Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Threat intelligence is information that informs enterprise defenders of adversarial elements to stop them.
It is information that is relevant to the organization, has business value, and is actionable.
If you having all data and feeds then data alone isn’t intelligence.
#Threat #Intelligence #Forensics #ELK #Forensics #VAPT #SOC #SIEM #Incident #D3pak
This Edureka PPT on "Application Security" will help you understand what application security is and measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities.
Following are the topics covered in this PPT:
Introduction to Cybersecurity
What is Application Security?
What is an SQL Injection attack
Demo on SQL Injection
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaEdureka!
YouTube Link: https://youtu.be/dz7Ntp7KQGA
** Edureka Ethical Hacking Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Ethical Hacking Full Course" will help you learn Ethical Hacking and Cyber Security concepts from scratch. You will learn about different kinds of Cyberattacks and ethical hacking tools used to prevent such attacks. There are a lot of demos on several tools in this Ethical Hacking Tutorial for Beginners PPT. You will also learn how to become an Ethical Hacker.
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Welcome to Cyber Threat Simulation Training powered by Tonex. Cyber Threat Simulation Training covers standards of cyber threats, progressed cyber fighting and threat simulation standards.
Cyber Threat Simulation Training is splitted into different parts comprising of essential cyber security, progressed cyber security, standards of cyber threat and hands-on threat simulation works out.
Learn about:
Basic cyber threat principles
Principles on threat environment
Principles of cyber simulation and modeling
Cyber threat simulation principles
Web application cyber threat fundamentals
Network and application reconnaissance
Data exfiltration & privilege escalation
Exploit application misconfigurations and more
Firewall and Threat Prevention at work
Tools to model and simulate cyber threat
Tools to monitor attack traffic
Who Should Attend:
Cyber Threat Analysts
Digital Forensic Analysts
Incident Response Team Members
Threat Hunters
Federal Agents
Law Enforcement Officials
Military Officials
Course Modules:
Cyberwarfare and Cyberterrorism
Overview of Global Cyber Threats
Principles of Cyber Threat Simulation
Cyber Threat Intelligence
Simulating Cyber Threats
Incident Detection
Response Threat Simulation
Cyber Threat Simulation Training.Price: $3,999.00 . Length: 3 Days.
Request more info about this Cyber Threat Simulation Training. Call +1-972-665-9786. Visit www.tonex.com/training-courses/cyber-threat-simulation-training/
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaYudhistira Nugraha
Managing High-Volume Cyber Attacks through Effective Strategies in Indonesia. Presentation at Cybersecurity for Government Asia Forum, Kuala Lumpur, January 2013
Operational technology (OT) and information technology (IT) security protect devices, networks, systems, and users. Cybersecurity has long been critical in IT and helps organizations keep sensitive data safe, ensure users connect to the internet securely, and detect and prevent potential cyberattacks.
Learn Ethical Hacking in 10 Hours | Ethical Hacking Full Course | EdurekaEdureka!
YouTube Link: https://youtu.be/dz7Ntp7KQGA
** Edureka Ethical Hacking Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Ethical Hacking Full Course" will help you learn Ethical Hacking and Cyber Security concepts from scratch. You will learn about different kinds of Cyberattacks and ethical hacking tools used to prevent such attacks. There are a lot of demos on several tools in this Ethical Hacking Tutorial for Beginners PPT. You will also learn how to become an Ethical Hacker.
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka PPT on "Cybersecurity Fundamentals" will introduce you to the world of cybersecurity and talks about its basic concepts. Below is the list of topics covered in this session:
Need for cybersecurity
What is cybersecurity
Fundamentals of cybersecurity
Cyberattack Incident
Follow us to never miss an update in the future.
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Cyber Threat Intelligence (CTI) primarily focuses on analysing raw data gathered from recent and past events to monitor, detect and prevent threats to an organisation, shifting the focus from reactive to preventive intelligent security measures.
Welcome to Cyber Threat Simulation Training powered by Tonex. Cyber Threat Simulation Training covers standards of cyber threats, progressed cyber fighting and threat simulation standards.
Cyber Threat Simulation Training is splitted into different parts comprising of essential cyber security, progressed cyber security, standards of cyber threat and hands-on threat simulation works out.
