Business Continuity Planning and Disaster Recovery Planning after the catastrophe of 9/11 attacks.

Business continuity planning and disaster management are the most important aspects from the view of an organization now after the attack of 9/11 at New York and Washington D.C. BCP is a preventive measure which that identifies the mission critical business functions and enact policies, procedures, plans and process to insure the continuation of these functions in the case of an event of an unforeseen even.

While Disaster recovery is the process which is implemented after a disaster happens to an organization, in order to recover the critical functions of the organization so that it should get back to its normal position.

A brief history of 9/11 attacks

On September 11, 2001, 19 militants associated with the Islamic extremist group al-Qaeda hijacked four airliners and carried out suicide attacks against targets in the United States. Two of the planes were flown into the towers of the World Trade Center in New York City, a third plane hit the Pentagon just outside Washington, D.C., and the fourth plane crashed in a field in Pennsylvania. Often referred to as 9/11, the attacks resulted in extensive death and destruction, triggering major U.S. initiatives to combat terrorism and defining the presidency of George W. Bush. Over 3,000 people were killed during the attacks in New York City and Washington, D.C., including more than 400 police officers and firefighters.[1]

Impact of 9/11 attacks on business

9/11 attacks are ranked 2 most costly catastrophe in the world after the Katrina hurricane of 2005. The impact can be understood by the fact that the opening of New York Stock Exchange (NYSE) was delayed after the first plane crashed and trading for the whole day was cancelled after the second plane crashed. In New York City, about 430,000 job-months and $2.8 billion dollars in wages were lost in the three months after the attacks. It also affected the tourism industry as the tourist was not willing to visit USA after the attacks.

BCP and DR after 9/11

After the attacks of 9/11 the BCP and DRP have emerged as an essential part of organizations as they help to sustain and recover them from the catastrophe. Let us see how the 9/11 attacks have changed the implementation of BCP and DR plans.

The backup and the main datacenters should be at different places – This is the most important lesson that the organizations took from these attacks. As most of the companies were having their main and backup data centers at the same place. So when the attack occurred both the centers were destroyed and hence they were not able to recover back their operations as they should have taken back if the backup center was placed somewhere far from the main location.

Include people and process together – Prior to 9/11 attacks many firms did not take their staff members in account while creating their plans. When a disaster happens, even if you have the best disaster recovery plan but there is no staff to implement it or to work on it, it is of no use.

Doing risk assessment – After the effects of 9/11 attacks many organizations were not able to survive and were closed permanently. Firms realized that they need to do risk assessments before making the BCP and DR plans so that they can mold it according to the need and conditions.

Assigning backup roles – This is also very important concept we have learned from 9/11 attacks that there should be someone to work or act on behalf of another person who has been assigned some critical role in that organization. There should be no availability issues in the organization.

Conclusion

Business continuity planning and disaster recovery planning are the two most important aspects from the view of an organization. As the world is going more and more digitized day by day and so are new types of crimes are increasing. Cyber-crimes graph are on rise now days, so keeping in mind the entire scenario we should keep ready a disaster recovery plan so that the business may be continued after the disaster with the minimal possible loss. While having business continuity plan is a proactive process which helps to grow and implement our business on a wider scale. It helps to analyze the critical functions without which an organization cannot run so that one should know how to secure and maintain those functions.

                                                                                                                      

References

[1]. Disaster planning and business continuity after 9/11. Retrieved from http://www.computerweekly.com/news/2240082860/Disaster-planning-and-business-continuity-after-9-11 Last visited on (19-Dec-13)

[2].    Sept. 11 teaches real lessons in disaster recovery and business continuity planning

Retrieved from http://www.techrepublic.com/article/sept-11-teaches-real-lessons-in-disaster-recovery-and-business-continuity-planning Last visited on (19-Dec-13)

---

[1] As described on History.com Can be retrieved from - www.history.com/topics/9-11-attacks‎ last visited on (19-Dec-13)

Continue Reading

Email borne viruses and worms, there preventive and corrective measures

As the world is becoming more and more digitized day by day, peoples are becoming technology dependent and an E for electronic is being attached to several mediums we should keep in mind all the possible risks and threats which could cause us damage or loss. When a person uses he/she is most usually concerned about viruses and worms because they could cause damage to his/her computer system. So let us understand what are email borne viruses and worms and how they affect our system, what damage they can cause to us and what measures could we take in order to prevent us from the attach or how to react if the attack happens.

