1. Explain the following in brief: (4×5=20)

(a) Benefits of Digital Security

Digital security refers to the protection of digital information and IT assets against threats such as cyberattacks, data breaches, and malware. Its benefits include:

• System Integrity: Ensures the data and systems remain unaltered by unauthorized sources.
• User Trust: Increases user confidence in online platforms, especially in banking, e-commerce, and social media.
• Regulatory Compliance: Helps in complying with data protection laws like GDPR, HIPAA, and India's IT Act.
• Prevents Financial Loss: Protects organizations from monetary losses due to cybercrime and fraud.
• Business Continuity: Enables organizations to recover quickly from cyber incidents.
• Confidentiality: Protects data so only authorized parties can read it.

(b) Key Functions of Cryptography

Cryptography is the technique of securing information by transforming it into a secure format. Its core functions are:

1. Integrity: Ensures the message or data is not altered during transmission or storage.
2. Authentication: Confirms the identity of the sender or the origin of the data.
3. Non-repudiation: Prevents the sender from denying that they sent the information.
4. Extending Monopoly: Trying to extend patent protection beyond its legal term.

Example: Digital signatures provide integrity and non-repudiation in online transactions.

Tying: Forcing customers to buy a non-patented product along with a patented one.

(c) Patent Misuse

Patent misuse occurs when a patent holder uses their rights in an anti-competitive or unethical way. It is not necessarily illegal but can make the patent unenforceable in court.

Examples:

• Restrictive Licensing: Imposing unfair restrictions on licensees.
• Forms the basis of India’s IT Act, 2000.
• The United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce was created to support electronic transactions globally.

Patent misuse can hurt innovation and fair competition.

Validates electronic contracts and digital signatures.

(d) UNCITRAL Model Law, 1996

Data Breaches: Unauthorized access to private databases (e.g., credit card leaks).

Key Points:

• Recognizes electronic documents as legally equivalent to paper.
• Malware and Ransomware: Malicious software that steals or locks data until a ransom is paid.
• Encourages uniformity in e-commerce laws across countries.
• Phishing Attacks: Fake emails/websites tricking users into revealing sensitive data.
• Promotes cross-border e-commerce and international trade.

2. Discuss Security Issues Emerging in Digital Systems (or E-commerce). (10 marks)

Modern digital systems face various security threats due to widespread use of the internet and cloud technologies.

Common Security Issues:

1. Man-in-the-Middle Attacks: Attackers intercept communications between two parties.
2. Denial of Service (DoS): Attacks that flood servers to crash websites.
3. Weak Authentication: Poor passwords and lack of multi-factor authentication.
4. Insider Threats: Employees or contractors misusing access rights.
5. Lack of Regular Updates: Unpatched software can be easily exploited.
6. Impact: Financial loss, damaged reputation, legal penalties, and loss of customer trust.
7. Applies when a person without the owner's permission:
8. Uses a single secret key for both encryption and decryption.

Confidentiality:

3. What is Encryption? Distinguish Between Symmetric Key and Public Key Encryption. (10 marks)

Encryption:

Encryption is the process of converting plain text into a coded form (ciphertext) using algorithms and keys to prevent unauthorized access.

1. Symmetric Key Encryption:

• Uses a public key to encrypt and a private key to decrypt.
• Fast and suitable for large data volumes.
• Requires secure key sharing.
• Example: AES (Advanced Encryption Standard), DES.

2. Public Key Encryption (Asymmetric):

• Slower but more secure.
• Public key can be shared openly; private key is kept secret.
• Used in SSL/TLS, digital signatures.
• Example: RSA, ECC.

Feature Symmetric Encryption Public Key Encryption Number of Keys One (shared) Two (public + private) Speed Faster Slower Security Less secure if key is leaked More secure due to 2 keys Usage File encryption, VPN Email, digital signatures Key Exchange Risk High Low 4. Explain the Six Principles of Security Management. (10 marks)

Security management ensures the protection of data and systems in any organization.

Six Key Principles:

• Only authorized users should access data.
• Ensured using encryption and access controls.

1. Integrity:

• Data must remain accurate and unaltered.
• Techniques: Checksums, hashing (MD5, SHA).

1. Availability:

• Systems and data must be available when needed.
• Prevented through redundancy, backup, and DoS protection.

1. Authentication:

• Verifying the identity of users and systems.
• Uses passwords, biometrics, OTPs.

1. Authorization:

• Granting permissions based on roles.
• Example: Role-Based Access Control (RBAC).

1. Non-Repudiation:

• Ensures the sender of data cannot deny their action.
• Implemented via digital signatures and audit logs.

5. Discuss the Acts Under Section 43 of IT Act Where a Person is Liable to Pay Damages. (10 marks)

Section 43 of the IT Act, 2000:

1. Accesses or secures access to a computer system or network.
2. Downloads, copies, or extracts any data or information.
3. Introduces malware or viruses that damage data or systems.
4. Damages or disrupts any system, data, or network.
5. Denies access to authorized users by any means.
6. Assists others in such unauthorized activities.
7. Charges the account of another person fraudulently.
8. Destroys, deletes, or alters any information in a system.
9. Steals, conceals, or alters source code without permission.

Penalty:

• The offender is liable to pay damages by way of compensation to the affected party.
• No need to prove criminal intent—civil liability is enough.

Let me know if you want these compiled into a PDF, or need notes on IT Act Sections 66, 72, or Cybercrime classifications.