seminar cyberpreneurship 13 april 2013
TRANSCRIPT
![Page 1: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/1.jpg)
![Page 2: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/2.jpg)
Halaman 2
INDONESIA SECURITY INCIDENT RESPONSE
TEAM ON INTERNET INFRASTRUCTURE
The Brief Profile of the National CSIRT of Indonesia – The Coordination Center
Iwan SumantriWakil Ketua IDSIRTII
Bidang Riset & Pengembangan
![Page 3: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/3.jpg)
• IDSIRTII/CCIDSIRTII/CC
• Statistik Insiden Keamanan Internet IndonesiaStatistik Insiden Keamanan Internet Indonesia• Gangguan Keamanan Informasi dan Tata Kelola Gangguan Keamanan Informasi dan Tata Kelola
Keamanan Informasi.Keamanan Informasi.• Kebutuhan SDM bidang IT SecurityKebutuhan SDM bidang IT Security
AGENDAAGENDA
![Page 4: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/4.jpg)
![Page 5: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/5.jpg)
IDSIRTII/CC dan CERT Internasional
http://www.cert.org/cert/map_open.html
![Page 6: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/6.jpg)
Website : http://idsirtii.or.id/pelaporan-insiden-keamanan-internet/
Email : [email protected]
Telpon :021 3192551
Pelaporan Insiden Keamanan Informasi
![Page 7: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/7.jpg)
![Page 8: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/8.jpg)
Metode Pengamatan Trend Serangan Keamanan Internet
• Peralatan Pemantauan (Monitoring) Internet.
• Pelaporan Insiden Keamanan Internet
• Survey Serangan Website Domain Indonesia
![Page 9: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/9.jpg)
Peralatan Monitoring Internet Indonesia
Aktif
• Peralatan Monitoring Internet IDSIRTII
Partisipatif• Tsubame Project• Nicter
![Page 10: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/10.jpg)
![Page 11: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/11.jpg)
Pemantauan, Deteksi dan Peringatan Dini
![Page 12: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/12.jpg)
Trend Serangan Internet di Asia PasifikBulan April 2013
![Page 13: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/13.jpg)
Trend Serangan Internet di Indonesia Bulan April 2013
![Page 14: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/14.jpg)
Insiden :Statistik Serangan Website domain Indonesia Tahun 2012
![Page 15: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/15.jpg)
Survey Serangan Website domain Indonesia Top Serangan Tahun 2012
![Page 16: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/16.jpg)
Insiden :Statistik Serangan Website domain Indonesia Tahun 2013 dan Maret 2013
![Page 17: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/17.jpg)
![Page 18: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/18.jpg)
INCREASING RISKINCREASING RISK
• Pencurian Informasi Pribadi (account hijacking & fraud) Pencurian Informasi Pribadi (account hijacking & fraud) – disebabkan oleh informasi dari sosial media – disebabkan oleh informasi dari sosial media (Kurangnya kesadaran dan perilaku pengguna) (Kurangnya kesadaran dan perilaku pengguna)
• Manusia, sisi keamanan terlemah - social engineering, Manusia, sisi keamanan terlemah - social engineering, phising & malicious code (tools)phising & malicious code (tools)
• Layanan Personal dengan kemudahan dan teknologi Layanan Personal dengan kemudahan dan teknologi yang lebih pribadi dan canggih.yang lebih pribadi dan canggih.
• Hacking Tools sangat mudah didapat dan mudah Hacking Tools sangat mudah didapat dan mudah digunakan (Click Kiddies)digunakan (Click Kiddies)
• Hacker semakin nyaman dalam melakukan aksinya. Hacker semakin nyaman dalam melakukan aksinya.
![Page 19: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/19.jpg)
Ancaman Keamanan InternetAncaman Keamanan Internet
Online Threat : http://www.securelist.com/en/statistics#/en/map/wav/month/Asia
![Page 20: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/20.jpg)
Cyber War terhadap Indonesia18 Juli 2011
http://www.youtube.com/watch?v =sDSpLDN0uXA
![Page 21: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/21.jpg)
INSIDER THREATINSIDER THREAT
• Trojans and backdoorTrojans and backdoor• Unsecure programmingUnsecure programming• Counterfeit equipmentCounterfeit equipment• Data/information misuseData/information misuse• Level of access policy breach Level of access policy breach • Physical security perimeter breachPhysical security perimeter breach• Inappropriate disposal proceduresInappropriate disposal procedures
![Page 22: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/22.jpg)
CYBER ATTACKCYBER ATTACK
““to take over the resources”to take over the resources”
![Page 23: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/23.jpg)
WHAT ATTACKS DOWHAT ATTACKS DO
• HijackingHijacking, to intercept & to take over ICT resources, to intercept & to take over ICT resources• InterruptionInterruption, disrupting & to take down , disrupting & to take down
infrastructureinfrastructure• ModificationModification, changes the contents into destructive , changes the contents into destructive
materials, propaganda, misleading information etc.materials, propaganda, misleading information etc.• FabricationFabrication, spreading damages, well planned & or , spreading damages, well planned & or
sophistication of targetted attack (or personalized)sophistication of targetted attack (or personalized)• Using techniquesUsing techniques: DDoS, DNS/route poison, scam, : DDoS, DNS/route poison, scam,
SPAM, phising, identity theft, malware (virus, trojan, SPAM, phising, identity theft, malware (virus, trojan, botnet, rootkit, backdoor)botnet, rootkit, backdoor)
![Page 24: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/24.jpg)
Tools Hacking makin Gampang
![Page 25: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/25.jpg)
DDoS
![Page 26: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/26.jpg)
CYBER SECURITYCYBER SECURITY
““defending information assets”defending information assets”
![Page 27: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/27.jpg)
RegulasiRegulasi
RegulasiRegulasi• UU – ITE (Undang-Undang – Informasi dan Transaksi UU – ITE (Undang-Undang – Informasi dan Transaksi
Elektronik)Elektronik)• Surat Edaran Menteri KOMINFO No. Surat Edaran Menteri KOMINFO No.