What are E-mail borne Viruses and Worms?

Email borne viruses are nothing but a virus which comes into your computer by emails, usually with the attachments of the email. The only difference in a normal virus and an email borne virus is their mode of travelling or transmitting from one computer to other. They could cause a grave damage to one’s computer if successfully executed.

In the same way email borne worms are those worms which enter into a computer by the helps of emails, through attachment download or other way. These worms could be very harmful to us as they can also disable our antivirus software sometimes.

Some major viruses and worms.

I Love You (2000)[1] - Who wouldn't open an e-mail with "I Love You" in the subject line? Well, that was the problem. By May 2000, 50 million infections of this worm had been reported. The Pentagon, the CIA, and the British Parliament all had to shut down their e-mail systems in order to purge the threat.

 Melissa (1999) - Melissa was an exotic dancer, and David L. Smith was obsessed with her and also with writing viruses. The virus he named after Melissa and released to the world on March 26, 1999, kicked off a period of high-profile threats that rocked the Internet between 1999 and 2005.

Slammer (2003) - This fast-moving worm managed to temporarily bring much of the Internet to its knees in January 2003. The threat was so aggressive that it was mistaken by some countries to be an organized attack against them.      

The Blaster Worm (2003)[2] - The Blaster worm launched a denial of service attack against Microsoft's website in 2003, and infected millions of computers around the world by exploiting a security hole in Microsoft's software. Its author has never been found.

Preventive measures to response to these threats

ü  Use a Firewall – Using a firewall is a great idea when it comes to prevent our computer or network; it is locking the front door of your home and helps to keep intruders outside the home. But choosing a firewall is a concern; one should choose a good firewall according to the needs and conditions and should install it properly to be effective.

ü  Regularly update software’s – Updating your software regularly is a great idea as it updates the database to the latest definitions so that it can react accordingly. Updating you operating system and applying patches is a great way to avoid virus, worms etc.

ü  Install antivirus software – It is the most effective measure to prevent the virus, worms, malwares etc from getting into a computer system. Good antivirus software is able to detect these threats and remove them before infecting our system.

ü  Browse safely and securely – While browsing internet you should keep in mind some things in order to avoid virus etc to get in your computer. Download programs and files only from the source you trust. Do not click on suspicious links in websites or in emails. Use a safe box while working online.

Corrective responses to the threats of email borne viruses and worms

If you accidently opened an email attachment that was already infected with a virus or worm, you can take certain actions in order to fix the problems caused by those virus or worm. An email borne virus or worm can automatically send emails to the names in your contact list without your permission. So it is necessary to respond quickly to ensure minimal loss.

ü  Run your antivirus software – This should be the first step if your computer gets affected by the viruses, worms or any other threat. It will scan the whole computer and will find the viruses but remember that if the virus is quite new and the antivirus does not contain it definitions in its database it will not detect it.

ü  Run other software like malware finder etc – If the antivirus does not find anything it is a good option to run a malware finder program like Spybot or Malwarebytes etc, so that they could find any malware present inside the computer.

ü  Scan by boot disks – In extreme cases in which the above mentioned solution did not work you should have a good boot disk, boot from that disk run the virus scan. This is a very good method to remove viruses from the computer. As it scan at the boot time which is more effective and it also scans the memory too.

ü  Checking the HDD with other computer – If none of the above options work, you can consider removing your HDD and attaching it to a different computer in which all the essential software are present so that you can scan your HDD there.

ü  Consider a professional’s help – If you are not that much aware of all these things, the best way is to consider a professional to remove all infections from your computer.

