SlideShare una empresa de Scribd logo
1 de 35
Descargar para leer sin conexión
Law Relating to Information Security “Compliance in Uncertainty: Bringing a Little Order to a Lot of Chaos” Michael Silber Michalsons Information Technology Attorneys
Overview ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Disclaimer ,[object Object],[object Object],[object Object]
Acts, Bills etc:  Making Law  (a brief interlude) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
South African ICT Regulatory Hype Cycle Compliance requirements develop at different rates Visibility Trough of Disillusionment Slope of Enlightenment Plateau of Productivity Business Trigger Peak of Inflated Expectations  Maturity Less than two years Two years to five years Five years to 10 years More than 10 years Obsolete before plateau Key: Time to Plateau Basel I (1988) Infosec / SANS 17799 ECT Act (2002) Basel II (1999) RM / SANS 15489 PROATIA (2000) Sarbanes-Oxley Act (2002) RIC (Interception) PPI Bill (Privacy) SANS 15801 Critical Databases, Crypto Providers and ASPs Electronic Communications [Convergence] Bill (2005) King II (2002) EU Data Privacy  Directive FICA
Meaning of “Security” in the SA Context ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],National Security  Info Security  Privacy & Security  (Confidentiality. Integrity, Authentication SANS 17799 King 2 Infosec BPG Interception Act Draft PPI Bill, 2005  (SA Law Commission)
Applicable Legislation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ECT Act Cycle e -Infrastructure  e -Transactions e -Data e -Communications E-Contracts are valid Methods of contract conclusion Electronic  signatures Automated transactions Consumer Protection Secure payments Time and place of contract conclusion Time of sending & receipt Attribution of message to you Acknowledgement of receipt Authenticity and identity Cryptography Cyber Crime How to satisfy statutory requirements of form: (Writing; Original; Record Retention; e-Filing; Noterisation & certification)  Law of Evidence Data Proterction/ Privacy Critical Databases Maximising Benefits E-Government Authentication Service Providers ISP Liability Domain Names Cyber Inspectors A B D C
Chapter V: Cryptography Providers Chapter V Cryptography Providers Register of Cryptography Providers S31 S30 S32 Registration with the  Department Restrictions  On disclosure  of Information Application of  Chapter offences S29 Chapter V: Cryptography Providers Chapter V governs the use of cryptography products and services used within the Republic. The Director General is tasked with maintaining a register of cryptography providers and their products and services. Registration is  compulsory  and  suppliers  are prohibited from providing cryptography products and services in the Republic without complying with the provisions of this Act.
Chapter lX: Protection of Critical Databases Chapter lX: Protection of Critical  Databases Scope of  Critical  Database  Protection S57 S56 S55 S54 S53 S58 Identification  of critical  data and  databases Registration  Of Critical  Databases Management Of Critical Databases Restrictions  On disclosure  of Information Right of  Inspection Non Compliance  with Chapter S52 Chapter lX: Protection of Critical Databases Aim is to facilitate the identification and registration of critical databases within the Republic.  Critical databases are defined as databases that contain information that if compromised could threaten the security of the Republic or the economic and social well being of it’s citizens. The Act stipulates criteria for the identification, registration and management of critical databases   as well as controls to ensure that the integrity and confidentiality of data relating to and contained in these databases is maintained such as the right to audit and restrictions and penalties resulting in unauthorised or illegal disclosure of information contained in or about these databases. In November 2003 the Minister of Communications awarded a tender to a consortium of Consultants to undertake an inventory of all major databases in South Africa.
Cyber crimes I Acticle 2 - Illegal Access:  The access to the whole or any part of a computer system, committed intentionally and without right Article 3 - Illegal interception: The interception made by technical means, of non-public transmissions of computer data when committed without right and intentionally Section 86(1): a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence ALSO RICA – Section 2: …no person may intentionally intercept or attempt to intercept, or authorise or procure any other person to intercept or attempt to intercept, at any place in the Republic, any communication in the course of its occurrence or transmission Definitions: computer data: representation of facts, information or concepts in a form suitable for processing in a computer system traffic data: data relating to a communication indicating origin, destination, route etc Definitions: data: electronic representations of information in any form data message: data generated, sent, received or stored by electronic means GAP: No definition of traffic data (CRI in RICA) CoE Convention on Cybercrime ECT Act
Cyber crimes II Article 6 - Misuse of devices: The production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted, or a computer password, access code, or similar date by which the whole or any part of a computer system is capable of being accessed, for the purpose of committing offences indicated in Articles 2 Section 86(3) and 86(4):   - A person who unlawfully produces .. distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence  - A person who utilises any device or computer program mentioned above in order to unlawfully overcome security measures designed to protect such data of access thereto, is guilty of an offence Article 4 - Illegal interference: The damaging, deletion, deterioration, alteration or suppression of computer data committed intentionally without right Article 5 - System interference: Committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data Section 86(2): A person who intentionally and without authority to do so, interferes with data in a way, which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence CoE Convention on Cybercrime ECT Act
Cyber crimes III Article 8 - Computer-related fraud: The causing of a loss of property to another by any input, alteration, deletion or suppression of computer data, any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, committed intentionally and without right. There is an economic benefit for the individual or for another.  Section 87(1): A person who performs or threatens to perform any of the acts described in section 86, for the purpose of obtaining any unlawful proprietary advantage by undertaking to cease or desist from such action, or by undertaking to restore any damage caused as a result of those actions, is guilty of an offence Common law Article 7 - Computer-related forgery: The input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible, committed intentionally and without right. Section 87 (2): A person, who performs any of the acts described in section 86 for the purpose of obtaining any unlawful advantage by causing fake data to be produced with the intent that it be considered or acted upon as if it were authentic, is guilty of an offence Common law CoE Convention on Cybercrime ECT Act
Cyber crimes IV Common Law: fraud, extortion, malicious damage to property etc Article 10 - Offences related to infringements of copyright and related rights Copyright Act - Section 27 Article 9 - Offences related to child pornography Films and Publication Act - Section 27(1) Other Laws Article 11: Attempt and aiding or abetting Each party shall adopt such legislative and other measures as may be to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any of the offences established in accordance with Articles 2-10 of this Convention with intent that such offence be committed. Section 88: Any person who attempts to commit any of the offences referred to in sections 86 and 87 is guilty of an offence and is liable on conviction to the penalties set out in section 89 Any person who aids and abets someone to commit any of the offences referred to in sections 86 and 87 is guilty of an offence and is liable on conviction to the penalties set out in section 89 CoE Convention on Cybercrime ECT Act
Shortfalls ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Privacy
State of SA privacy regulation ,[object Object],[object Object],[object Object],[object Object]
 
