0101100001100101011001011000011001010110
0011011101010111001000110111010101110010
0110010101011001100101010110100110100110...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
R U Sure U R Secure?
Security is Like a Chain...
as Strong as The Weakest link
`
90% cyber security implementation is inconsistent... :’(
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Know Your Enemies

T...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Gildas Deograt Lumy, ...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Do you know who are i...
Complexity is the worst information security enemy
Information Security is A Complex Issue
Impossible to solve without str...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Conventional Cyber Se...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade...
Standar Arsitektur Keamanan Tingkat Tinggi
Informasi (SAKTTI)
`
Konsisten, efektif dan efisien arsitektur untuk
menangani ...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureIT Experiences
...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
A...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
T...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
T...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
T...
© PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Summary
 Conventiona...
0101100001100101011001011000011001010110
0011011101010111001000110111010101110010
0110010101011001100101010110100110100110...
Upcoming SlideShare
Loading in …5
×

01. Critical Information Infrastructure Protection

767 views

Published on

This presentation presentated by Gildas Deograt Lumy "Simulasi Scirital Information Infrastructure Protection (CIIP)" , Bandung, Indonesia 10th September 2013 on #IISF2013

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
767
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
133
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

01. Critical Information Infrastructure Protection

  1. 1. 0101100001100101011001011000011001010110 0011011101010111001000110111010101110010 0110010101011001100101010110100110100110 1111011011100110010111110110111001100101 0101100001100101011001011000011001010110 0011011101010111001000110111010101110010 0110010101011010011001100101010110100110 1111011011100110010111110110111001100101XecureIT © PT IMAN Teknologi Informasi Indonesia Information Security Forum Bandung, 10 September 2013 Cyber SOSCyber SOS Critical Information Infrastructure ProtectionCritical Information Infrastructure Protection
  2. 2. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 R U Sure U R Secure?
  3. 3. Security is Like a Chain... as Strong as The Weakest link ` 90% cyber security implementation is inconsistent... :’(
  4. 4. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 Know Your Enemies  Threat Agent – People  Attacks carried out by unknown attacker (public)  Attacks carried out by known attacker, such as employees, contractors, partners or customers both consciously and as victims of social engineering  Attacks carried out by authorized users both consciously and as victims of social engineering  Threat Agent Resources  Low grade attacker: script kiddies, new born attacker, public tools, <USD1000.  Medium grade attacker: expert, public or custom tools, <USD100.000.  High grade attacker: advance custom tools, <USD 1 Million.  Government grade attacker.
  5. 5. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 Gildas Deograt Lumy, CISA, CISSP, ISO 27001 LA  Senior Information Security Consultant - XecureIT  Consultancy, Audit, Assessment, Penetration Testing, Research  Experiences  21 years in IT, 16 years direct experiences in Information Security  25 years as social worker to take care homeless people and street children  Community Founder and Leader  Komunitas Keamanan Informasi (KKI)  (ISC)2 Indonesia Chapter  Forum Keamanan Informasi (FORMASI)  Cyber Security Certified Professional (CSCP) Association  Trainer  CISSP Common Body of Knowledge  Hacking Techniques & Defense Strategy  ISO27001 Implementation
  6. 6. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 Do you know who are inside? 90% of Internal Network is “Public”
  7. 7. Complexity is the worst information security enemy Information Security is A Complex Issue Impossible to solve without strong management commitment supported by highly competent professionals.
  8. 8. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 Conventional Cyber Security Easy to compromise
  9. 9. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 End-to-End High Grade Security
  10. 10. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 End-to-End High Grade Security The Key Principles Balanced between preventive, detective and corrective controls in all information life cycle:  Holistic  High Integrity  White List Approach  Defense in Depth  Least Privilege  Separation of Duties  Effective Change Management  End-to-End Encryption  Good Performance  Full Redundancy  Integrated Monitoring
  11. 11. Standar Arsitektur Keamanan Tingkat Tinggi Informasi (SAKTTI) ` Konsisten, efektif dan efisien arsitektur untuk menangani ancaman serangan tingkat tinggi.
  12. 12. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 XecureIT Experiences CARES Facts  Consultancy High grade information security architecture is very difficult and expensive to implement and operate.  Assurance 99% security implementation can be compromised if similar conditions with real threat agent is created and allowed. The reasons why we create XecureZone as a high grade security solution.  Research & Development Our solutions has been used by highly sensitive systems.  Education 70% highly competent information security profesional went abroad.  Secure Hosting In house XecureZone has been used to protect our customers sensitive systems.
  13. 13. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 XecureZone Overview A Complete Integrated Solution Technology People XecureZone Physical Administrative
  14. 14. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 XecureZone Overview The Key Objectives: S.O.S  Secure Improve information security to the highest level through clear and balance end-to-end prevention and detection strategy.  Optimize Significantly reduce TCO through uniform strategy, hardware and licenses optimization, and pre-configured systems.  Simplify Simplify information security compliance and conformance, such as UU ITE, PP PSTE, PBI, ISO 27001 and PCI DSS.
  15. 15. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 XecureZone Overview The Key Benefits: T.R.U.S.T  Transparant by using open source solutions for the core components.  Reliable by using the best software and hardware components.  Uniform strategy and implementation to optimize the TCO.  Simplify complex processes, from design to maintainance.  Tough solution - strong but flexible.
  16. 16. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 XecureZone Technology Implementation
  17. 17. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 XecureZone Technology Key Feature: SAKTTI Implementation
  18. 18. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 XecureZone Overview The Biggest Challenge is To Change The Mindset “I feel convenience if... I use the good safety belt and helmet properly and the car has the effective breaking system to go fast !”
  19. 19. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013 Summary  Conventional security strategy and implementation have failed.  SAKTTI answers the needs of high grade information security architecture.  XecureZone simplifies and optimizes SAKTTI implementation and operation.  XecureZone is built with 21 years experience on top of solid hardware and software components.  XecureZone can be easily customized to accomodate various needs. XecureZone Secure.Optimize.Simple
  20. 20. 0101100001100101011001011000011001010110 0011011101010111001000110111010101110010 0110010101011001100101010110100110100110 1111011011100110010111110110111001100101 0101100001100101011001011000011001010110 0011011101010111001000110111010101110010 0110010101011010011001100101010110100110 1111011011100110010111110110111001100101XecureIT © PT IMAN Teknologi Informasi THANK YOU ! PT. IMAN Teknologi Informasi "Security CARE, Our PASSION" Consultancy.Assurance.Research.Education Certified ISO 27001:2005 #IS586350 https://www.xecureit.com XecureIT

×