---

[1] Top 10 computer virus and worms by Ned Potter - http://abcnews.go.com/Technology/top-computer-viruses-worms-internet-history/story?id=8480794 Last visited on (18-Dec-2013)

[2]  As given in the telegraph article - http://www.telegraph.co.uk/technology/5012057/Top-10-worst-computer-viruses-of-all-time.html Last visited on (18-Dec-2013)

Continue Reading

Protection of Multimedia Work in Cyberspace

Today multimedia is a very vast term and a topic of debate and discussion. Multimedia works and include text, still images, video footage, animation, audio etc. Again it can be divided into two broad categories, non-interactive and interactive multimedia. Interactive multimedia includes video games and other things which require human interaction in order to perform.

As the use of Internet for various purposes is increasing day by day, at the same time new issues are also emerging with it. One of the main concerns in the cyberspace is that how to protect the work of a copyright owner in digital environment where anyone can access it. As the cyber crimes are also increasing, we need to thing and find a way to protect our works from infringement.

 To understand the protection of multimedia works in cyberspace, first we have to understand, what a multimedia work is and how it can be protected under the copyright act and then we will see how to protect it in cyberspace.

What is a multimedia work?

Multimedia work is the work which evolves more than one form of communication. Like it would consist text as well as images, sound and other things. Multimedia work has not been defined in the copyright act so let us look at the dictionary meaning of the multimedia[1].

• (Of art, education, etc.) Using more than one medium of expression or communication.
• (Of computer applications) incorporating audio and video, especially interactively: multimedia applications

So as described above multimedia work is a combination of two or more types of works like text, audio, video, images etc.

Copyright protection for multimedia work.

Now we know that multimedia work consist of more than one type of work, so a question arise that where should be multimedia work copyrighted or in which domain does multimedia work should subsist copyright? Will it be copyrighted under literary work, cinematograph film, sound recording, artistic work, dramatic work or musical work?

In my views multimedia work could be protected under two categories after going through the case of Sega Enterprises Ltd v Galaxy Electronics Pty Ltd (1996)[2]. First, Cinematograph film and second under computer programs. Let’s look at the definitions given of the two in copyright act.

2(f) "cinematograph film" means any work of visual recording and includes a sound recording accompanying such visual recording and "cinematograph" shall be construed as including any work produced by any process analogous to cinematography including video films;

2(ffc) "computer programme" means a set of instructions expressed in words, codes, schemes or in any other form, including a machine readable medium, capable of causing a computer to perform a particular task or achieve a particular result;

Protection of multimedia works in cyberspace.

As we know the internet is a global platform with its reach to all over the world. Anyone who has the access to internet can get any information available on the internet. Now days the most challenging work is to protect the copyrighted work in cyberspace as to protect the interest of authors and owners. People who have the sound knowledge of computers and internet can easily break into the system on the internet and can access and download the protected material.

Digital rights

Digital rights, is the ownership of information content published and distributed in electronic format, protected in the United States by copyright law. Digital rights management (DRM) uses technologies specifically designed to identify, secure , manage, track, and audit digital content, ideally in ways that ensure public access and preserve fair use

International Copyright Protections

International Copyright protection extended to works published outside a country's borders, so that the moral and economic interest of the author and the owner should be protected. There is a big issues related to it what we know as “Piracy”. Piracy is a crime in which user download or obtain unlawful or copies without the license of the software. These are the major issues which are protected under International Copyright Laws.

The Berne Convention

Berne Convention an international copyright agreement creating an International Union for the Protection of Literary and Artistic Works signed in Berne, Switzerland, in 1886, ratified in 1887 by several European countries and their colonies, and is administered by the World Intellectual Property Organization (WIPO). There are 164 signatory countries on this convention. To receive copyright protection under the Berne Convention, first publication of a work must occur in a member country. Works published in non-signatory nations receive protection if published simultaneously in a signatory nation. Protection is for the author’s lifetime plus 50 years, except for anonymous or pseudonym works and cinematographic works for which protection expires 50 years after the work has been made available to the public.

