26 - i know your secret
DESCRIPTION
How to avoid internet attack in banking industryTRANSCRIPT
![Page 1: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/1.jpg)
Prof. Richardus Eko Indrajit Chairman of ID-‐SIRTII and APTIKOM [email protected] www.eko-‐indrajit.com
Trend Kejahatan Berbasis IT di Dunia Perbankan
Special Presenta�on on
![Page 2: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/2.jpg)
About ID-‐SIRTII and APTIKOM
The Na�onal CSIRT/CERT of Indonesia (quasi government ins�tu�on)
Conduc�ng traffic monitoring and log management of the country’s internet infrastructure
Coordina�ng more than 300 ISPs all over the na�on
Responsible for safeguarding internet infrastructure used by mission cri�cal ins�tu�ons
Associa�on of IT colleges and universi�es in Indonesia
Consist of 750 higher-‐learning ins�tu�ons (more than 1,500 study programs)
Approximately 600,000 ac�ve student body, with 50,000 graduates per year
Join collabora�on for curriculum development and shared-‐resources/services ini�a�ves
“ building public awareness on internet security “
![Page 3: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/3.jpg)
Internet and Crimes
![Page 4: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/4.jpg)
Phone Banking Fraud
![Page 5: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/5.jpg)
Credit and Debit Card Crime
![Page 6: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/6.jpg)
ID-‐SIRTII Monitoring Analysis
![Page 7: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/7.jpg)
Knowledge Domain: The Cyber Six
Cyber Space
Cyber Threat
Cyber A�ack
Cyber Security
Cyber Crime
Cyber Law
![Page 8: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/8.jpg)
1 Cyberspace.
A reality community between PHYSICAL WORLD and ABSTRACTION WORLD
1.4 billion of real human popula�on (internet users)
Trillion US$ of poten�al commerce value
Billion business transac�ons per hour in 24/7 mode
Internet is a VALUABLE thing indeed. Risk is embedded within.
8
![Page 9: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/9.jpg)
Informa�on Roles
Why informa�on? – It consists of important data and facts (news, reports, sta�s�cs, transac�on, logs, etc.)
– It can create percep�on to the public (market, poli�cs, image, marke�ng, etc.)
– It represents valuable assets (money, documents, password, secret code, etc.)
– It is a raw material of knowledge (strategy, plan, intelligence, etc.)
![Page 10: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/10.jpg)
What is Internet ?
A giant network of networks where people exchange informa�on through various different digital-‐based ways:
Email Mailing List Website
Cha�ng Newsgroup Blogging
E-‐commerce E-‐marke�ng E-‐government
““… what is the value of internet ???””
![Page 11: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/11.jpg)
2 Cyberthreat.
n The trend has increased in an exponential rate mode
n Motives are vary from recreational to criminal purposes
n Can caused significant economic losses and political suffers
n Difficult to mitigate
Threats are there to stay. Can’t do so much about it.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
11
![Page 12: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/12.jpg)
Interna�onal Issues
What Does FBI Say About Companies: – 91% have detected employee abuse – 70% indicate the Internet as a frequent a�ack point – 64% have suffered financial losses – 40% have detected a�acks from outside – 36% have reported security incidents
Source: FBI Computer Crime and Security Survey 2001
![Page 13: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/13.jpg)
Underground Economy
![Page 14: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/14.jpg)
Growing Vulnerabili�es
* Gartner “CIO Alert: Follow Gartner’s Guidelines for Upda�ng Security on Internet Servers, Reduce Risks.” J. Pescatore, February 2003 ** As of 2004, CERT/CC no longer tracks Security Incident sta�s�cs.
Incidents and Vulnerabilities Reported to CERT/CC
0500
10001500200025003000350040004500
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004
Tota
l Vul
nera
bilit
ies
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
Tota
l Sec
urity
Inci
dent
s
Vulnerabilities Security Incidents
““Through 2008, 90 percent of successful hacker attacks
will exploit well-known software vulnerabilities.””
- Gartner*
![Page 15: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/15.jpg)
Poten�al Threats
Unstructured Threats w Insiders w Recrea�onal Hackers w Ins�tu�onal Hackers
Structured Threats w Organized Crime w Industrial Espionage w Hack�vists
Na�onal Security Threats w Terrorists w Intelligence Agencies w Informa�on Warriors
![Page 16: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/16.jpg)
3 Cybera�ack.
Too many a�acks have been performed within the cyberspace.
