SlideShare a Scribd company logo

Cybersecurity and Risk Management Technology

ā€¢
ā€¢
M
Mohammad Febri

The presentation will emphasize that cybersecurity is not merely an IT issue but a fundamental business concern that requires a holistic approach. It will gain a comprehensive understanding of how technology serves as the cornerstone of effective cybersecurity and risk management strategies in an increasingly digital world. Through this presentation, organizations and individuals will be better equipped to navigate the complex cybersecurity landscape and harness technology to protect their digital assets, preserve their reputation, and safeguard sensitive information from evolving threats.

Technology
1 of 58
Download to read offline
CYBER SECURITY AND RISK MANAGEMENT TECHNOLOGY NIM: 23222026 Bene Genhaq Suseno 23222048 Pray Putra Hasianro Nadeak 23523015 Galuh Dipa Bharata 23523042 Mohammad Febri Ramadlan
The Face and Future of Cyberthreats Cyberattack Targets and Consequences Cyber Risk Management Defending Agains Fraud Frameworks, Standards, and Models 01 02 03 04 05 TABLE OF CONTENTS
The Face and Future of Cyber Threats 01. Introducing several types of Cyber Threat and their characteristics
Apa itu Cyber Threats? Siber (id ; KBBI) : Sistem komputer dan atau teknologi informasi yang berkaitan dengan dunia maya, atau sistem yang terhubung jejaring internet Cyber (en) Cyber Threats Merujuk pada kondisi atau situasi maupun kemungkinan memunculkan gangguan / serangan yang merusak atau merugikan yang mengancam kerahasiaan, integritas, ketersediaan sistem dan informasi, maupun kegiatan melanggar norma dan hukum [2]
Vulnerability Data Incident & Breach Kerentanan (in Cyber) : adalah sebuah gap antara IT Security sys (network, system, atau aplikasi ļ¬sik) yang memungkinkan untuk menerima Cyber Threads sehingga meningkatkan kemungkinan resiko terhadap sistem. Kerentanan dapat menimbulkan kondisi dimana percobaan (berhasil atau tidak) unauthorized access ke dalam sistem siber atau disebut Data Incident atau bahkan kemungkinan terjadinya pengambilan data atau informasi sensitif oleh individu, grup, ataupun oleh sistem - Data Breach. Istilah General dalam Siber
Kategori Kerentanan Conļ¬dentiality Integrity Availability Data terahasia Data utuh dan tidak berubah Kesediaan sistem Akses data yang tersimpan dalam sistem diakses oleh entitas yang sesuai. Data harus tetap dengan hanya perubahan yang diperbolehkan. Data dan sistem tetap dapat diakses ketika dibutuhkan. Kebocoran data, unauthorized access, brute force access, etc. Serangan malware, unknown editor, data manipulate, etc DoS (over traffic), DDoS
Major Cyber Threats Crimeware Malware dan ransomware Phishing General dari Unauthorized access dengan berbagai tujuan atau ancaman Human-target, mendorong perilaku DDoS Mengganggu trafļ¬c ke suatu target hingga over Hacking Intentional Insider & Privilege Misuse Penyalahgunaan level akses yang diberikan pada suatu entitas Physical theft Pencurian aset-aset siber
Major Cyber Threats (2) Environment Bencana, kondisi lingkungan, dan sebagainya Human Error Kehilangan, kerusakan, dan sebagainya Kesalahan data, desain hardware/software, bad management data, etc Computer Failure Kualitas buruk, poor maintenance, logical problem, dan sebagainya Physical Loss Unintentional
HACKING Istilah yang adalah istilah umum dalam banyak serangan siber. Istilah ini pada dasarnya merujuk ke sebuah tindakan dalam mengeksploitasi kerentanan dalam suatu sistem IT White Hat Gray Hat dsadadadsa Mercury is the closest planet to the Sun and the Earth is the third planet from the Sun and the only one that harbors life in the Solar System Black Hat Mercury is the closest planet to the Sun and the Earth is the third planet from the Sun and the only one that harbors life in the Solar System
Phishing Spear Phishing CYBER SOCIAL ENGINEERING THREATS Menyebarkan suatu instruksi secara random tanpa target tertentu Mengirimkan secara spesiļ¬k suatu instruksi baik pada individu atau kelompok berdasarkan kecocokan tertentu. Hacker memanfaatkan implementasi social engineering (persuasif, trust, helpful, kindness, free/easy-way, etc) untuk memanipulasi seseorang mengikuti keinginan hacker. Hal ini menjadi gap besar karena sistem sulit melindungi kerentanan melalui user.
Spyware Malware Ransomware Tracking software - didesain untuk memata-matai seperti pengawasan, atau bahkan data-data penting logs targetnya Software embedded ads - hanya menampilkkan iklan - biasanya untuk users yang tidak membayar software tertentu Program yang digunakan untuk mengganggu kinerja komputer, mengumpulkan informasi sensitif, atau memanipulasi akses ke data Malware yang dirancang untuk membatasi akses ke komputer target dengan tujuan meminta bayaran/tebusan CYBER SOCIAL ENGINEERING THREATS (2) CRIMEWARE Berbagai program yang disebarkan atau dibuat oleh hacker dan dimanfaatkan dalam tujuan tertentu. Adware
TDoS PDoS Denial-of-Service (DoS) Distributed Denial-of-Service : membanjiri traffic dengan banyak sumber request Telephony Denial-of-Service : membanjiri dengan panggilan atau menahan panggilan dalam waktu tertentu Permanent Denial-of-Service : sedikit berbeda, serangan ini berfokus untuk menimbulkan kerusakan dari suatu target hingga ke tahap sistem harus di reset ataupun installasi ulang DDoS Serangan dengan tujuan membuat layanan siber menjadi tidak tersedia dengan cara membanjiri request pada trafļ¬c jaringan sehingga sistem mengalami overload.
CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon and infographics & images by Freepik Insider & Privilege Misuse Aspek ini menjadi yang paling sulit ditanggulangi karena dilakukan dari dalam, dan pencegahannya akan berbeda dengan serangan luar. Salah satu contoh adalah perubahan, penghapusan, atau pengambilan data yang dilakukan oleh Insider bias disebut Data Tampering.
Miscellaneous Errors Publishing Error Penyebaran informasi yang salah tujuan atau bahkan kesalahan informasi Misconļ¬guration Kesalahan pengiriman informasi (to person/individu) Membangun pengaturan sistem yang salah (access, ļ¬rewall, dsb) Disposal Error Pembersihan perangkat tak terpakai tidak clear Misdelivery Intentional Data Entry Error Data yang dimasukkan tidak benar, duplicate, corrupt, dsb Programming Error Kesalahan logic atau sistematis sitem di level pemrograman Omission Data or document is not sent
Cyberattack Targets and Consequences 02.
6 Points of Cyberattack Targets and Concequences 1 3 5 "High-proļ¬le" and "under-the-radar" attacks Theft of Intellectual Property Bring Your Own Device (BYOD) 2 4 Identity Theft Critical Infrastructure Attacks 6 Social Media Attacks
ā€œHigh-Proļ¬leā€ and ā€œUnder-The-Radarā€ Attacks High-profile attacks are those that target well-known organizations or individuals, often for political, financial, or ideological reasons. These attacks can lead to significant reputational damage, financial losses, and legal consequences. Under-the-radar attacks are less publicized but can be just as damaging. They often target smaller businesses, individuals, or non-profit organizations. These attacks may go unnoticed for extended periods, causing financial and personal harm. Key points : - Continue steal data - Persistent - Profit Oriented - Anonymous
Critical Infrastructure Attacks
Theft of Intellectual Property Key points : - Cyberattacks frequently target intellectual property, including patents, trade secrets, and proprietary data. When stolen, this information can be sold or used to gain a competitive advantage. - The consequences include financial losses, loss of market share, and damage to a company's innovation and competitiveness.
Identity Theft ā— Cybercriminals can steal personal information, such as Social Security numbers, credit card details, and login credentials. This stolen data can be used for financial fraud, identity theft, and other illegal activities. ā— The consequences for individuals can be devastating, including financial ruin and reputational damage. Organizations may also suffer legal and financial penalties if they fail to protect customer data.
Bring Your Own Device ā— The trend of employees using their personal devices for work purposes introduces security risks. If these devices are not properly secured, they can become targets for cyberattacks. ā— Consequences of BYOD-related attacks can include data breaches, loss of sensitive information, and compromised corporate networks.
Social Media Attacks ā— Cybercriminals often target social media platforms to spread malware, steal personal information, or launch phishing attacks. ā— The consequences of social media attacks can include compromised accounts, identity theft, reputation damage, and the spread of misinformation
Cyber Risk Management 03.
5 Key Leading to Cyberattacks 1 3 5 Interconnected, interdependent, wirelessly networked business environment Decreasing skills necessary to be a computer hacker Lack of management support 2 4 International organized crime taking over cybercrime Smaller, faster, cheaper computers and storage devices
Basic IT security concept ISACA and OWASP: Risk = Likelihood Ɨ Impact Risk = Threat Ɨ Vulnerability Ɨ Impact/ Asset
IDS IPS 3 Essential Defenses Antimalware tools are designed to detect malicious codes and prevent users from downloading them IDS scans for unusual or suspicious traffic such as DOS attack IPS is designed to take immediate action such as blocking speciļ¬c IP addresses whenever a traffic-ļ¬‚ow anomaly is detected Antivirus Software
Biometric Control Mobile Kill Switch or Remote Wipe Capability Remote and wipe the in the event of loss or theft of a device Do-Not-Carry Rules Employee/ members can bring only ā€œcleanā€ devices and are forbidden from connecting to the organisationā€™s network while abroad. Minimum Security Defenses for Mobiles Automated method of verifying the identity of a person, based on physical or behavioral characteristics such as fingerprint, voice print, retinal scan, signature, etc Rogue App Monitoring Monitor and detect major app stores and shut down rogue applications 24/7 Zero Trust Security framework requiring all users, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data
DRP and BCP
