There is no doubt that Information communication technology (ICT) plays a vital role in this digital era that helps everyone (the individuals, businesses and organizations) for information exchange in an effective and efficient manner. With the advancement in information and communication technology, almost everything has changed and continues to do so from its original form to this stage of artificial logical form. Evidently, the Internet has created an enormous impact in every sector of human life. The way and mode of happening or conducting various activities has drastically changed. Whatever we do or wherever we go, we notice the changes brought to us by the Internet. Now, it is difficult to piece the sector that is aloof from the Internet. The ICT innovations continue to redefine and restructure our society, economy, culture and everything- our lifestyles with a scale and speed never imagined or noticed before.
A society is a group of individuals or a large social group sharing the same spatial or social territory, typically subject to the same political authority and dominant cultural expectations. Digital society is the consequence of the adoption and integration of information and communication technology by the modern societies in their day to day activities, culture and lifestyles. It is not limited/bound to any geographical boundary. Digital society true to its nature depends on three stakeholders such as society, technology and content. Mobile and cloud technologies, Big Data and the Internet of Things (IoT) offer unimaginable opportunities. They ease the improvement of citizens' lives and efficiency to many areas: health services, transportation, energy, agriculture, manufacturing, retail and public administration. Similarly, they can also improve the governing process by helping the policy-makers to make better decisions inclusive of citizens. Likewise, the internet has considerable potential to promote democracy, cultural diversity and human rights, say for example, freedom of expression and right to information. Digital society opens up new ways to transparency, participation and innovation. Just look around, you will find anyone and everyone engaged in interaction with one another in digital space.
Many advanced concepts of Digital Society (Smart Town, Smart City, Smart Villages and many other smart and advanced services) are now in a process to become a part of our life. The importance of technologies in society is taking strong roots. Similarly, its interaction has led to the development of Digital Society as a field of study. For this reason digital society is considered as an interdisciplinary research area. As a result, many universities around the world have already begun the study of Digital Society as a course in undergraduate and graduate level. No doubt, Digital Literacy is the backbone of digital society. It includes Computer Literacy, Network Literacy, Web Literacy, Internet Literacy. Media Literacy, Multimedia Literacy etc.
Digital society depends on the following stakeholders or component:
- Society: It includes a group of individuals living in a community in a particular geographical area/territory.
- Technologies:It includes software technology, communication technology, database technology , network technology, multimedia technology etc.
- Content:It includes data, information, knowledge, documentation etc.
We continue to move towards Digital Nepal. However, there are many issues acting as a barrier to stop or slow down the creation of a digital society. Following are some of the challenges:
- Lack of proper co-operation, coordination and collaboration among the stake-holders.
- Little or no proper planning of digital product uses and their applicability in common people.
- Unavailability and shortage of skilled manpower.
- Limited fund and budget for the work.
- Lack of policy implementation.
- Little or no infrastructure.
- No encouraging initiatives from the government authorities.
- Less involvement of common people into the agenda.
Information revolution has altered many aspects of our daily life activities of education, business, employment, medicine, security, transportation, entertainment, and so on. Consequently, ICT has affected the community life and family life. Similarly, it has Impacted on human relationships, education, careers, freedom etc in both good and bad ways. No wonder, computer and information ethics can be understood as that branch of applied ethics. It studies and analyzes such social and ethical impacts of ICT.
Ethics are a structure of standards and practices that influence how people lead their lives, it is not desirable to strictly follow these ethics. However, it forms the basic norms for the benefit of everyone. Ethics do not have the force of laws. They indicate what is right or wrong. Ethics reflects society's views about what is right and what is wrong. One may wonder if ethics has anything to do with computers. Of course, one needs ethics to know how and for what to use a computer.
On turning to the history of computers, we notice that the term computer ethics was first coined by Walter Maner, a professor at Bowling Green State University.
Computer ethics are a set of moral standards that govern the use, development and management of information and communication technology. Such is the society's views about the use of computers. Privacy concerns, intellectual property rights and effects on the society are some of the common issues of computer ethics.
Ethics deals with placing a 'value' on acts according to whether they are “good” or “bad”. When computers first came for use in society at large, the absence of ethical standards about their use and related issues caused some problems. However, as their use became widespread in every aspect of our lives, discussions in computer ethics resulted in some kind of a consensus. Today, many of these rules have been formulated as laws, either national or international. Computer crimes and computer fraud are now common terms. There are laws against them, and everyone is responsible for knowing what constitutes computer crime and computer fraud.
Various national and international professional societies and organizations have produced a code of ethics documents to give basic behavioral guidelines to computing professionals and users. They include:
- Association for Computing Machinery
ACM Code of Ethics and Professional Conduct - Australian Computer Society
ACS Code of Ethics
ACS Code of Professional Conduct - British Computer Society
BCS Code of Conduct
Code of Good Practice (retired May 2011) - Computer Ethics Institute
Ten Commandments of Computer Ethics - IEEE
IEEE Code of Ethics
IEEE Code of Conduct - League of Professional System Administrators
The System Administrators' Code of Ethics
Do not use a computer to harm other people.
Do not use a computer to interfere with other people's work.
Do not spy on another person's computer data.
Do not use a computer to steal information.
Do not spread misinformation by using computer technology.
Do not use or copy software for which you have not paid.
Do not use other people's computer resources without authorization or proper compensation.
Do not claim ownership on a work which is the output of someone else's intellect.
Think about the social consequences of the program you develop.
Use a computer in ways that show consideration and respect.
Assignment 1
Define the term Digital Society and list out the different stakeholders of digital society.
What do you mean by Computer Ethics? What are the commandments of computer ethics?
Information Security has become increasingly important at a time when information has been recognized as a key asset by many organizations. The rapid advancement of Information and Communication Technology (ICT) and the growing dependence of organizations on IT infrastructure continuously intensify the interest in this discipline. Organizations pay increasing attention to information protection because the impact of security breaches today has a more tangible, often devastating effect on business.
