Cyber law applies to Internet and Internet related technologies. Cyber crime can target individuals, businesses, property and government. It can include harassment, stalking, identity theft, fraud, child pornography. Attacks can include DDoS attacks, hacking, cryptojacking, copyright infringement and virus transmissions. Cyber warfare and terrorism may be committed against a government.
Most of these crimes are addressed by specific laws. These laws are modeled after the Information Technology Act of 2000 (India) which was adopted by the United Nations Commission on International Trade Law (UNCITRAL) in an effort to bring uniformity among nations.
The purpose of cyber law is to mitigate risks. True, crooks don’t pay attention to laws but existence of these laws assist us to institute efficient strategies for risk reduction. By implementing policies and procedures, forensics, best practices, research and development and stronger physical defenses, we can ward off many attacks that are identified in these laws.
Cyber laws have also been used to create privacy, as we have witnessed with the General Data Protection Act (GDPR) and other US laws. The rate of which Internet technology changes and evolves requires constant updates, revisions and creation of cyber laws.
As outlined in The Basic Cyber Law Concepts Every Security Professional Needs to Know there are 4 basic concepts to understanding cyber law.
- Ensure that you are aware of the laws that affect you
- Identify all your organization’s regulated critical data and assets
- Examine client base location for regulations that might apply.
- Have an approved action plan in place.