Principle 6 – Security Safeguards: Key Aspects ,[object Object],[object Object],[object Object],[object Object]
Interception
RICA ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Exceptions 3 rd  party  (e.g. Co X) intercepts with written consent of one of parties 3 rd  party  (e.g. Co X) intercepts  in ordinary course  of business s4(1) s5(1) s6 Participant(s) intercept themselves Can intercept if party to communication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],DIRECTIVES
Business-related Interception ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Interception Matrix (RICA tells you what to do but not how to do it) Reminder e-mail from IT department Waiver & consent clause in Visitor’s sign-in sheet Interception Policy Notice and Memo to Users Pro-Forma Interception Report to the Board Log-on Notice Log-on Notice Pro-Forma Interception Request Suggested clauses for HR contracts and promotions Glossary of Terms Interception Policy & Guidelines for Technical Staff + Acceptance Doc Interception Consent (incl. waiver of right to privacy and covering ECT Act) FAQ CEO Delegation of Authority to MO Acceptance of Interception Policy Interception Policy (Persons) CEO is protected by Express / Written consent demonstrated by Implied consent and reasonable efforts demonstrated by
King II and Infosec ,[object Object]
Corporate Governance?
Quotes from the Code ,[object Object]
Quotes from the Code ,[object Object]
Quotes from the Code ,[object Object]
 