Characteristics of an Effective Cybersecurity Program 1 Make data and documents available and accessible 24/7 while simultaneously restricting access. 2 Implement and enforce procedures and AUPs for data, networks, hardware, and software that are company or employee owned, as discussed in the opening case. 3 Promote secure and legal sharing of information among authorized persons and partners. 4 Ensure compliance with government regulations and laws. 5 Prevent attacks by having network intrusion defenses in place. 6 Detect, diagnose, and respond to incidents and attacks in real time. 7 Maintain internal controls to prevent unauthorized alteration of data/records. 8 Recover from business disasters and disruptions quickly.
Global government regulations of PII
WARMING UP 1. Name 3 IT Defense? 2. Why does an organization need to have a BCP? 3. What is the purpose of rogue application monitoring?
Defending Against Fraud 04.
Type of Frauds Type Financial Impact Typical Characteristics Operation Management Corruption No Occurs off the books. Median loss due to corruption is 6X median loss due to misappropriation Conļ¬‚ict of Interest No Breach of conļ¬dentiality, such as revealing competitor bids. Often occurs coincident with bribery Bribery No Uses positional power or money to inļ¬‚uence others Embezzlement or ā€œmisappropriationā€ Yes Employee theft. Employee access to company property creates the opportunity for embezzlement Senior management ļ¬nancial reporting fraud Yes Involves massive breach of trust and leveraging of positional power Accounting Cycle fraud Yes Also called ā€œearnings managementā€ or ā€œearnings engineering.ā€ Violates generally accepted accounting principles (GAAP) and other all other accounting principles
Occupational Fraud Prevention and Detection Corporate Governance Intelligent Analysis and Anomaly Detections ā–  An enterprise-wide approach that combines risk, security, compliance, and IT specialists ā–  Perform regular audit, employee training, and jobs rotation. ā–  Most detection activity can be handled by intelligent analysis engines using advanced data warehousing and analytics techniques ā–  Detect anomalous patterns, such as work hours, copying huge amounts of data, unusual transactions, etc
Internal Controls Objective Compliance with laws, regulations, and policies Reliability of ļ¬nancial reporting, to protect investors Operational efļ¬ciency Safeguarding of assets The work atmosphere that a company sets for its employees.
General Controls Physical Access Administrative Preventive Fences, Gates, Locks Firewall, IPS, MFA, Antivirus Hiring & termination, Separation of duties Detective CCTV IDS, Honey pots Review access, audit logs, unauthorized changes Corrective Repair physical damage, Re-issue access cards Patching, Quarantine Implement BCP, Have an incident response plan
Cyber Defense Strategies
Auditing Information System An audit is an important part as an additional layer of controls or safeguards to criminal actions, especially for insiders. Sample of questions ā— Are the controls implemented properly? ā— Which areas are not covered by controls? ā— Is there a clear separation of duties of employees? ā— Are there procedures to ensure compliance with the controls?
WARMING UP 1. Explain the concepts of intelligence analysis and anomaly detection. 2. Name the major categories of general controls 3. Explain authentication and name two methods of authentication
Framework, Standard and Models 05.
Dalam konteks Cybersecurity and Risk Management Technology: ā— FRAMEWORK merujuk pada suatu kerangka kerja atau struktur yang digunakan untuk mengorganisasi, mengelola, dan mengintegrasikan pendekatan keamanan siber dan manajemen risiko dalam suatu organisasi. ā— STANDARD merujuk pada dokumen formal yang menguraikan aturan, pedoman, dan persyaratan yang harus dipatuhi oleh organisasi atau entitas untuk mencapai tingkat keamanan dan manajemen risiko yang diterima. ā— MODEL merujuk pada representasi atau abstraksi sistem, proses, atau konsep keamanan siber dan manajemen risiko yang digunakan untuk menganalisis, merencanakan, atau memahami aspek-aspek tertentu dari keamanan dan manajemen risiko. Mari Kita Sepakati Terlebih Dahuluā€¦
Hubungan Framework, Standard dan Model Framework Model Standard Framework Model Standard
Jenis Model Threat Models Risk Models Security Architecture Models Attack Models Maturity Models Behavioral Models Security Management Models
COBIT (Control Objectives for Information and Related Technologies) Four Domains of COBIT: ā€¢Align, Plan and Organize (APO) ā€¢Build, Acquire and Implement (BAI) ā€¢Deliver, Service and Support (DSS) ā€¢Monitor, Evaluate and Assess (MEA)
NIST (National Institute of Standards and Technology)
ISO 27001 (International Standards Organization 27001)
GDPR (General Data Protection Regulation)
SOC (Service Organization Control)
Case Study: Badan Pusat Statistik (BPS) 06.
Arsitektur Keamanan BPS (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
Keamanan TI & Endpoint (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
Keamanan Enkripsi, Manajemen Akses dan Identitas (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
Keamanan Jaringan dan Data (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
Keamanan Aplikasi (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
https://csirt.bps.go.id/
https://csirt.bps.go.id/
CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon and infographics & images by Freepik DO YOU HAVE ANY QUESTIONS? THANKS

