This document discusses the Honeynet Project and cyber security governance frameworks. It provides an overview of Honeynet, a non-profit focused on computer security research. It then discusses the importance of cyber security governance and introduces the NIST Cybersecurity Framework. The framework consists of five functions (Identify, Protect, Detect, Respond, Recover), categories within each function, and implementation tiers that describe an organization's cybersecurity risk management practices. The document emphasizes that effective cyber security requires leadership and continuous risk management to address evolving threats.

1. Cyber Security
Governance
www.icion-leadership.com
ICION 4th Annual Conference | Charles Lim, Msc., ECSA, ECSP, ECIH, CEH, CEI

2. Agenda
• About Honeynet
• Why Cyber Security Governance?
• Cyber Security Framework
• Framework Core
• Framework Profile
• Implementation Tiers
• Framework Profile
• Conclusion

3. About Honeynet
• Volunteer open source computer security
research organization since 1999 (US 501c3
non-profit)
• Mission: ¨learn the tools, tactics and motives
involved in computer and network attacks,
and share the lessons learned¨ -
http://www.honeynet.org

4. About Honeynet
• Share all of our tools, research and findings, at
no cost to the public – “Know Your Tools”
(KYT)
• “Know Your Enemy”(KYE) white papers
regularly published on current research topics
• Members release regular activity status reports
• Committed to open source and creative
commons
• Partially funded by sponsors, nothing to sell!

5. About Honeynet
Honeynet Project Workshop | 18-20 May 2015 | Stavanger, Norway

6. About Honeynet
CONPOT 0.5.0 Release | 13 November 2015

7. About Honeynet
55 Chapters and 37 Countries

8. About Indonesia Honeynet Project
• 15 passionate security
professionals, academicians
and government officials
met signed a petition in 25
November 2011
• Indonesia Chapter officially
recognized 9 January 2012
• Current members: 130 (20
active members)

9. About Indonesia Honeynet Project
• Yearly Seminar and Workshop since 2012
• Focus on Security Awareness and Security
Research
• Honeynet communities: Jakarta, Semarang,
Surabaya, Yogya, Denpasar, Palembang,
Lampung
• Research Topics: Incident handling,
Vulnerability Analysis, Malware, Digital
Forensics, Penetration Testing, Threats
Intelligence

10. About Indonesia Honeynet Project
Honeynet Seminar & Workshop | 10-11 Juni 2015 | Lampung, Indonesia

11. Honeypots Research & Deployment
2009 2011 2013 2015
Learning
Period
Early
Period
Growing
Period
Expanding
Period
Honeypot:
Nepenthes
Honeypot:
Nepenthes, Dionaea
Honeypot:
Dionaea
Honeypot:
Dionaea, Kippo,
Glastopf, Honeytrap
Learning How to
install and configure
Deployed 1st
Honeypot in SGU
Target: Academic,
Government, ISP
Coverage: Java, Bali,
Sumatera,
# Honeypots
deployed: None
# Honeypots
deployed: 1
# Honeypots
deployed: 5
# Honeypots
deployed: 17
Hardware: Client Hardware: Simple
Client and Server
Hardware: Mini PC
and Server
Hardware:
Raspberry Pi and
Dedicated servers

12. Our Contribution
http://public.honeynet.id

13. Our Contribution
Attacker Statistics: Attacker IP, Malware, Targeted Ports, Provinces attacked

14. Our Contribution
Attacker Statistics: Attacker IP, Malware, Targeted Ports, Provinces attacked

15. Other Research
Second Hand USB Forensics and Publications

16. Join Us
• Indonesia Honeynet Project
• idhoneynet
• http://www.honeynet.or.id
• http://groups.google.com/group/id-honeynet

17. Why Cyber Security Governance?
• We live in the interconnected world
• Constant security threats to individuals,
organizations, or countries
• Businesses continue to evolve to stay ahead
• Governing these threats to our
organizations is critical to survivability

