Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaYudhistira Nugraha
Managing High-Volume Cyber Attacks through Effective Strategies in Indonesia. Presentation at Cybersecurity for Government Asia Forum, Kuala Lumpur, January 2013
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
Brief impressions of the current state of Cyber Security development efforts in the Caribbean with focus on Trinidad and Tobago, as gleaned from the recently held (26th -28th May 2014) Caribbean Stakeholders Meeting (ICT) and knowledge of the landscape in Trinidad & Tobago.
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaYudhistira Nugraha
Managing High-Volume Cyber Attacks through Effective Strategies in Indonesia. Presentation at Cybersecurity for Government Asia Forum, Kuala Lumpur, January 2013
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
Brief impressions of the current state of Cyber Security development efforts in the Caribbean with focus on Trinidad and Tobago, as gleaned from the recently held (26th -28th May 2014) Caribbean Stakeholders Meeting (ICT) and knowledge of the landscape in Trinidad & Tobago.
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
The UK is one of the world’s leading
digital nations. Much of our prosperity
now depends on our ability to secure our
technology, data and networks from the
many threats we face.
Yet cyber attacks are growing more
frequent, sophisticated and damaging when
they succeed. So we are taking decisive
action to protect both our economy and the
privacy of UK citizens.
Our National Cyber Security Strategy sets out
our plan to make Britain confident, capable
and resilient in a fast-moving digital world.
Over the lifetime of this five-year strategy,
we will invest £1.9 billion in defending
our systems and infrastructure, deterring
our adversaries, and developing a wholesociety
capability – from the biggest
companies to the individual citizen.
From the most basic cyber hygiene, to the
most sophisticated deterrence, we need a
comprehensive response.
We will focus on raising the cost of
mounting an attack against anyone in the
UK, both through stronger defences and
better cyber skills. This is no longer just
an issue for the IT department but for the
whole workforce. Cyber skills need to reach
into every profession.
The new National Cyber Security Centre will
provide a hub of world-class, user-friendly
expertise for businesses and individuals, as
well as rapid response to major incidents.
Government has a clear leadership role,
but we will also foster a wider commercial
ecosystem, recognising where industry
can innovate faster than us. This includes
a drive to get the best young minds into
cyber security.
The cyber threat impacts the whole of our
society, so we want to make very clear
that everyone has a part to play in our
national response. It’s why this strategy is
an unprecedented exercise in transparency.
We can no longer afford to have this
discussion behind closed doors.
Ultimately, this is a threat that cannot be
completely eliminated. Digital technology
works because it is open, and that
openness brings with it risk. What we
can do is reduce the threat to a level that
ensures we remain at the vanguard of the
digital revolution. This strategy sets out how.
Cyber Vardzia - Integrated Physical and Cyber Security Systems for GeorgiaDr David Probert
Invited Presentation at the 3rd Georgian IT Innovation & Cybersecurity Conference (GITI) in Tbilisi, Georgia. The presentation focus upon the urgent need to integrate physical and cyber security within a single management team headed by a Chief Security Officer (CSO). The title references - Vardzia - which was a Medieval Georgian Cave Fortress that had extensive physical security and withstood attacks from invaders for many years.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Protection of critical information infrastructureNeha Agarwal
Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them. Certain parts of this Information Infrastructure, could be dedicated for management / control etc of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national
fabric e.g. Banking / Telecom etc. The contribution of the services supported
by these infrastructures, and more importantly, the impact of any sudden
failure or outage on our National well being or National Security marks them as being Critical.
By extension, information infrastructure supporting the operations of Critical Infrastructure (CI) marks this as Critical Information infrastructure (CII). These Networks operate/monitor and control important Governmental and Societal functions and services including, but not limited to, Power (Generation/transmission/ distribution etc), Telecommunication (mobile/landline/internet etc), Transportation (Air/land/rail/sea etc), Defence etc. These CII are becoming increasingly dependent on their information infrastructure for information management, communication and control functions.
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
Cybersecurity Risk Perception and CommunicationStephen Cobb
Research into Cultural Theory, White Male Effect, and more. We show high level of concern about cybercrime among US adults and first evidence of White Male Effect in cyber risk perception.