Information security, sometimes abbreviated to infosec, is a set of practices intended to keep the data secure from unauthorized access or alterations, when it is being stored and when it is being transmitted from one machine or physical location to another. As knowledge has become one of the 21st century's most important assets, efforts to keep information secure have correspondingly become increasingly important. Threats to information and information systems may be categorized and a corresponding security goal may be defined for each category of threats. A set of security goals, identified as a result of a threat analysis should be revised periodically to ensure its adequacy and conformance with the evolving environment. The currently relevant set of security goals may include confidentiality, integrity, availability, privacy, authenticity & trustworthiness, non-repudiation, accountability and auditability.
POINTS TO REMEMBER
Information security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.
Information security is a constantly growing and evolving field with many areas of specialization ranging from network and infrastructure security to testing and auditing. Information security prevents the inspection, recording, modification, disruption, or destruction of sensitive information like account details or biometrics. From a business perspective, security disruptions interrupt workflow and cost money while damaging a company's reputation. Organizations need to allocate funds for security and ensure that their personnel are equipped to detect and deal with the threats from different sources.
Information security performs four important roles:
Protects the organization's ability to function.
Enables the safe operation of applications implemented on the organization's IT systems.
Protects the data the organization collects and uses.
Safeguards the technology the organization uses.
Information security vs. Cyber security
Information security differs from cyber security in terms of scope and objectives. There often arises confusion regarding these two terms- many using them interchangeably, and some defining infosec as a subcategory of cyber security. However, information security is, in fact, the broader category covering many areas : social media, mobile computing, and cryptography, as well as aspects of cyber security. It is also closely related to information assurance, which involves preserving information from threats like natural disasters and server malfunctions.
Cyber security exclusively covers threats involving the internet; therefore, it often overlaps with information security. Information can be either physical or digital, and only online information falls under the category of cyber security. Cyber security that deals with raw data is not classified as information security.
Information security principles
The basic principles/components of information security are CIA triad (confidentiality, integrity, and availability) and are interchangeably referred to in the literature as security attributes/properties, security goals, fundamental aspects, information criteria, critical information characteristics and basic building blocks.
Confidentiality
Confidentiality refers to preventing the disclosure of information to unauthorized users. Preserving restrictions on access to your data is important. Doing so secures your proprietary information and maintains your privacy, Every piece of information that an individual holds has value, especially in today's world. From bank account statements, personal information, credit card numbers, trade secrets to legal documents, almost everything requires proper confidentiality.
Any failure to maintain confidentiality, as a result of an accident or an intentional breach, can have severe consequences for businesses or individuals, who often cannot undo the damage. For example, a compromised password is a breach of confidentiality. Once it has been exposed, there is no way to make it secret again. Passwords, encryption, authentication, and defence against penetration attacks are all techniques designed to ensure confidentiality,
Integrity
Integrity refers to maintaining data in its correct form- preventing it from improper modification either accidentally or maliciously. In other words, in information security, data Integrity means maintaining and assuring the accuracy and completeness of data over its entire lifecycle. Many of the techniques that ensure confidentiality will also protect data Integrity. In doing so, a hacker cannot ever change the data beyond their normal access. Alongside, there are other tools that provide a defence of integrity in depth: checksums can help you verify the data integrity and version control software and frequent backups can similarly help you to restore the data to a correct state.
Availability
Availability is the mirror image of confidentiality. While you need to make sure that your data cannot be accessed by unauthorized users, you also need to ensure that it can be accessed by those with proper permission. Ensuring data availability means matching the network and computing resources to the volume of the data access you expect implementing a good backup policy for disaster recovery purposes. In other words, availability refers to having a reliable access to information by authorized users as and when they need it. This often requires collaboration between departments, such as development teams, network operations and management. An example of a common threat to availability is a denial of service (DoS) attack, where an attacker overloads or crashes the server to prevent the users from accessing a website.
Now, let's take a look at other key terms in Information Security - Authorization, Authentication, and Non-repudiation processes and methods- some of the main controls aimed at protecting the CIA triad.
To make information available or accessible/modifiable to those who need it can be trusted with it (for accessing and modification), the organizations use authentication and authorization. Authentication is proving that a user is the person he or she claims to be. That proof may involve something the user knows (such as a password), something the user has (such as a "smartcard"), or something about the user that proves the person's identity (such as a fingerprint). Authorization is the act of determining whether a particular user (or computer system) has the right to carry out a certain activity, say for example, reading a file or running a program. Users must be authenticated before carrying out the activity they are authorized to perform. Security is strong when the means of authentication cannot later be refuted-the user cannot later deny that he or she performed the activity. This is known as non-repudiation.
Information security policy
Creating an effective security policy and taking steps to ensure compliance is a critical step to prevent and mitigate security breaches. To make your security policy truly effective, update it in response to changes in your company, new threats, conclusions drawn from previous breaches, and other changes to your security posture. Make your information security policy practical and enforceable. It should have an exception system in place to accommodate the requirements and urgencies that arise from different parts of the organization. Among other things, information security policy should include:
A statement describing the purpose of the infosec program and your overall objectives
Definitions of key terms used in the document to ensure shared understanding
An access control policy, determining who has access to what data and how they can establish their rights
A password policy
A data support and operations plan to ensure that the data is always available to those who need it
Roles and responsibilities of all the concerned when it comes to safeguarding the data, including those who is ultimately responsible for information security
One important thing to keep in mind is that, in a world where many companies outsource some computer services or store data in the cloud, your security policy needs to cover more than just the assets you own.
Information security measures
As should be clear by now, just about all the technical measures associated with cyber security touch on information security to a certain degree, it is worthwhile to think about infosec measures in a big-picture way:
Technical measures: It includes the hardware and software that protects the data from encryption to firewalls.
Organizational measures: It includes the creation of an internal unit dedicated to information security, along with making infosec part of the duties of some staff in every department.
Human measures: It includes providing awareness training for the users on proper infosec practices.
Physical measures: It includes controlling access to the office locations and, especially, data centers.
Assignment 2
What do you mean by information security? List out the major components of information security.
List out the information security measures.
Technology has become a powerful, abuse prone tool and platform for criminals to use it for illegal activities worldwide. Criminals somehow identify a few technical loopholes offered by cyberspace. They have outpaced expectations, giving rise to a large number of threats by exploiting the digital technology to serve/fulfil their objectives.