Most are triggered by the cases in the real world.
The eternal wars and ba�les have been in towns lately.
Estonia notorious case has opened the eyes of all people in the world.
A�ack can occur any�me and anyplace without no�ce.
![Page 17: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/17.jpg)
Case #1
![Page 18: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/18.jpg)
Case #2
![Page 19: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/19.jpg)
Case #3
![Page 20: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/20.jpg)
Case #4
![Page 21: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/21.jpg)
Case #5
![Page 22: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/22.jpg)
A�acks Sophis�ca�on
High
Low
1980 1985 1990 1995 2005
Intruder Knowledge
Attack Sophistication
Cross site scripting
password guessing
self-replicating code
password cracking
exploiting known vulnerabilities
disabling audits
back doors
hijacking sessions
sweepers
sniffers
packet spoofing
GUI automated probes/scans
denial of service
www attacks
Tools ““stealth”” / advanced scanning techniques
burglaries
network mgmt. diagnostics
distributed attack tools
Staged
Auto Coordinated
![Page 23: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/23.jpg)
Vulnerabili�es Exploit Cycle
Advanced Intruders Discover New Vulnerability
Crude Exploit Tools
Distributed
Novice Intruders Use Crude
Exploit Tools
Automated Scanning/Exploit Tools Developed
Widespread Use of Automated Scanning/Exploit Tools
Intruders Begin Using New Types of Exploits
Highest Exposure Time
# Of Incidents
![Page 24: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/24.jpg)
4 Cybersecurity.
Educa�on, value, and ethics are the best defense approaches.
Lead by ITU for interna�onal domain, while some standards are introduced by different ins�tu�on (ISO, ITGI, ISACA, etc.)
“Your security is my security” – individual behavior counts while various collabora�ons are needed
![Page 25: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/25.jpg)
Risk Management Aspect
Risk
Vulnerabilities Threats
Controls
Security Requirements
Asset Values
Assets
Protect against
Exploit
Reduce
Expose
Have Met by
Impact on Organisation
![Page 26: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/26.jpg)
Strategies for Protec�on
Protecting Information
Protecting Infrastructure
Protecting Interactions
![Page 27: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/27.jpg)
Mandatory Requirements
“Cri�cal infrastructures are those physical and cyber-‐based systems essen�al to the minimum opera�ons of the economy and government. These systems are so vital, that their incapacity or destruc�on would have a debilita�ng impact on the defense or economic security of the na�on.”
Agriculture & Food, Banking & Finance, Chemical, Defense Industrial Base, Drinking Water and Wastewater Treatment Systems, Emergency Services, Energy, Informa�on Technology, Postal & Shipping, Public Health & Healthcare, Telecommunica�ons, Transporta�on Systems
![Page 28: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/28.jpg)
Informa�on Security Disciplines
Physical security Procedural security Personnel security Compromising emana�ons security Opera�ng system security Communica�ons security a failure in any of these areas can undermine the security of a system
![Page 29: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/29.jpg)
Best Prac�ce Standard
BS7799/ISO17799
Access Controls
Asset Classification
Controls
Information Security Policy
Security Organisation
Personnel Security
Physical Security Communication
& Operations Mgmt
System Development &
Maint.
Bus. Continuity Planning
Compliance
Informa�on
Integrity Confiden�ality
Availability
1
2
3
4
5
6
7
8
9
10
![Page 30: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/30.jpg)
5 Cybercrime.
n Globally defined as INTERCEPTION, INTERRUPTION, MODIFICATION, and FABRICATION
n Virtually involving inter national boundaries and multi resources
n Intentionally targeting to fulfill special objective(s)
n Convergence in nature with intelligence efforts.
Crime has inten�onal objec�ves. Stay away from the bull’s eye.
![Page 31: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/31.jpg)
Type of A�acks
![Page 32: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/32.jpg)
Malicious Ac�vi�es
![Page 33: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/33.jpg)
Mo�ves of Ac�vi�es
1. Thrill Seekers 2. Organized Crime 3. Terrorist Groups 4. Na�on-‐States
![Page 34: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/34.jpg)
6 Cyberlaw.
n Difficult to keep updated as technology trend moves
n Different stories between the rules and enforcement efforts
n Require various infrastructure, superstructure, and resources
n Can be easily “out-tracked” by law practitioners
Cyberlaw is here to protect you. At least playing role in mi�ga�on.