Recommended

Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
Ā 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
Ā 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
Ā 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
Ā 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
Ā 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
Ā 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
Ā 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
Ā 

Recommended

Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
Ā 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
Ā 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
Ā 
Risk Assessments
Risk AssessmentsRisk Assessments
Risk AssessmentsJoAnna Cheshire
Ā 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
Ā 
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...
CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!
Ā 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
Ā 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
Ā 
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
Ā 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
Ā 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk ManagementComputer Aid, Inc
Ā 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
Ā 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
Ā 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best PracticesKnowBe4
Ā 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
Ā 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
Ā 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Ā 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)Takeshi Takahashi
Ā 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
Ā 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
Ā 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
Ā 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
Ā 
cyber security
cyber securitycyber security
cyber securityabithajayavel
Ā 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
Ā 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
Ā 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?Aaron Clark-Ginsberg
Ā 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat ModelingEC-Council
Ā 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - OverviewThanuja Seneviratne
Ā 
IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdfManassahIjudigal
Ā 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security iEmmanuel Gbenga Dada (BSc, MSc, PhD)
Ā 

More Related Content

What's hot

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtJohn D. Johnson
Ā 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
Ā 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
Ā 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE - ATT&CKcon
Ā 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best PracticesKnowBe4
Ā 
Network Security
Network SecurityNetwork Security
Network Securityforpalmigho
Ā 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
Ā 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsShawn Tuma
Ā 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)Takeshi Takahashi
Ā 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Dam Frank
Ā 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
Ā 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
Ā 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscapeyohansurya2
Ā 
cyber security
cyber securitycyber security
cyber securityabithajayavel
Ā 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
Ā 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber SecurityRajathV2
Ā 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat ModelingEC-Council
Ā 

What's hot (20)

The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and DoubtThe Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
The Journey to Cyber Resilience in a World of Fear, Uncertainty and Doubt
Ā 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
Ā 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
Ā 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
Ā 
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
MITRE ATT&CKcon 2.0: Prioritizing ATT&CK Informed Defenses the CIS Way; Phili...
Ā 
Email Security Best Practices
Email Security Best PracticesEmail Security Best Practices
Email Security Best Practices
Ā 
Network Security
Network SecurityNetwork Security
Network Security
Ā 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration Testing
Ā 
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial InstitutionsCybersecurity: Cyber Risk Management for Banks & Financial Institutions
Cybersecurity: Cyber Risk Management for Banks & Financial Institutions
Ā 
AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)AI: The New Player in Cybersecurity (Nov. 08, 2023)
AI: The New Player in Cybersecurity (Nov. 08, 2023)
Ā 
Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3Information Security Governance and Strategy - 3
Information Security Governance and Strategy - 3
Ā 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
Ā 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Ā 
Corporate threat vector and landscape
Corporate threat vector and landscapeCorporate threat vector and landscape
Corporate threat vector and landscape
Ā 
cyber security
cyber securitycyber security
cyber security
Ā 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Ā 
Machine learning in Cyber Security
Machine learning in Cyber SecurityMachine learning in Cyber Security
Machine learning in Cyber Security
Ā 
What is cyber resilience?
What is cyber resilience?What is cyber resilience?
What is cyber resilience?
Ā 
Cyber Threat Modeling
Cyber Threat ModelingCyber Threat Modeling
Cyber Threat Modeling
Ā 
Cybersecurity - Overview
Cybersecurity - OverviewCybersecurity - Overview
Cybersecurity - Overview
Ā 

Similar to Cybersecurity and Risk Management Technology

Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptwaleejhaider1
Ā 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Ā 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptxSharmaAnirudh2
Ā 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
Ā 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hackingchakrekevin
Ā 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
Ā 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxhimanshuratnama
Ā 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAbhishekDas794104
Ā 
Website security
Website securityWebsite security
Website securityRIPPER95
Ā 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
Ā 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxGauravWankar2
Ā 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfsrtwgwfwwgw
Ā 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanannewbie2019
Ā 

Similar to Cybersecurity and Risk Management Technology (20)

IT Security.pdf
IT Security.pdfIT Security.pdf
IT Security.pdf
Ā 
Introduction to cyber security i
Introduction to cyber security iIntroduction to cyber security i
Introduction to cyber security i
Ā 
Cyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .pptCyber Crime and Security Ch 1 .ppt
Cyber Crime and Security Ch 1 .ppt
Ā 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
Ā 
Introduction to cyber security.pptx
Introduction to cyber security.pptxIntroduction to cyber security.pptx
Introduction to cyber security.pptx
Ā 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
Ā 
cyber security
cyber securitycyber security
cyber security
Ā 
Module 1.pdf
Module 1.pdfModule 1.pdf
Module 1.pdf
Ā 
module 1 Cyber Security Concepts
module 1 Cyber Security Conceptsmodule 1 Cyber Security Concepts
module 1 Cyber Security Concepts
Ā 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.
Ā 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
Ā 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
Ā 
Cyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptxCyber Security in detail PPT BY HIMANXU.pptx
Cyber Security in detail PPT BY HIMANXU.pptx
Ā 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
Ā 
Website security
Website securityWebsite security
Website security
Ā 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
Ā 
ABP 23.pptx
ABP 23.pptxABP 23.pptx
ABP 23.pptx
Ā 
SEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptxSEMINAR ON CYBER SECURITY.pptx
SEMINAR ON CYBER SECURITY.pptx
Ā 
Implications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdfImplications of Misuse and Cyber Security.pdf
Implications of Misuse and Cyber Security.pdf
Ā 
Chapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamananChapter 2 konsep dasar keamanan
Chapter 2 konsep dasar keamanan
Ā 