Cybercrime is any type of criminal activity that takes place primarily on cyberspace or Internet involving a computer, networked device or a network. Some examples include spamming, identity theft, hacking, phishing etc. Cybercrime represents an extension of existing criminal behaviour using the Internet along with some novel illegal activities. Most of the cybercrimes are found carried out for financial benefit. However, some cyber crimes are carried out against computers or devices intending to damage or disable them, while others use computers or networks to spread malware, illegal information, images or other materials. Some cyber crimes do both.
Cybercrime can include many types of profit-driven criminal activity, including ransomware attacks, email and internet fraud, identity fraud as well as attempts to steal financial account, credit card or other payment card information. Cybercriminals may also target an individual's private information as well as corporate data for theft and resale. Rarely, cybercrime aims to damage computers for reasons other than profit. These could be political or personal.
The ubiquity of internet connectivity has increased the volume and pace of cybercrime activities because the criminal no longer needs to be physically present while committing a crime. The internet's speed, convenience, anonymity and lack of borders make cyber crime easier to commit.
Cybercriminal activity may be committed by individuals or small groups with relatively little technical skill or by highly organized global criminal groups that may include highly skilled developers and others with relevant expertise. To further reduce the chances of detection and prosecution, cybercriminals often choose to operate in countries with weak or nonexistent cyber laws. Cybercriminals include everyone from the lone user engaged in cyberbullying to state-sponsored actors. Cybercrimes generally do not occur in a vacuum; they are, in many ways, distributed in nature. That is, cybercriminals typically rely on other actors to complete the crime. Cybercriminals use various attack vectors to carry out their cyber attacks and are constantly seeking new methods and techniques for achieving their goals, while avoiding detection and arrest.
POINTS TO REMEMBER
The Council of Europe Convention on Cybercrime, to which the United States is a signatary, defines cybercrime as a wide range of malicious activities, including the illegal interception of data, system interferences that compromise network integrity and availability, and copyright infringements.
Types of Cybercrime
Hacking: The process of identifying and exploiting the weaknesses in computer systems and/or computer networks is called hacking. A hacker is a person with the knowledge of computer programming and computer security who finds and exploits the weakness in computer systems and/or networks. Hackers are classified according to the intent of their actions. There are mainly three types of hackers.
Black Hat Hacker: Hackers who use their computer expertise to break into systems and steal information illegally are called black hat hackers. Black hat hackers are also known as crackers.
Grey Hat Hacker: Gray hat hackers fall between white and black hats on the moral spectrum. A former black hat hacker who turns away from crime to a white hat hacker and helps fight cyber crime is called a grey hat hacker.
White Hat Hacker: A hacker who is a cyber defender and specializes in testing the security of information systems is called white hat hacker. They will attempt to hack into a company's network and then present the company with a report detailing the existing security holes and how those holes can be fixed. White hat hackers are also known as ethical hackers.
DDOS (Distributed Denial of Service) Attacks: These are used to make an online service unavailable and take the network down by overwhelming the site with traffic from a variety of sources. Large networks of infected devices known as Botnets are created by depositing malware on the users' computers. The hacker then hacks into the system once the network is down.
Identity Theft: This cybercrime occurs when a criminal gains access to a user's personal information to steal funds, access confidential information, or participate in tax or health insurance fraud. They can also open a phone/internet account in your name, use your name to plan a criminal activity and claim government benefits in your name. They may do this by finding out the user's passwords through hacking, retrieving personal information from social media, or sending phishing emails.
Credit card fraud: An attack that occurs when hackers infiltrate the retailers' system to get the credit card and/or banking information of their customers, Stolen payment cards can be bought and sold in bulk on darknet markets, where hacking groups have stolen mass quantities of credit cards profit by selling to lower-level cybercriminals who profit through credit card fraud against individual accounts.
Cyberstalking: This kind of cybercrime involves online harassment where the user is subjected to a plethora of online messages and emails. Typically cyberstalkers use social media, websites and search engines to intimidate a user and instil fear. Usually, the cyberstalkers know their victim and scare the person for their safety.
Cyber Extortion: It concerns a crime involving an attack or threat of an attack coupled with a demand for money to stop the attack. One form of cyber extortion is the ransomware attack, in which the attacker gains access to an organization's systems and encrypts its documents and files; or anything of potential value, making the data inaccessible until a ransom is paid, usually in some form of cryptocurrency, such as bitcoin.
Cryptojacking: Cryptojacking is the unauthorized use of someone else's computer to mine cryptocurrency without the victim's knowledge or consent. Hackers do this by either getting the victim to click on a malicious link in an email that loads cryptomining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim's browser.
Cyberbullying: Cyberbullying refers to all kinds of online harassment, including stalking, sexual harassment, doxing (exposing someone's personal information, like their physical address, online without their consent), and fraping (breaking into someone's social media and making fake posts on their behalf).
Cyberespionage: A crime involving a cybercriminal who hacks into systems or networks to gain access to confidential information held by a government or other organization. Attacks may be motivated by profit or by ideology. Cyberespionage activities can include every type of cyberattack to gather, modify or destroy data, as well as using network-connected devices, like webcams or closed-circuit TV (CCTV) cameras, to spy on a targeted individual or groups and monitoring communications, including emails, text messages and instant messages.
Social Engineering: Social engineering is a tactic used by cyber criminals that uses lies and manipulation to trick people into revealing their personal information. Social engineering attacks frequently involve very convincing fake stories to lure victims into a trap. It involves criminals making direct contact with you usually by phone or email. They want to gain your confidence and usually pose as a customer service agent so you’ll give the necessary information needed. Cybercriminals will find out what they can do about you on the internet and then attempt to add you as a friend on social accounts. Once they gain access to an account, they can sell your information.
Distributing Prohibited/Illegal Content: Cybercrime involves criminals sharing and distributing inappropriate content that can be highly distressing and offensive. Offensive content can include, but is not limited to, porn videos, videos with intense violent and videos of criminal activity. Illegal content includes materials advocating terrorism-related acts and child exploitation material. This type of content exists both on the everyday internet and on the dark web, an anonymous network.
Assignment 3
Define cybercrime. List out different types of cybercrime.
What is hacking? What are different types of hacker?
Malicious software, in short known as malware, is the software used or created to disrupt the computer operation, gather sensitive information, or gain access to private computer systems. It can appear in the form of code, scripts, active content, and other software. Malware is a general term used to refer to a variety of forms of hostile, intrusive, or annoying software.