ID IGF 2016 - Hukum 2 - HAM dan Cybersecurity + resilienceIGF Indonesia
Presented by Edmon Makarim (Fakultas Hukum UI)
ID IGF 2016
Sesi Hukum 2 - Mengintegrasikan Hak Asasi Manusia dalam Pelembagaan Kebijakan Keamanan Dunia Maya: Tawaran Bagi Indonesia
Jakarta, 15 November 2016
A Presentation about Next Generation Infrastructure for Internet of Thing from Mr Sutedjo Tjahjadi, Datacomm Cloud Business Managing Director in Politeknik Negeri Semarang, September 18th, 2016
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
The UK is one of the world’s leading
digital nations. Much of our prosperity
now depends on our ability to secure our
technology, data and networks from the
many threats we face.
Yet cyber attacks are growing more
frequent, sophisticated and damaging when
they succeed. So we are taking decisive
action to protect both our economy and the
privacy of UK citizens.
Our National Cyber Security Strategy sets out
our plan to make Britain confident, capable
and resilient in a fast-moving digital world.
Over the lifetime of this five-year strategy,
we will invest £1.9 billion in defending
our systems and infrastructure, deterring
our adversaries, and developing a wholesociety
capability – from the biggest
companies to the individual citizen.
From the most basic cyber hygiene, to the
most sophisticated deterrence, we need a
comprehensive response.
We will focus on raising the cost of
mounting an attack against anyone in the
UK, both through stronger defences and
better cyber skills. This is no longer just
an issue for the IT department but for the
whole workforce. Cyber skills need to reach
into every profession.
The new National Cyber Security Centre will
provide a hub of world-class, user-friendly
expertise for businesses and individuals, as
well as rapid response to major incidents.
Government has a clear leadership role,
but we will also foster a wider commercial
ecosystem, recognising where industry
can innovate faster than us. This includes
a drive to get the best young minds into
cyber security.
The cyber threat impacts the whole of our
society, so we want to make very clear
that everyone has a part to play in our
national response. It’s why this strategy is
an unprecedented exercise in transparency.
We can no longer afford to have this
discussion behind closed doors.
Ultimately, this is a threat that cannot be
completely eliminated. Digital technology
works because it is open, and that
openness brings with it risk. What we
can do is reduce the threat to a level that
ensures we remain at the vanguard of the
digital revolution. This strategy sets out how.
Cyber Vardzia - Integrated Physical and Cyber Security Systems for GeorgiaDr David Probert
Invited Presentation at the 3rd Georgian IT Innovation & Cybersecurity Conference (GITI) in Tbilisi, Georgia. The presentation focus upon the urgent need to integrate physical and cyber security within a single management team headed by a Chief Security Officer (CSO). The title references - Vardzia - which was a Medieval Georgian Cave Fortress that had extensive physical security and withstood attacks from invaders for many years.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
Protection of critical information infrastructureNeha Agarwal
Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them. Certain parts of this Information Infrastructure, could be dedicated for management / control etc of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national
fabric e.g. Banking / Telecom etc. The contribution of the services supported
by these infrastructures, and more importantly, the impact of any sudden
failure or outage on our National well being or National Security marks them as being Critical.
By extension, information infrastructure supporting the operations of Critical Infrastructure (CI) marks this as Critical Information infrastructure (CII). These Networks operate/monitor and control important Governmental and Societal functions and services including, but not limited to, Power (Generation/transmission/ distribution etc), Telecommunication (mobile/landline/internet etc), Transportation (Air/land/rail/sea etc), Defence etc. These CII are becoming increasingly dependent on their information infrastructure for information management, communication and control functions.
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
Cybersecurity Risk Perception and CommunicationStephen Cobb
Research into Cultural Theory, White Male Effect, and more. We show high level of concern about cybercrime among US adults and first evidence of White Male Effect in cyber risk perception.