![Page 35: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/35.jpg)
The Crime Scenes
IT as a Tool
IT as a Storage Device IT as a Target
![Page 36: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/36.jpg)
First Cyber Law in Indonesia.
Range of penalty: Rp 600 million - Rp 12 billion (equal to US$ 60,000 to US$ 1,2 million) 6 to 12 years in prison (jail)
starting from 25 March 2008
Picture: Indonesia Parliament in Session
![Page 37: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/37.jpg)
Main Challenge.
ILLEGAL “… the distribution of illegal materials within the internet …”
ILLEGAL “… the existence of source with illegal materials that can be accessed through the internet …”
![Page 38: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/38.jpg)
ID-‐SIRTII Mission and Objec�ves.
““To expedite the economic growth of the country through providing the society with secure internet environment within the nation””
1. Monitoring internet traffic for incident handling purposes.
2. Managing log files to support law enforcement.
3. Educating public for security awareness.
4. Assisting institutions in managing security.
5. Providing training to constituency and stakeholders.
6. Running laboratory for simulation practices.
7. Establishing external and international collaborations.
![Page 39: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/39.jpg)
Cons�tuents and Stakeholders.
ID-SIRTII
ISPs
NAPs
IXs
Law Enforcement
National Security
Communities
International CSIRTs/CERTs
Government of Indonesia
sponsor
![Page 40: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/40.jpg)
Coordina�on Structure.
ID-SIRTII (CC) as National CSIRT
Sector CERT Internal CERT Vendor CERT Commercial CERT
Bank CERT
Airport CERT
University CERT
GOV CERT
Military CERT
SOE CERT
SME CERT
Telkom CERT
BI CERT
Police CERT
KPK CERT
Lippo CERT
KPU CERT
Pertamina CERT
Hospital CERT UGM CERT
Cisco CERT
Microsoft CERT
Oracle CERT
SUN CERT
IBM CERT
SAP CERT
Yahoo CERT
Google CERT
A CERT
B CERT
C CERT
D CERT
E CERT
F CERT
G CERT
H CERT
Other CERTs Other CERTs Other CERTs Other CERTs
![Page 41: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/41.jpg)
Major Tasks.
INCIDENT HANDLING DOMAIN and ID-SIRTII MAIN TASKS
Reactive Services Proactive Services Security Quality Management Services
1. Monitoring traffic Alerts and Warnings Announcements Technology Watch
Intrusion Detection Services
x
2. Managing log files Artifact Handling x x
3. Educating public x x Awareness Building
4. Assisting institutions Security-Related Information
Dissemnination Vulnerability Handling
Intrusion Detection Services
Security Audit and Assessment Configuration and Maintenenace of Security Tools, Applications,
and Infrastructure
Security Consulting
5. Provide training x X Education Training
6. Running laboratory x x Risk Analysis BCP and DRP
7. Establish collaborations Incident Handling x Product Evaluation
![Page 42: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/42.jpg)
Incidents Defini�on and Samples.
web defacement information leakage phishing intrusion Dos/DDoS
SMTP relay virus infection hoax malware distribution botnet open proxy
root access theft sql injection trojan horse worms password cracking
spamming malicious software spoofing blended attack
““one or more intrusion events that you suspect are involved in a possible violation of your security policies””
““an event that has caused or has the potential to cause damage to an organization's business systems, facilities, or personnel””
““any occurrence or series of occurrences having the same origin that results in the discharge or substantial threat””
““an undesired event that could have resulted in harm to people, damage to property, loss to process, or harm to the
environment.””
![Page 43: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/43.jpg)
Priori�es on Handling Incidents.
TYPE OF INCIDENT AND ITS PRIORITY
Public Safety and National Defense
(Very Priority)
Economic Welfare
(High Priority)
Political Matters
(Medium Priority)
Social and Culture Threats
(Low Priority)
1. Interception
Many to One
One to Many
Many to Many
Automated Tool (KM-Based Website)
2. Interruption
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
3. Modification
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
4. Fabrication
Many to One
One to Many
Many to Many
Automated Tool (KM-
Based Website)
![Page 44: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/44.jpg)
Core Chain of Processes.