King II Infosec BPG ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Take home message I ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Take home message II ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
GENERAL INFORMATION SECURITY POLICY INFORMATION POLICIES ACCESS CONTROL POLICIES TECHNICAL POLICIES BUSINESS CONTINUITY INFORMATION CLASSIFICATION ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],LEGAL COMPLIANCE RISK MANAGEMENT BEST PRACTICE
Thank You Questions?

Más contenido relacionado

La actualidad más candente

Cyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesCyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesSneha J Chouhan
 
The information technology act
The information technology actThe information technology act
The information technology actDhii Raymond
 
IT ACT 2008 ALA GTU
IT ACT 2008 ALA  GTUIT ACT 2008 ALA  GTU
IT ACT 2008 ALA GTUShrey Patel
 
The information technology act 2000
The information technology act 2000The information technology act 2000
The information technology act 2000Naveen Kumar C
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)Ms. Parasmani Jangid
 
Cyber laws and patents
Cyber laws and patentsCyber laws and patents
Cyber laws and patentsravijain90
 
Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Nanda Mohan Shenoy
 
An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)Chetan Bharadwaj
 
Information & technology Act, 2000.
Information & technology Act, 2000.Information & technology Act, 2000.
Information & technology Act, 2000.Vaishnavi Meghe
 
Important section of IT Act 2000 & IPC sections related to cyber law.
Important section  of IT Act 2000 & IPC sections related to cyber law. Important section  of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law. KOMALMALLIK
 

La actualidad más candente (20)

Business Law - Unit 3
Business Law - Unit 3Business Law - Unit 3
Business Law - Unit 3
 
It act 2000
It act 2000It act 2000
It act 2000
 
Cyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studiesCyber Law and Information Technology Act 2000 with case studies
Cyber Law and Information Technology Act 2000 with case studies
 
The information technology act
The information technology actThe information technology act
The information technology act
 
it act
it act it act
it act
 
IT ACT 2008 ALA GTU
IT ACT 2008 ALA  GTUIT ACT 2008 ALA  GTU
IT ACT 2008 ALA GTU
 
IT act 2008
IT act 2008IT act 2008
IT act 2008
 
The information technology act 2000
The information technology act 2000The information technology act 2000
The information technology act 2000
 
IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)IT ACT, 2000 (Information Technology Act, 2000)
IT ACT, 2000 (Information Technology Act, 2000)
 
It act 2000
It act 2000It act 2000
It act 2000
 
Cyber securitylaw
Cyber securitylawCyber securitylaw
Cyber securitylaw
 
Cyber laws and patents
Cyber laws and patentsCyber laws and patents
Cyber laws and patents
 
Information Technology Amendment Act 2008
Information Technology Amendment Act 2008Information Technology Amendment Act 2008
Information Technology Amendment Act 2008
 
It act 2000
It act 2000It act 2000
It act 2000
 
An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)An Introduction to Cyber Law - I.T. Act 2000 (India)
An Introduction to Cyber Law - I.T. Act 2000 (India)
 
Information & technology Act, 2000.
Information & technology Act, 2000.Information & technology Act, 2000.
Information & technology Act, 2000.
 
IT ACT 2000
IT ACT 2000IT ACT 2000
IT ACT 2000
 
IT Act 2000
IT Act 2000IT Act 2000
IT Act 2000
 
Important section of IT Act 2000 & IPC sections related to cyber law.
Important section  of IT Act 2000 & IPC sections related to cyber law. Important section  of IT Act 2000 & IPC sections related to cyber law.
Important section of IT Act 2000 & IPC sections related to cyber law.
 