Malicious software generally travels with data travellers, email, or any mode of transferring the data from one end to another. Some of them possess the ability to stay hidden and replicated. Such software is very dangerous as they make their copies. And, these copies get activated whenever the system is rebooted. Some of the malicious software spread themselves independently while others do so through dependence.
Many early infectious programs, including the first Internet Worm, were written as experiments or pranks. Today, malware is used primarily to steal sensitive personal, financial, or business information for the benefit of others. Malware is sometimes used broadly against the government or corporate websites to gather the guarded information, or to disrupt their operation in general. However, malware is often used against individuals to gain personal information such as social security numbers, bank or credit card numbers, and so on.
POINTS TO REMEMBER
Malicious software, in short known as malware, is the software used or created to disrupt computer operation, gather sensitive information, or gain access to private computer systems.
Different Types of Malware
Computer Virus: A computer virus is malicious software which self-replicates and attaches itself to other files/programs. Computer viruses spread like biological ones. It is capable of quiet execution of its worst when the host program/file is activated. Viruses can be transmitted as attachments to an email note or in a downloaded file or present on a disk. Computer virus can be thought of as an abbreviation of “Vital Information Resources Under Seize”. All computer viruses are man made- most commonly-known form of malware and most severely destructive. Viruses copy themselves to other disks to quickly pass on to other computers. They can do anything from erasing the data on your computer to hijacking your computer to attack other damaging systems, send spam, or host and share illegal content. Viruses may also perform other actions, like creating a backdoor for later use, damaging files, or even damaging equipment.
The examples of computer virus include: Memory-Resident Virus, Program File Virus, Boot Sector Virus, Stealth Virus, Macro Virus, Email Virus etc.
Worm: Computer worm is a self-replicating malware that does not alter files but duplicates itself. The trouble of worms is to spread and infect as many computers as possible. They do so by creating copies of themselves on infected computers, which then spread to other computers via different channels. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. It uses a network to send copies of itself to other nodes (computers on the network). It may do so without any user intervention. It does not need to attach itself to an existing program.
Trojan Horse: Trojan Horse is a malware that neither replicates or nor copies itself , but causes damage or compromises the security of the computer. Trojan Horse must be sent by someone or carried by another program and may arrive in the form of a joke program or software of some sort. It has the appearance of having a useful and desired function i.e. it appears legitimate. After gaining the trust, it secretly performs malicious and illicit activities when executed. Hackers make use of Trojan horses to steal a user's password information, destroy data or programs on the hard disk. It is hard to detect. Examples of Trojan Horses include Remote Access Trojans (RATS), Backdoor Trojans (backdoors), IRC Trojans (IRCbots), Keylogging Trojans etc.
Logic Bomb: Logic Bomb is a piece of computer code that executes a malicious task such as clearing a hard drive or deleting specific files, when it is triggered by a specific event. It is secretly inserted into the code of a computer's existing software where it remains passive until that event occurs. The payload of a logic bomb is usually pretty devastating to the company under attack. It is often a tool used by angry employees in the IT world. It has a reputation of being associated with “disgruntled employee syndrome”. A logic bomb doesn't cause much harm outside of targeting a specific computer or network and IT employees. They are usually the ones with the access and know-how to implement them. Logic bombs are not usually programmed to spread to unknown recipients.
The type of action carried out in a logic bomb does have a non-destructive use as well. It makes restricted, free software trials possible. After a certain time period, a piece of code embedded in the software's code causes the free software to disappear or become crippled so the user needs to pay to continue its use. But since this is a non-malicious, user-transparent use of the code, it is not typically referred to as a logic bomb.
Zombies: A zombie is a computer connected to a network that has been compromised by a cracker, a virus or a Trojan. It can be used remotely for malicious tasks. A cracker (a computer hacker who intends mischief or harm) secretly infiltrates an unsuspecting victim's computer and uses it to conduct illegal activities. The user generally remains unaware that his/her computer has been taken over. He/She can still use it, though it might slow down considerably. As his/her computer begins to either send out massive amounts of spam or attack webpages, he becomes the focal point for any investigation involving his/her computer's suspicious activities. This technique is useful for criminals as it helps them avoid detection and at the same time reduce bandwidth costs (as the owners of the zombies will bear the cost). Zombies are frequently used in denial-of-service attacks (DDoS), degradation of service attack, for sending spam etc.
Phishing: Phishing refers to the sending of emails that appear to originate from reliable sources but are really intended to trick the recipient into revealing confidential information. Most phishing attacks begin when the victim receives an email message in which the sender pretends to be a bank or another real company organization in order to trick the recipient. The email contains links to websites prepared by the criminals and with the appearance of a legitimate website which ask the victim to enter personal data. Phishing can take advantage of other means of communication as well including SMS (‘smishing’), VolP (‘vishing’) or instant messaging on social networks. Cyber criminals also use certain social engineering tricks to alarm recipients, with warnings and emergency alerts to encourage victims into action. The idea is to get users to act immediately without stopping to consider potential risks.
Spyware: Spyware is a type of malware installed on computers that collects your personal information and passes it on to someone else without your knowledge or consent. The presence of spyware is typically hidden from the user and can be difficult to detect. They travel on the internet via emails, software or come with legitimate applications. They are also called tracking software and once they are installed on the system, it is hard to stop them and recover the lost data.
Typically, spyware is secretly installed on the user's personal computer. While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet connection or functionality of other programs. Spyware is also known for installing Trojan viruses.
Adware: Adware (abbreviation for Advertising Supported Software) is a type of malware that automatically delivers advertisements. Common examples of adware include pop-up ads on websites and advertisements that are displayed by software. Adware, by itself, is harmless ; however, some adware may come with integrated spyware such as keyloggers and other privacy-invasive software. Oftentimes, software and applications offer “free” versions that come bundled with adware. Adware can also work like spyware, it is deployed to gather confidential information; basically, to spy on and gather information from a victim's computer.
Ransomware: Ransomware is a form of malware that essentially holds a computer system locked up while demanding a ransom. The malware restricts the user from access to the computer either by encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the malware creator to remove the restrictions and regain access to their computer.