Monitor Internet Traffic
Manage Log Files
Response and Handle Incidents
Establish External and International Collaborations
Run Laboratory for Simulation Practices
Provide Training to Constituency and Stakeholders
Assist Institutions in Managing Security
Educate Public for Security Awareness
Deliver Required Log Files
Analyse Incidents
Report on Incident Handling
Management Process and
Research Vital
Statistics
Supporting Activities
Core Process
![Page 45: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/45.jpg)
Legal Framework.
Undang-Undang No.36/1999 regarding National Telecommunication Industry
Peraturan Pemerintah No.52/2000 regarding Telecommunication Practices
Peraturan Menteri Kominfo No.27/PER/M.KOMINFO/9/2006 regarding Security on IP-Based Telecommunication Network Management
Peraturan Menteri No.26/PER/M.KOMINFO/2007 regarding Indonesian Security Incident Response Team on Internet Infrastructure
New Cyberlaw on Information and Electronic Transaction
![Page 46: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/46.jpg)
Challenges to ID-‐SIRTII Ac�vi�es.
Preven�on – “Securing” internet-‐based transac�ons – Reducing the possibili�es of successful a�acks – Working together with ISP to inhibit the distribu�on of illegal materials
Reac�on – Preserving digital evidence for law enforcement purposes – Providing technical advisory for further mi�ga�on process
Quality Management – Increasing public awareness level – Ensuring security level in cri�cal infrastructure ins�tu�ons
![Page 47: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/47.jpg)
Work Philosophy.
Why does a car have BRAKES ??? The car have BRAKES so that it can go FAST … !!!
Why should we have regulation? Why should we establish institution? Why should we collaborate with others? Why should we agree upon mechanism? Why should we develop procedures? Why should we have standard? Why should we protect our safety? Why should we manage risks? Why should we form response team?
![Page 48: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/48.jpg)
Holis�c Framework.
SECURE INTERNET INFRASTRUCTURE
ENVIRONMENT
People
Process
Technology
Log File Management
System
Traffic Monitoring
System
Incident Indication Analysis
Incident Response.
Management
Advisory Board
Executive Board
MONITOR - ANALYSIS - YELL - DETECT - ALERT - YIELD
STAKEHOLDERS COLLABORATION AND SUPPORT
NATIONAL REGULATION AND GOVERNANCE
STRONG INSTITUTIONAL RELATIONSHIPS AND COMMITMENT
![Page 49: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/49.jpg)
Two Way Rela�onship
Cyber Space
Real World
““Physical War”” ““Virtual War””
![Page 50: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/50.jpg)
Two Way Rela�onship
relate relate
Cyber Space
Real World
real interaction real transaction real resources
real people
flow of information flow of product/services
flow of money
![Page 51: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/51.jpg)
Two Way Rela�onship
Cyber Space
Real World Ethics
Law Rule of Conduct
Mechanism
Cyber Law
““Ruling Cyber Space interaction with Real World Penalty””
![Page 52: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/52.jpg)
Classic Defini�on of War
WAR is here to stay… ““Can Cyber Law alone become the weapon for modern defense against 21st century Cyber Warfare & Cyber Crime?””
