Digital Signature and Cyber Security Terminology

Questions and Answers

What does the term 'hash function' refer to?

• An algorithm mapping one sequence of bits into another smaller set. (correct)
• An algorithm that creates a sequence of identical bits.
• A method for reconstructing the original electronic record from a hash result.
• An encryption technique for securing electronic records.

What is computationally infeasible according to the definition of a hash function?

• To derive or reconstruct the original electronic record from the hash result. (correct)
• To modify the original electronic record without detection.
• To generate a new hash result for the same electronic record.
• To produce multiple hash results from the same electronic record.

What does a unique key pair consist of?

• Two public keys that can be used interchangeably.
• A public and a private key specific to each subscriber. (correct)
• A public key that can be used by multiple subscribers.
• Two private keys only known to the central authority.

For an electronic signature to be considered reliable, which of the following is NOT a requirement?

The signature data must remain confidential from the signatory. (A)

What must be detectable according to the conditions for reliable electronic signatures?

The information after its authentication. (B)

Which of the following best describes the role of the Central Government with regard to electronic signatures?

To prescribe procedures for verifying electronic signatures. (D)

What is one of the conditions for an electronic signature to be considered reliable regarding alterations?

Any alterations after affixing must be detectable. (C)

What is a key characteristic of a hash result?

It will always be the same for the same input data. (B)

What defines a 'body corporate' in this context?

Any company including a firm, sole proprietorship, or association of individuals (D)

What must a body corporate do to avoid liability for data breaches?

Implement and maintain reasonable security practices and procedures (A)

Which of the following describes 'reasonable security practices and procedures'?

Practices defined specifically in agreements or by the Central Government (B)

What can be classified as 'sensitive personal data or information'?

Personal information specified by the Central Government (A)

What is the consequence of a body corporate being negligent in data protection?

They are liable to pay damages as compensation to affected individuals (A)

What is one of the functions of the Controller?

Certifying public keys of the Certifying Authorities (D)

How may the Head Office and Branch Office of the Controller be established?

At any location designated by the Central Government (A)

What conditions must be met for the Controller to recognize a foreign Certifying Authority?

Approval from the Central Government is required (A)

Which of the following specifies the qualifications for employees of Certifying Authorities?

The Controller (A)

Which of the following is NOT a function of the Controller?

Managing the certification process for individual citizens (C)

What is specified by the Controller regarding electronic signature Certificates?

The form and content of electronic signature Certificates (B)

What is required for auditors appointed by the Certifying Authorities?

They must be independent of the Certifying Authority (D)

What is included in the records maintained by the Controller regarding Certifying Authorities?

Specific details as prescribed by regulations (C)

What does the term 'digital signature' refer to?

A method for authenticating an electronic record using subscribers' electronic means. (C)

Which of the following best describes 'cyber security'?

Protecting devices and information from unauthorized access and disruption. (A)

What is encompassed by the term 'information' as defined?

Data, messages, images, sounds, and any software or databases. (B)

What constitutes a 'key pair' in an asymmetric cryptographic system?

A public key and its corresponding private key. (B)

Who can be classified as an 'originator'?

Any person who transmits electronic messages, excluding intermediaries. (B)

What is meant by 'Digital Signature Certificate'?

A certificate issued to authenticate a digital signature. (A)

What is included in the definition of 'electronic record'?

Any information stored or sent in electronic format. (C)

What does the term 'private key' refer to?

The key in a key pair that is used to create a digital signature. (A)

Which of the following best defines an 'intermediary' in the context of electronic records?

An entity that receives and forwards electronic records on behalf of others. (C)

What does 'prescribed' mean in the defined terms?

Rules established that must be followed under the Act. (D)

What cannot be questioned about the Appellate Tribunal's proceedings?

The appointment of the Chairperson (B), The finality of its orders (D)

What constitutes sufficient cause for the Appellate Tribunal to entertain an appeal after forty-five days?

Emergency circumstances (A), Miscommunication regarding the order (C)

Which of the following is NOT a valid reason for an appeal to the Appellate Tribunal?

Order made by an adjudicating officer with the parties' consent (D)

Who can file an appeal to the Appellate Tribunal?

Any person aggrieved by an order (B)

What is the time frame within which to file an appeal to the Appellate Tribunal?

Forty-five days (D)

What must the Appellate Tribunal do after receiving an appeal?

Give parties an opportunity to be heard (B)

What happens if an appeal is not filed within the specified period?

The Appellate Tribunal may still hear it if sufficient cause is shown (C)

Which of the following statements is true regarding the members of the Appellate Tribunal?

Their appointment cannot be challenged (C)

Study Notes

Digital Signature & Related Terms

• Digital Signature: Authentication method for electronic records per section 3 regulations, effective from October 27, 2009.
• Digital Signature Certificate: Issued under section 35(4), verifying a digital signature's authenticity.
• Electronic Signature: Broadly includes any electronic authentication technique as specified, incorporating digital signatures.
• Hash Function: Algorithm that converts data into a fixed-size string of characters, ensuring integrity by making it impossible to retrieve original data from its hash.

Cyber Security Context

• Cyber Security: Protective measures for information, equipment, devices, and communications against unauthorized access and modifications.
• Sensitive Personal Data: Defined by the Central Government, requiring enforceable security measures for its handling and protection.

Electronic Records and Forms

• Electronic Record: Data or information created, stored, or transmitted electronically, encompassing images, sounds, and databases.
• Electronic Form: Encompasses various media forms through which information can be generated or stored, including magnetic and optical mediums.

Operational Definitions

• Key Pair: A linked pair of keys in asymmetric cryptography, consisting of a private key for creating digital signatures and its public counterpart for verification.
• Intermediary: Entities or individuals that facilitate the transmission, storage, or service of electronic records, including ISPs, telecoms, and online platforms.

Regulatory Framework

• Controller's Role: Oversees Certifying Authorities, ensures public key certification, sets standards, and maintains an accessible database of these authorities.
• Recognition of Foreign Authorities: With prior Central Government approval, foreign certifying authorities can be recognized pursuant to regulatory conditions.

Appeal & Compensation Mechanisms

• Appeal Process: Grievances against Controller or adjudicating officer decisions can be appealed to the Appellate Tribunal within 45 days, with provision for late filing under extenuating circumstances.
• Compensation for Data Breach: Bodies corporate failing to implement reasonable data protection leading to losses must compensate affected individuals.

Legal and Legislative References

• Law Definition: Encompasses various legislative frameworks, including Acts of Parliament and regulations by governmental bodies.
• Body Corporate: Encompasses any commercial entities, including firms and sole proprietorships, engaged in business activities.

This structured overview encapsulates vital points regarding digital signatures, electronic records, regulatory frameworks, and legal definitions integral to understanding cyber laws and practices.

Description

This quiz covers essential terms related to digital signatures and their applications in cyber security. Explore the definitions and implications of concepts such as digital signature certificates, hash functions, and sensitive personal data. Test your understanding of how these elements contribute to electronic records management and protection against unauthorized access.