Indian it act 2000
Indian it act 2000Indian it act 2000
Indian it act 2000
 

Destacado

The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...OpenText
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance WorldEvan Francen
 
Best Practice For Public Sector Information Security And Compliance
Best  Practice For  Public  Sector    Information  Security And  ComplianceBest  Practice For  Public  Sector    Information  Security And  Compliance
Best Practice For Public Sector Information Security And ComplianceOracle
 
Roles of Information Security Officers in State Government
Roles of Information Security Officers in State GovernmentRoles of Information Security Officers in State Government
Roles of Information Security Officers in State GovernmentDavid Sweigert
 
Hiroshima University Information Security & Compliance 2017
Hiroshima University Information Security & Compliance 2017Hiroshima University Information Security & Compliance 2017
Hiroshima University Information Security & Compliance 2017imc-isec-comp
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016Shannon G., MBA
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About ComplianceDinesh O Bareja
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic ManagementMarcelo Martins
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Amazon Web Services
 

Destacado (12)

The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
OpenText SlideShare – Mitigate Compliance Risks through secure information ex...
 
Information Security in a Compliance World
Information Security in a Compliance WorldInformation Security in a Compliance World
Information Security in a Compliance World
 
Best Practice For Public Sector Information Security And Compliance
Best  Practice For  Public  Sector    Information  Security And  ComplianceBest  Practice For  Public  Sector    Information  Security And  Compliance
Best Practice For Public Sector Information Security And Compliance
 
Roles of Information Security Officers in State Government
Roles of Information Security Officers in State GovernmentRoles of Information Security Officers in State Government
Roles of Information Security Officers in State Government
 
Hiroshima University Information Security & Compliance 2017
Hiroshima University Information Security & Compliance 2017Hiroshima University Information Security & Compliance 2017
Hiroshima University Information Security & Compliance 2017
 
The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016The State Of Information and Cyber Security in 2016
The State Of Information and Cyber Security in 2016
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 
Information Security It's All About Compliance
Information Security   It's All About ComplianceInformation Security   It's All About Compliance
Information Security It's All About Compliance
 
Information Security Strategic Management
Information Security Strategic ManagementInformation Security Strategic Management
Information Security Strategic Management
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
Security, Risk, Compliance & Controls - Cybersecurity Legal Framework in Hong...
 

Similar a Infosec Law It Web (March 2006)

Furio lerma cybercrime-final
Furio lerma cybercrime-finalFurio lerma cybercrime-final
Furio lerma cybercrime-finalAldrin SuperGo
 
Chapter 3 legal framework of cybercrime and law enforcement tools
Chapter 3   legal framework of cybercrime and law enforcement toolsChapter 3   legal framework of cybercrime and law enforcement tools
Chapter 3 legal framework of cybercrime and law enforcement toolsMarkDennielMontiano
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Chinatu Uzuegbu
 
Information technology act
Information technology actInformation technology act
Information technology actAKSHAY KHATRI
 
Nadeem cyber law assignment
Nadeem cyber law assignmentNadeem cyber law assignment
Nadeem cyber law assignmentNadeem Kazi
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesDrSamsonChepuri1
 
cyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimecyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimeSumedhaBhatt2
 
The Cyber Law regime in India.ppt
The Cyber Law regime in India.pptThe Cyber Law regime in India.ppt
The Cyber Law regime in India.pptMaruthi N.E
 
Computer Crimes and Data Protection
Computer Crimes and Data ProtectionComputer Crimes and Data Protection
Computer Crimes and Data ProtectionLawPlus Ltd.
 
p Project Presentatimnkhihihihihihon.pdf
p Project Presentatimnkhihihihihihon.pdfp Project Presentatimnkhihihihihihon.pdf
p Project Presentatimnkhihihihihihon.pdfbadangayonmgb
 
P5 – Explain The Legal And Ethical Issue In Relation To...
P5 – Explain The Legal And Ethical Issue In Relation To...P5 – Explain The Legal And Ethical Issue In Relation To...
P5 – Explain The Legal And Ethical Issue In Relation To...Erika Nelson
 
