections are computer worms. They are skilled in doing an entire series of damage like slowing down the system, stop working of critical programs. Common types of Cyber computer worms are:
(a) E-mail Worms: They spread via infected e-mail messages cyberspace either to distribute through any form of attachment or link.
(b) Internet Worms: They scan all available network resources using local operating system services and scan the Internet for vulnerable machines.
(c) Instant Messaging Worms: They spread via in to infected websites to everyone on the local contact List.
(d) IRC Worms: They spread through chat channels by sending infected files or linke websites.
(e) File Sharing Network Worms: They copy itself into on the local machine.
MBA Steps to Prevent Cyber Crime in Information System
These are as follows:
1. Encryption of data protects data and other computer network resources especially Internet, Intranet & Extranet.
2. A firewall implements a security policy that defines the services and access to be permi various users.
3. Intrusion detection systems detect specific attack signatures and filter them out.
4. Antivirus protection is needed to defense from the malicious softwares like worm or to horse.
5. The most popular e-mail servers include Microsoft exchange and Q-mail antivirus functional that requires updation.
Long Question Answer Study Material Notes MBA 1st Semester For Applications
Q.4. Discuss about the ethical challenges of IT.
Or Discuss the important aspects of the security, ethical and societal dimensions of the use of IT in the business. (2013-14)
Ans. Ethical Challenges of IT: It has major impacts on society and so it raises ethical issues in the areas of crime, privacy, employment, health and working conditions. The important aspects of security and ethics in business are as under:
1. Cyber Crime or Computer Crime: It is a growing threat to society that is caused by the criminal or irresponsible actions of individuals who are making maximum use of computers and the Internet. It is a criminal activity where a computer is the source or tool for crime. Computer crime includes unauthorised use or access of hardware, software, data or network resources, unauthorised copying of software, unauthorised release of information or using computer or network resources illegally.
2. Privacy: It is the wish to remain unnoticed or unidentified in the public domain. It is the degree to which private information exposed depends on how the public will receive this information. Privacy may be invaded by:
(a) unreasonable intrusion upon person’s privacy.
(b) public disclosure of private facts.
(c) characterising a person publicly.
Unauthorised use or mistakes in the computer matching of personal data is a controversial threa to privacy.
3. Employment Challenges: The impact of IT on employment is a major ethical concern is related to the use of computers. It can influence employment by affecting the total number o altering the skill mix of jobs through changes in occupational demand and altering the skill mix of through changes in the skill content of occupations without changing occupational distribution.
4. Challenges in Working Conditions: IT has eliminated various critical tasks in the office waste on factory that were earlier performed by people. In other instances, this allows people to conce more challenging and the interesting assignments, upgrades skill level of the work to be perform creates challenging jobs that require highly developed skills in computer industry.
5. Challenges to Individuality: Computer-based systems are criticised as impersonationships which depersonalise the activities which are computerised as they eliminate human present in non-computer systems. Many e-business systems h depersonalisation and regimentation. The widespread use of na proved the development of people-oriented and personalised information systems.
6. Health Issues: The uses of IT led to the emergence of vario causing health problems like job stress, damaged arms and neck muscles, eye strain and even death by can be used to solve human and social problems through societal solutions, such as medical diagnosis, computer assisted inastruction, enforcemental quality and control and law enforcement.
Occupational safety and health is a cross disciplinary area that is concerned with protecting thfe safety, health and welfare of people engaged in work or employment. It aims at the promotion an maintenance of highest degree of social well-being of workers in all occupations and their protection from risks which result from factors affecting health. In this regardd, there is a study called Ergonomics which refers to scientific discrpline developed for concentrating on factors governing health and safety laws and guidelines.
Q.5. What are the different security tools?
Ans. Security Tools: Different security tools are used to check the of these tools are:
1. Firewalls: It is a software or hardware that allows only those external
users which have specific characteristics to access a protected network. It works by establishing a barrier between network and the external Internet. It is an approach to implementing a security policy which defines the services which are to be permitted to various users. A firewall implements an access policy by forcing connections to pass through them.