Learn about:
Basic cyber threat principles
Principles on threat environment
Principles of cyber simulation and modeling
Cyber threat simulation principles
Web application cyber threat fundamentals
Network and application reconnaissance
Data exfiltration & privilege escalation
Exploit application misconfigurations and more
Firewall and Threat Prevention at work
Tools to model and simulate cyber threat
Tools to monitor attack traffic
Who Should Attend:
Cyber Threat Analysts
Digital Forensic Analysts
Incident Response Team Members
Threat Hunters
Federal Agents
Law Enforcement Officials
Military Officials
Course Modules:
Cyberwarfare and Cyberterrorism
Overview of Global Cyber Threats
Principles of Cyber Threat Simulation
Cyber Threat Intelligence
Simulating Cyber Threats
Incident Detection
Response Threat Simulation
Cyber Threat Simulation Training.Price: $3,999.00 . Length: 3 Days.
Request more info about this Cyber Threat Simulation Training. Call +1-972-665-9786. Visit www.tonex.com/training-courses/cyber-threat-simulation-training/
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
** Cyber Security Course: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "What is Cyber Security" gives an introduction to the Cyber Security world and talks about its basic concepts. You get to know different kinds of attack in today's IT world and how cybersecurity is the solution to these attacks. Below are the topics covered in this tutorial:
1. Why we need Cyber Security?
2. What is Cyber Security?
3. The CIA Triad
4. Vulnerability, Threat and Risk
5. Cognitive Cyber Security
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaYudhistira Nugraha
Managing High-Volume Cyber Attacks through Effective Strategies in Indonesia. Presentation at Cybersecurity for Government Asia Forum, Kuala Lumpur, January 2013
A look at why Caribbean cyber security is important, Caribbean experiences achieving cyber security, why an effective strategy is critical and the importance of an effective Information Governance strategy.
The crime that involves and uses computer devices and Internet, is known as cybercrime. Cybercrime can be committed against an individual or a group it can also be committed against government and private organizations. It may be intended to harm someone’s reputation, physical harm, or even mental harm. Cyber security is a potential activity by which information and other communication systems are protected from and or defended against the unauthorized use or modification or exploitation or even theft. Likewise, cyber security is a well designed technique to protect computers, networks, different programs, personal data, etc., from unauthorized access. All sorts of data whether it is government, corporate, or personal need high security however, some of the data, which belongs to the government defense system, banks, defense research and development organization, etc. are highly confidential and even small amount of negligence to these data may cause great damage to the whole nation. Therefore, such data need security at a very high level. Gajendra Kumar Malviya "Cyber Crime and Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-6 | Issue-3 , April 2022, URL: https://www.ijtsrd.com/papers/ijtsrd49888.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/49888/cyber-crime-and-cyber-security/gajendra-kumar-malviya
talks about the present status of the cyber security in India. The policy of cyber security is also discussed. the general principles of the cyber security is highlighted.
Legal position of cyber security and instances of breach of information technology code is also discussed.
CYBERFORT Technologies seeks to impart quality Information Security programs that would equip Information Security professionals with the necessary tools and education to help them avert Cyber-crimes, Cyber espionage, Cyber terrorism and if the need arises, Cyber wars.
IMPROVE SECURITY IN SMART CITIES BASED ON IOT, SOLVE CYBER ELECTRONIC ATTACKS...IJNSA Journal
Smart cities are expected to significantly improve people's quality of life, promote sustainable development, and enhance the efficiency of operations. With the implementation of many smart devices, c problems have become a serious challenge that needs strong treatments, especially the cyber-attack, which most countries suffer from it.
My study focuses on the security of smart city systems, which include equipment like air conditioning, alarm systems, lighting, and doors. Some of the difficulties that arise daily may be found in the garage. This research aims to come up with a simulation of smart devices that can be and reduce cyber attach. Use of Cisco Packet tracer Features Simulated smart home and c devices are monitored. Simulation results show that smart objects can be connected to the home portal and objects can be successfullymonitored which leads to the idea of real-life implementation and see. In my research make manysolutions for attachingissues,which was great, and apply some wirelessprotocol.
Similar to Indonesia National Cyber Security Strategy (20)
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Indonesia National Cyber Security Strategy
1.
2. 2
OUTLINE
The Strategic Roles of Indonesia ICT
Indonesia ICT Numbers and Facts
Three Dimensions of Cyber Threat
Cases of Cyber Warfare/Attack
Is Indonesia Under Attack???
