ONE YEAR ADVANCED DIPLOMA IN CYBER SECURITY & DATA PROTECTION LAWS

SEMESTER – II

1.2.4. DATA PROTECTION LAW IN INDIA

I. Introduction to Data and Data Protection Laws:

• Definition of Data
• Kinds of Data
• Public Data
• Personal Data
• Sensitive Personal Data
• Health Data
• Biometric Data
• Meta Data
• Big Data
• Data Principal and Data Fiduciaries

II. Data Protection Law in India:

• IT Act, 2000 and Data Protection
• Sec 43A
• Sec 72A
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“the IT Rules”).

III. Non-Personal Data Governance Framework ('the NPD Framework'),

• Digital Information Security in Healthcare Act ('DISHA') – Health Data
• central-level and a state-level digital health authority
• privacy and security measures for digital health data
• storage and exchange of electronic health data.
• National Electronic Health Authority 'NeHA' at the central level
• State Electronic Health Authority ('SeHA’) at the State level
• Indian Constitution – Art -21
• Judicial Decisions of Right to privacy and other related rights.
• Right to Privacy, Supreme Court Judgment, K.S. Puttaswamy v. Union of India, 2017 (10) SCALE 1.
• R Rajagopal and Ors v. State of Tamil Nadu [Writ Petition (Civil) No. 422 of 1994],
• Mr X v. Hospital Z [Civil Appeal No. 4641 of 1998].
• Subhranshu Rout @ Gugul v. State of Odisha [BLAPL No. 4592 of 2020],
• Sri Vasunathan v. the Registrar General, High Court of Karnataka and Ors [General Writ Petition No. 62038 of 2016],
• Dharamraj Bhanushankar Dave v. State of Gujarat and Ors [SCA No. 1854 of 2015]
• Aadhar judgment

IV.Emergence of Data Protection Laws in India

A. Personal Data Protection Bill 2019
• Competition Commission of India and Ant trust regulation vis-a vis data protection,
• Sri Krishna Committee report, Existing Approaches to Data Protection, Understanding the Contours of the Indian Approach, Data Principals and Data Fiduciaries, Jurisdiction.
• Conceptual Understanding of Jurisdiction
• Prescriptive Jurisdiction .
• The Case for Data Non-Exceptionalism...
• Putative Bases for Jurisdiction .
• Retrospective and Transitional Application of the Data Protection Law
• Consent
• A revised operational framework for consent Consequences of such a Framework .
• Enforcement of the Revised Framework.
• Standard of Consent .
• Different Standards for Different Types of Personal Data Processing .
• Consent Dashboard and Avoiding Consent Fatigue.
• Consent and Contractual Necessity
• Protection of Children‘s Personal Data
• processing of child’s personal data in the GDPR.
• The consent to the processing of child’s personal data.
• The methods to verify the legitimacy of the consent in the GDPR.
• The different juridical regimes of the consent to the processing of personal data and of the consent concerning contracts in relation to a child.
• The profiling of child’s personal data. –
• Identification of guardian data fiduciaries
• Who is a child
• Barred Practices.
• Regulatory Approach .
• Community Data.
• Entities to which the Law Applies.
• Obligations of Data Fiduciaries
• Amendments to the Aadhaar Act.
• Amendments to the RTI Act.
• SDPI (Sensitive personal Data or Information Rules 2011
• NON-CONSENSUAL PROCESSING , Non-Consensual Grounds for Processing, Functions of the State, Compliance with Law or Order of Court or Tribunal
• Exemptions... Security of the State. Prevention, Detection, Investigation and Prosecution of Contraventions of Law.... : Enforcement
A. Structure and Functions of the (Data Protection Authorities)
B. The Regulated Entities: Classification and Obligations..
C. Data protection authority of India DPI
D. Government Data and risks to personal data
a. Special categories of personal data
b. Individual rights in processing personal data
c. Restrictions on International Data transfers,
E. Data Security and Data Breach
F. Privacy and Electronic Communications (EC Directive) Regulations (PECR) 2003
G. Objective and broad scope (email, phone, SMS, automated calls, robocalls)
• Provisions relating to electronic marketing communications
• ICO Guidance on direct Marketing and Direct Marketing Commission Code
• DMA telephone preference services
• ICO services to the public- Reporting complaints and concerns Penalties for Data breach,
• Privacy notices, Subject access , Employment practices, CCTV, Data protection impact assessment.

1.2.5. CYBER SECURITY AND FORENSICS

This paper emphasises on Advance concepts of Cyber Security and Data Protection with practical orientation with help of Digital Evidence Retrievals and Analysis Systems (DERAS)– A Virtual Lab.

The primary purpose of the DERAS LAB is to equip enrolled student’s with the knowledge, skills, and abilities to properly identify and seize digital evidence. Through a combination of lecture, demonstration, hands-on exercises, labs, and a practical exercise investigators learn how to seize digital evidence from a personal computer (PC) and notebook computer hard drives, floppy diskettes, compact disks (CDs), DVDs, thumb drives, various flash media, Cloud databases, Dedicated Servers, Virtual Data Storage Platforms etc. acquiring forensically valid images for digital evidence and retrieval processing.