18. Governance
Reference: http://www.mondaq.com/x/249550/Data+Protection+Privacy/Information+Security+Governance

19. Why Framework?
• Example: COBIT Framework
• Framework for the governance and
management of IT Enterprise
“a framework is a real or conceptual structure intended
to serve as a support or guide for the building of
something that expands the structure into something
useful.”
Reference: http://whatis.techtarget.com/definition/framework

20. COBIT Framework

21. Benefits
• From chaos to order and organization
• Manageable practice
• From tools / mechanisms  architecture /
policy  strategy / governance

22. Cyber Security Framework
• Framework for Improving Critical Infrastructure Cybersecurity,
version 1.0, the National Institute of Standards and Technology
(NIST), February 12, 2014.
– A response to the President’s Executive Order 13636, “Improving
Critical Infrastructure Cybersecurity” on February 12, 2013.
• Critical infrastructure: “systems and assets, whether physical or
virtual, so vital to the United States that the incapacity or destruction
of such systems and assets would have a debilitating impact on
security, national economic security, national public health or safety,
or any combination of those matters.”
• a voluntary risk-based Cybersecurity Framework
– a set of industry standards and best practices to help
organizations manage cybersecurity risks
• The Framework is technology neutral

23. Risk Management

24. NIST Cyber Security Framework
• Three parts:
– The Framework Core
– The Framework Profile
– The Framework Implementation Tiers
• Framework Core
– A set of activities, outcomes, and informative
references
– Providing the detailed guidance for developing
individual organizational Profiles

25. Framework Core
• Five concurrent and continuous Functions
– Identify
– Protect
– Detect
– Respond
– Recover
• (Altogether) the functions provide a high-level,
strategic view of the lifecycle of an
organization’s management of cybersecurity
risk.

26. Cyber Security Framework
Incident
Management

27. Functions and Categories
• Functions organize basic cybersecurity activities at their highest level.
• Categories are the subdivisions of a Function into groups of cybersecurity
outcomes closely tied to programmatic needs and particular activities.
o Example Categories: “Asset Management,” “Access Control,” “Detection
Processes.”

28. 28
• Represents the outcomes based on business
needs that an organization has selected from the
Framework Categories and Subcategories
• Aligning standards, guidelines, and practices to
the Framework Core in a particular
implementation scenario
• “Current” profile  “Target” profile
• Comparison of Profiles may reveal gaps to be
addressed to meet cybersecurity risk
management objectives.
Framework Profile

29. 29
• The Framework document does not prescribe
Profile templates, allowing for flexibility in
implementation.
• Example profiles can be found:
http://www.nist.gov/itl/upload/discussion-draft_illustrative-
examples-082813.pdf
Example Profiles for Threat Mitigation:
1. Mitigating intrusions
2. Mitigating malware
3. Mitigating insider threats
Framework Profile

30. 30

31. 31

32. 32

33. 33

34. 34
Coordination of Framework Implementation

35. Implementation Tiers
• Describe the degree to which an organization’s
cybersecurity risk management practices exhibit the
characteristics defined in the Framework.
• Characterize an organization’s practices over a range
– from Partial (Tier 1) to Adaptive (Tier 4)
• Partial: risks are managed in an ad hoc manner
• Risk Informed: Risk management practices are approved by
management but may not be established as organizational-wide
policy.
• Repeatable: Risk management practices are formally approved and
expressed as policy.
• Adaptive: The organization adapts its cybersecurity practices based
on lessons learned and predictive indicators derived from previous
and current cybersecurity activities.
– Reflect a progression from informal, reactive responses to
approaches that are agile and risk-informed.
35

36. Challenges
• Governance begins at the top of the
organization  Executive need to lead
• Managing Cyber Security Challenges 
Managing Risk continuously
• Evolving Risks  Evolving Challenges

37. Thank you
Support the first cissp class training on 25 to 29 April 2016 in Jakarta www.indo-infosec.com
• Our ANNUAL ICION EVENT IN BALI
• www.icion-leadership.com
• Watch our last CISSP COMMUNITY VIDEO EVENT IN
PONDOH INDAH
• https://www.youtube.com/watch?v=fqUjXIlCcfM