Understanding the Impact of the Cyber Act

CIL Test Study material 1
Topics for today…
• System Analysis & Design
• Cyber Laws- IT Act 2000
• E-governance
• E-payments

• Systems analysis
Process of studying an existing system to
determine how it works and how it meets user
needs
• Systems design
Process of developing a plan for an improved
system, based upon the results of the systems
analysis
Systems Analysis and Design
What is it?

Systems Analyst
• Professional computer employee who
performs analysis and design
• Change agent
– Overcome reluctance of users to change
• Typical career path
– Programmer
– Programmer / Analyst
– Systems Analyst

Systems Analyst
Functions
Coordination
• Schedules and system-related tasks
• Personnel

Systems Analyst
Functions
• Coordination
Schedules and system-related tasks
• Personnel Communication
– Oral presentations
– Written documentation
Planning and design
– Plans and designs new system
– Involved from beginning of project through final
implementation of the system

Project Phases
• Planning (Why build the system? How
should the team go about building it?)
• Analysis (Who uses system, what will it do,
where and when will the system be used?)
• Design (How will the system work?)
• Implementation (System delivery)

• Identifying business value
• Analyze feasibility
• Develop work plan
• Staff the project
• Control and direct project
Planning

• Analysis strategy
• Gathering business requirements
• Requirements definition use cases
• Process modeling
• Data modeling
Analysis

• Design selection
• Architecture design
• Interface design
• Data storage design
• Program design
Design

• Construction
– Program building
– Program and system testing
• Installation
– Conversion strategy
– Training plan
– Support plan
Implementation

SDLC
Systems Development Life Cycle
• Preliminary investigation
• Analysis
• Design
• Development
• Implementation

SDLC
Preliminary Investigation
• Feasibility study / System survey
• Determine the problem
• Describe the problem
• Understand management decisions
– Organizational chart
– Informal hierarchy
• Produces rough plan and what to do

SDLC
Problem Definition
• Nature of the problem
Separate problem from symptoms of
problem
• Scope of the project
Budget and schedule
• Objectives of the project
What user thinks system should do

SDLC
Report
What you have found
Recommendations
Financially feasible

SDLC
Analysis
• Understand the existing system
– Gather data
– Analyze data
• Establish system requirements

SDLC
Analysis – Data Gathering
• Written documents
• Interviews
– Structured
– Unstructured
• Questionnaires
• Observation
– Visits by appointment
– Participant observation
• Sampling

SDLC
Analysis – Analyze Data
• How the current system works
• Determine system requirements
• Basis for documentation
• Tools
– Data flow diagram (DFD)
– Decision tables

SDLC
Analysis – Data Flow Diagram

SDLC
Analysis –Decision Tables

SDLC
Analysis – System Requirements
• Detailed list of things the system must be
able to do
• Design is based upon system requirements
• Agreement upon requirements is needed
before proceeding

SDLC
Analysis – Report to Management
• Summarize problems
• Describe requirements
• Cost analysis
• Recommendations for next step
• Obtain authorization to proceed

SDLC
Design
• Planning the new system
• Two phases
– Preliminary design
– Detail design

SDLC
Preliminary Design
Major system aspects
• Centralized or distributed
• Online or batch
• PC-based?
• How will input be
captured?
• Necessary reports

SDLC
Preliminary Design
• Make or buy decision
• Packaged software
– Meet at least 75% of requirements?
– Change business procedures for part or all of
remainder?
– Customize for part of all of remainder?
• Custom software
– Programmers write code
• Outsourcing
– System is developed by external organization

SDLC
Preliminary Design
• Create an overall plan
• Offer alternatives that meet requirements
• Explain differences
• Evaluate costs

SDLC
Preliminary Design
• Build a prototype
– Limited working system of subset
• Does not need true functionality
– Output looks like anticipated system output
• Working model that can be modified and
fine-tuned
– Uses high-level software tools – CASE
– Best for small-scale systems

SDLC
Preliminary Design
CASE tools
Computer-Aided Software
Engineering
• Supports specific analysis and design tasks
• Integrated environment that supports the
entire systems development process