Obstacles and Challenges of Indonesia National Cyber
Security
Six Priorities Strategy of Indonesia National Cyber Security
Conclusion
3. 3
THE STRATEGIC ROLES OF ICT FOR INDONESIA
ICT is an important
infrastructure for citizens
ICT is a trigger for economic
growth and productivity
ICT is a strategic sector and
Government valuable assets
4. 4
INDONESIA IS THE 4TH LARGEST MOBILE SUBSCRIBERS
986 Juta
893 Juta
290 Juta
249 Juta 244 Juta 236 Juta
China India USA Indo Brazil Rusia
Jumlah Pelanggan Telepon Seluler Dunia - 2011
1st
2nd
3rd 4th 5th 6th
China India USA Indonesia Brazil Russia
With 249 million
subscribers in
2011, Indonesia is the
4th largest mobile
market in the world.
sources: cia.gov (last updated April 2013)
5. 5
INDONESIA IS THE 8TH LARGEST INTERNET USERS
538 Juta
245 Juta
137 Juta
101 Juta
88 Juta
67 Juta 67 Juta
55 Juta 52 Juta 52 Juta
China USA India Japan Brazil Rusia Germany Indonesia UK France
Jumlah Pengguna Internet Dunia - 2011
1st
2nd
3rd
8th
4th
9th
5th 6th 7th 10th
China IndiaUSA IndonesiaBrazil RussiaJapan Germany UK France
sources: internetworldstats.com (last updated April 2013)
In 2011, the number of internet users in Indonesia is around 55 million.
Internet users in Indonesia also are highly social and active. Indonesia is the
3rd largest facebook users and the 5th largest twitter users in the world.
6. 6
THREE DIMENSIONS OF CYBER THREAT/ATTACK
Cyber
threat/attack can
be divided into
three dimensions.
These threats
potentially
destroying the
economy and
destabilize the
country's security.
Social/
Cultural
Attack
Sources: Indonesia National ICT Council, DETIKNAS 2013
7. 7
CASES OF CYBER WARFARE/ATTACK
STUXNET
Wikileaks
Estonia Cyber Attack 2007
Russia-Georgia
Cyber warfare 2008
And many
more...
8. 8
IS INDONESIA UNDER ATTACK???
Over the last three
years, Indonesia was attacked
3,9 millions in cyber space.
(Sources: Minister of ICT, April
3rd, 2013).
During January-October
2012, The most attacked
website is Government
websites/domain: go.id
(Sources: ID-SIRTII, 2012).
Sources: ID-SIRTII
Sources: Detikinet, 2013
9. OBSTACLES AND CHALLENGES OF INDONESIA
NATIONAL CYBER SECURITY
Vision of Cyber
Security not
Intregated
Quantity and Quality of
Information Security Human
Resources are Limited
ICT Critical Infrastructure
Protection Mechanisms and
Standards not exist
Cyber Law and
Policy not
Completed
Governance and Organization
of National Cyber Security not
Synergized
Weakness of
Coordination and
Cooperation between
Agency
Application, Data and
Infrastructure of
Information Security not
Integrated
Lack of
Awareness in
Information
Security
Obstacles and
Challenges
of
National Cyber
Security
Sources: Indonesia National ICT Council, DETIKNAS 2013
10. 101010
Indonesia National Cyber Security
Conceptual Framework (INCS)
10
Sources: Indonesia National ICT Council, Detiknas 2012
Availability
Integrity
Confidentiality
Sharedresponsibilities
OrganizationStructures
CapacityBuilding
InternationalCooperation
TechnicalandProcedural
Legal
Risk Management
Leadership
Partnership
Security Strategic Level
Security Operational Level
Security Tactical Level
Direct
Execute
Control
11. 11
SIX PRIORITY STRATEGIES OF INDONESIA NATIONAL
CYBER SECURITY
Strengthe-
ning Policies
and
Regulations
Establishment
of Governance
and
Organization
Critical
Infrastructur
e Protection
Implementat
ion of System
and
Technology
Capacity
Building for
Human
Resources
International
Collaboration
and
Cooperation
Security and Sovereignty in Indonesia Cyber Space
Sources: Indonesia National ICT Council, DETIKNAS 2013
13. POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA
Telecommunication Act No. 36/1999
Information Transaction Electronic Act No. 11/2008
Implementation Of Telecommunications Government Regulation No. 52/2000
Organizational structure of information security Ministerial Regulation PM
17/PER/M.KOMINFO
IP-based network security Ministerial Regulation No.