Rootkit: Originally, within the context of UNIX-type systems, a rootkit was a group of tools belonging to the operating system itself, such as netstat, passwd and ps, which were modified by an intruder in order to gain unlimited access to the target computer, without this intrusion being detected by the system administrator. A rootkit is a malware that alters the regular functionality of an operating system on a computer in a stealthy manner. The altering helps the hacker to take full control of the system and the hacker acts as the system administrator on the victim’s system.
Botnet: A bot is a device that has been infected with malicious software to do something harmful without the user's knowledge. Botnet is a network of these infected devices that works together under the control of an attacker. Botnet can be used to conduct phishing campaigns, send out spam or used to carry out Distributed Denial of Service (DDoS) attacks.
Spam: Spam is any kind of unwanted, unsolicited digital communication, often an email , that gets sent out in bulk to multiple recipients who did not ask for them. The problems caused by spam are due to the combination of the unsolicited and bulk aspects; the quantity of unwanted messages swamps messaging systems and drowns out the messages that recipients do want.
The most widely recognized form of spam is email spam but the term is applied to similar abuses in other media as well such as instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam.
Spamming is the act of sending spam to large numbers of recipients for the purpose of commercial advertising or non-commercial proselytizing or for any prohibited purpose (especially the fraudulent purpose of phishing).
POINTS TO REMEMBER
Some common types of malicious software are computer virus, Worm, Trojan Horse, Logic Bomb, Zombies, Phishing, Spyware, Adware, Ransomware, Rootkit, Botnet and Spam.
Symptoms of Malware attack
Unexpected Crashes: Crashing your system or regularly switching to the terrifying blue screen is a major signal/symptom of something that is utterly wrong. If it is happening in your computer now, immediately scan your system for infections.
Slow System: When you are not running any heavy resource applications on your system but it is running slowly anyway, it may be because your system is infected with a malware.
Excessive Hard Drive Activity: When you see a lot of hard drive activity even when your computer is idle, this is a symptom of a potential infection.
Strange Windows: When strange windows pop up during the booting process, particularly those that warn you of lost access to various drives on your system, something is wrong.
Peculiar Messages: Troubling dialogue boxes come up when your system is running and alerts you that various programs or files will not open; this is also a bad sign.
Bad Program Activity: When your programs go missing, are corrupted, or start to open themselves without your initiation and/or when you receive notification that the program is attempting to access the internet without your command, this is a serious sign that you are the victim of malware.
Random Network Activity: When your router is constantly blinking indicating a high level of network activity when you aren't running any significant programs or accessing high amounts of Internet data, something might be wrong.
Erratic Email: When you haven't sent emails but you hear from your contacts that they're getting strange emails from you, this is a strong indication that your system has been compromised (or your email password has been stolen).
Blacklisting IP Address: When you receive notification that your IP address has been blacklisted, consider this as a sign that your PC is not in good hands i.e. your system has been compromised and is being used as one tentacle in a far-reaching, spam-sending botnet.
Unexpected Antivirus Disabling: Many malware programs are designed to disable the antivirus program that would otherwise eradicate them, so if your antivirus system is suddenly not operating this could be a sign of a much larger problem.
Assignment 4
Define malicious software? List out any 10 common malicious software.
List out the symptoms of malware attack.
Cyber crime, nowadays, has been a crucial issue to be tackled with. The only way to deal with this issue is the smart use of information and communication technology. The following preventive measures can protect you and your computer system from cyber crime.
Keep your computer and software updated: Software development companies often release updates for their software, and it's a good idea to install these updates when they become available for your computers. These updates often include fixes that can improve the security of your system. Newer versions often contain more security fixes to prevent malware attacks.
Use a non-administrator account whenever possible: Non-administrator accounts usually don't have the ability to install software. Using “limited” or “standard” user accounts for day to day computing activities can help prevent malware from getting installed on your computer and making system-wide changes.
Think twice before clicking links or downloading anything: Phishing scams trick people into opening emails or clicking on a link that may appear to come from a legitimate business or reputable source. The link may direct you to a fake website where you are prompted to enter your personal details or take you to a website that directly infects your computer with malware. If in doubt, don't click the link. Search for reviews or information about websites or programs before downloading or installing anything. Downloads are one of the main ways people get malware, so remember to think twice about what you're downloading and where you're downloading it from.
Be careful about opening email attachments or images: You should be wary if a random person sends you a suspicious email containing attachments or images. Sometimes, those emails might just be spam, but other times, those emails might secretly contain harmful malware. You can report those emails as spam to your service providers so that they can better weed out emails like this in the future.
Don't trust pop-up windows that ask you to download software: While surfing the web, you might come across sites that show pop-up windows, making you believe your computer has been infected and asking you to download some software in order to protect yourself. Don't fall for this trick. Just close the pop-up window and make sure you don't click inside the pop-up window.
Limit your file-sharing: Some sites and applications allow you to easily share files with other users. Many of these sites and applications offer little protection against malware. If you exchange or download files using these file-sharing methods, be on the lookout for malware. Malware can often be disguised as a popular movie, album, game, or program.
Use antivirus/antimalware software: Anti-virus software will protect your device from malicious software that poses a threat to the system. It will scan your computer to detect and clean the malware and provide automatic updates to provide enhanced protection against newly created viruses.
Secure your network: Never broadcast an open Wi-Fi connection. It's also a great idea to not broadcast your SSID (the name of your Wi-Fi network). You can still access it with your device; you will just have to type the SSID and the password manually. You can provide a guest SSID that uses a different password for your guest.
A firewall prevents malicious attacks by blocking all unauthorized access to or from a private computer network. A firewall provides an extra barrier against malware , reducing the chance of attack.
Backup Your Files: It's important to back up on a regular basis to ensure that you can still retrieve all your valuable data and files if your computer is infected with malware. This will help mitigate any damage and ensure that you are not held victim to ransomware attack.
Use Multiple Strong Passwords: Too many people continue to use easily-guessed passwords, or the same password for all of their accounts. It is imperative that you use a strong, unique password for each of your accounts. Where offered, enable two factors authentication (2FA) to further secure access to your accounts.
Assignment 5
List out the ways that can protect you from cyber crime.
There is nothing wrong to say, in the present context, that ‘wisdom is wealth’. This is the era of ‘intellectualism’. Human intellect is exploring all the fields of knowledge. Considering the contribution of human intellect in the development of society a need has been felt to promote, protect, and encourage such a contribution. Consequently, the concept of intellectual property rights emerged.
