The document discusses the importance of robust cybersecurity measures and highlights the inadequacies of conventional security strategies. It introduces 'xecurezone', a comprehensive solution aimed at optimizing information security architecture (Saktti) and simplifying compliance processes. The approach emphasizes the need for a strong management commitment and competent professionals in addressing cybersecurity challenges.

1. 0101100001100101011001011000011001010110
0011011101010111001000110111010101110010
0110010101011001100101010110100110100110
1111011011100110010111110110111001100101
0101100001100101011001011000011001010110
0011011101010111001000110111010101110010
0110010101011010011001100101010110100110
1111011011100110010111110110111001100101XecureIT © PT IMAN Teknologi Informasi
Indonesia Information Security Forum
Bandung, 10 September 2013
Cyber SOSCyber SOS
Critical Information Infrastructure ProtectionCritical Information Infrastructure Protection

2. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
R U Sure U R Secure?

3. Security is Like a Chain...
as Strong as The Weakest link
`
90% cyber security implementation is inconsistent... :’(

4. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Know Your Enemies

Threat Agent – People

Attacks carried out by unknown attacker (public)

Attacks carried out by known attacker, such as employees, contractors, partners
or customers both consciously and as victims of social engineering

Attacks carried out by authorized users both consciously and as victims of social
engineering

Threat Agent Resources

Low grade attacker: script kiddies, new born attacker, public tools, <USD1000.

Medium grade attacker: expert, public or custom tools, <USD100.000.

High grade attacker: advance custom tools, <USD 1 Million.

Government grade attacker.

5. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Gildas Deograt Lumy, CISA, CISSP, ISO 27001 LA

Senior Information Security Consultant - XecureIT

Consultancy, Audit, Assessment, Penetration Testing, Research

Experiences

21 years in IT, 16 years direct experiences in Information Security

25 years as social worker to take care homeless people and street children

Community Founder and Leader

Komunitas Keamanan Informasi (KKI)

(ISC)2 Indonesia Chapter

Forum Keamanan Informasi (FORMASI)

Cyber Security Certified Professional (CSCP) Association

Trainer

CISSP Common Body of Knowledge

Hacking Techniques & Defense Strategy

ISO27001 Implementation

6. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Do you know who are inside?
90% of Internal Network is “Public”

7. Complexity is the worst information security enemy
Information Security is A Complex Issue
Impossible to solve without strong management commitment
supported by highly competent professionals.

8. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Conventional Cyber Security
Easy to compromise

9. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade Security

10. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade Security
The Key Principles
Balanced between preventive, detective and
corrective controls in all information life cycle:

Holistic

High Integrity

White List Approach

Defense in Depth

Least Privilege

Separation of Duties

Effective Change
Management

End-to-End Encryption

Good Performance

Full Redundancy

Integrated Monitoring

11. Standar Arsitektur Keamanan Tingkat Tinggi
Informasi (SAKTTI)
`
Konsisten, efektif dan efisien arsitektur untuk
menangani ancaman serangan tingkat tinggi.

12. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureIT Experiences
CARES Facts

Consultancy
High grade information security
architecture is very difficult and expensive
to implement and operate.

Assurance
99% security implementation can be
compromised if similar conditions with real
threat agent is created and allowed.
The reasons why we create XecureZone as
a high grade security solution.

Research & Development
Our solutions has been used by highly
sensitive systems.

Education
70% highly competent information
security profesional went abroad.

Secure Hosting
In house XecureZone has been used to
protect our customers sensitive
systems.

13. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
A Complete Integrated Solution
Technology
People
XecureZone
Physical
Administrative

14. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Key Objectives: S.O.S

Secure
Improve information security to the highest level through clear and
balance end-to-end prevention and detection strategy.

Optimize
Significantly reduce TCO through uniform strategy, hardware and
licenses optimization, and pre-configured systems.

Simplify
Simplify information security compliance and conformance, such as
UU ITE, PP PSTE, PBI, ISO 27001 and PCI DSS.

15. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Key Benefits: T.R.U.S.T

Transparant by using open source solutions for the core components.

Reliable by using the best software and hardware components.

Uniform strategy and implementation to optimize the TCO.

Simplify complex processes, from design to maintainance.

Tough solution - strong but flexible.

16. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology Implementation

17. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology
Key Feature: SAKTTI Implementation

18. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Biggest Challenge is To Change The Mindset
“I feel convenience if...
I use the good safety belt and helmet properly and
the car has the effective breaking system to go fast !”

19. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Summary
 Conventional security strategy and implementation have failed.
 SAKTTI answers the needs of high grade information security
architecture.
 XecureZone simplifies and optimizes SAKTTI implementation and
operation.
 XecureZone is built with 21 years experience on top of solid
hardware and software components.
 XecureZone can be easily customized to accomodate various
needs.
XecureZone
Secure.Optimize.Simple

20. 0101100001100101011001011000011001010110
0011011101010111001000110111010101110010
0110010101011001100101010110100110100110
1111011011100110010111110110111001100101
0101100001100101011001011000011001010110
0011011101010111001000110111010101110010
0110010101011010011001100101010110100110
1111011011100110010111110110111001100101XecureIT © PT IMAN Teknologi Informasi
THANK YOU !
PT. IMAN Teknologi Informasi
"Security CARE, Our PASSION"
Consultancy.Assurance.Research.Education
Certified ISO 27001:2005 #IS586350
https://www.xecureit.com
XecureIT