ST-03 Syllabus Cyber Security BCC 401

Unit 5 Important Question

Q.1 Objective and Scope of the Digital
Personal Data Protection (DPDP)Act
2023.
Digital Personal Data Protection Act 2023 (DPDPA) is a landmark legislation that
aims to safeguard the privacy of individuals in the digital age. Law is a meticulous
blend of recognition of the rights of individuals and the need for processing of
data.

(i) Data Safety and Privacy of individuals

(ii) 5 July 2023 Union Cabinet (Government of India) Approve
(iii) Aug 2023 Indian Parliament passed the Digital Personal Data Protection (DPDP) Act, 2023.
(iv) Act came into effect on September 1, 2023,
(v) The schedule to the Bill specifies penalties for various offences such as up to. Penalties will
be imposed by the Board after conducting an inquiry.
(i) Rs 200 crore for non-fulfilment of obligations for children
(ii) Rs 250 crore for failure to take security measures to prevent data breaches.

Principles DPDP (Digital Personal Data Protection Act 2023.

Bill is based on the following seven principles:

1.Principle of purpose limitation

Use of personal data only for the purpose specified at the time of obtaining consent of the
Data Principal.

2. Principle of consented, lawful and transparent use of personal data

3. Principle of data minimisation

Collection of only as much personal data as is necessary to serve the specified purpose

4. Principle of data accuracy

Ensuring data is correct and updated

5. Principle of storage limitation

Storing data only till it is needed for the specified purpose

6.Principle of reasonable security safeguards

7. Principle of accountability
Through adjudication of data breaches and breaches of the provisions of the Bill and
imposition of penalties for the breaches.

Q.2 Overview of Intellectual Property Right(IPR).

Intellectual property Right (IPR)
Intellectual property rights are the rights given to persons over the creations of their minds.
Intellectual property is a category of property that includes intangible creations of the human
intellect. There are many types of intellectual property, and some countries recognize more
than others. The best-known types are patents, copyrights, trademarks, and trade secrets.
Intellectual property rights (IPR) have been defined as ideas, inventions, and creative
expression
Q.3 Discuss About Patent, Copyright, Trademarks, Trade Secret.

Patent-
Protects inventions that are novel, original, and distinct and that have an industrial value.
1. Patent Act 1970 governs patent filing and prosecution in India, and The Patent Rules
2003
2. Patent protects inventions
3. Patent protects an invention for 20 years
4. After 20 Years Patent cannot be renewed beyond that.
5. Patent application is INR 1600/- for an individual applicant.
6. Official Website Patent filing https://www.ipindia.gov.in
7. Patent can be filed either in Hindi or English.
8. Patent Head Office at Kolkata and its Branch Offices at New Delhi, Mumbai and
Chennai.
9. No age restriction for filing and application for patents
10. Patent application filing 80211 in2022-23
11. Top filing States Tamil Nadu, Maharashtra, Uttar Pradesh

Copy Right
It helps protect the creator of the original material so that no one can duplicate or use it
without authorization
1. Copy Right Act 1957 governs patent filing and prosecution in India.
2. Copy Right Head Office at Delhi.
3. Copy Right application filing 29466 in2022-23.
4. Copyright is the right of an owner of a work to control.
5. Copyright is the original works of authorship Such as software, dramatic,
musical, artistic, cinematograph films and sound recording.
6. Copy Right filling Life of Author+60-70 Years
 7. Official Website Copy Right filing https://copyright.gov.in
8. No age restriction for filing and application for Copy Right.
9. Examples include downloading movies illegally and using copyrighted music without
permission.

Trademark
Trademark protects brands, logos, and slogans.

1. Trade Marks 10 Years (renewed beyond that)

2. Trade Mark Head Office at Mumbai and its Branch Offices at New Delhi,Kolkata and
Chennai.
3. Trade Mark Act 1999 governs patent filing and prosecution in India.
4. Tade Mark application filing 466580 in2022-23.
5. Official Website Trade Mark filing https://www.ipindia.gov.in
6. Trademark is a symbol, logo, design, word, phrase, color, sound, or a combination of
these used to trade goods or provide services
7. There is no age restriction for registering a trademark
8. Translation of the mark in English has to be provided, if the trademark is a language
other than English or Hindi.
9. Common example for these are Coca-cola, Nike, Amul ( which is a popular dairy
brand), Mercedes are trademarks

Trade secret
That includes formulas, practices, processes, designs, patterns, or compilations of
information that have inherent

1. A trade secret can be protected for an unlimited period of time.

2. Its principal office is in New Delhi, with other offices in Noida, Mumbai and Chennai.
3. Trade Secret is no statute or legislation that governs the protection of trade secrets in
India (Trade secrets are enforced through contract law (Indian Contract Act, 1872))
4. Common example for Coca Cola formula and sources codes for software.
Q.4 What is Information Security (IS) with CIA Triangle and Need for
An Information Security Policy. Element of Information Security (IS).
Information Security