More from Mohammad Febri

RumahSehat Enterprise Architecture using TOGAF
RumahSehat Enterprise Architecture using TOGAFRumahSehat Enterprise Architecture using TOGAF
RumahSehat Enterprise Architecture using TOGAFMohammad Febri
Ā 
Automated IOC Detection and Response through Seamless Orchestration.pdf
Automated IOC Detection and Response through Seamless Orchestration.pdfAutomated IOC Detection and Response through Seamless Orchestration.pdf
Automated IOC Detection and Response through Seamless Orchestration.pdfMohammad Febri
Ā 
OWASP Risk Rating Management
OWASP Risk Rating ManagementOWASP Risk Rating Management
OWASP Risk Rating ManagementMohammad Febri
Ā 
Cloud Security: Securing The Invisible Thing
Cloud Security: Securing The Invisible ThingCloud Security: Securing The Invisible Thing
Cloud Security: Securing The Invisible ThingMohammad Febri
Ā 
STRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingSTRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingMohammad Febri
Ā 
Hacktoberfest Mozilla Indonesia 2020
Hacktoberfest Mozilla Indonesia 2020Hacktoberfest Mozilla Indonesia 2020
Hacktoberfest Mozilla Indonesia 2020Mohammad Febri
Ā 
Leadership Skills - Communication in Organization
Leadership Skills - Communication in OrganizationLeadership Skills - Communication in Organization
Leadership Skills - Communication in OrganizationMohammad Febri
Ā 
CDEF - Security Incident Handling and Response
CDEF - Security Incident Handling and ResponseCDEF - Security Incident Handling and Response
CDEF - Security Incident Handling and ResponseMohammad Febri
Ā 
Vooya Passion Playground 2021 - Journey in Cybersecurity
Vooya Passion Playground 2021 - Journey in CybersecurityVooya Passion Playground 2021 - Journey in Cybersecurity
Vooya Passion Playground 2021 - Journey in CybersecurityMohammad Febri
Ā 
Security Architecture: 3 Lines of Defense
Security Architecture: 3 Lines of DefenseSecurity Architecture: 3 Lines of Defense
Security Architecture: 3 Lines of DefenseMohammad Febri
Ā 

More from Mohammad Febri (10)

RumahSehat Enterprise Architecture using TOGAF
RumahSehat Enterprise Architecture using TOGAFRumahSehat Enterprise Architecture using TOGAF
RumahSehat Enterprise Architecture using TOGAF
Ā 
Automated IOC Detection and Response through Seamless Orchestration.pdf
Automated IOC Detection and Response through Seamless Orchestration.pdfAutomated IOC Detection and Response through Seamless Orchestration.pdf
Automated IOC Detection and Response through Seamless Orchestration.pdf
Ā 
OWASP Risk Rating Management
OWASP Risk Rating ManagementOWASP Risk Rating Management
OWASP Risk Rating Management
Ā 
Cloud Security: Securing The Invisible Thing
Cloud Security: Securing The Invisible ThingCloud Security: Securing The Invisible Thing
Cloud Security: Securing The Invisible Thing
Ā 
STRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat ModellingSTRIDE: Digging Vulnerability by Threat Modelling
STRIDE: Digging Vulnerability by Threat Modelling
Ā 
Hacktoberfest Mozilla Indonesia 2020
Hacktoberfest Mozilla Indonesia 2020Hacktoberfest Mozilla Indonesia 2020
Hacktoberfest Mozilla Indonesia 2020
Ā 
Leadership Skills - Communication in Organization
Leadership Skills - Communication in OrganizationLeadership Skills - Communication in Organization
Leadership Skills - Communication in Organization
Ā 
CDEF - Security Incident Handling and Response
CDEF - Security Incident Handling and ResponseCDEF - Security Incident Handling and Response
CDEF - Security Incident Handling and Response
Ā 
Vooya Passion Playground 2021 - Journey in Cybersecurity
Vooya Passion Playground 2021 - Journey in CybersecurityVooya Passion Playground 2021 - Journey in Cybersecurity
Vooya Passion Playground 2021 - Journey in Cybersecurity
Ā 
Security Architecture: 3 Lines of Defense
Security Architecture: 3 Lines of DefenseSecurity Architecture: 3 Lines of Defense
Security Architecture: 3 Lines of Defense
Ā 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
Ā 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
Ā 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
Ā 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
Ā 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
Ā 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
Ā 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
Ā 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
Ā 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
Ā 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
Ā 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
Ā 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
Ā 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
Ā 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
Ā 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
Ā 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
Ā 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
Ā 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
Ā 

Recently uploaded (20)