16/PER/M.KOMINFO/10/2010
CA Supervisory Board ad hoc team Ministerial Decree No.
197/KEP/M.KOMINFO/05/2010
Information security coordination team Ministerial Decree No.
33/KEP/M.KOMINFO/04/2010
Web server security Ministry Letter
Wifi Security Ministry Letter
Guidelines for the use of ISO 27001 Ministry Letter
National Act:2
Government Regulation:1
Ministerial Regulation:2
Ministerial Decree:2
Ministerial Letter:3
14. 14
POLICIES & REGULATIONS RELATED TO INFORMATION
SECURITY IN INDONESIA (2)
Criminal cases related to cyber crime in Indonesia could also
be punished with:
– Criminal Procedural Law Codex (UU KUHAP),
– Pornography Act (UU Antipornografi No. 44/2008),
– Copyright Act (UU Hak Cipta No. 19/2002),
– Consumer Protection Act (UU Perlindungan Konsumen No.
8/1999).
15. 15
POLICIES & REGULATIONS FRAMEWORK
Scope of Cyber Security Laws:
– e-Commerce;
– Trademark/Domain;
– Privasi dan keamanan di internet
(Privacy and Security on the
internet);
– Hak cipta (Copyright);
– Pencemaran nama baik
(Defamation);
– Pengaturan isi (Content Regulation);
– Penyelesaian Perselisihan (Dispel
Settlement).
– Infrastruktur TIK Kritis Nasional (ICT
Critical Infrastructure)
Substantive Law
Procedural Law
PrescribeJurisdiction
Prosecutorial Authority
Enforcement Responsibility
InternationalLawEnforcement
Cooperation
Sources: Indonesia National ICT Council, Detiknas 2012
17. 17
THE CONCEPT OF NCS ORGANIZATION STRUCTURE
The Concept of
Indonesia NCS
organization structure
consists of multi-
organization.
INCS organization
contains of
skilled, proficient, and
experienced
employees with
prosperous
information security
knowledge inside their
parts of specialization.
Sources: Indonesia National ICT Council, DETIKNAS 2013
18. 18
COMPARISON OF CYBER SECURITY ORGANIZATION
Level Australia UK Indonesia
Strategic Cyber Security Policy and Coordination Committee
(Lead Agency: The Attorney-General’s Department)
Function: interdepartmental committee that
coordinates the development of cyber security policy
for the
Australian Government.
Office of Cyber Security (OCS)
function: to provide strategic leadership for
and coherence across Government;
Undefined
Tactical Cyber Security Operations Centre (CSOC) (Under
Directorate: Defense Signals
Directorate)
Function: provides the Australian Government with
all-source cyber
situational awareness and an enhanced ability to
facilitate operational responses to cyber security
events of national importance.
Cyber Security Operations Centre (CSOC)
Function: actively monitor the health of cyber
space and co-ordinate incident response; to
enable better understanding of attacks against
UK networks and users; to provide better
advice and information about the risks to
business and the
public.
Undefined
Operational CERT
Australia
GovCertUK ID-SIRTII
GovCert
ID-Cert
19. 19
INDONESIA NATIONAL CYBER SECURITY ORGANIZATION
STRUCTURE FRAMEWORK
Sources: Indonesia National ICT Council, DETIKNAS 2013
20. 20
ORGANIZATION MAPPING RECOMENDATION
Protect cyberspace environment
Homeland Security
Preventive and capacity building
Intelligence
KEMKOMINFO BIN LEMSANEG KEMDIKBUD
Protect militer cyberspace
environment
Defense
KEMHAN TNI
Investigation and Prosecution of
criminal in cyberspace
Law Enforcement
POLRI
KEMENKOPOLHUKAM
Coordination
Coordinator
Coordinator-Incident Response Team
KEJAKSAAN
Gov-Cert ID-ACAD-CSIRT ID CERT ......
Sources:IndonesiaNationalICTCouncil,DETIKNAS2013
22. DEFINITION OF NATIONAL ICT CRITICAL INFRASTRUCTURES
ICT Critical National Infrastructures are assets, services, objects in
the form of phyical or logical that involving the livelihood of many
people, national interests and/or revenue of country that are
strategic, in case of threats and attacks cause more loss of
lives, destabilizing political, social, cultural and national economy
as well as the sovereignty of the nation. (DETIKNAS, 2013)
Criteria of the National Critical ICT Infrastructure must fulfill
one, some or all of the following characteristics:
– Threats and attacks resulted in disaster/many lost lives.
