information security awareness
DESCRIPTION
Information Security Awareness Recent Security TrendsTRANSCRIPT
![Page 1: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/1.jpg)
Peran Keamanan Informasi di Tengah Pesatnya Perkembangan ICT
Universitas Al Azhar Indonesia
Jakarta – 10 Juni 2014
Digit Oktaviantohttp://digitoktavianto.web.id
digit dot oktavianto at gmail dot com
![Page 2: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/2.jpg)
IT Security Enthusiast (Opreker)Member of Indonesian Honeynet ChapterMember OWASP Indonesian ChapterLinux Activist (KPLI Jakarta)IT Security Consultant
About Me
![Page 3: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/3.jpg)
![Page 4: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/4.jpg)
Perkembangan Industri IT
Source : http://www.forbes.com/powerful-brands/list/
![Page 5: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/5.jpg)
“After compiling the list of fastest growing industries, there were some apparent trends. Each industry on the list experienced growth as a result of one or more of four drivers: Internet growth, environmental issues, cost cutting and evolving technology.”
Source : IBISWorld (global business intelligence leader specializing in Industry Market Research)
Mengapa Perkembangan Industri IT Sangat Pesat?
![Page 6: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/6.jpg)
Internet growthEnvironmental issuesCost cutting Evolving technology
Faktor Pendukung
![Page 7: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/7.jpg)
Marketing StrategyAdvertisementBusiness ModelDeliverables to CustomerWorking BehaviorChange of Mindset
Perubahan Paradigma Konvensional ke Era Modern
![Page 8: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/8.jpg)
“Keamanan selalu berbading terbalik dengan kenyamanan. Semakin anda merasa nyaman, semakin anda tidak aman.”
(Anonymous)
Correlation?
![Page 9: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/9.jpg)
Information Security Threat
![Page 10: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/10.jpg)
Data BreachesSocial Media HackingMobile Device ThreatMalware and Advanced Persistent Threat
(APT)
Recent Trends
![Page 11: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/11.jpg)
Electronic CrimesDisclosure Sensitive Information
(personal info, credit card, username and password)
Target :Online ShopSocial Media WebsitesGovernment Agency
Data Breach
![Page 12: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/12.jpg)
Why oh Why?
Data Breaches
![Page 13: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/13.jpg)
Data Breaches
![Page 14: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/14.jpg)
Data Breaches
![Page 15: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/15.jpg)
Data Breaches
![Page 16: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/16.jpg)
Data Breaches
![Page 17: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/17.jpg)
Purposes?Business competitionCampaignFor Fun (and Profit?)Ruin your life? (e.g. revenge?)Spying (Government, Agencies, Corporate)
Social Media Hacking
![Page 18: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/18.jpg)
Social Media Hacking
![Page 19: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/19.jpg)
Social Media Hacking
![Page 20: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/20.jpg)
Social Media Hacking
![Page 21: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/21.jpg)
Social Media Hacking
![Page 22: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/22.jpg)
Social Media Hacking
![Page 23: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/23.jpg)
Why? 6 Billion Mobile Subscribers on the Planet
(end of 2012)Little to no patch management for mobile &
Poor QA in the AppStoreFew anti-virus / anti-malware solutionsIncreasing malicious mobile applications and
mobile exploitation
Mobile Device Threat
![Page 24: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/24.jpg)
Mobile Device Threat
![Page 25: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/25.jpg)
Example :- Phishing SMS Link
Mobile Device Threat
![Page 26: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/26.jpg)
Example :Fake App
Mobile Device Threat
![Page 27: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/27.jpg)
Example :Virus / Malware Threat
Mobile Device Threat
![Page 28: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/28.jpg)
What is APT?
World next publicly available comprehensive report on Advanced Persistent Threat
Provided by Mandiant (www.mandiant.com)It’s a nickname for a group that being
government sponsored for doing specific attack and specific purpose
China is the suspected government that sponsored the group
Malware and Advanced Persistent Threat (APT)
![Page 29: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/29.jpg)
Advanced means the adversary can operate in the full spectrum of computer intrusion. They can use the most pedestrian publicly available exploit against a well-known vulnerability, or they can elevate their game to research new vulnerabilities and develop custom exploits, depending on the target's posture.
Persistent means the adversary is formally tasked to accomplish a mission. They are not opportunistic intruders. Like an intelligence unit they receive directives and work to satisfy their masters. Persistent does not necessarily mean they need to constantly execute malicious code on victim computers. Rather, they maintain the level of interaction needed to execute their objectives.
Threat means the adversary is not a piece of mindless code. Some people throw around the term "threat" with reference to malware. If malware had no human attached to it (someone to control the victim, read the stolen data, etc.), then most malware would be of little worry (as long as it didn't degrade or deny data). Rather, the adversary here is a threat because it is organized and funded and motivated. Some people speak of multiple "groups" consisting of dedicated "crews" with various missions.
(Taken from http://taosecurity.blogspot.com/2010/01/what-is-apt-and-what-does-it-want.html)
Malware and Advanced Persistent Threat (APT)
![Page 30: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/30.jpg)
Political objectives that include continuing to suppress its own population in the name of "stability."
Economic objectives that rely on stealing intellectual property from victims. Such IP can be cloned and sold, studied and underbid in competitive dealings, or fused with local research to produce new products and services more cheaply than the victims.
Technical objectives that further their ability to accomplish their mission. These include gaining access to source code for further exploit development, or learning how defenses work in order to better evade or disrupt them.
Military objectives that include identifying weaknesses that allow inferior military forces to defeat superior military forces. The Report on Chinese Government Sponsored Cyber Activities addresses issues like these.
Malware and Advanced Persistent Threat (APT)
![Page 31: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/31.jpg)
Malware and Advanced Persistent Threat (APT)
![Page 32: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/32.jpg)
Malware and Advanced Persistent Threat (APT)
![Page 33: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/33.jpg)
![Page 34: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/34.jpg)
What should we do?
![Page 35: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/35.jpg)
The Answer :
Information Security Awareness
![Page 36: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/36.jpg)
Who?
IT Infrastructure (Sys Admin, Sys Engineer)Application (Developer, Analyst)End User
Information Security Awareness
![Page 37: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/37.jpg)
Social Engineering | Because there is no Patch for Human Stupidity.
Information Security Awareness
![Page 38: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/38.jpg)
Social Engineering simply means manipulating or tricking people to gain their trust in order to give up confidential information without them knowing it.
This leads in gathering confidential information, computer system access or fraud.
Social Engineering
![Page 39: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/39.jpg)
1. Risk Analysis2. Risk Assessment3. Policy4. Procedure5. Standard
Infosec Awareness Requirement
![Page 40: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/40.jpg)
1. A process to take the message to the user community to reinforce the concept that information security is an important part of the business process
2. Identification of the individuals who are responsible for the implementation of the security program
3. The ability to determine the sensitivity of information and the criticality of applications, systems and business processes
4. The business reasons why basic security concepts such as separation of duties, need-to-know, and least privilege must be implemented
5. That senior management supports the goals and objectives of the information security program
5 Key Elements Infosec Awareness Program
![Page 41: Information Security Awareness](https://reader033.vdocuments.site/reader033/viewer/2022042613/54665058af7959557c8b4bca/html5/thumbnails/41.jpg)
Q & A
FINISH