The information security community protects the organization’s

information assets fromthe many threats they face

Information Security is basically the practice of preventing unauthorized access, use,

disclosure,disruption, modification, inspection, recording or destruction of information

Information Security Components

Information Security programs are build around 3 objectives, commonly known as CIA –
Confidentiality,Integrity, Availability.
1 Confidentiality
2. Integrity
3.Availability.
CIA Triangle
The C.I.A. triangle - confidentiality, integrity, and availability - has expanded into a
morecomprehensive list of critical characteristics of information. At the heart of the
study of information security is the concept of policy. Policy, awareness, training,
education, and technology are vital concepts for the protection of information and for
keeping information systemsfrom danger.
Figure 1

Figure 2
 • Facilitates data integrity, availability, and confidentiality – Effective information
security policies standardize rules and processes that protect against vectors
threatening data integrity, availability, and confidentiality.
• Protects sensitive data – Information security policies prioritize the protection of
intellectual property and sensitive data such as personally identifiable information
(PII).
• Minimizes the risk of security incidents – An information security policy helps
organizations define procedures for identifying and mitigating vulnerabilities and risks.
It also details quick responses to minimize damage during a security incident.
• Executes security programs across the organization – Information security policies
provide the framework for operationalizing procedures.
• Provides a clear security statement to third parties – Information security policies
summarize the organization’s security posture and explain how the organization
protects IT resources and assets. They facilitate quick response to third-party requests
for information by customers, partners, and auditors.
• Helps comply with regulatory requirements – Creating an information security policy
can help organizations identify security gaps related to regulatory requirements and
address them.
12 Elements of an Information Security Policy
A security policy can be as broad as you want it to be, from everything related to IT security
and the security of related physical assets, but enforceable in its full scope. The following list
offers some important considerations when developing an information security policy.
1. Purpose
2. Audience
3. Information security objectives
4. Authority and access control policy
5. Data classification
6. Data support and operations
7. Security awareness and behavior
8. Encryption policy
9. Data backup policy
10. Responsibilities, rights, and duties of personnel
11. System hardening benchmarks
12. References to regulations and compliance standards

DEVELOP POLICIES FOR AN ALL-ROUND APPROACH TO INFORMATION SECURITY

Security Policy Framework

Q.5 Define Indian Cyber Law (Information Technology Act, 2000 ("IT
Act").
Cyber law is important because it touches almost all aspects of transactions and activities on
and involving the internet, World Wide Web and cyberspace. Every action and reaction in
cyberspace has some legal and cyber legal perspectives. Cyber law encompasses laws relating
to
1. Cyber crimes
2. Electronic and digital signatures
3. Intellectual property
4. Data protection and privacy
The objective of Information Technology Act 2000 is to grant a legitimate concession to all
monetary deals that are completed across the e-platform.
Informational Technology Act of 2000, is the primary legislation in India dealing with
cybercrime and electronic commerce. IT Act 2000, comes with 94 sections, divided into 13
chapters and 2 schedules.

Section 65 – Tampering with computer Source Documents

A person who intentionally conceals, destroys or alters any computer source code (such as
programmes, computer commands, design and layout), when it is required to be maintained
by law commits an offence and can be punished with 3 years’ imprisonment or a fine of 2
Lakhs INR or both

Section 66 - Using password of another person

If a person fraudulently uses the password, digital signature or other unique identification of
another person, he/she can face imprisonment up to 3 years or/and a fine of 1 Lakh INR.

Section 66D - Cheating Using computer resource

Person cheats someone using a computer resource or a communication device, he/she could
face imprisonment up to 3 years or/and fine up to 1 Lakh INR

Section 66E - Publishing private Images of Others

If a person captures, transmits or publishes images of a person’s without his/her consent or
knowledge, the person is entitled to imprisonment up to 3 years of fine up to 2 Lakhs INR or
both

Section 66F - Acts of cyber Terrorism

Section 67 - Publishing Child Porn or predating children online
Child in a sexually explicit act or induces anyone under the age of 18 into a sexual act, then
the person can face imprisonment up to 7 years or fine up to 10 lakhs INR or both

Section 69 - Govt.'s Power to block websites

Section 43A - Data protection at Corporate level

IT Act 2000 and Its Amendments

Two significant amendments were made to the IT Act 2000 that you should know about.
1. Amendment of 2008
The 2008 amendment came up with modifications to Section 66A of the IT Act, 2000. The
section outlined penalties for sharing offensive messages electronically. This includes any
message or information that incited hatred or compromised the integrity and security of the
nation. However, the lack of clarity in defining 'offensive' messages led to unnecessary
punishment of several individuals, ultimately resulting in the striking down of the section.
2. Amendment Bill 2015
In 2015, another bill was initiated to amend Section 66A with the aim of safeguarding the
fundamental rights guaranteed to citizens by the country's Constitution. This was later
accomplished by declaring it as violative of Article 19 of the Constitution.