SDLC
Preliminary Design
Presentation
• All alternatives
• Selected plan
• Prototype of the system

SDLC
Detail Design
Parts of detail design phase
• Output requirements
• Input requirements
• Files and databases
• Systems processing
• Systems controls and backup

SDLC
Detail Design
Output requirements
• Medium
• Type of reports
• Contents

SDLC
Detail Design

SDLC
Detail Design
Input requirements
• Medium
• Content
• Input forms
• Validation
• Volume

SDLC
Detail Design
Files and Databases
• Organization
• Access
• Format of records
• Coordinate with database administrator
regarding external databases and updating

SDLC
Detail Design
Flowchart Symbols

SDLC
Detail Design

SDLC
Detail Design
Systems Controls and Backup
• Insure that input is processed correctly
• Prevent fraud and tampering
• System journals
• Backup of system files

SDLC
Detail Design
Report to Management
• Detailed design specifications report
• Presentation

SDLC
Development
• Doing the work to bring the new system
into being
• Scheduling

SDLC
Development
• Programming
– Refine the design
– Detailed logic flowcharts and pseudocode
• Testing
– Unit testing
– System testing
– Volume testing

SDLC
Implementation
• Converting to the new system
• Training
• Equipment conversion
• File conversion
• System conversion
• Auditing
• Evaluation
• Maintenance

SDLC
Implementation – Training
• Begin during testing
• User’s manual (Technical Writers)
• Hands-on
• Training consideration
– Space
– Equipment
– Data
– User’s schedules

SDLC
Implementation – Conversion
• Equipment
– Planning
– Installation of new equipment
• File
– Manual to electronic
– Special programs to convert old format to new

SDLC
Implementation – Conversion
• System
– Direct conversion
– Phased conversion
– Pilot conversion
– Parallel conversion

SDLC
Implementation –Auditing
• Audit trail
• Trace output back to source

SDLC
Implementation – Evaluation
• Working
• Meets original requirements
• Benefits
• Meets budget
• Improvements

SDLC
Implementation – Maintenance
Ongoing activity for life of system

Creating DFDs
Define Entities
• External entities represent
persons, processes or machines
which produce data to be used
by the system or receive data
that is output by the system
• Examples: Student, Customer,
Client
Define Processes
• Processes are discrete actions
that transform input data to
output data
• Examples: Create Student
Record, Calculate Purchase
Cost, Register Client
Student
2.1
Create
Student
Record

Creating DFDs (cont’d)
Define Data Stores
• Data stores are temporary or
permanent repositories of information
that are inputs to or outputs of
processes
• Examples: Student Master, Client
List
Define Data Flows
• Data flows represent the transfer of
data over time from one “place”
(entity, process, data store) to another
• Examples: New Student Information
(from Student, to Student Master)
New Student
Information
(Templates are posted in l:academic90728DFDSymbols.ppt)
Student
Master
D3

Creating DFDs (cont’d)
Define the System
• A system is the collection of all
business processes which perform
tasks or produce outputs we care
about. It is “what happens.”
• The system is a single process,
connected to external entities
• Represented in a “Context
Diagram”
Define Subsystems
• A subsystem gives a more detailed
view individual processes
contained in the context diagram
• Includes data stores, more
elementary processes
(Figure 4.13,
Shelly,
Cashman and
Rosenblatt)

Where to Begin Creating DFDs
• Start with the data flow from an external entity and work
forwards
• Start with the data flow to an external entity and work
backwards
• Examine the data flows into or out of a data store
• Examine data flows, entity connections and data stores
associated with a particular process
• Note fuzzy, ill-defined areas of the system for further
clarification

What to Avoid in DFDs
Making the data flow diagram too
cluttered (e.g.  9 processes)
4
Perform
Repair
Processes with no outputs or
no inputs
1 2 3
Many processes with a single
input and output (linear flow)
Processes whose inputs are
obviously inadequate to yield
outputs
Having data flows terminate at
data stores
Connecting data stores directly
to each other
Courses Students
Class List
Connecting entities to anything
other than processes
Payroll
Department
Employees
Process
A
Process
B
Process
C

CYBER LAWS
&
IT ACT 2000

What is a cyber threat?
• From the information security perspective, a ‘threat ‘ is defined as the
potential to cause an unwanted incident in which an asset, system or
organisation may be harmed.
• ‘Cyber threat ‘ is a threat that percolates or infiltrates through the use of
computers , internet or interconnected communication devices and could
comprise of information stealth, cyber warfare, virus attacks, cyber
terrorism, hacking attempts , phising,sabotage, singly or in combination.