2. Virtual Private Networks (VPNs): It is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some of the larger networks. A VEN 15 a private network that uses a public network to connect the remote sites together. It uses virtual connections routed through the Internet from company’s private network to a remote site.
3. Encryption: It is an important way to protect data and other computer network resources especially on the Internet, Intranet and also Extranet. It involves using mathematical algorithms to transform digital data into a scrambled code before they are transmitted and to decode the data when they are received. The method which is mostly used makes use of a pair of public and private keys that are unique to every individual.
4. Authentication: It is the process by which the identity of an entity is established. The entity is declared authentic when presented credentials are valid and sufficient. Authentication does not determine which entities should be given access but only verifies that an entity is the claimed one. The rights to resources can be assessed only when the entity is authenticated.
5 Intrusion Detection System: It is a software or a hardware designed in order to detect unwanted attempts for accessing, manipulating or disabling the computer systems mainly through a network. These attempts can be in the form of attacks and IDs cannot detect them directly. This system assess system and file integrity and analyse system configurations and vulnerabilities.
6. Antivirus: These are the program codes which introduce malicious logic into the computer stems. These softwares are specifically written to defend a system against the threats that malware Microsoft strongly recommends these softwares as they defend the computer systems against types of malwares and not only the viruses. So, antivirus protection is needed to get defense against these malicious softwares.
7. E.mail Monitoring: E-mail is the most exploitable point of entry to insert destructive data into omnuter systems by the hackers. E-mail attachments are also a potential source of viruses. The onular mail servers support antivirus functionality which is to be updated time-to-time.
8. Denial of Service Defenses: These cause direct or indirect harm to the organisation’s systems. fed a server with unlimited requests so that it doesn’t have the resources to service any other valid requests. The server tries and respond to every request but is unable to deliver the response because it is unreachable. Thus, one infected system could infect other systems leading to a wide sdcale of infected systems. So, precautions must be taken at the victims ISP or at the victim’s website.
Long Question Answer Study Material Notes MBA 1st Semester For Applications
Q.6. Write a note on 1. Cyber Laws, 2. IT Act 2000
Ans. 1. Cyber Laws: In simple way, we can say that cyber crime is unlawful act wherein the computer is either a tool or a target or both. Cyber crimes can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are subject to the Indian Penal code. The abuse of computers has also given birth to a gamut of new age dcrimes that are addressed by the information Technology Act, 2000
We can categorise cyber crimes in two ways:
1. The Computer as a Target: Using a computer to attack other computers, w.g. Hacking, Virus/ Worm attacks, DOS attack, etc.
2. The Computer as a Weapon: Using a computer to commit real world crimes. Po Cyber Terrorism, IPR violations, Credit card frauds, EFT frauds, Pornography, etc are crimes regulated by cyber laws or internet laws.
MBA Notes For Technical Aspects
Technological advancements have created new possibilities for criminal activity, in particular the criminal misuse of information technologies such as:
1. Unauthorised Access & Hacking: Access means gaining entry into, instructing or communicating with the logical, arithmetical or memory function resources of a computer, computer system or computer network. Unauthorised access would therefore mean any kind of access without the permission of either the rightful owner or the person in charge of a computer, computer system or computer network
2. Trojan Attack: The program that act like something useful but do the things that are quiet damping. The programs of this kind are called as Trojans.The name Trojan Horse is popular. Trojans come in two parts, a client part and a server part. When the victim (unknowingly) runs the server on its machine, the attacker will then use the client to connect to the server and start using the trojan.TCP/ IP protocol is the usual protocol type used for communications, but some functions of the trojans use the UDP protocol as well.
3. Virus and Worm Attack: A program that has capability to infect other programs and make copies of itself and spread into other programs is called virus. Programs that multiply like viruses du spread from computer to computer are called as worms.
4. E-mail & IRC Related Crimes: Some E-mail and IRC related crimes are:
(a) E-mail Spoofing: E-mail spoofing refers to e-mail that appears to nail that appears to have been originale one source when it was actually sent from another source.