Cyber law in India: Its need & importance
Cyber law in India: Its need & importanceCyber law in India: Its need & importance
Cyber law in India: Its need & importanceAditya Shukla
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Karnika Seth
 
UNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docx
UNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docxUNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docx
UNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docxlillie234567
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importanceAditya Shukla
 

Similar a Infosec Law It Web (March 2006) (20)

Furio lerma cybercrime-final
Furio lerma cybercrime-finalFurio lerma cybercrime-final
Furio lerma cybercrime-final
 
Chapter 3 legal framework of cybercrime and law enforcement tools
Chapter 3   legal framework of cybercrime and law enforcement toolsChapter 3   legal framework of cybercrime and law enforcement tools
Chapter 3 legal framework of cybercrime and law enforcement tools
 
Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015Cyber crime (prohibition,prevention,etc)_act,_2015
Cyber crime (prohibition,prevention,etc)_act,_2015
 
Information technology act
Information technology actInformation technology act
Information technology act
 
Nadeem cyber law assignment
Nadeem cyber law assignmentNadeem cyber law assignment
Nadeem cyber law assignment
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal Perspectives
 
cyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crimecyber crime in india and law related to cyber crime
cyber crime in india and law related to cyber crime
 
Cybercrime Prevention Act
Cybercrime Prevention ActCybercrime Prevention Act
Cybercrime Prevention Act
 
The Cyber Law regime in India.ppt
The Cyber Law regime in India.pptThe Cyber Law regime in India.ppt
The Cyber Law regime in India.ppt
 
Computer misuse
Computer misuse Computer misuse
Computer misuse
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Cyber crime 1
Cyber crime 1Cyber crime 1
Cyber crime 1
 
Computer Crimes and Data Protection
Computer Crimes and Data ProtectionComputer Crimes and Data Protection
Computer Crimes and Data Protection
 
p Project Presentatimnkhihihihihihon.pdf
p Project Presentatimnkhihihihihihon.pdfp Project Presentatimnkhihihihihihon.pdf
p Project Presentatimnkhihihihihihon.pdf
 
P5 – Explain The Legal And Ethical Issue In Relation To...
P5 – Explain The Legal And Ethical Issue In Relation To...P5 – Explain The Legal And Ethical Issue In Relation To...
P5 – Explain The Legal And Ethical Issue In Relation To...
 
Cyber law in India: Its need & importance
Cyber law in India: Its need & importanceCyber law in India: Its need & importance
Cyber law in India: Its need & importance
 
Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000Cybercrime Investigations and IT Act,2000
Cybercrime Investigations and IT Act,2000
 
UNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docx
UNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docxUNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docx
UNOFFICIALTRANSLATIONLawonCombatingCybercrimeint.docx
 
Cyber law In India: its need & importance
Cyber law In India: its need & importanceCyber law In India: its need & importance
Cyber law In India: its need & importance
 

Más de Lance Michalson

Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarLance Michalson
 
Be aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailBe aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailLance Michalson
 
Be aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationBe aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationLance Michalson
 
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Lance Michalson
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Lance Michalson
 

Más de Lance Michalson (6)

Privacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminarPrivacy and Protection of Personal Information law seminar
Privacy and Protection of Personal Information law seminar
 
Be aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to emailBe aware of the laws in South Africa that apply to email
Be aware of the laws in South Africa that apply to email
 
Be aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisationBe aware of the ICT laws that apply to your organisation
Be aware of the ICT laws that apply to your organisation
 
Infosec Law (Feb 2006)
Infosec Law (Feb 2006)Infosec Law (Feb 2006)
Infosec Law (Feb 2006)
 
Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)Ict Compliance @ Gartner (August 2005)
Ict Compliance @ Gartner (August 2005)
 
Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)Ict Compliance (Sept 2004)
Ict Compliance (Sept 2004)
 

Último

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 

Último (20)

How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 

Infosec Law It Web (March 2006)