Cyber crimes
Hacking
Information
Theft
E-mail
bombing
Salami
attacks
Denial of
Service
attacks
Trojan
attacks
Web jacking
TYPES OF CYBER CRIMES

Information Technology Act, 2000
• Enacted on 17th
May
2000- India is 12th
nation in the world to
adopt cyber laws
• IT Act is based on
Model law on e-
commerce adopted by
UNCITRAL(un
COMMISSION ON
INTL.TRADE LAW)

Objectives of the IT Act
To provide legal recognition for transactions:-
• Carried out by means of electronic data interchange, and other
means of electronic communication, commonly referred to as
"electronic commerce“
• To facilitate electronic filing of documents with Government
agencies and E-Payments
• To amend the Indian Penal Code, Indian Evidence Act,1872,
the Banker’s Books Evidence Act 1891,Reserve Bank of India
Act ,1934

Important provisions of IT Act, 2000
• Legal recognition to electronic records- Section 4 of
IT Act.
• Legal recognition of digital signatures- Section 5 of
IT Act, 2000
• Section 6- Use of electronic records and digital
signatures in Government and its agencies.
• Section 7- Retention of electronic records
1. Information should remain accessible for
subsequent reference
2. Retained in a format that ensures accuracy
3. Details of dispatch and receipt are available.

Offences & Relevant Sections under IT Act
Tampering with CompuTer source documents
Sec.65
Hacking with Computer systems, Data alteration Sec.66
Publishing obscene information Sec.67
Un-authorized access to protected system Sec.70
Breach of Confidentiality and Privacy
Sec.72
Publishing false digital signature certificates Sec.73

Data theft
According to the section 2 of Information Technology Act
According to the section 2 of Information Technology Act,
,
“
“Data”
Data” means a representation of information, knowledge, facts,
means a representation of information, knowledge, facts,
concepts or instruction which are being prepared or have been prepared
concepts or instruction which are being prepared or have been prepared
in a formalised manner, and is intended to be processed, is being
in a formalised manner, and is intended to be processed, is being
processed or has been processed in a computer system or computer
processed or has been processed in a computer system or computer
network, and may be in any form (including computer printouts magnetic
network, and may be in any form (including computer printouts magnetic
or optical storage media, punched cards, punched tapes) or stored
or optical storage media, punched cards, punched tapes) or stored
internally in the memory of the computer
internally in the memory of the computer.
.
“
“Data Theft”-
Data Theft”- It is the term used when any information in the form of
It is the term used when any information in the form of
data is illegally copied or taken from a business or other individual
data is illegally copied or taken from a business or other individual
without his knowledge or consent.
without his knowledge or consent.

Computer Related Crimes under IPC and
Special Laws
Sending threatening messages by email Sec 503 IPC
Sending defamatory messages by email Sec 499, 500 IPC
Forgery of electronic records Sec 463, 470, 471 IPC
Bogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 416, 417, 463 IPC
Online sale of Drugs NDPS Act
Web - Jacking Sec. 383 IPC
Online sale of Arms Arms Act

Section 65: Source Code
• Most important asset of software companies
• “Computer Source Code" means the listing of
programmes, computer commands, design and layout
• Ingredients
– Knowledge or intention
– Concealment, destruction, alteration
– computer source code required to be kept or
maintained by law
• Punishment
– imprisonment up to three years and / or
– fine up to Rs. 2 lakh

Section 66: Hacking
• Ingredients
– Intention or Knowledge to cause wrongful loss
or damage to the public or any person
– Destruction, deletion, alteration, diminishing
value or utility or injuriously affecting
information residing in a computer resource
• Punishment
– imprisonment up to three years, and / or
– fine up to Rs. 2 lakh
• Cognizable, Non Bailable,
Section 66 covers data theft aswell as data alteration
Section 66 covers data theft aswell as data alteration

