it security palembang(p bis)

8/16/2019 IT Security Palembang(p Bis)

http://slidepdf.com/reader/full/it-security-palembangp-bis 1/37

Keamanan Informasi

Bisyron Wahyudi

CRSIC, CISM, COBIT, ITIL

Id-SIRTII/CC (www.idsirtii.or.id)



Everything And EverybodyJoin The INTERNET



Security Attack Trafc Top Originating Countries 2014



Information

Role



'Information is an asset whih, !i"e other

im#ortant $%siness assets, has &a!%e to anoraniation and onse%ent!* needs to $es%ita$!* #roteted+

BS ISO 0

INFORMATION



Teknologi Informasi dan Komunikasi

DATAINFORMATI

ONKNOWLED

GEINTELLIGE

NCEWIDOM

• EFFECTI!ENE• EFFICIENC"

• CONFIDENTIALIT" • INTEGRIT" • A!AILA#ILIT"

• RELIA#ILIT" • COM$LIANCE

"ARAT $ENGAM#ILAN KE$%T%AN "ANG #ERK%ALITA

TEKNOLOGI INFORMAI DAN KOM%NIKAI



Peope

Process

Tec!noogy

what we use toimprove what wedo

The repeatable stepsto accomplishbusiness objectives

Who use or interact withthe Information



SOCIA" ASP#CT



$%SIN#SS ASP#CT



T#C&NICA" ASP#CT



In'or(ation

Security



Con&dentialit

' Integrit' A(aila)ilit'



e*urit' Culture

$rogramA)areness Ca(paigns

Cross*'unctiona Tea(s

Manage(entCo((it(ent



Culture

C+ara*teristi*s• Aign(ent o' in'or(ation security

an+ ,usiness o,-ecti.es

• A risk*,ase+ approac!

• $aance a(ong organi/ationpeope process an+ tec!noogy

• Ao)ance 'or t!e con.ergence o'security strategies



SMISNI ISOI#C230012005



SMI Struktur6oku(entasi



In'or(ationCassi7cation



$rote*ting Information

$rote*ting Infrastru*ture

$rote*ting Intera*tions

Protection Strategy



Relationship between Risk Threatsand !ulnerabilities

ThreatsThreats !ulnerabilities!ulnerabilitiese"ploit

# $ontrols% & practice procedure or mechanism that reduces risk

RiskRisk

&sset values&sset valuesProtectionRe'uirements

ProtectionRe'uirements

i n c r e

a s e i n

c r e

a s e

Informationassets

Informationassets$ontrols #$ontrols #

e " p

o s e

p r

o t e c t

a g a i n

s t

reduce

h a v e

i n c r e

a s e i n d i c a t e

m e t b y



Continuousl' Assess andManage Risks

28

Protection is theContinuous Application ofRisk Management

Assess RisksIdentif' Controls andMitigationsIm,lement Controls

Measure E-e*ti(eness

• De&ne Fun*tionalRe.uirements• E(aluate $ro,osed Controls• Estimate Risk Redu*tion/Cost#ene&t• ele*t Mitigation trateg'

• eek 0olisti* A,,roa*+1• Organi2e )' ControlE-e*ti(eness• Im,lement Defense3inDe,t+

• E(aluate $rogramE-e*ti(eness•Le(erage Findings toIm,ro(e Risk Management

• Identif' Ke' Fun*tions• Assess Risks• E(aluateConse.uen*es



Cy,er 9arriors

Cy,er ATTAC



Cy,er Attack

Ofences against thecondentiality, integrityand availability ocomputer data andsystems

Con7+entiaity t!e concea(ent o'in'or(ation or resources

Integrity t!e trust)ort!iness o' +ata orresources in ter(s o' pre.enting i(properan+ unaut!ori/e+ c!ange

A.aia,iity t!e a,iity to use t!e +esire+in'or(ation or resource



sati.ey anon'mous'e an+ pro7ta,e 'or t!e(

di4*ult to *ounte)it!out t!e rig!t e:pertise an+un+erstan+ing o' cy,er*terrorist;s (i

i' t!ey

fails/losest!ey )i earn an+DO IT again<



• Reputation loss

• Intellectual property loss

• (inancial loss

• )oss of customer confidence

• Business interruption costs

• )egislative Breaches leading to legal

actions *$yber )aw+

urit' )rea*+es leads to

),SS ,( -,,.WI))



"i'ecyce o' an Attack

AttackInitiation

Pro7ing

=unera,iity#:a(inatio

n

Intrusion

Co.ering Track

• In'or(ation >at!ering• Inteigence Sur.ey ? Scouting• Peri(eter Mapping• Asset I+enti7cation

• =unera,iity Anaysis• #:poitation Panning

• #:poitation• Propagation



Security #.auation



Mengapa Peru@

Aasan u(u(

Mene(ukan titik kee(a!an +an.unera,iities syste( se,eu( titikkee(a!an terse,ut +iekspoitasi oe!!acker

Mengu-i ter!a+ap (ekanis(e kea(anansiste( +an (eng*e.auasi apaka! siste(yang +igunakan su+a! aman

Mengatur strategi penanganan -ika ter-a+iinsi+en penyerangan pa+a siste(



=unera,iity Assess(ent

• Se,ua! proses yang terus (enerus +an (e(,entuk suatukerangka sikik (aka !asi +ari =A akan +igunakan untuk(engi(pe(entasikan strategi kea(anan in'or(asi



=unera,iity Assess(ent

Meakukan i+enti7kasi .unera,iity +ari suatuapikasi siste( operasi +an In'rastruktur Baringan

#.auasi +an anaisa ter!a+ap .unera,iity +ari

!asi te(uan untuk (enentukan tingkat resiko yang(ungkin +apat ter-a+i

Me(,erikan aporan +an reko(en+asi atas te(uanyang +i+apat +ari kegiatan =A

Skenario serangan yang +igunakan SeranganInterna

interna AttackD +an Serangan +ari "uar e:ternaAttackD



Penetration Testing

Meakukan i+enti7kasi .unera,iity +ari suatu siste(operasi apikasi +an In'rastruktur Baringan

#kspoitasi ter!a+ap te(uan .unera,iity PoCD

#.auasi ter!a+ap siste( kea(anan yang su+a! +i,uat+engan cara (eakukan si(uasi serangan yang(enggunakan (eto+a yang ,iasa +igunakan oe! &acker

Anaisa ter!a+ap .unera,iity +ari !asi te(uan untuk(enentukan tingkat resiko yang (ungkin +apat ter-a+i

Skenario serangan yang +igunakan Serangan Interna +anSerangan #:terna



=unera,iity Assess(ent Toos

1 $acktrack

2 Nessus

E 9ires!ark

4 N(ap8 S(ap

G Acuneti:

3 $urp Suite

H Nikto5 9Ea'

10I((unity Can.as



In'or(ation SecurityOrganisation/team

it security palembang(p bis)

Documents