(b) E-mail Spamming: E-mail spamming refers to sending an email to thousands of users to a chain letter.
(c) Sending Malicious Codes Through E-mail: E-mails are used to send viruses, through emails as an attachment or by sending a link of website which code.
(d) E-mail Bombing: E-mail bombing is characterised by abusers repeatedly sending an e-mail message to a particular address.
(e) Sending threatening e-mails.
(f) Defamatory e-mails.
(g) E-mail frauds.
(h) IRC related.
5. Denial of Service Attacks: Flooding a computer resource with more requests tha This causes the resource to crash thereby denying access of service attempts to ‘Flood’ a network, thereby preventing legitimate
service to authorised users. Exa
ate network traffic, attempt
S than it can handle s. Examples include tempts to disrupt
connections between two machines, thereby preventing access to articular individual from accessing a service, attempts a particula person,
6. Distributed DoS: A distributed denial of service (DoS) a Internet to break into computers and using them to attack a network. Hundreds or thousands of system or website.
Types of DoS: There are three basic types of attacks:
1. Consumption of scarce, limited or non-renew time. Even power, cool air or water can affect.
2. Destruction or alteration of configuration information
3. Physical destruction or alteration of network components
2. IT ACT 2000
The Government of India enacted the Information Technology (I.T.) Act with some major objectives
acintate lawful electronic, digital and online transactions and mitigate cyber-crimes.
Salient Features of IT Act: The salient features of the 1.T Act are as follows:
1. Digital signature has been replaced with electronic signature to make it a more technology neutral act.
2. It elaborates on offenses, penalties and breaches.
3. It outlines the Justice Dispensation Systems for cyber-crimes.
4. It defines in a new section that cyber cafe is any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.
5. It provides for the constitution of the Cyber Regulations Advisory Committee.
6. It is based on the Indian Penal Code, 1860, The Indian Evidence Act, 1872, The Bankers’ Books
Evidence Act, 1891, The Reserve Bank of India Act, 1934, etc.
7. It adds a provision to Section 81, which states that the provisions of the Act shall have overriding effect. The provision states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.
Scheme of IT Act
The following points define the scheme of the I.T. Act: 1. The LT. Act contains 13 chapters and 90 sections.
2. The last four sections namely Sections 91 to 94 in the LT. Act 2000 deals with the amendments to the Indian Penal Code 1860, The Indian Evidence Act 1872, The Bankers’ Books Evidence Act 1891 and the Reserve Bank of India Act 1934 were deleted.
3. It commences with preliminary aspect in Chapter 1, which deals with the short, title, extent. commencement and application of the Act in Section 1. Section 2 provides definition.
4. Chapter 2 deals with the authentication of electronic records, digital signatures, electronic signatures, etc.
5. Chapter 11 deals with offences and penalties. A series of offences have been provided along with punishment in this part of the atc.
6.Thereafter the provisions about due diligence, role of intermediaries and some miscellaneous provisions are being stated.
7. The act is embedded with two schedules. The first schedule deals with documents or transactions to which the act shall not apply. The second schedule deals with electronic signature or electronic authentication techniques and procedure. The third and fourth schedule are omitted.
Applicatiokn of the I.T Act
As per the sub-clause (4) of section 1, nothing in this act shall apply to documents or transactions specified in first schedule. Following are the documents or transactions to which the act shall not apply:
- Negotiable Instrument (Other than a cheque ) as defined in Section 13 of the Negotiable Insturments Act, 1881;
- A power-of-attorney as define in Section 1A of the Powers-of-Attorney Act, 1882;
- A turst as defined in Section 3 of the Indian Trusts Act, 1881;
- A will as defined in Clause (h) of Section 2 of the Indian Succession Act, 1925 including any other testamentary disposition;
- Any contract for the sale or conveyance of immovable property or any interest in such property;
- Any such class of documents or transactions as may be dnotified b the Central Government.