Intellectual property (IP) refers to creations of the human mind such as inventions, literary works, artistic works, symbols, names, images, designs etc. that are intangible when created and are generally converted into tangible products for market consumption.
Types of intellectual property
Intellectual property is divided into two categories: Industrial Property includes patents for inventions, trademarks, industrial designs and geographical indications. Copyright covers literary works (such as novels, poems and plays), films, music, artistic works (e.g. drawings, paintings, photographs and sculptures) and architectural design. Rights related to copyright include those of performing artists in their performances, producers of phonograms in their recordings, and broadcasters in their radio and television programs. Newer forms of the IPs are also emerging particularly stimulated by the exciting developments in scientific and technological activities.
Copyright and related rights
Copyright is a legal term used to describe the rights that creators have over their literary and artistic works. Works covered by copyright range from books, music, paintings, sculpture and films, to computer programs, databases, advertisements, maps and technical drawings. A closely associated field is ‘“related rights” that encompass rights similar or identical to those of copyright, although sometimes more limited and of shorter duration. The beneficiaries of related rights are: performers (such as actors and musicians) in their performances; producers of phonograms (for example, compact discs) in their sound recordings; and broadcasting organizations in their radio and television programs.
Patents
A patent is an exclusive right granted for an invention. Generally speaking, a patent provides the patent owner with the right to decide how - or whether - the invention can be used by others. In exchange for this right, the patent owner makes technical information about the invention publicly available in the published patent document.
Trademarks
A trademark is a sign capable of distinguishing the goods or services of one enterprise from we of other enterprises. Trademarks date back to ancient times when artisans used to put their signature or mark on their products.
Industrial Design
An industrial design constitutes the ornamental or aesthetic aspect of an article. A design may consist of three-dimensional features, such as the shape or surface of an article, or of two-dimensional feature, such s patterns, lines or color.
Geographical indications
Geographical indications and appellations of origin are signs used on goods that have a specific geographical origin and possess qualities, a reputation or characteristics that are essentially attributable to that place of origin. Most commonly, a geographical indication includes the name of the place of the origin of the goods.
Trade Secrets
Trade secrets are IP rights on confidential information which may be sold or licensed. The unauthorized acquisition, use or disclosure of such secret information in a manner contrary to honest commercial practices by others is regarded as an unfair practice and a violation of trade secret protection.
Points to Remember
Intellectual property (IP) refers to creations of the mind: inventions, literary and artistic works, and symbols, names, images, and designs used in commerce.
Why should we promote and protect intellectual property?
There are several reasons that force the promotion and protection of IPs. First, the progress and well-being of humanity rest on its capacity to create and invent new works in the areas of technology and culture. Second, the legal protection of new creations encourages the commitment of additional resources for further innovation. Third, the promotion and protection of intellectual property spurs economic growth, creates new jobs and industries, and enhances the quality and enjoyment of life. An efficient and equitable intellectual Property system can help all countries to realize intellectual property's potential as a catalyst for economic development and social and cultural well-being. The intellectual property system helps strike a balance between the interests of innovators and the public interests , providing an environment in which creativity and invention can flourish , for the benefits of all.
Intellectual property rights reward creativity and human endeavor, which fuel the progress of humankind. Some examples: The multibillion dollar film, recording, publishing and software industries - which bring pleasure to millions of people worldwide - would not ist without copyright protection. Without the rewards provided by the patent system, researchers and inventors would have little incentive to continue producing better and more efficient products for consumers. Consumers would have no means to confidently buy products or services without reliable, international trademark protection and enforcement mechanisms to discourage counterfeiting and piracy.
Intellectual property rights (IPRs)
IPRs are the rights given to persons over the creations of their minds. They usually give the creator an exclusive right over the use of his/her creation for a certain period of time. IPR means “ownership”. Ownership is important as it draws potential economic benefit for the owner.
Over the past two decades, intellectual property rights have grown to a stature from where it plays a major role in the development of the global economy. In the 1990s, many countries unilaterally strengthened their laws and regulations in this area, and many others were poised to do likewise. At the multilateral level, the successful conclusion of the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS) in the World Trade Organization enhanced the protection and enforcement of IPRs to the level of Solemn international commitment.
The domain of intellectual property is vast. Copyrights, Patents, Trademarks and Designs are known to have received recognition for a long time. Newer forms of the protection are also emerging particularly stimulated by the exciting developments in scientific and technological activities.
Intellectual property has increasingly assumed a vital role with the rapid pace of technological, scientific and medical innovation that we are witnessing today. Moreover, changes in the global economic environment have influenced the development of business models where intellectual property is a central element establishing value and potential growth. In Nepal several legislations such as The Patent, Design and Trademark Act 2022 , The Copyright Act 2059, National Intellectual Property Policy 2073 etc. for the protection of intellectual property rights (IPRS) have been passed to meet the international obligations under the WTO Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS).
Countries have laws to protect intellectual property for two main reasons. One is to give statutory expression to the moral and economic rights of creators in their creations and the rights of the public in access to those creations. The second is to promote, as a deliberate act of Government policy, creativity and the dissemination and application of its results and to encourage fair trading which would contribute to economic and social development.
The convention establishing the World Intellectual Property Organization (WIPO), one of the specialized agencies of the United Nations (UN) system of organizations concluded in Stockholm on 14 July 1967 provides that “intellectual property shall include rights relating to
literary, artistic and scientific works,
performances of performing artists, phonograms and broadcasts,
inventions in all fields of human endeavor,
scientific discoveries,
industrial designs,
trademarks, service marks and commercial names and designations,
protection against unfair competition,
and all other rights resulting from intellectual activity in the industrial, scientific, literary or artistic fields.”
Assignment 6
Define intellectual property rights. Also list out the different types of intellectual property.
List out the legislation passed by Nepal for the protection of IPR.
Digital signatures are like electronic “fingerprints”. A digital signature is a specific type of e-signature that verifies the authenticity of the digital messages or documents. A valid digital signature gives a recipient a very strong reason to believe that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity). All digital signatures are e-signature but all e-signatures are not digital signatures. In the form of a coded message, the digital signature securely associates a signer with a document in a recorded transaction.
