The document discusses the importance of information security amidst the rapid development of information and communication technology. It notes that security experts must always adapt to emerging threats like data breaches, social media hacking, mobile device threats, and advanced malware. Specific threats include the disclosure of sensitive personal and financial information online and through mobile apps. The rise of advanced persistent threats sponsored by governments to achieve political, economic, military and technical objectives is also examined. The document stresses the importance of organizations and individuals implementing proper security measures, policies and awareness programs.

1. Peran Keamanan Informasi
di Tengah Pesatnya
Perkembangan ICT
Universitas Al Azhar Indonesia
Jakarta – 10 Juni 2014
Digit Oktavianto
http://digitoktavianto.web.id
digit dot oktavianto at gmail dot com

2. IT Security Enthusiast (Opreker)
Member of Indonesian Honeynet Chapter
Member OWASP Indonesian Chapter
Linux Activist (KPLI Jakarta)
IT Security Consultant

4. Source : http://www.forbes.com/powerful-brands/list/

5.  “After compiling the list of fastest growing industries,
there were some apparent trends. Each industry on
the list experienced growth as a result of one or more
of four drivers: Internet growth, environmental
issues, cost cutting and evolving technology.”
Source : IBISWorld (global business intelligence leader specializing in
Industry Market Research)

6.  Internet growth
 Environmental issues
 Cost cutting
 Evolving technology

7.  Marketing Strategy
 Advertisement
 Business Model
 Deliverables to Customer
 Working Behavior
 Change of Mindset

8. “Keamanan selalu berbading terbalik dengan
kenyamanan. Semakin anda merasa nyaman, semakin
anda tidak aman.”
(Anonymous)

10.  Data Breaches
 Social Media Hacking
 Mobile Device Threat
 Malware and Advanced Persistent Threat (APT)

11.  Electronic Crimes
 Disclosure Sensitive Information (personal info,
credit card, username and password)
 Target :
 Online Shop
 Social Media Websites
 Government Agency

12.  Why oh Why?

17.  Purposes?
 Business competition
 Campaign
 For Fun (and Profit?)
 Ruin your life? (e.g. revenge?)
 Spying (Government, Agencies, Corporate)

23.  Why?
6 Billion Mobile Subscribers on the Planet (end of
2012)
Little to no patch management for mobile & Poor QA
in the AppStore
Few anti-virus / anti-malware solutions
Increasing malicious mobile applications and mobile
exploitation

25.  Example :
- Phishing SMS Link

26.  Example :
 Fake App

27.  Example :
 Virus / Malware Threat

28. What is APT?
 World next publicly available comprehensive report
on Advanced Persistent Threat
 Provided by Mandiant (www.mandiant.com)
 It’s a nickname for a group that being government
sponsored for doing specific attack and specific
purpose
 China is the suspected government that sponsored the
group

29.  Advanced means the adversary can operate in the full spectrum of computer intrusion.
They can use the most pedestrian publicly available exploit against a well-known
vulnerability, or they can elevate their game to research new vulnerabilities and develop
custom exploits, depending on the target's posture.
 Persistent means the adversary is formally tasked to accomplish a mission. They are not
opportunistic intruders. Like an intelligence unit they receive directives and work to satisfy
their masters. Persistent does not necessarily mean they need to constantly execute
malicious code on victim computers. Rather, they maintain the level of interaction needed
to execute their objectives.
 Threat means the adversary is not a piece of mindless code. Some people throw around the
term "threat" with reference to malware. If malware had no human attached to it (someone
to control the victim, read the stolen data, etc.), then most malware would be of little worry
(as long as it didn't degrade or deny data). Rather, the adversary here is a threat because it is
organized and funded and motivated. Some people speak of multiple "groups" consisting of
dedicated "crews" with various missions.
(Taken from http://taosecurity.blogspot.com/2010/01/what-is-apt-and-what-does-it-
want.html)

30.  Political objectives that include continuing to suppress its own population in the
name of "stability."
 Economic objectives that rely on stealing intellectual property from victims.
Such IP can be cloned and sold, studied and underbid in competitive dealings, or
fused with local research to produce new products and services more cheaply than
the victims.
 Technical objectives that further their ability to accomplish their mission. These
include gaining access to source code for further exploit development, or learning
how defenses work in order to better evade or disrupt them.
 Military objectives that include identifying weaknesses that allow inferior
military forces to defeat superior military forces. The Report on Chinese
Government Sponsored Cyber Activities addresses issues like these.

34. What should we do?

36. Who?
 IT Infrastructure (Sys Admin, Sys Engineer)
 Application (Developer, Analyst)
 End User

37. Social Engineering | Because there is no Patch for
Human Stupidity.

38.  Social Engineering simply means manipulating or
tricking people to gain their trust in order to give up
confidential information without them knowing it.
 This leads in gathering confidential information,
computer system access or fraud.

39. 1. Risk Analysis
2. Risk Assessment
3. Policy
4. Procedure
5. Standard

40. 1. A process to take the message to the user community to
reinforce the concept that information security is an
important part of the business process
2. Identification of the individuals who are responsible for
the implementation of the security program
3. The ability to determine the sensitivity of information
and the criticality of applications, systems and business
processes
4. The business reasons why basic security concepts such
as separation of duties, need-to-know, and least
privilege must be implemented
5. That senior management supports the goals and
objectives of the information security program

41. Q & A