IT Security Palembang(p Bis)
-
Upload
ratih-gustifa -
Category
Documents
-
view
216 -
download
0
Transcript of IT Security Palembang(p Bis)
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 1/37
Keamanan Informasi
Bisyron Wahyudi
CRSIC, CISM, COBIT, ITIL
Id-SIRTII/CC (www.idsirtii.or.id)
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 2/37
Everything And EverybodyJoin The INTERNET
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 3/37
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 4/37
Security Attack Trafc Top Originating Countries 2014
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 5/37
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 6/37
Information
Role
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 7/37
'Information is an asset whih, !i"e other
im#ortant $%siness assets, has &a!%e to anoraniation and onse%ent!* needs to $es%ita$!* #roteted+
BS ISO 0
INFORMATION
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 8/37
Teknologi Informasi dan Komunikasi
DATAINFORMATI
ONKNOWLED
GEINTELLIGE
NCEWIDOM
• EFFECTI!ENE• EFFICIENC"
• CONFIDENTIALIT" • INTEGRIT" • A!AILA#ILIT"
• RELIA#ILIT" • COM$LIANCE
"ARAT $ENGAM#ILAN KE$%T%AN "ANG #ERK%ALITA
TEKNOLOGI INFORMAI DAN KOM%NIKAI
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 9/37
Peope
Process
Tec!noogy
what we use toimprove what wedo
The repeatable stepsto accomplishbusiness objectives
Who use or interact withthe Information
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 10/37
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 11/37
SOCIA" ASP#CT
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 12/37
$%SIN#SS ASP#CT
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 13/37
T#C&NICA" ASP#CT
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 14/37
In'or(ation
Security
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 15/37
Con&dentialit
' Integrit' A(aila)ilit'
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 16/37
e*urit' Culture
$rogramA)areness Ca(paigns
Cross*'unctiona Tea(s
Manage(entCo((it(ent
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 17/37
Culture
C+ara*teristi*s• Aign(ent o' in'or(ation security
an+ ,usiness o,-ecti.es
• A risk*,ase+ approac!
• $aance a(ong organi/ationpeope process an+ tec!noogy
• Ao)ance 'or t!e con.ergence o'security strategies
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 18/37
SMISNI ISOI#C230012005
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 19/37
SMI Struktur6oku(entasi
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 20/37
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 21/37
In'or(ationCassi7cation
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 22/37
$rote*ting Information
$rote*ting Infrastru*ture
$rote*ting Intera*tions
Protection Strategy
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 23/37
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 24/37
Relationship between Risk Threatsand !ulnerabilities
ThreatsThreats !ulnerabilities!ulnerabilitiese"ploit
# $ontrols% & practice procedure or mechanism that reduces risk
RiskRisk
&sset values&sset valuesProtectionRe'uirements
ProtectionRe'uirements
i n c r e
a s e i n
c r e
a s e
Informationassets
Informationassets$ontrols #$ontrols #
e " p
o s e
p r
o t e c t
a g a i n
s t
reduce
h a v e
i n c r e
a s e i n d i c a t e
m e t b y
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 25/37
Continuousl' Assess andManage Risks
28
Protection is theContinuous Application ofRisk Management
Assess RisksIdentif' Controls andMitigationsIm,lement Controls
Measure E-e*ti(eness
• De&ne Fun*tionalRe.uirements• E(aluate $ro,osed Controls• Estimate Risk Redu*tion/Cost#ene&t• ele*t Mitigation trateg'
• eek 0olisti* A,,roa*+1• Organi2e )' ControlE-e*ti(eness• Im,lement Defense3inDe,t+
• E(aluate $rogramE-e*ti(eness•Le(erage Findings toIm,ro(e Risk Management
• Identif' Ke' Fun*tions• Assess Risks• E(aluateConse.uen*es
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 26/37
Cy,er 9arriors
Cy,er ATTAC
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 27/37
Cy,er Attack
Ofences against thecondentiality, integrityand availability ocomputer data andsystems
Con7+entiaity t!e concea(ent o'in'or(ation or resources
Integrity t!e trust)ort!iness o' +ata orresources in ter(s o' pre.enting i(properan+ unaut!ori/e+ c!ange
A.aia,iity t!e a,iity to use t!e +esire+in'or(ation or resource
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 28/37
sati.ey anon'mous'e an+ pro7ta,e 'or t!e(
di4*ult to *ounte)it!out t!e rig!t e:pertise an+un+erstan+ing o' cy,er*terrorist;s (i
i' t!ey
fails/losest!ey )i earn an+DO IT again<
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 29/37
• Reputation loss
• Intellectual property loss
• (inancial loss
• )oss of customer confidence
• Business interruption costs
• )egislative Breaches leading to legal
actions *$yber )aw+
urit' )rea*+es leads to
),SS ,( -,,.WI))
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 30/37
"i'ecyce o' an Attack
AttackInitiation
Pro7ing
=unera,iity#:a(inatio
n
Intrusion
Co.ering Track
• In'or(ation >at!ering• Inteigence Sur.ey ? Scouting• Peri(eter Mapping• Asset I+enti7cation
• =unera,iity Anaysis• #:poitation Panning
• #:poitation• Propagation
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 31/37
Security #.auation
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 32/37
Mengapa Peru@
Aasan u(u(
Mene(ukan titik kee(a!an +an.unera,iities syste( se,eu( titikkee(a!an terse,ut +iekspoitasi oe!!acker
Mengu-i ter!a+ap (ekanis(e kea(anansiste( +an (eng*e.auasi apaka! siste(yang +igunakan su+a! aman
Mengatur strategi penanganan -ika ter-a+iinsi+en penyerangan pa+a siste(
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 33/37
=unera,iity Assess(ent
• Se,ua! proses yang terus (enerus +an (e(,entuk suatukerangka sikik (aka !asi +ari =A akan +igunakan untuk(engi(pe(entasikan strategi kea(anan in'or(asi
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 34/37
=unera,iity Assess(ent
Meakukan i+enti7kasi .unera,iity +ari suatuapikasi siste( operasi +an In'rastruktur Baringan
#.auasi +an anaisa ter!a+ap .unera,iity +ari
!asi te(uan untuk (enentukan tingkat resiko yang(ungkin +apat ter-a+i
Me(,erikan aporan +an reko(en+asi atas te(uanyang +i+apat +ari kegiatan =A
Skenario serangan yang +igunakan SeranganInterna
interna AttackD +an Serangan +ari "uar e:ternaAttackD
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 35/37
Penetration Testing
Meakukan i+enti7kasi .unera,iity +ari suatu siste(operasi apikasi +an In'rastruktur Baringan
#kspoitasi ter!a+ap te(uan .unera,iity PoCD
#.auasi ter!a+ap siste( kea(anan yang su+a! +i,uat+engan cara (eakukan si(uasi serangan yang(enggunakan (eto+a yang ,iasa +igunakan oe! &acker
Anaisa ter!a+ap .unera,iity +ari !asi te(uan untuk(enentukan tingkat resiko yang (ungkin +apat ter-a+i
Skenario serangan yang +igunakan Serangan Interna +anSerangan #:terna
8/16/2019 IT Security Palembang(p Bis)
http://slidepdf.com/reader/full/it-security-palembangp-bis 36/37
=unera,iity Assess(ent Toos
1 $acktrack
2 Nessus
E 9ires!ark
4 N(ap8 S(ap
G Acuneti:
3 $urp Suite
H Nikto5 9Ea'
10I((unity Can.as