ID IGF 2016 - Hukum 2 - HAM dan Cybersecurity + resilienceIGF Indonesia
Presented by Edmon Makarim (Fakultas Hukum UI)
ID IGF 2016
Sesi Hukum 2 - Mengintegrasikan Hak Asasi Manusia dalam Pelembagaan Kebijakan Keamanan Dunia Maya: Tawaran Bagi Indonesia
Jakarta, 15 November 2016
A Presentation about Next Generation Infrastructure for Internet of Thing from Mr Sutedjo Tjahjadi, Datacomm Cloud Business Managing Director in Politeknik Negeri Semarang, September 18th, 2016
ID IGF 2016 - Hukum 3 - Kedaulatan dan Ketahanan Cyber NasionalIGF Indonesia
Presented by Edmon Makarim (Fakultas Hukum, UI)
ID IGF 2016
Sesi Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber Indonesia
Jakarta, 15 November 2016
Saran untuk Badan Cyber Nasional (BCN)
Strategis dan Kebijakan
Kaji manfaat dan risiko cyber
Sumber daya manusia diutamakan
Kaji risiko dan manfaat perangkat teknologi, manusia, process dan organisasi
ID IGF 2016 - Hukum 3 - Peran Negara dalam Kedaulatan SiberIGF Indonesia
Presented by Kristiono (Masyarakat Telematika / Mastel)
ID IGF 2016
Sesi Hukum 3 - Mewujudkan Kedaulatan dan Ketahanan Siber Indonesia
Jakarta, 15 November 2016
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
History, What is Information Security?, Critical Characteristics of Information, Components of an
Information System, Securing the Components, Balancing Security and Access,
Cyber Security - Maintaining Operational Control of Critical ServicesDave Reeves
This document has been developed to assist organisations with some of the considerations when building and operating critical services from an ICS cyber security perspective. The next whitepaper in the series will focus on securing critical services and the inter dependencies between cyber and physical security.
This PowerPoint presentation delves into the critical role of technology in India and the growing risk of zero-day attacks. It highlights the significance of technology across various sectors, identifies the factors that make India vulnerable to cyber threats, discusses the potential consequences of these attacks, and outlines strategies for risk mitigation. The presentation underscores the urgency of protecting India's digital landscape and concludes with a call to action for strengthening cybersecurity measures.
A security awareness presentation created for an audience of senior officials from MTNL (India's foremost telecom PSU). The presentation covers fundamentals of Information Security, it's evolution, present day risks from the IT and Telecom infrastructure perspective.
Need for a Comprehensive Cyber Security Policy By Dr.S.Jagadeesh KumarDr.S.Jagadeesh Kumar
A comprehensive cybersecurity strategy that covers prevention, detection, response, and recovery for organizations is necessary to protect themselves from cyber threats.
1Running head IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAI.docxeugeniadean34240
1
Running head: IDENTITY MANAGEMENT AND SECURITY AWARENESS TRAINING PLAN STRATEGY
Identity management and security awareness training plan strategy 4
Identity management and security awareness training plan strategy
Student’s name
Institutional affiliation
Security Plan for the Organization
A good security awareness training in IT puts focus on problems that are broader, that do not give themselves to only technology solutions (Long, 2010). The training can be split into two main groups; one, the general security training is suitable for the entire employees despite their work role. Two, the group specific training in security centers on specific skills which are significant to only a section of the organization.
General Security Training:
1. Procedures and policies education.
2. Information on the person to be contacted when an employee thinks that she or he has recognized a security risk or threat.
3. Rules for handling information that is confidential.
Group specific training:
1. Regarding the IT operations employees: There should be training in business continuity and disaster recovery planning (Willemssen, 2000).
2. Concerning development organization: Training for design, architecture or coding should be performed.
3. For the staff of finance in the organization, training in fraud detection should be offered.
In conclusion, a security awareness training program that is properly implemented does not only give the Human Resource department with documentation that is necessary for following actions against the staff who disrespect security practices, but also minimizes the amount of penalizing actions (Webel, 2004).
References
Long, J. (2010). Global information security factors. International Journal of Information Security and Privacy (IJISP), 4(2), 49-60.
Webel, B. (2004). The Economic Impact of Cyber-Attacks. Congressional Research Service, Government and Finance Division. Washington DC: The Library of Congress.
Willemssen, J. (2000). "FAA Computer Security". GAO/T-AIMD-00-330. Presented at Committee on Science, House of Representatives.
Running head: FORENSICS AND CSIRT 1
SECURITY PLAN 5
Forensics and CSIRT
Name
Institution
SECURITY PLAN
Abstract.
CSIRT, commonly known as a Computer Security Incident Response Team, refers to an organization mandated with the responsibility of reviewing, receiving and correction of security incidence related to computers for governments, Corporate and religious institutions or even paid clients(Stein, 2009). This paper shows the forensics and CSIRT plan strategy for the organization.
Introduction.
Network administrators are given the responsibility to maintain computer networks. Security is an important requirement in the organizations systems, as these have an impact on day to day activities. Unauthorized access to organizations critical information is detrimental to its operations and could be used to cause the failure of the .