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Ā 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Ā 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Ā 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Ā 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Ā 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Ā 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Ā 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Ā 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Ā 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Ā 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
Ā 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
Ā 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Ā 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
Ā 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
Ā 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Ā 
Hot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort Service
Hot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort ServiceHot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort Service
Hot Sexy call girls in Panjabi Bagh šŸ” 9953056974 šŸ” Delhi escort Service
Ā 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Ā 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Ā 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
Ā 

Cybersecurity and Risk Management Technology

  • 1. CYBER SECURITY AND RISK MANAGEMENT TECHNOLOGY NIM: 23222026 Bene Genhaq Suseno 23222048 Pray Putra Hasianro Nadeak 23523015 Galuh Dipa Bharata 23523042 Mohammad Febri Ramadlan
  • 2. The Face and Future of Cyberthreats Cyberattack Targets and Consequences Cyber Risk Management Defending Agains Fraud Frameworks, Standards, and Models 01 02 03 04 05 TABLE OF CONTENTS
  • 3. The Face and Future of Cyber Threats 01. Introducing several types of Cyber Threat and their characteristics
  • 4.
  • 5. Apa itu Cyber Threats? Siber (id ; KBBI) : Sistem komputer dan atau teknologi informasi yang berkaitan dengan dunia maya, atau sistem yang terhubung jejaring internet Cyber (en) Cyber Threats Merujuk pada kondisi atau situasi maupun kemungkinan memunculkan gangguan / serangan yang merusak atau merugikan yang mengancam kerahasiaan, integritas, ketersediaan sistem dan informasi, maupun kegiatan melanggar norma dan hukum [2]
  • 6. Vulnerability Data Incident & Breach Kerentanan (in Cyber) : adalah sebuah gap antara IT Security sys (network, system, atau aplikasi ļ¬sik) yang memungkinkan untuk menerima Cyber Threads sehingga meningkatkan kemungkinan resiko terhadap sistem. Kerentanan dapat menimbulkan kondisi dimana percobaan (berhasil atau tidak) unauthorized access ke dalam sistem siber atau disebut Data Incident atau bahkan kemungkinan terjadinya pengambilan data atau informasi sensitif oleh individu, grup, ataupun oleh sistem - Data Breach. Istilah General dalam Siber
  • 7. Kategori Kerentanan Conļ¬dentiality Integrity Availability Data terahasia Data utuh dan tidak berubah Kesediaan sistem Akses data yang tersimpan dalam sistem diakses oleh entitas yang sesuai. Data harus tetap dengan hanya perubahan yang diperbolehkan. Data dan sistem tetap dapat diakses ketika dibutuhkan. Kebocoran data, unauthorized access, brute force access, etc. Serangan malware, unknown editor, data manipulate, etc DoS (over traffic), DDoS
  • 8. Major Cyber Threats Crimeware Malware dan ransomware Phishing General dari Unauthorized access dengan berbagai tujuan atau ancaman Human-target, mendorong perilaku DDoS Mengganggu trafļ¬c ke suatu target hingga over Hacking Intentional Insider & Privilege Misuse Penyalahgunaan level akses yang diberikan pada suatu entitas Physical theft Pencurian aset-aset siber
  • 9. Major Cyber Threats (2) Environment Bencana, kondisi lingkungan, dan sebagainya Human Error Kehilangan, kerusakan, dan sebagainya Kesalahan data, desain hardware/software, bad management data, etc Computer Failure Kualitas buruk, poor maintenance, logical problem, dan sebagainya Physical Loss Unintentional
  • 10. HACKING Istilah yang adalah istilah umum dalam banyak serangan siber. Istilah ini pada dasarnya merujuk ke sebuah tindakan dalam mengeksploitasi kerentanan dalam suatu sistem IT White Hat Gray Hat dsadadadsa Mercury is the closest planet to the Sun and the Earth is the third planet from the Sun and the only one that harbors life in the Solar System Black Hat Mercury is the closest planet to the Sun and the Earth is the third planet from the Sun and the only one that harbors life in the Solar System
  • 11. Phishing Spear Phishing CYBER SOCIAL ENGINEERING THREATS Menyebarkan suatu instruksi secara random tanpa target tertentu Mengirimkan secara spesiļ¬k suatu instruksi baik pada individu atau kelompok berdasarkan kecocokan tertentu. Hacker memanfaatkan implementasi social engineering (persuasif, trust, helpful, kindness, free/easy-way, etc) untuk memanipulasi seseorang mengikuti keinginan hacker. Hal ini menjadi gap besar karena sistem sulit melindungi kerentanan melalui user.
  • 12. Spyware Malware Ransomware Tracking software - didesain untuk memata-matai seperti pengawasan, atau bahkan data-data penting logs targetnya Software embedded ads - hanya menampilkkan iklan - biasanya untuk users yang tidak membayar software tertentu Program yang digunakan untuk mengganggu kinerja komputer, mengumpulkan informasi sensitif, atau memanipulasi akses ke data Malware yang dirancang untuk membatasi akses ke komputer target dengan tujuan meminta bayaran/tebusan CYBER SOCIAL ENGINEERING THREATS (2) CRIMEWARE Berbagai program yang disebarkan atau dibuat oleh hacker dan dimanfaatkan dalam tujuan tertentu. Adware