– Threats and attacks result in chaos in the national society.
– Threats and attacks cause disruption of governmental operation.
– Threats and attacks resulting in the loss of reputation, income and
state sovereignty.
23. 23
IMPACT LEVEL OF CYBER ATTACK
Money,
Espionage,
Skills for Employment,
Fame,
Entertainment,
Hacktivism,
Terrorism and War
APT/Nation State
Insider
Terrorism
Criminals
Hacker Groups
Hacker
Noob/Script Kiddy
Actor(s)Motivation
Low
Medium
High
Impact Level
• may result in the highly costly loss of major tangible assets or
resources;
• may significantly violate, harm, or impede an organization’s
mission, reputation, or interest;
• may result in human death or serious injury.
• may result in the costly loss of tangible assets or resources;
• may violate, harm, or impede an organization’s
mission, reputation, or interest;
• may result in human injury.
• may result in the loss of some tangible assets or resources
• may noticeably affect an organization’s
mission, reputation, or interest.
Sources: Indonesia National ICT Council, DETIKNAS 2013
24. 24
CRITICAL INFRASTRUCTURE SECTORS
Sector Lead Agency
Energi dan Sumberdaya Mineral Kementerian ESDM
ICT Kementerian Kominfo
Transportasi Kementerian Perhubungan
Kesehatan Kementerian Kesehatan
Pemerintahan Sekretariat Negara/Sekretariat
Kabinet
Keuangan dan Bank Kementerian Keuangan
Agrikultur Kementerian Pertanian
Pertahanan dan Industri Strategis Kementerian Pertahanan,
Kementerian BUMN
Administrasi dan Pelayanan Publik Kementerian Dalam Negeri,
Kementerian Hukum & HAM
Penegak Hukum POLRI, Kejaksaan RI, KPK
Sosial, Budaya dan Agama Kementerian Agama dan
Kementerian Sosial
Sources:IndonesiaNationalICTCouncil,DETIKNAS2013
26. LAYERS OF CYBER
Implementation of
cyber security
technologies and
processes
performed at each
layers.
Cyber security at
every layer is called
defense in depth.
Defense in Depth
strategy is to achieve
the main objectives
of security, namely
Availability, Integrity,
Confidentiality (AIC
Triad).
Data
Application
Host
Internal Network
External Network
28. 28
NEXT GOVERNMENT TECHNOLOGY IMPLEMENTATION
RELATED TO NATIONAL CYBER SECURITY
Goverment Secure
Network
Government Public
Key Infrastructure
Government
Integrated Data
Center
32. CAPACITY BUILDING: AWARENESS - ONE-WAY
COMMUNICATION
One-way
communication
(text, multimedia)
Film, Music, Poster, dll
Wide range, tends to
bore, relatively cheap
cost and affordable
Methods Object Effectively
33. CAPACITY BUILDING: AWARENESS - TWO-WAY
INTERACTIVE COMMUNICATION
Two-way interactive
communication
(hypermedia)
FGD, Interactive
Workshops, Video
Games, e-learning.
Limited range, to be
effective in changing
the culture of
behavior, cost of
expensive
Methods Object Effectively
35. 35
MEMBER OF INTERNATIONAL ORGANIZATION
Join, participate, and ratify with international collaboration
and cooperation.
Currently Indonesia become full member of:
– Asia Pacific and APCERT FIRST (Forum for Incident
Response and Security Team) of the world.
– Organisation of the Islamic Conference-CERT (OIC-CERT)
36. 36
CONCLUSIONS
Securing Indonesia Cyberspace is essential to create
conducive and sustainability environment.
Indonesia Cyberspace has to be secured and sovereigned.
Indonesia needs a national cyber security strategy in order to
focus on the development cyber security program.
National Cyber Security is a very complex
problem, collaboration and cooperation with all stakeholders
are needed.
Organization of Indonesia National Cyber Security (I-NCS)
need to be established.
Advanced Persistent Threat (APT) is an organized and long-term attack, designedspecifically to access and exfiltrate information from the target systems and impliesa more active role in gathering information than any that we have discussed previously.APT operations are more direct, and may have more in common with the CNAprocess that we will discuss in Chapter 9, closely matching some of the activities, butdiffering somewhat in intent and motivation. In APT, the steps that we might take areattack, escalate, and exfiltrate.