  • 1. Law Relating to Information Security “Compliance in Uncertainty: Bringing a Little Order to a Lot of Chaos” Michael Silber Michalsons Information Technology Attorneys
  • 2.
  • 3.
  • 4.
  • 5. South African ICT Regulatory Hype Cycle Compliance requirements develop at different rates Visibility Trough of Disillusionment Slope of Enlightenment Plateau of Productivity Business Trigger Peak of Inflated Expectations Maturity Less than two years Two years to five years Five years to 10 years More than 10 years Obsolete before plateau Key: Time to Plateau Basel I (1988) Infosec / SANS 17799 ECT Act (2002) Basel II (1999) RM / SANS 15489 PROATIA (2000) Sarbanes-Oxley Act (2002) RIC (Interception) PPI Bill (Privacy) SANS 15801 Critical Databases, Crypto Providers and ASPs Electronic Communications [Convergence] Bill (2005) King II (2002) EU Data Privacy Directive FICA
  • 6.
  • 7.
  • 8. ECT Act Cycle e -Infrastructure e -Transactions e -Data e -Communications E-Contracts are valid Methods of contract conclusion Electronic signatures Automated transactions Consumer Protection Secure payments Time and place of contract conclusion Time of sending & receipt Attribution of message to you Acknowledgement of receipt Authenticity and identity Cryptography Cyber Crime How to satisfy statutory requirements of form: (Writing; Original; Record Retention; e-Filing; Noterisation & certification) Law of Evidence Data Proterction/ Privacy Critical Databases Maximising Benefits E-Government Authentication Service Providers ISP Liability Domain Names Cyber Inspectors A B D C
  • 9. Chapter V: Cryptography Providers Chapter V Cryptography Providers Register of Cryptography Providers S31 S30 S32 Registration with the Department Restrictions On disclosure of Information Application of Chapter offences S29 Chapter V: Cryptography Providers Chapter V governs the use of cryptography products and services used within the Republic. The Director General is tasked with maintaining a register of cryptography providers and their products and services. Registration is compulsory and suppliers are prohibited from providing cryptography products and services in the Republic without complying with the provisions of this Act.
  • 10. Chapter lX: Protection of Critical Databases Chapter lX: Protection of Critical Databases Scope of Critical Database Protection S57 S56 S55 S54 S53 S58 Identification of critical data and databases Registration Of Critical Databases Management Of Critical Databases Restrictions On disclosure of Information Right of Inspection Non Compliance with Chapter S52 Chapter lX: Protection of Critical Databases Aim is to facilitate the identification and registration of critical databases within the Republic. Critical databases are defined as databases that contain information that if compromised could threaten the security of the Republic or the economic and social well being of it’s citizens. The Act stipulates criteria for the identification, registration and management of critical databases as well as controls to ensure that the integrity and confidentiality of data relating to and contained in these databases is maintained such as the right to audit and restrictions and penalties resulting in unauthorised or illegal disclosure of information contained in or about these databases. In November 2003 the Minister of Communications awarded a tender to a consortium of Consultants to undertake an inventory of all major databases in South Africa.
  • 11. Cyber crimes I Acticle 2 - Illegal Access: The access to the whole or any part of a computer system, committed intentionally and without right Article 3 - Illegal interception: The interception made by technical means, of non-public transmissions of computer data when committed without right and intentionally Section 86(1): a person who intentionally accesses or intercepts any data without authority or permission to do so, is guilty of an offence ALSO RICA – Section 2: …no person may intentionally intercept or attempt to intercept, or authorise or procure any other person to intercept or attempt to intercept, at any place in the Republic, any communication in the course of its occurrence or transmission Definitions: computer data: representation of facts, information or concepts in a form suitable for processing in a computer system traffic data: data relating to a communication indicating origin, destination, route etc Definitions: data: electronic representations of information in any form data message: data generated, sent, received or stored by electronic means GAP: No definition of traffic data (CRI in RICA) CoE Convention on Cybercrime ECT Act
