COURSE CODE COURSE TITLE L T P C

10212CS225 Ethical Hacking 3 0 2 4

UNIT – 5 Reporting and Cyber Law L-9 Hours

Skills required for an ethical hacker – Incident Handling – CVE and CVSS –Report Writing
– Laws of Land – Ethics Vs Law – Indian IT Policy 2000 – Compliance and Risk Assessment -
CaseStudies

1. Skills Required for an Ethical Hacker

Ethical hackers, also known as white hat hackers, are cybersecurity professionals who legally and
ethically test systems to uncover security weaknesses. Their primary goal is to identify and patch
vulnerabilities before malicious hackers (black hats) exploit them. Becoming a successful ethical hacker
requires a blend of technical expertise, analytical thinking, and ethical responsibility. Below is a
comprehensive breakdown of the skills essential for this role:

I. TECHNICAL SKILLS

1. Strong Understanding of Computer Systems and Networks

o Deep knowledge of operating systems (Windows, Linux, macOS).
o Familiarity with networking protocols like TCP/IP, UDP, ICMP, and DNS.
o Concepts like firewalls, VPNs, IDS/IPS, and routing are crucial.
2. Programming and Scripting Skills
o Ability to write, understand, and analyze code helps in developing exploits, automating
tasks, and understanding application logic.
o Commonly used languages:
 Python – for scripting and automation
 SQL – for injection and database analysis
 C/C++ – for reverse engineering
 Java, JavaScript – for web application testing
3. Advanced Networking Skills
o Understand subnetting, IP addressing, NAT, VLANs, and port scanning.
o Use tools like Wireshark, Nmap, and tcpdump to analyze network traffic.
4. Knowledge of Security Tools and Techniques
o Familiarity with industry tools like:
  Burp Suite – for web vulnerabilities
 Metasploit – for penetration testing
 John the Ripper, Hydra – for password cracking
 Kali Linux – for a wide range of ethical hacking tools
5. Vulnerability Assessment and Penetration Testing (VAPT)
o Ability to perform both automated and manual testing.
o Follow methodologies like OWASP Top 10, PTES, or NIST guidelines.

II. NON-TECHNICAL SKILLS

1. Problem-Solving and Critical Thinking

o Ability to approach systems like a hacker and find unexpected weaknesses.
o Creative mindset for simulating real-world attack scenarios.
2. Communication Skills
o Write detailed, professional vulnerability reports.
o Explain technical findings in non-technical terms to stakeholders or clients.
3. Attention to Detail
o Small misconfigurations or overlooked components can lead to major vulnerabilities.
4. Ethics and Professionalism
o Adherence to legal boundaries, professional codes of conduct, and client
confidentiality.
o Operate with integrity and responsibility.

III. BONUS SKILL: SOCIAL ENGINEERING AWARENESS

 Understanding tactics like phishing, pretexting, baiting, and tailgating.

 While ethical hackers don't exploit humans, they study these techniques to help defend
organizations against manipulative psychological attacks.
 Indian IT Act 2000 and its Contribution to Cyber Security in India

Introduction to the Indian IT Act 2000

The Indian Information Technology Act, 2000 (commonly known as the IT Act 2000)
is a landmark legislation in India aimed at addressing the legal aspects of electronic commerce,
information security, and cybercrime. The primary goal of this Act is to provide a legal framework
for electronic governance and promote the growth of the Information Technology (IT) industry in
India. It was enacted to facilitate the rapid growth of IT in the country and to promote the use of
digital communication and commerce securely.

The Indian IT Act was also designed to provide legal recognition to electronic documents,
digital signatures, and electronic records, enabling the country to embrace e-commerce and digital
transactions. This Act aimed to prevent cybercrimes, including hacking, identity theft, and fraud,
by introducing legal measures and penalties.