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docxalfred4lewis58146
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 2016
Running head: IT Security Policy Outline 1
10
Running head: BASIC PAPER TEMPLATE
Introduction
An it security policy is a strategy developed by an organization or an enterprise to protect and maintain network and resources (Bowden, 2003). It is very important that organization create a well-written policy that is geared towards dealings with threats towards availability, confidentiality and integrity. The United States Government has implemented a Cybersecurity framework, which is geared towards improving the critical infrastructure of cybersecurity (NIST, 2014). “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers” (NIST, 2014).
In addition a proper outline for an IT Security Policy will not only address all applicable elements of the framework core and protective technologies listed in the NIST cybersecurity framework but also address relevant policies and controls from sources including the CIS critical security controls. CIS controls are recommended set of actions that helps an organization defend their infrastructure and are created by people who are highly skilled in dealing with attacks and how they work (CIS, 2015).Analysis
The national Aeronautics and Space Administration (NASA) is a government owned enterprise that organization that is responsible for the civilian space programs and is continuing to venture on to new things such as air transportation (NASA, 2015). Thus, Information technology plays is a vital part of the organizations development as they focus on increasing the productivity of scientist, engineers and mission support personnel by responsively and efficiently delivering reliable, innovative and secure IT services (NASA, 2015). According to NASA’s information technology governance (2013) “the Agency spends more than $1.5 billion annually on a portfolio of IT assets that includes approximately 550 information systems it uses to control spacecraft, collect and process scientific data, provide security for its IT infrastructure, and enable NASA personnel to collaborate with colleagues around the world.” In addition, Technical scientific information generated by NASA research, science, engineering, technology, and exploration initiatives is one of its most valuable assets and should be protected under a solid IT security policy. NASA’s has a sophisticated information infrastructure such as DAEP, SN, DSN, and NEN and supplies telecommunication services to customers across the globe.
In addition, NASA has had it share of cyber threats over the years and has since continued to develop a better IT security policy to safeguard against threats. Following 5408 computer security incidents in 2010 and 2011 the .
• Holds Masters’ degrees in Philosophy, Sociology, Defense Studies & Political Science beside B.Sc. and LLB. He is also holding master’s degree in Business Administration and post graduate diplomas in Business Administration, Personnel Management & Industrial Relations and Safety & Security Management.
• Twenty eight years experience (including Army) in the field. Presently working in GAIL (India) Limited as Chief of Security at its Corporate Office.
• Have been regular faculty in Management Institutes. Various articles are published in related magazines and internet sites.
• Writer of best selling book on Industrial Security - “Industrial Security: Management & Strategies”.
• Made presentations in more then 18 international seminars on the subjects of homeland security and industrial security.
• The Honorable Lt. Governor of Delhi bestowed the most coveted ‘Best Security Manger’ award to Capt S B Tyagi on 30th August 2007 instituted by Security Today, a leading niche magazine for the protection industry. The award is testimony of untiring efforts, constant application of noble approaches in security management, innovation and leadership in the profession which have been distinctly displayed by Capt S B Tyagi. He has been recognized in past too for the similar qualities when he was awarded ‘Best Security Manager’ in 2002 and ‘Best Security Operation Manager’ in 2004 by IISSM (International Institute of Security and Safety Management).
• Given ‘Certification of Recognition’ and awarded as ‘Best Security Practitioner’ in GAIL in year 2009.
• Recipient of “Award of Fellowship (FISM)” and is “Certified Security & Safety Consultant (CSC)” by the “International Institute of Security & Safety Management”.
• Co-founder of “International Council of Industrial Security and Safety”.
• My mail id: sbtyagi1958@gmail.com ; sbtyagi@gail.co.in
• Blog: http://captsbtyagi.blogspot.com
• My web-site: http://www.wix.com/sbtyagi/iciss
Siapa saja para pemain yang memiliki kekuatan untuk membentuk internet dan apa saja yang dipertaruhkan di masa mendatang? Anda akan diajak menelusuri lansekap digital dan memahami peran berbagai pemangku kepentingan—pemerintah, operator jaringan, dan para raksasa teknologi di balik layanan internet yang kita nikmati. Di lapisan konten, para pengguna juga memiliki kekuatan untuk membentuk internet disertai dengan berbagai bahaya baru. Seri literasi digital.