  • 12. Cyber crimes II Article 6 - Misuse of devices: The production, sale, procurement for use, import, distribution or otherwise making available of a device, including a computer program, designed or adapted, or a computer password, access code, or similar date by which the whole or any part of a computer system is capable of being accessed, for the purpose of committing offences indicated in Articles 2 Section 86(3) and 86(4): - A person who unlawfully produces .. distributes or possesses any device, including a computer program or a component, which is designed primarily to overcome security measures for the protection of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully utilise such item to contravene this section, is guilty of an offence - A person who utilises any device or computer program mentioned above in order to unlawfully overcome security measures designed to protect such data of access thereto, is guilty of an offence Article 4 - Illegal interference: The damaging, deletion, deterioration, alteration or suppression of computer data committed intentionally without right Article 5 - System interference: Committed intentionally, the serious hindering without right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data Section 86(2): A person who intentionally and without authority to do so, interferes with data in a way, which causes such data to be modified, destroyed or otherwise rendered ineffective, is guilty of an offence CoE Convention on Cybercrime ECT Act
  • 13. Cyber crimes III Article 8 - Computer-related fraud: The causing of a loss of property to another by any input, alteration, deletion or suppression of computer data, any interference with the functioning of a computer system, with fraudulent or dishonest intent of procuring, committed intentionally and without right. There is an economic benefit for the individual or for another. Section 87(1): A person who performs or threatens to perform any of the acts described in section 86, for the purpose of obtaining any unlawful proprietary advantage by undertaking to cease or desist from such action, or by undertaking to restore any damage caused as a result of those actions, is guilty of an offence Common law Article 7 - Computer-related forgery: The input, alteration, deletion, or suppression of computer data, resulting in inauthentic data with the intent that it be considered or acted upon for legal purposes as if it were authentic, regardless whether or not the data is directly readable and intelligible, committed intentionally and without right. Section 87 (2): A person, who performs any of the acts described in section 86 for the purpose of obtaining any unlawful advantage by causing fake data to be produced with the intent that it be considered or acted upon as if it were authentic, is guilty of an offence Common law CoE Convention on Cybercrime ECT Act
  • 14. Cyber crimes IV Common Law: fraud, extortion, malicious damage to property etc Article 10 - Offences related to infringements of copyright and related rights Copyright Act - Section 27 Article 9 - Offences related to child pornography Films and Publication Act - Section 27(1) Other Laws Article 11: Attempt and aiding or abetting Each party shall adopt such legislative and other measures as may be to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any of the offences established in accordance with Articles 2-10 of this Convention with intent that such offence be committed. Section 88: Any person who attempts to commit any of the offences referred to in sections 86 and 87 is guilty of an offence and is liable on conviction to the penalties set out in section 89 Any person who aids and abets someone to commit any of the offences referred to in sections 86 and 87 is guilty of an offence and is liable on conviction to the penalties set out in section 89 CoE Convention on Cybercrime ECT Act
  • 15.
  • 17.
  • 18.  
  • 19.
  • 21.
  • 22.
  • 23.
  • 24. Interception Matrix (RICA tells you what to do but not how to do it) Reminder e-mail from IT department Waiver & consent clause in Visitor’s sign-in sheet Interception Policy Notice and Memo to Users Pro-Forma Interception Report to the Board Log-on Notice Log-on Notice Pro-Forma Interception Request Suggested clauses for HR contracts and promotions Glossary of Terms Interception Policy & Guidelines for Technical Staff + Acceptance Doc Interception Consent (incl. waiver of right to privacy and covering ECT Act) FAQ CEO Delegation of Authority to MO Acceptance of Interception Policy Interception Policy (Persons) CEO is protected by Express / Written consent demonstrated by Implied consent and reasonable efforts demonstrated by
  • 25.
  • 27.
  • 28.
  • 29.
  • 30.  
  • 31.
  • 32.
  • 33.
  • 34.