  • 13. TDoS PDoS Denial-of-Service (DoS) Distributed Denial-of-Service : membanjiri traffic dengan banyak sumber request Telephony Denial-of-Service : membanjiri dengan panggilan atau menahan panggilan dalam waktu tertentu Permanent Denial-of-Service : sedikit berbeda, serangan ini berfokus untuk menimbulkan kerusakan dari suatu target hingga ke tahap sistem harus di reset ataupun installasi ulang DDoS Serangan dengan tujuan membuat layanan siber menjadi tidak tersedia dengan cara membanjiri request pada trafļ¬c jaringan sehingga sistem mengalami overload.
  • 14. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon and infographics & images by Freepik Insider & Privilege Misuse Aspek ini menjadi yang paling sulit ditanggulangi karena dilakukan dari dalam, dan pencegahannya akan berbeda dengan serangan luar. Salah satu contoh adalah perubahan, penghapusan, atau pengambilan data yang dilakukan oleh Insider bias disebut Data Tampering.
  • 15. Miscellaneous Errors Publishing Error Penyebaran informasi yang salah tujuan atau bahkan kesalahan informasi Misconļ¬guration Kesalahan pengiriman informasi (to person/individu) Membangun pengaturan sistem yang salah (access, ļ¬rewall, dsb) Disposal Error Pembersihan perangkat tak terpakai tidak clear Misdelivery Intentional Data Entry Error Data yang dimasukkan tidak benar, duplicate, corrupt, dsb Programming Error Kesalahan logic atau sistematis sitem di level pemrograman Omission Data or document is not sent
  • 17. 6 Points of Cyberattack Targets and Concequences 1 3 5 "High-proļ¬le" and "under-the-radar" attacks Theft of Intellectual Property Bring Your Own Device (BYOD) 2 4 Identity Theft Critical Infrastructure Attacks 6 Social Media Attacks
  • 18. ā€œHigh-Proļ¬leā€ and ā€œUnder-The-Radarā€ Attacks High-profile attacks are those that target well-known organizations or individuals, often for political, financial, or ideological reasons. These attacks can lead to significant reputational damage, financial losses, and legal consequences. Under-the-radar attacks are less publicized but can be just as damaging. They often target smaller businesses, individuals, or non-profit organizations. These attacks may go unnoticed for extended periods, causing financial and personal harm. Key points : - Continue steal data - Persistent - Profit Oriented - Anonymous
  • 20. Theft of Intellectual Property Key points : - Cyberattacks frequently target intellectual property, including patents, trade secrets, and proprietary data. When stolen, this information can be sold or used to gain a competitive advantage. - The consequences include financial losses, loss of market share, and damage to a company's innovation and competitiveness.
  • 21. Identity Theft ā— Cybercriminals can steal personal information, such as Social Security numbers, credit card details, and login credentials. This stolen data can be used for financial fraud, identity theft, and other illegal activities. ā— The consequences for individuals can be devastating, including financial ruin and reputational damage. Organizations may also suffer legal and financial penalties if they fail to protect customer data.
  • 22. Bring Your Own Device ā— The trend of employees using their personal devices for work purposes introduces security risks. If these devices are not properly secured, they can become targets for cyberattacks. ā— Consequences of BYOD-related attacks can include data breaches, loss of sensitive information, and compromised corporate networks.
  • 23. Social Media Attacks ā— Cybercriminals often target social media platforms to spread malware, steal personal information, or launch phishing attacks. ā— The consequences of social media attacks can include compromised accounts, identity theft, reputation damage, and the spread of misinformation
  • 25. 5 Key Leading to Cyberattacks 1 3 5 Interconnected, interdependent, wirelessly networked business environment Decreasing skills necessary to be a computer hacker Lack of management support 2 4 International organized crime taking over cybercrime Smaller, faster, cheaper computers and storage devices
  • 26. Basic IT security concept ISACA and OWASP: Risk = Likelihood Ɨ Impact Risk = Threat Ɨ Vulnerability Ɨ Impact/ Asset
  • 27. IDS IPS 3 Essential Defenses Antimalware tools are designed to detect malicious codes and prevent users from downloading them IDS scans for unusual or suspicious traffic such as DOS attack IPS is designed to take immediate action such as blocking speciļ¬c IP addresses whenever a traffic-ļ¬‚ow anomaly is detected Antivirus Software
  • 28. Biometric Control Mobile Kill Switch or Remote Wipe Capability Remote and wipe the in the event of loss or theft of a device Do-Not-Carry Rules Employee/ members can bring only ā€œcleanā€ devices and are forbidden from connecting to the organisationā€™s network while abroad. Minimum Security Defenses for Mobiles Automated method of verifying the identity of a person, based on physical or behavioral characteristics such as fingerprint, voice print, retinal scan, signature, etc Rogue App Monitoring Monitor and detect major app stores and shut down rogue applications 24/7 Zero Trust Security framework requiring all users, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data