Kebijakan Cybersecurity Dalam Perspektif MultistakeholderIGF Indonesia
ompleksnya isu cybersecurity hingga keberagaman multistakeholder yang terlibat dalam cybersecurity memberikan tantangan tersendiri dalam upaya menghadapi cybersecurity. Mulai dari belum adanya definisi yang ajeg, hingga ancaman terkait cybersecurity yang mempengaruhi pembuatan kebijakan, serta upaya yang diambil untuk menghadapi ancaman-ancaman tersebut. Dilengkapi dengan studi kasus, buku ini memberikan gambaran bagi Anda yang tertarik menggeluti isu ini. Seri literasi digital.
ID IGF 2016 - Hukum 1 - Privasi Online dan PDPIGF Indonesia
Presented by: Donny BU (ICT Watch)
ID IGF 2016
Sesi Hukum 1 - Mendesak Kesadaran Privasi dan Perlindungan Data Pribadi di Indonesia
Jakarta, 15 November 2016
ID IGF 2016 - Sosial Budaya 3 - Literasi Digital Keniscayaan Perlindungan AnakIGF Indonesia
Presented by Maria Advianti (Komisi Perlindungan Anak Indonesia)
ID IGF 2016
Sesi Sosial Budaya 3 - Literasi Digital, Pilar Perlindungan Anak di Internet
Jakarta, 15 November 2016
ID IGF 2016 - Sosial Budaya 3 - Trends internet dalam eksploitasi seksual anakIGF Indonesia
Presented by Andi Ardian (ECPAT Indonesia)
ID IGF 2016
Sesi Sosial Budaya 3 - Literasi Digital, Pilar Perlindungan Anak di Internet
Jakarta, 15 November 2016
ID IGF 2016 - Hukum 2 - Cybersecurity dan HAMIGF Indonesia
Presented by Wahyudi Djafar (ELSAM)
ID IGF 2016
Sesi Hukum 2 - Mengintegrasikan Hak Asasi Manusia dalam Pelembagaan Kebijakan Keamanan Dunia Maya: Tawaran Bagi Indonesia
Jakarta, 15 November 2016
ID IGF 2016 - Hukum 2 - HAM dalam National CybersecurityIGF Indonesia
Presented by Arwin D.W. Sumari (WANTANAS)
ID IGF 2016
Sesi Hukum 2 - Mengintegrasikan Hak Asasi Manusia dalam Pelembagaan Kebijakan Keamanan Dunia Maya: Tawaran Bagi Indonesia
Jakarta, 15 November 2016
Presented by Ardi Sutedja (Indonesian Cyber Security Forum)
ID IGF 2016
Sesi Hukum 2 - Mengintegrasikan Hak Asasi Manusia dalam Pelembagaan Kebijakan Keamanan Dunia Maya: Tawaran Bagi Indonesia
Jakarta, 15 November 2016
ID IGF 2016 - Infrastruktur 2 - IPv4 between internet growth and low adopti...IGF Indonesia
Presented by Cristian Guna G (TELKOMSEL)
ID IGF 2016
Sesi Infrastruktur 2 - IPv4 Tidak Dapat Lagi Mendukung Pertumbuhan Internet dan Rendahnya Tingkat Partisipasi IPv6
Jakarta, 15 November 2016
ID IGF 2016 - Infrastruktur 2 - Migrasi IPv4 ke IPv6IGF Indonesia
Presented by Benyamin Sura (KOMINFO)
ID IGF 2016
Sesi Infrastruktur 2 - IPv4 Tidak Dapat Lagi Mendukung Pertumbuhan Internet dan Rendahnya Tingkat Partisipasi IPv6
Jakarta, 15 November 2016
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
ID IGF 2016 - Infrastruktur 3 - Security Governance Framework
1. Security Governance Framework
ensuring preparedness
for the protection of CNI and
implementing a strong cyber defense
measures
Setiadi Yazid – Universitas Indonesia
2. National Infrastructure (UK)
Those critical elements of infrastructure
(namely assets, facilities, systems, networks
or processes and the essential workers that
operate and facilitate them), the loss or
compromise of which could result in:
major detrimental impact on the availability, integrity or
delivery of essential services – including those services,
whose integrity, if compromised, could result in significant
loss of life or casualties – taking into account significant
economic or social impacts; and/or
significant impact on national security, national defence,
or the functioning of the state”.
