01. critical information infrastructure protection
DESCRIPTION
This presentation presentated by Gildas Deograt Lumy "Simulasi Scirital Information Infrastructure Protection (CIIP)" , Bandung, Indonesia 10th September 2013 on #IISF2013TRANSCRIPT
01011000011001010110010110000110010101100011011101010111001000110111010101110010011001010101100110010101011010011010011011110110111001100101111101101110011001010101100001100101011001011000011001010110001101110101011100100011011101010111001001100101010110100110011001010101101001101111011011100110010111110110111001100101XecureIT © PT IMAN Teknologi Informasi
Indonesia Information Security Forum Bandung, 10 September 2013
Cyber SOSCyber SOSCritical Information Infrastructure ProtectionCritical Information Infrastructure Protection
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
R U Sure U R Secure?
Security is Like a Chain...as Strong as The Weakest link
`
90% cyber security implementation is inconsistent... :’(
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Know Your Enemies
Threat Agent – People Attacks carried out by unknown attacker (public) Attacks carried out by known attacker, such as employees, contractors, partners
or customers both consciously and as victims of social engineering Attacks carried out by authorized users both consciously and as victims of social
engineering Threat Agent Resources
Low grade attacker: script kiddies, new born attacker, public tools, <USD1000. Medium grade attacker: expert, public or custom tools, <USD100.000. High grade attacker: advance custom tools, <USD 1 Million. Government grade attacker.
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Gildas Deograt Lumy, CISA, CISSP, ISO 27001 LA
Senior Information Security Consultant - XecureIT Consultancy, Audit, Assessment, Penetration Testing, Research
Experiences 21 years in IT, 16 years direct experiences in Information Security 25 years as social worker to take care homeless people and street children
Community Founder and Leader Komunitas Keamanan Informasi (KKI) (ISC)2 Indonesia Chapter Forum Keamanan Informasi (FORMASI) Cyber Security Certified Professional (CSCP) Association
Trainer CISSP Common Body of Knowledge Hacking Techniques & Defense Strategy ISO27001 Implementation
Writer Information Systems Security Management Handbook (contributor) CHIP, Infokom, etc
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Do you know who are inside?
90% of Internal Network is “Public”
Complexity is the worst information security enemyInformation Security is A Complex Issue
Impossible to solve without strong management commitmentsupported by highly competent professionals.
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Conventional Cyber SecurityEasy to compromise
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade Security
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade Security
The Key Principles
Balanced between preventive, detective and corrective controls in all information life cycle:
Holistic High Integrity White List Approach Defense in Depth Least Privilege Separation of Duties
Effective Change Management
End-to-End Encryption Good Performance Full Redundancy Integrated Monitoring
Standar Arsitektur Keamanan Tingkat Tinggi Informasi (SAKTTI)
`
Konsisten, efektif dan efisien arsitektur untukmenangani ancaman serangan tingkat tinggi.
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureIT ExperiencesCARES Facts
Consultancy
High grade information security architecture is very difficult and expensive to implement and operate.
Assurance
99% security implementation can be compromised if similar conditions with real threat agent is created and allowed.
The reasons why we create XecureZone asa high grade security solution.
Research & Development
Our solutions has been used by highly sensitive systems.
Education
70% highly competent information security profesional went abroad.
Secure Hosting
In house XecureZone has been used to protect our customers sensitive systems.
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
A Complete Integrated Solution
Technology
People
XecureZone
Physical
Administrative
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Key Objectives: S.O.S
Secure
Improve information security to the highest level through clear and balance end-to-end prevention and detection strategy.
Optimize
Significantly reduce TCO through uniform strategy, hardware and licenses optimization, and pre-configured systems.
Simplify
Simplify information security compliance and conformance, such as UU ITE, PP PSTE, PBI, ISO 27001 and PCI DSS.
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Key Benefits: T.R.U.S.T
Transparant by using open source solutions for the core components. Reliable by using the best software and hardware components. Uniform strategy and implementation to optimize the TCO. Simplify complex processes, from design to maintainance. Tough solution - strong but flexible.
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology Implementation
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology
Key Feature: SAKTTI Implementation
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone OverviewThe Biggest Challenge is To Change The Mindset
“I feel convenience if... I use the good safety belt and helmet properly and
the car has the effective breaking system to go fast !”
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Summary
Conventional security strategy and implementation have failed. SAKTTI answers the needs of high grade information security
architecture. XecureZone simplifies and optimizes SAKTTI implementation and
operation. XecureZone is built with 21 years experience on top of solid
hardware and software components. XecureZone can be easily customized to accomodate various
needs.
XecureZoneSecure.Optimize.Simple
01011000011001010110010110000110010101100011011101010111001000110111010101110010011001010101100110010101011010011010011011110110111001100101111101101110011001010101100001100101011001011000011001010110001101110101011100100011011101010111001001100101010110100110011001010101101001101111011011100110010111110110111001100101XecureIT © PT IMAN Teknologi Informasi
THANK YOU !
PT. IMAN Teknologi Informasi"Security CARE, Our PASSION"
Consultancy.Assurance.Research.EducationCertified ISO 27001:2005 #IS586350
https://www.xecureit.com
XecureIT