E-GOVERNANCE

e-Governance in India has steadily evolved from computerization of Government
Departments to initiatives that encapsulate the finer points of Governance, such as
citizen centricity, service orientation and transparency. Lessons from previous e-
Governance initiatives have played an important role in shaping the progressive e-
Governance strategy of the country. Due cognizance has been taken of the notion that
to speed up e-Governance implementation across the various arms of Government at
National, State, and Local levels, a programme approach needs to be adopted, guided
by common vision and strategy. This approach has the potential of enabling huge
savings in costs through sharing of core and support infrastructure, enabling
interoperability through standards, and of presenting a seamless view of Government to
citizens.
The National e-Governance Plan (NeGP), takes a holistic view of e-Governance
initiatives across the country, integrating them into a collective vision, a shared cause.
Around this idea, a massive countrywide infrastructure reaching down to the remotest
of villages is evolving, and large-scale digitization of records is taking place to enable
easy, reliable access over the internet. The ultimate objective is to bring public services
closer home to citizens, as articulated in the Vision Statement of NeGP.

The Government approved the National e-Governance Plan (NeGP), comprising of
27 Mission Mode Projects (MMPs) and 8 components
NeGP comprises of 27 Mission Mode Projects (MMPs) encompassing 10 Central
MMPs, 10 State MMPs and 7 Integrated MMPs spanning multiple Ministries/
Departments. "Mission Mode" implies that the objective and the scope of the
project are clearly defined, that the project has measurable outcomes and service-
levels, and the project has well-defined milestones and timelines for
implementation.
MMPs are owned and spearheaded by various Line Ministries concerned for
Central, State, and Integrated MMPs. The concerned Ministry/ Department is
entirely responsible for all decisions related to their MMPs. However, decisions
impacting NeGP as a whole are taken in consultation with DIT. Additionally,
wherever required by the concerned Ministries/ Departments, DIT provides
necessary support for project formulation and development.
Every State has the flexibility of identifying up to 5 additional State-specific MMPs
(relevant for economic development within the State). In cases where Central
Assistance is required, such inclusions are considered on the advice of the
concerned Line Ministries/ Departments.

Central MMPs State MMPs Integrated MMPs
•Banking
•Central Excise &
Customs
•Income Tax (IT)
•Insurance
•MCA21
•National Citizen Databa
se
•Passport
•Immigration, Visa and
Foreigners
Registration& Tracking
•Pension
•e-Office
•Agriculture
•Commercial
Taxes
•e−District
•Employment
Exchange
•Land
Records
•Municipalitie
s
•Gram
Panchayats
•Police
•Road Transp
ort
•Treasuries
•CSC
•e-Biz
•e-Courts
•e-Procurement
•EDI For eTrade
•National e-governance
Service Delivery Gateway
•India Portal

E-procurements
Through effective deployment
of e-procurement technology, enterprises can:
• Reduce transaction costs
• Improve process efficiency
• Reduce or eliminate “maverick” buying
• Increase contract compliance
• Reduce cycle times
• Save inventory costs
• Reduce formation of cartels

E-payments
Selection of Payment Method
Selection of Payment Method
Based on:
Based on:
Convenience
Convenience
–Trace-ability
Trace-ability
–Repudiation
Repudiation
–Financial risk
Financial risk
–Fraud protection
Fraud protection

• A very common method of payment
• Cards are issued by a bank
• Unique 16-digit number (including check
digits) and an expiration date
• Third party authorization companies verify
purchases
Credit Cards/Debit Cards
Net Banking
•Through password and secure authentication

RTGS- Real Time Gross Settlement is a
high value transfer system, handling
funds worth Rs 100,000 and above, while
NEFT – National electronic Fund
Transfer transfers smaller amounts below
Rs 100,000.

Understanding the Impact of the Cyber Act

More Related Content

Similar to Understanding the Impact of the Cyber Act (20)

Recently uploaded (20)

Understanding the Impact of the Cyber Act