3. US Executive Order (2013)
• Critical infrastructure is defined in the EO as “systems and
assets, whether physical or virtual, so vital to the United
States that the incapacity or destruction of such systems
and assets would have a debilitating impact on security,
national economic security, national public health or
safety, or any combination of those matters.” Due to the
increasing pressures from external and internal threats,
organizations responsible for critical infrastructure need to
have a consistent and iterative approach to identifying,
assessing, and managing cybersecurity risk. This approach
is necessary regardless of an organization’s size, threat
exposure, or cybersecurity sophistication today.
4. Objek Khusus
• Obyek Vital, yaitu kawasan, tempat, bangunan dan usaha yg menyangkut
harkat hidup orang banyak, kepentingan dan atau sumber pendapatan
besar negara yg memiliki potensi kerawanan dan dapat menggoyahkan
stabilitas ekonomi, politik dan keamanan bila terjadi gangguan keamanan
• Objek Wisata, yaitu tempat-tempat dan atau kegiatan-kegiatan tertentu
yang dikunjungi orang sehubungan dengan nilai-nilai sosial budaya atau
kondisi alamnya.
• Obyek Khusus Tertentu, seperti : Kantor bank/lembaga keuangan,Rumah
sakit
• Obyek Vital Nasional adalah kawasan/lokasi, bangunan/instalasi dan/atau
usaha yg menyangkut hajat hidup orang banyak, kepentingan negara
dan/atau sumber pendapatan negara yg bersifat strategis. Status obyek
vital nasional harus ditetapkan berdasarkan keputusan menteri dan/atau
kepala lembaga pemerintah non departemen. (Kepres Nomor 63 Tahun
2004 Pasal 3 )
5. BSA survey 2015
• Is there a national cybersecurity strategy in
place?
• Indonesia is in the early stages of developing
a national cybersecurity strategy.
• Is there a critical infrastructure protection
(CIP) strategy or plan in place?
• There is no critical infrastructure protection
plan in place in Indonesia.
6. Infrastructure Inter dependencies
Cybersecurity threats exploit the increased complexity
and connectivity of critical infrastructure systems, placing
the Nation’s security, economy, and public safety and
health at risk. (NIST 2014)
8. Critical Infrastructure Framework
• Core Functions (concurrent and continuous):
Identify, Protect, Detect, Respond, Recover
• Implementation Tiers: from reactive, risk-
informed, repeatable to adaptive (tier 4)
• Framework Profile based on core functions
categories to describe states of cyber security
activities
(Framework for Improving Critical Infrastructure
Cyber Security, version 1.0, NIST 2014)
9. Core Functions
• Identify: asset mgmt, business Environment,
governance, Risk Assessment, Risk Mgmt
• Protect: access control, awareness/training, data
security, Information protection process &
procedures, Maintenance, Protective technology
• Detect: Anomalies and events, Security continous
monitoring, detection process
• Respond: response planning, communication,
analysis, mitigation, improvements
• Recover: recovery planning, improvements,
communications
(breakdowns comply to Cobit, NIST 800-53, ISO 27001)
10. PROTECT (breakdown example)
• Technical:
– Firewalls, Application White Listing, IDS, Access
Control
• Non Technical
– Security Policies and Procedures
• Standards
– Access permissions are managed, incorporating the
principles of least privilege and separation of duties
according to NIST SP 800-53, ISO 27001:2013
11. Security Index (M, S)
• Maturity level: reactive, adhoc, supported by
management, optimized and supported by
policies
• Protection level: casual incidents, hacker,
hacktivist/terrorist, sophisticated national
attack
13. Identify Protect Detect Respond Recover
ID-SIRTII
ID-CERT
Lemsaneg
Dephan
Kepolisian
End user
Academia
ISP
Distribution of Tasks
14. Security Planning Steps
• Set Goals and Objectives, “catastrophic levels”,
“critical infrastructures”, “attack graph/scenarios”
• Identify Critical Infrastructures and dependencies
• Assess and Analyze Current Security level
• Risk assessment
• Define Target Security Level
• Prioritize GAPS
• ACTION PLAN
(NIPP 2013/NIST 2014)
15. Conclusions
• Protecting CNI is a HUGE task, everybody
should be responsible.
• Indonesia’s Security instruments should start
working together toward a common goal
• National security awareness should be
increased
• Regulation should be established ASAP
• A small body e.g. BCN can be the coordinator