• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

D. Murali

... in any IT environment. Scary thought! But there are no provisions in the IT Act to cover crimes such as social engineering, phishing, spoofing, ID-theft, to name just a few, says this book.

NOT often does one come across a dedication that's different from the usual, "To Chunnu and Munnu," or some such.

But Rakesh M. Goyal strikes a different note in his new book, Demystifying Information Technology Act - 2000 thus: "Dedicated to all those good people who have been victims of computer crime, but could have saved themselves, if they had sufficient awareness of IT Act and knowledge to take reasonable precautions."

In a letter that Rakesh sent me a few days ago, he rues that the Act has been quite misunderstood both by the legal and the technology fraternity, and cites the DPS-MMS (Bazee.com) case, Joshi incident in Pune, and what happened recently in Mphasis's BPO, to prove his point.

"Law enforcement officers appear to be unfamiliar with provisions of law pertaining to information technology and persons concerned with information technology are unfamiliar with legal provisions affecting them," writes Justice B.N. Srikrishna in his foreword to the book.

He adds that the fog covering IT law is so dense that even the IT Act has not been able to fully pierce it.

The book, published by the Centre for Research and Prevention of Computer Crimes (www.crpcc.in) , shockingly reveals that there are no provisions in the IT Act to cover crimes such as social engineering, phishing, spoofing, ID-theft, spam, unsolicited mails, fake services on the Net or by e-mail, connecting laptop or palmtop to hotspot without permission, stealing bandwidth, DNS attack, threatening e-mails, sniffer, decryptor, deliberate bugs, logic bombs, trapdoors, spyware, adware, trojans, penetration testing and so on.

"The IT Act is based on the UN model (passed on January 30, 1997)," writes Rakesh to point out how our legislation addresses a technological scene that is already about a decade old, though even Moore's Law has been overtaken by developments.

"One IT year is only three calendar months," opines the author, considering the pace of progress in IT that is "four times faster than other sectors."

CEOs will benefit from the precautions that Rakesh outlines. There are only two escape routes when a crime is alleged: One, the person-in-charge can prove that it was committed `without his knowledge.' Or, two, he can show he has taken `due diligence.'

Rakesh points out that the first defence may not be easy unless the CEO was on a long tour and was not available for communication, or was seriously ill. "In that case, the next person-in-charge (acting CEO) will be held responsible."

A logical course is `due diligence', advises Rakesh. But the phrase is not defined in the IT Act, though one can draw inputs from the `security guidelines for certifying authorities' prescribed in the IT Rules.

The book discusses ISMS or Information Security Management System, a structured methodology to manage IS security as per ISO 17799.

"There are over 600 identified vulnerabilities in any IT environment," is a frightening statement that stares at you from the concluding chapter. Rakesh exhorts that you strengthen all these vulnerable points `to make it almost foolproof.'

Why `almost'? Because, "one must plug all those which are cost-effective, and manage/keep track of cost-heavy vulnerabilities."

Essential read before you log on.

MIS dreams

Information system is the `sixth resource' after men, machines, material, money and methods, writes Pankaj Srivastava in Management Information System: A New Framework, from Shree Niwas Publications (shreeniwaspub@yahoo.com).

There are many `MIS methodologies' that the author discusses. Strategy set transformation identifies the organisation's strategy set and transforms the same into MIS.

Next is BSP, that is not a political party but business system planning. CSF stands for critical success factors; "this involves a series of interviews to create an initial set of performance measures", and then specifying the key area in which performance must be satisfactory.

BIAIT looks like bait mis-spelt but no, it is business information analysis and integration. In this technique, the analyst uses `seven closed-ended questions' to classify an organisation.

E/MA stands for ends-means analysis "to determine information requirements at the organisational, departmental or individual levels based on the outputs desired."

Is there an ideal MIS model? Yes, Pankaj would say, and explain thus: "At the bottom are the physical system of the organisation and all of the facilities and equipment used to produce the products and services. Internal data is gathered throughout the physical system and directed to the information processing resources. These resources include the computer and the information services staff... "

I see that you're shaking your head, and saying that things don't happen with such surgical precision in practice.

Yet, is it not good to read textbooks such as Pankaj's to know what dreams we groom the students with?

For, the introduction proclaims that the book is written for students of graduate and PG courses, though highly priced at Rs 880.

Tailpiece

"When the CM spoke of inclusions in the cabinet, I was so hopeful of a berth!"

"Then?"

"She only wanted to add a CD-writer to her system!"

Books2Byte@TheHindu.co.in

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Chennai tunes in

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line