Digital signatures use a standard, accepted format, called Public Key Infrastructure (PKI), to provide the highest levels of security and universal acceptance. Digital signatures use certificate-based digital IDs to authenticate the signer identity and demonstrate a proof of signing by binding each signature to the document with encryption. Validation occurs through trusted certificate authorities (CAs) or trust service providers (TSPs). Digital signature is a standard element of most cryptographic protocol suites, and is commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.
Digital signatures are equivalent to traditional handwritten signatures in many respects, but properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes, in the sense used here, are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message.
POINTS TO REMEMBER
A digital signature is a mathematical code for demonstrating the authenticity of digital messages or documents that lets you sign a document electronically and validates the signer.
Working mechanism of digital signature
Digital signatures are based on Public Key Infrastructure. By this mechanism, two keys are generated, a Public Key and Private Key. The private key is kept by the signer and it should be kept securely. On the other hand, the receiver must have the public key to decrypt the message.
For example, a sender wants to send an encrypted message to the receiver. As stated above, the sender must have a private key to sign the message digitally. Before encrypting the message using the private key, an algorithm encrypts the message to be sent by the sender into a hash value. Then, the sender's private key encrypts this hash value. On completion of both the processes, the sender's message is said to be digitally signed.
On the side of the receiver, the digitally signed message is decrypted with the help of the signer's public key. The public key decrypts the message and converts it into another hash value. Then, the program which is used to open the message (e.g., MS Word, Adobe Reader etc.) compares this hash value to the original hash value which was generated on the sender's side. If the hash value on receiver's side matches with the hash value generated on the sender's side, then, the program will allow the message to open up and displays the message “The document has not been modified since this signature was applied.” Then the program will not allow the document to open if both the hash values don't match.
Hash function: A hash function (also called a "hash") is a fixed-length string of numbers and letters generated from a mathematical algorithm and an arbitrarily sized file such as an email, document, picture, or other type of data. This generated string is unique to the file being hashed and is a one-way function i.e. a computed hash cannot be reversed to find other files that may generate the same hash value. Some of the more popular hashing algorithms in use today are Secure Hash Algorithm-1 (SHA-1), the Secure Hashing Algorithm-2 family (SHA-2 and SHA-256), and Message Digest 5 (MD5).
Public Key Infrastructure (PKI): Public Key Infrastructure (PKI) is a set of requirements that allow (among other things) the creation of digital signatures. Through PKI, each digital signature transaction includes a pair of keys: a private key and a public key. The private key, as the name implies, is not shared and is used only by the signer to electronically sign documents. The public key is openly available and used by those who need to validate the signer’s electronic signature. To protect the integrity of the signature, PKI requires that the keys be created, conducted, and saved in a secure manner, and often requires the services reliable Certificate Authority (CA).
Certificate Authority (CA): Digital signatures rely on public and private keys. When you send or sign a document, you need assurance that the documents and the keys are created securely and that they are using valid keys. CAs, a type of Trust Service Provider, are third- organizations that have been widely accepted as reliable for ensuring key security that can provide the necessary digital certificates. Also, CA validates a person's identity and either generates a public/private key pair on their behalf or associates an existing public key provided by the person to that person. Once a CA validates someone's identity, they issue a digital certificate that is digitally signed by the CA.
Digital certificate: A digital certificate is an electronic document issued by a Certificate Authority (CA). It contains the public key for a digital signature and specifies the identity associated with the key, such as the name of an organization. The certificate is used to confirm that the public key belongs to the specific organization. The CA acts as the parantor. Digital certificates must be issued by a trusted authority and are only valid for a specified time. They are required in order to create a digital signature.
Advantages and Disadvantages of Digital Signature
The following are the benefits of digital signature:
Time saving: Documents sent by the sender are auto verified and hence recipients do not need to spend their time on manual verification. Documents are prepared and signed by all the parties in a very short period of time no matter how far the parties are geographically.
Costs Saving: Using postal or courier services for paper documents is much more expensive compared to using digital signatures on electronic documents.
Enhance Security: The use of digital signatures and electronic documents reduces the risks of documents being intercepted, read, destroyed, or altered while in transit.
Authenticity: An electronic document signed with a digital signature can stand up in court just as well as any other signed paper document.
Tracking: A digitally signed document can easily be tracked and located in a short amount of time.
Non-Repudiation: Signing an electronic document digitally identifies you as the signatory and that cannot be later denied.
Imposter prevention: No one else can forge your digital signature or submit an electronic document falsely claiming it was signed by you.
Time-Stamps: By time stamping your digital signatures, you will clearly know when the document was signed.
The following are the disadvantages of digital signature:
Expiry: Digital signatures are highly dependent on the technology. Because of fast technological advancements, many of these tech products have a short life.
Certificates: In order to effectively use digital signatures, both senders and recipients may have to buy digital certificates at a cost from a trusted certification authority.
Software: To work with digital certificates, senders and recipients have to buy verification software at a cost.
Law: In some states and countries, cyber laws are weak or even non-existent. Trading in such jurisdictions becomes very risky for those who use digitally signed electronic documents.
Compatibility: There are many different digital signature standards and most of them are incompatible with each other and this complicates the sharing of digitally signed documents.
Assignment 7
Define the following terms Digital Signature, Hash Value, PKI, Certificate Authority and Digital Certificate.
List out the merits and demerits of digital signature.
This law is commonly known as the law of the internet. It governs the legal issues of computers, Internet, data, software, computer networks and so on. These terms of legal issues are collectively known as cyberspace. In other words, it is a type of law which rules on the Internet to prevent Internet related crime.
Cyber law is a new and quickly developing area of the law that pertains to persons and companies participating in e-commerce development, online business formation, electronic copyright, web image trademarks, software and data licenses, online financial transactions, interactive media, domain name disputes, computer software and hardware, web privacy, software development and cybercrime which includes, credit card fraud, hacking, software piracy, electronic stalking and other computer related offenses.
Area of Cyber Law
Electronic and Digital Signature: It is a type of security mechanism. To transfer critical data, we need to encrypt the data by private key (which is only known to encrypter) and decrypt the data by public key (which is known to both sender and receiver). This type of security is used to transfer secret emails, fund transferring web pages etc.