05/SE/M.KOMINFO/07/2011 tentang : 05/SE/M.KOMINFO/07/2011 tentang : “Penerapan Tata Kelola Keamanan Informasi Bagi Penyelenggara Pelayanan Publik”
• Perbankan : PBI (Peraturan Bank Indonesia) no. Perbankan : PBI (Peraturan Bank Indonesia) no. 9/15/PBI/20079/15/PBI/2007
![Page 28: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/28.jpg)
RISK MANAGEMENTRISK MANAGEMENT
![Page 29: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/29.jpg)
TO MINIMIZE RISKTO MINIMIZE RISK
![Page 30: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/30.jpg)
TO MINIMIZE RISKTO MINIMIZE RISK
• Protecting InfrastructureProtecting Infrastructure, security design, , security design, DMZ, Firewall, VPN, IDP etc.DMZ, Firewall, VPN, IDP etc.
• Protecting EnvironmentProtecting Environment, password , password management, SOP, crypto, PKI etc.management, SOP, crypto, PKI etc.
• Protecting ApplicationProtecting Application, update , update management, anti malware, management, anti malware, audit/compliance etc.audit/compliance etc.
![Page 31: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/31.jpg)
APPLY STANDARDSAPPLY STANDARDS
• Assurance Procedures, acceptance test, post audit, etc.
• Security Standard & Audit, CISA, COBIT, ISO, etc.• Security Certification, CISA, CEH, CISSP, etc.• Risk Analysis and Mitigation Process• Established Incident Response Team• Conducting incident simulation
![Page 32: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/32.jpg)
Standard
SNI SNI ISO IEC 27001 : 2009 – Sistem Manajemen
Keamanan Informasi A.15.2 Pemenuhan terhadap kebijakan keamanan dan standar, dan pemenuhan teknis A. 15.2.1 Pemenuhan terhadap kebijakan keamanan dan standar A. 15.2.2 Pengecekan pemenuhan teknis Sistem Informasi harus secara regular dicek pemenuhan teknis terhadap standar penerapan keamanan
![Page 33: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/33.jpg)
![Page 34: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/34.jpg)
Penggunaan Teknologi KeamananPenggunaan Teknologi Keamanan
Siapa yang akan mengelola?
Sourcing
Investigation
Implementation
Testing
Managing
Reporting
Updating
Replacing
![Page 35: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/35.jpg)
Sumber SDM Bidang IT Security Sumber SDM Bidang IT Security
Akademik Sudah masuk dalam kurikulum untuk beberapa Program Studi /
Jurusan di SMK dan Perguruan Tinggi. Mahasiswa PKL, Tulisan Ilmiah, Jurnal, skripsi, Tesis dan Disertasi
tentang Keamanan Informasi. Sudah terdapat Program Studi / Peminatan “Keamanan Informasi”
untuk D3, S1 dan S2.
![Page 36: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/36.jpg)
Sumber SDM Bidang IT Security Sumber SDM Bidang IT Security
Diklat / Training / Workshop / Seminar / Sertifikasi Nasional. Beberapa lembaga Diklat di bawah Kementerian sudah
memasukkan agenda Diklat Keamanan Informasi. Maraknya kegiatan Seminar, workshop dan training singkat bidang
IT Security, baik yang diselenggarakan oleh Pemerintah, swasta dan komunitas.
Training oleh penyelenggara pihak swasta.
![Page 37: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/37.jpg)
Sumber SDM Bidang IT Security Sumber SDM Bidang IT Security
Sertifikasi Internasional EC-Council : ENSA, CEH, CHFI, ECSA, EDRP, ……. ISACA : CISA, CISM, CGEIT, CRISC SANS/GIAC : GSEC, GCIH, GPEN, GXPN, GCIA, …… (ISC)2 : CISSP, SSCP, CAP, CSSLP . . . .
![Page 38: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/38.jpg)
Sumber SDM Bidang IT Security Sumber SDM Bidang IT Security
Komunitas IT Security Tersebar di sejumlah kota di Indonesia Skill dan Kompetensi yang beragam Jasakom, KKI, Echo, Anti-Hackerlink, Indonesian
BackTrack Team, Indo BackTrack, Indonesian Coder, Devil Code, Yogja Carder Link, …… Jember Hacker
![Page 39: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/39.jpg)
Mengurangi Resiko Mengurangi Resiko Dengan Pendidikan Dengan Pendidikan
Keahlian Umum Keamanan Siber
Mic
roso
ft
Cis
co
Che
ckpo
int
Keahlian Khusus /Analis Keamanan Siber
![Page 40: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/40.jpg)
Roadmap Training IDSIRTIIRoadmap Training IDSIRTII
![Page 41: Seminar CyberPreneurship 13 April 2013](https://reader030.vdocuments.net/reader030/viewer/2022033023/55cf9dd6550346d033af73ce/html5/thumbnails/41.jpg)
Terima KasihQ and A