Digital Millennium Copyright Act, 1998

The Digital Millennium Copyright Act ("DMCA") of 1998 creates a balance between the interests of internet service providers and copyright owners when copyright infringement occurs in the digital environment. The DMCA protects internet service providers from liability for copyright infringement by their users, if the internet service provider meets certain statutory requirements. To fall within the protection of the DMCA, an internet service provider must, among other things, take certain steps when it receives notice that infringing material resides on its network; adopt and implement a policy that provides for termination in appropriate circumstances of users who are repeat infringers; and accommodate standard technical measures that are used by copyright owners to identify and protect copyrighted works. The DMCA protects only the internet service provider, and not the users of its system who infringe copyright.

Conclusion

As the world of cyberspace is growing and we will see a lot more changes in future, it is not possible to take preventive measures on what will happen. The protection of multimedia works in cyberspace is of course a grave concern but measure have been taken to handle this too. The ISP’s should remain in the Safe Harbor policy of DMCA in order to remain safe from the liabilities, where as it should be also the duty of users now to download and use pirated versions of software and as well as avoid downloading the infringed copies of copyrighted material no matter whether it is a multimedia work or not. 

---

[1] Oxford Advanced Learner's Dictionary 8th Edition, Published 2010.

[2] Sega Enterprises Ltd v Galaxy Electronics Pty Ltd (1996) 35 IPR 161

Continue Reading

Look what does TrueCaller's terms and conditions say : Which we usually do not know.

Read it carefully to understand what actually you are doing by using True Caller. Is it compromising your privacy rights or not?

Continue Reading

How the privacy is compromised online - A brief introduction.

Hello friends,

Today I will tell you something about the privacy issues in cyberspace. As we all are related to internet somehow and we use internet to do several works in our daily life now days. But we do not think about the consequences related to it. So today we learn a little bit about it.

Cyber Privacy is the major concern in the E-world. We use social networking sites e-commerce sites on a regular basis. But do we ever think that where is all the information going after we post them on several sites. No one in fact thinks about this. Before using any website first we should read its privacy policy and then decide whether its worth of using or not. For example many of us are using TrueCaller- An app to look for unknown numbers which we usually get on our cell phones. We just install it and start using it without reading its privacy policy. But what actually are we doing, just to look-up a single number we are publishing our whole contact list with TrueCaller database. Yes When we agree to the term and conditions while installing it on our cell phone, we give TrueCaller all the rights to access and store our complete contact list.

This is one of the example I have listed their are several other methods due to which our privacy is being compromised. I will keep on updating you.

Thanks.

Continue Reading

First Project, Cyber Privacy Issues in India

As I said I will be posting some projects and articles that we write so that it can be helpful for others too. I will start with my own project report that I wrote in the month of November. It has been Published in the Social Science Research Network. You can also Google it and find it but I am going to provide here the link from where you can easily download it. Download - Cyber Privacy Issues in India

Here is the abstract of the project so that you can get an Idea about the Project.

Abstract:      

Technology has changed the way information is being received or sent, and, so it has affected the privacy rights of a person. Now privacy is not only limited to intrusion in one’s private life (peeping in home), it has a much wider reach. Use of Smartphone with Internet together have provided many ways to keep an eye or to track a person without being noticed, resulting as a breach of privacy. This project report will examine the growing privacy issues in cyber space and a legal approach to defend and protect one’s privacy rights in India.

Thanks and keep reading.

Continue Reading

First post on the blog.

A late start.

Hello guys, my name is Rehan Umar Khan. I am a student in Master of Science in Cyber Law and Information Security at The National Law Institute University, Bhopal. The reason I have created this blog is that I want to express my views and thougts about whatever I have learned or I know about computers, internet and other related topics. Also we will provide you the research papers and projects that we make as our course requirement so that you can know what are the growing issues and challenges in the cyber space.

No doubt Internet has changed the way we live now and it has brought a modernized method in our life but also we should keep in mind the threats and issues related to it. As a normal person we do not know it and keep on using without knowing the future effects of it. So we will try to throw light on what are the issues and how deal with them as to stay safe. 

Thanks a lot.

 

Continue Reading