Computer crime: With the fast growing information technology and advancements on the business organizations, the internet is becoming the most targeted site of crime. Some commit crime for money while others sadistically disturb others. This law has emerged to prevent such types of crimes.
Intellectual Property: Intellectual property (IP) refers to the creations of the mind: inventions; literary and artistic works; designs; and symbols, names, and images, used in commerce. These properties should be protected by Copyright Law, Trademark Law, Patent Law etc.
Data Protection and Privacy: This law is built up for the security of data. One can manage his/her own database along with the privacy maintained. The government body is protecting the fundamental rights of privacy of individual. This law is vital to protecting abusing internet resources.
Telecommunication Law: Looking back to history, until a few years back, the internet was a part of telecommunication. Now-a-days, interestingly, telecommunication has been the part of cyberspace (computers, internet, data, software, computer networks, cables and so on) where communication is possible via internet. In order to manage communication law and for proper use of internet technology, this law has emerged. For example: VOIP became legal which provides cheap International calls.
Cyber law in Nepal
Cyber Law includes an ample variety of political and legal issues related to the Internet and other communications technology, including intellectual property, privacy, freedom of expression and jurisdiction. Proper cyber law must govern all the cyber activities. Nepal cannot be isolated from emerging technology and the problems raised by the technology.
The Electronic Transaction Act, 2063 is Nepal's first cyber law. It was created in response to the growing usage of the internet in Nepal. It makes provision for the commercial use of computers and networks; authorized e-transactions and communication in public and private sectors; criminalizes different computer related unwanted activities. The bill deals with issues related to digital signature, intellectual property, cybercrime, etc. The Act is divided into 12 sections and 80 clauses. This law keeps an eyeball on issues which are related to computer networks and cybercrime. It brings cyber criminals for hearing in the court and penalizes them just like other criminals.
The main provisions included in the law are:
The law covers most of the issues related with cyber activities and is supposed to forecast to be landmark legislation for development of IT industry in Nepal.
Conducts such as hacking, deleting data, stealing e-document, software piracy and posting offensive information are capable of criminal and civil sanctioning under the new Cyber law.
The government can punish cyber offenders with up to 5 years of imprisonment or a fine of up to Rs. 2,00,000 or both. However, much depends on the harshness of the crime and repetition of crime will cause more punishment.
The law has tightened the security for banking transactions through electronic means, which should boost the economic activities across the Internet via Nepal.
It gives legal status to the information posted on the websites of the government offices, the government run corporations and local bodies.
It has also granted legal status to the digital signatures sent through the electronic media like e-banking, e-commerce etc.
It paves the way to provide legal status to online news portals in the country.
The law has also made a new judicial body to listen to complaints, cases and matters concerning cyber crime.
Assignment 8
Define the term Cyber Law. List out the areas of Cyber Law.
List out any five legal provisions included in the cyber law of Nepal.
Due to rapid and continuous development of information and communication technology, it is increasingly at the core of strategies aimed at securing the goals of sustainable development and stimulating economic growth in countries around the world. Among others, these technologies are redefining the way social interaction takes place and public services are delivered in some fundamental ways. It is precisely along these lines that the Government of Nepal has placed a great deal of importance on transformative potential of ICTs and positioning these technologies within the larger context of its far reaching developmental aspirations premised around poverty reduction as an overarching goal. Apart from opportunities, the ever evolving nature of ICTs also offers a host of challenges namely issues surrounding cyber security, data protection, privacy and respect for intellectual property rights etc. Equally important is the need to address the challenges posed by technological convergence especially from regulatory and governance perspectives. Taking all these into consideration, The Government of Nepal has developed “Information and Communication Technology Policy, 2072”. Vision To transform Nepal into an information and knowledge-based society through the use of ICTs. Mission To achieve good governance, sustainable development and objectives of poverty reduction through the use of ICTs Major Objectives To make ICT accessible and affordable to all citizens. To achieve sustainable and inclusive socio-economic development through the use of ICT. To develop and expand ICT infrastructures. To encourage research and development of ICT in order to face probable challenges in the environmental, socio-economical and technological sector. To develop human resources in the ICT sector and create the opportunities of human resource development through the use of ICT. To promote good governance through the use of ICT. Policy To empower and facilitate Nepal's participation in the Global Knowledge Society. To transform Government service delivery regime by promoting transparency, efficiency, inclusiveness and participation through effective utilization of information and communication technologies. To promote ICT to further productivity among the sectors that are key drivers of the national economy. To create an innovative, market responsive, highly competitive and well regulated ICT industry. To help develop ICT business incubators and promote start-up projects in close coordination with the private sector through the creation of a supportive ecosystem. To address gender-based inequalities and promote gender-sensitive measures to encourage the active participation of women in national and community-based ICT initiatives. To increase the competitiveness of farmers in production, processing and marketing of agricultural products and services through the effective and outcome oriented utilization of ICTs. To promote a stable, fair and competitive investment climate to facilitate the development of e-Trade and E-Commerce activities in the country. To promote the use of free and open source software as well as open standard in software development for government agencies. To foster efficient, inter-operable, secure, reliable and sustainable national ICT infrastructure in alignment with grass-root needs, and compliant with regional and international standards. To further streamline clear strategies and obligations for licensed ICT service provide with respect to universal access/service goals and Quality of Service (QoS) and ensure cost-effective connectivity to ICT services such as Internet, E-Commerce and E-Government services. To promote cost-effective and qualitative last-mile access technologies for providing secure access to the internet including commercial and public information servion,e Government applications by communities (including the disadvantaged and physically challenged) especially in rural and underserved areas. To create easily accessible, affordable and innovative public access points under a comprehensive e-Community/ Village network initiative. To create a favorable environment for cooperation and partnership in ICT among public and private sectors, civil society, and between all stakeholders at local, naion regional and international levels. To increase the institutional capacity along with infrastructure and human resource dimensions in public and private educational institutions including schools, colleges/ universities that offer ICT courses and use ICTs for pedagogical purposes. To support local and indigenous content development as well as applications targeting the capturing, archiving and dissemination of local and indigenous knowledge content and information resources as well as the promotion of diverse linguistic and cultural heritage of Nepal. Assignment 9 Why do we need ICT policy? List out its mission and vision. List out any five objectives of ICT Policy 2072.