  • 30. Characteristics of an Effective Cybersecurity Program 1 Make data and documents available and accessible 24/7 while simultaneously restricting access. 2 Implement and enforce procedures and AUPs for data, networks, hardware, and software that are company or employee owned, as discussed in the opening case. 3 Promote secure and legal sharing of information among authorized persons and partners. 4 Ensure compliance with government regulations and laws. 5 Prevent attacks by having network intrusion defenses in place. 6 Detect, diagnose, and respond to incidents and attacks in real time. 7 Maintain internal controls to prevent unauthorized alteration of data/records. 8 Recover from business disasters and disruptions quickly.
  • 32. WARMING UP 1. Name 3 IT Defense? 2. Why does an organization need to have a BCP? 3. What is the purpose of rogue application monitoring?
  • 34. Type of Frauds Type Financial Impact Typical Characteristics Operation Management Corruption No Occurs off the books. Median loss due to corruption is 6X median loss due to misappropriation Conļ¬‚ict of Interest No Breach of conļ¬dentiality, such as revealing competitor bids. Often occurs coincident with bribery Bribery No Uses positional power or money to inļ¬‚uence others Embezzlement or ā€œmisappropriationā€ Yes Employee theft. Employee access to company property creates the opportunity for embezzlement Senior management ļ¬nancial reporting fraud Yes Involves massive breach of trust and leveraging of positional power Accounting Cycle fraud Yes Also called ā€œearnings managementā€ or ā€œearnings engineering.ā€ Violates generally accepted accounting principles (GAAP) and other all other accounting principles
  • 35. Occupational Fraud Prevention and Detection Corporate Governance Intelligent Analysis and Anomaly Detections ā–  An enterprise-wide approach that combines risk, security, compliance, and IT specialists ā–  Perform regular audit, employee training, and jobs rotation. ā–  Most detection activity can be handled by intelligent analysis engines using advanced data warehousing and analytics techniques ā–  Detect anomalous patterns, such as work hours, copying huge amounts of data, unusual transactions, etc
  • 36. Internal Controls Objective Compliance with laws, regulations, and policies Reliability of ļ¬nancial reporting, to protect investors Operational efļ¬ciency Safeguarding of assets The work atmosphere that a company sets for its employees.
  • 37. General Controls Physical Access Administrative Preventive Fences, Gates, Locks Firewall, IPS, MFA, Antivirus Hiring & termination, Separation of duties Detective CCTV IDS, Honey pots Review access, audit logs, unauthorized changes Corrective Repair physical damage, Re-issue access cards Patching, Quarantine Implement BCP, Have an incident response plan
  • 39. Auditing Information System An audit is an important part as an additional layer of controls or safeguards to criminal actions, especially for insiders. Sample of questions ā— Are the controls implemented properly? ā— Which areas are not covered by controls? ā— Is there a clear separation of duties of employees? ā— Are there procedures to ensure compliance with the controls?
  • 40. WARMING UP 1. Explain the concepts of intelligence analysis and anomaly detection. 2. Name the major categories of general controls 3. Explain authentication and name two methods of authentication
  • 42. Dalam konteks Cybersecurity and Risk Management Technology: ā— FRAMEWORK merujuk pada suatu kerangka kerja atau struktur yang digunakan untuk mengorganisasi, mengelola, dan mengintegrasikan pendekatan keamanan siber dan manajemen risiko dalam suatu organisasi. ā— STANDARD merujuk pada dokumen formal yang menguraikan aturan, pedoman, dan persyaratan yang harus dipatuhi oleh organisasi atau entitas untuk mencapai tingkat keamanan dan manajemen risiko yang diterima. ā— MODEL merujuk pada representasi atau abstraksi sistem, proses, atau konsep keamanan siber dan manajemen risiko yang digunakan untuk menganalisis, merencanakan, atau memahami aspek-aspek tertentu dari keamanan dan manajemen risiko. Mari Kita Sepakati Terlebih Dahuluā€¦
  • 43. Hubungan Framework, Standard dan Model Framework Model Standard Framework Model Standard
  • 44. Jenis Model Threat Models Risk Models Security Architecture Models Attack Models Maturity Models Behavioral Models Security Management Models
  • 45. COBIT (Control Objectives for Information and Related Technologies) Four Domains of COBIT: ā€¢Align, Plan and Organize (APO) ā€¢Build, Acquire and Implement (BAI) ā€¢Deliver, Service and Support (DSS) ā€¢Monitor, Evaluate and Assess (MEA)
  • 46. NIST (National Institute of Standards and Technology)
  • 47. ISO 27001 (International Standards Organization 27001)
  • 50. Case Study: Badan Pusat Statistik (BPS) 06.
  • 51. Arsitektur Keamanan BPS (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
  • 52. Keamanan TI & Endpoint (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
  • 53. Keamanan Enkripsi, Manajemen Akses dan Identitas (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
  • 54. Keamanan Jaringan dan Data (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
  • 55. Keamanan Aplikasi (Berdasarkan Peraturan Kepala BPS Nomor 3 Tahun 2021)
  • 58. CREDITS: This presentation template was created by Slidesgo, and includes icons by Flaticon and infographics & images by Freepik DO YOU HAVE ANY QUESTIONS? THANKS