Scientifically Authenticated Evidence determines legal proceedings immensely, In recent time’s evidence emerge from IT and ICT utilization’s as well, hence students of the course should understand the following

1. Digital formats of data storage media
2. The internal architecture of the existing Storage Medias
3. Data storage mechanisms on Digital Domain’s (DD)
4. Data retrieval process both deleted and prevalent memory structure’s
5. Analyzing the process of retrieved data etc.

I. Network and Cyber Security

• Network Security Model, Network Security Threats
• Firewalls: Overview, Types, Features, User Management
• Intrusion Detection System, Intrusion Prevention System
• Public Key Infrastructure, Digital Signature Schemes

II. Internet and Web Application Security

• Email security: PGP and SMIME
• Web Security: Web authentication, Injection Flaws, SQL Injection
• Web Browser Security
• E-Commerce Security
• Wireless Network Security
• Wireless Network Components
• Security issues in Wireless Networks
• Securing a Wireless Network
• Mobile Security

III. Understanding World of Deep and Dark Web

• Understand the complete working, terminology and be able to have a complete understanding about the Deep/Dark web.
• To access the Deep web as well as the Dark web with Complete Ease and total security.
• To visit some advanced and famous websites located on the Hidden Web(Deep and Dark Web).
• Understanding Working, Trading, Buying, Selling as well as Mining CRYPTOCURRENCIES.
• About the Dangers as well as precautions to be taken care of while surfing the Web.
• Use Darknet Email services.
• Anonymously access the dark net and TOR hidden services (onion services)

LAB SESSIONS: - DIGITAL EVIDENCE RETRIEVALS AND ANALYSIS SYSTEMS (DERAS)

DERAS Lab tools:

1. Linux Based VAPT tools

DEFT: Digital Evidence Forensic Tools Kit (Kali Linux)
Disk Identification/spacing/structuring tools
• fdisk -lu
• fls/dev/sdb1
Mounting tools
• mount /dev /sdb1 /home/urmika/moun
• unmount moun
Imaging tools
• dd if = /dev/sdb1 -of = /sdb1.iso
• ddrescue /dev/sdb1 /home/urmika/rescue.iso
Hashing tools :
• md5sum /dev/sdb1 -> md5.txt
• sha1sum /dev/sdb -> sha1.txt
Carving tools
• foremost -t jpg -o /home/urmika/foremost rescue.iso (by using the -t jpg command, only the jpg files were retrieved from the iso file)
• bulk_extractor -o /be dev/sdb1 (the extracted histograms were saved in the "be" drive)
Analysis tools
Various Autopsy tool of DEFT 8.2 to analyses the retrieved data.

2. Network Forensics tools

• Wireshark
• MITMPROXY
• Burpsuite

1.2.6. Open source intelligence (OSINT)

I. Foundations of OSINT

• Overview of OSINT
• What is OSINT?
• Who uses OSINT and why?
• The Intelligence Process
• What is it and how does it apply to OSINT?
• Creating and Understanding the OSINT Process Stages
• Goals of OSINT Collection
• Setting Up an OSINT Platform
• Using virtual OSINT systems and mobile emulators
• Understanding issues that could decrease investigator anonymity
• Using VPNs for OSINT work
• Leveraging different web browsers and browser add-ons and extensions
• Documentation
• How to record data within OSINT investigations
• Examination of link analysis tools, Mind Map applications, and activity-recording programs
• Sock Puppets
• What is an OSINT sock puppet or false identity?
• When and how to use sock puppets effectively in investigations
• How to create a sock puppet
• Issues that could get your sock puppet account disabled
• Data Analysis
• How to analyze data obtained from the Internet
• Types of logic and reasoning
• Identification of and methods to reduce logical fallacies and bias
• Network theory and link analysis techniques

II. Core OSINT Skills

• Leveraging Search Engines
• Preparation for using search engines
• Using advanced search operators
• Harvesting Web Data
• Techniques and tools to download files from Internet sources
• File Metadata Analysis
• Extracting and validating metadata from files
• Reverse Image Searching
• What reverse image searching is and how to use it in OSINT investigations
• Image Analysis
• How to analyze images to geolocate and extract meaningful data points
• Imagery and Maps
• Exploration of how to use maps and imagery in OSINT work
• Comparison of different imagery data sources
• Language Translation
• Multiple methods of extracting and translating foreign text

III. Business and Dark Web OSINT

• Business OSINT
• Analyzing online business registrations and documents
• Examining the resources companies use in their work
• Surface, Deep, and Dark Webs
• What are they and why does it matter in OSINT work?
• Overview of Several Dark Webs
• Comparison of a few major dark web networks, why people use them, and how to perform OSINT in those networks
• Tor
• What is Tor?
• How can it be used by investigators and by their targets?
• Techniques for investigating data found in Tor
• OSINT Automation
• Using applications to work more efficiently
• Breach Data
• Ethical analysis of breach data use
• Investigation into how breach data can augment OSINT work

IV. Open Source Intelligence Tools demonstrated on DEFT 8.2 Forensic tool kits are

• Maltego
• Recon-ng
• theHarvester
• Shodan
• Google dorks