Key Features of the IT Act 2000

1. Legal Recognition of Electronic Records and Digital Signatures: One of the primary
objectives of the IT Act 2000 was to legally recognize digital signatures and electronic
records. Before this Act, digital communications and transactions had no legal validity.
The Act enabled businesses and government organizations to use electronic documents in
legal proceedings, allowing them to process digital transactions with the same trust and
security as paper-based transactions.
o Digital Signature: The Act introduced the concept of a digital signature, which
serves as an electronic equivalent of a handwritten signature, ensuring the
authenticity and integrity of electronic documents.
2. Cybercrime and Offenses: The IT Act 2000 defines several forms of cybercrime, such as
hacking, identity theft, cyberstalking, cyber terrorism, and publishing obscene content. The
Act prescribes penalties and punishments for these offenses, creating a legal framework to
prosecute individuals involved in cybercrimes.
o Hacking: The IT Act criminalizes unauthorized access to computer systems, data,
and networks, with severe penalties.
o Identity Theft and Fraud: The Act also includes provisions for identity theft and
fraud, making it a punishable offense.
3. Data Protection and Privacy: Data protection is a significant focus of the IT Act 2000,
addressing the need for safeguarding personal data in the digital space. The Act requires
 businesses and organizations to implement data security measures and ensure that data is
not misused.
o Reasonable Security Practices: The Act mandates that organizations take
reasonable measures to protect sensitive personal information, including
implementing security practices for data handling and processing.
4. E-Governance: The IT Act 2000 helped promote e-governance in India by providing a
framework for the electronic delivery of government services. This included initiatives like
the National E-Governance Plan (NeGP), which was launched to enable digital access to
government services, enhance transparency, and improve efficiency.
5. Cyber Appellate Tribunal (CAT): The IT Act 2000 established the Cyber Appellate
Tribunal (CAT), which serves as the judicial body responsible for hearing and resolving
cases related to cybercrimes and disputes. The tribunal acts as an effective mechanism for
addressing cyber-related offenses and ensuring that cases are resolved in a timely and
efficient manner.

Contribution of the IT Act 2000 to Cybersecurity in India

The Indian IT Act 2000 has significantly contributed to the enhancement of cybersecurity in India,
with its multifaceted approach addressing the growing concerns around digital security in the
country. The Act’s provisions have helped lay the groundwork for a secure digital environment,
benefiting both businesses and individuals.

1. Cybercrime Prevention and Law Enforcement: The IT Act 2000 provides a strong legal
foundation for law enforcement agencies to combat cybercrimes. By defining specific
offenses and stipulating penalties, the Act enables authorities to act against cybercriminals,
thereby increasing the deterrent effect for malicious actors. The provisions concerning
hacking, identity theft, data breaches, and cyber terrorism have allowed law
enforcement agencies to investigate, prosecute, and prevent online crimes more effectively.
2. Protection of Critical Infrastructure: In today's increasingly interconnected world,
protecting critical infrastructure from cyber threats is crucial for national security. The IT
Act 2000 laid down guidelines for ensuring the security of information infrastructure, such
as networks, databases, and servers, which form the backbone of various sectors like
banking, telecommunications, and e-commerce.
3. Promotion of Trustworthy Online Transactions: The legal recognition of digital
signatures under the IT Act 2000 has enabled individuals and organizations to engage in
secure and trustworthy electronic transactions. This has not only improved the confidence
 of businesses and consumers in e-commerce but also fostered the development of online
banking, e-governance services, and digital payments. The establishment of legally binding
electronic contracts has enhanced the security and legitimacy of online transactions.
4. Cybersecurity Standards and Guidelines: The IT Act 2000 encourages the development
of cybersecurity standards and protocols, pushing organizations to follow best practices in
data protection. The implementation of security measures such as firewalls, intrusion
detection systems, and encryption techniques ensures that organizations maintain a high
level of security. Additionally, the National Informatics Centre (NIC) and CERT-In (Indian
Computer Emergency Response Team) were set up to provide cybersecurity guidance,
handle security incidents, and promote awareness.
5. Cybersecurity Awareness and Capacity Building: The Act has promoted cybersecurity
awareness in India by making it a requirement for businesses to adhere to specific security
protocols and by fostering the development of specialized skills in cybersecurity.
Government agencies and educational institutions have collaborated to create
cybersecurity training programs, certifications, and workshops to enhance the capabilities
of professionals working in the field of cybersecurity. This has helped improve the overall
resilience of organizations to cyber threats.
6. Focus on Data Protection and Privacy: As businesses and individuals store more
personal information online, protecting that data from unauthorized access becomes a
priority. The IT Act 2000’s provisions related to data protection have been instrumental in
creating an environment where businesses are held accountable for the way they handle
and store sensitive data. While India’s data protection laws have evolved over time (e.g.,
the introduction of the Personal Data Protection Bill 2019), the IT Act 2000 served as an
initial step in establishing the framework for data privacy.