![Page 53: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/53.jpg)
impact
Two Way Rela�onship
Cyber Space
impact
Real World
![Page 54: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/54.jpg)
Two Way Rela�onship
Cyber Space
Real World
Poli�cal Incidents
Interna�onal Events
Published Books
Training Materials
Pirated Tools
Community of Interests
threaten
attack
crime
blackmail
destroy
penetrate
destroy disrupt terminate
ruin mess up
![Page 55: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/55.jpg)
Two Way Rela�onship
Real World
Personal Blogs
Ci�zen Journalism
Anonymous Interac�on
Phishing and Forgery
Campaign and Provoca�on
Communi�es Reviews
Cyber Space
sue
investigate
suspect
sabotage
inspect examine
spy gossip
justify
perceive
condemn
![Page 56: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/56.jpg)
The Paradox of Increasing Internet Value
internet users
transac�on value
interac�on frequency
communi�es spectrum
usage objec�ves
+ + + + =
The Internet Value
threats
it means…
a�acks crimes
![Page 57: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/57.jpg)
Internet Security Issues Domain
INTERNET SECURITY
TECHNICAL ISSUES
BUSINESS ISSUES
SOCIAL ISSUES
Internet is formed through connec�ng a set of digital-‐based physical technology that follows a good number of standards and protocols All technical components (hardware and so�ware) interact to each other within a complex dependent…
It is a part of business system as transac�ons and interac�ons are being conducted accordingly As technology mimic, enable, drive, and transform the business, internet dependency is high For the ac�vi�es that rely on �me and space – where resources and processes can be digitalized -‐ the network is the business
What are interac�ng in the net are real people, not just a bunch of “intellectual machines” – by the end of the day, human mind, characters, behaviors, and values ma�er It is not an “isolated world” that does not have any rela�onship with the real physical world
![Page 58: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/58.jpg)
Technical Trend Perspec�ve
malicious code vulnerabili�es
spam and spyware
phishing and iden�fy the�
�me to exploita�on
the phenomena…
the efforts…
Firewalls
An�spyware
An�Virus
So�ware Patches
Web and Email Security
Malware Blocking
Network Access Control
Intrusion Preven�on
Applica�on and Device Control
Encryp�on and PKI
![Page 59: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/59.jpg)
Business Trend Perspec�ve
the context…
Risk Management Prac�ces
Cost Benefit Analysis
Regulatory Compliance
Governance Requirements
Digital Asset Management
Standard and Policy
Enforcement
the strategy…
IT Audit Technology Compliance
Disaster Recovery Center
Security Management
Backup and Recovery
ISO Compliance
Storage and Backup Management
Business Con�ngency Plan
Applica�on and Device Control
Archiving and Reten�on Management
Chief Security Officer
Standard Cer�fica�on
![Page 60: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/60.jpg)
Social Trend Perspec�ve
the characteris�cs…
the choices…
Computer Savvy Society
Digital System Everywhere
Free World, Open Market
Borderless Geography
Internet as New Fron�er
policy vs. design enforcement vs. culture
regula�on vs. ethical behavior preven�on vs. reac�on
top-‐down vs. bo�om-‐up
pressure vs. educa�on
standard vs. self control reward vs. punishment
![Page 61: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/61.jpg)
The Core Rela�onships
People (Social Aspects)
Technology (Technical Aspects)
Context/Content Applica�ons (Business Aspects)
![Page 62: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/62.jpg)
Converging Trend
TECHNICAL ISSUES
BUSINESS ISSUES
SOCIAL ISSUES
![Page 63: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/63.jpg)
Internetworking Dependency
Since the strength of a chain depends on the weakest link,
then YOUR SECURITY is MY SECURITY…
![Page 64: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/64.jpg)
Things to Do
1. Iden�fy your valuable assets 2. Define your security perimeter 3. Recognize all related par�es involved 4. Conduct risk analysis and mi�ga�on strategy 5. Ensure standard security system intact 6. Ins�tu�onalize the procedures and mechanism 7. Share the experiences among others 8. Con�nue improving security quality
Key ac�vi�es: use the THEORY OF CONSTRAINTS ! (Find the weakest link, and help them to increase their security performance and capabili�es…)
![Page 65: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/65.jpg)
What should we do?
Monitoring the dynamic environment happening in real world and cyber world?
Building effec�ve procedures and mechanism among ins�tu�ons responsible for these two worlds?
Forming interna�onal framework for collabora�on and coopera�on to combat cyber crimes?
Finding the most fast and effec�ve methodology to educate society on cyber security?
Developing and adop�ng mul�-‐lateral cyber law conven�on? Ac�ng like intelligence agencies? Interpol? Detec�ves? CSIRTs/CERTs? ASEAN? United Na�ons?
![Page 66: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/66.jpg)
Lessons Learned
As the value of internet increase, so does the risk of having it in our life.
Hackers and crackers help each others, why shouldn’t we collaborate?
Enough talking and planning, start execu�ng your risk management strategy…
![Page 67: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/67.jpg)
Beware …
![Page 68: 26 - I Know Your Secret](https://reader034.vdocuments.us/reader034/viewer/2022051323/54925e06b47959424d8b45c3/html5/thumbnails/68.jpg)
Prof. Richardus Eko Indrajit Chairman of ID-‐SIRTII and APTIKOM [email protected] www.eko-‐indrajit.com
Thank You