SlideShare a Scribd company logo

Membangun Security Operation Center

Mohamad Shidiq Purnama
Mohamad Shidiq Purnama

Dokumen tersebut membahas tentang tipe dan tanggung jawab analis keamanan siber di SOC dengan tiga tingkatan keahlian berbeda. Selain itu, dokumen tersebut juga menjelaskan arsitektur dan komponen penting dalam SOC seperti sensor, log management, correlation engine, dan response system serta strategi pembangunan SOC secara in-house atau outsourced.

1 of 17
Download to read offline
Oleh : M. Shidiq Purnama
• Analis Level 1 : bertugas untuk operasional pemantauan Log dan korelasi Keahlian : Dasar IT, Network dan Security terutama dalam membaca log • Analis Level 2 : Bertugas untuk menangani serangan serta memastikan apakah sudah menjadi insiden Keahlian : Level 1 + analisa serangan dan forensik dasar • Analis Level 3 : Bertugas melakukan investigasi. Forensik sampai penanganan insiden Keahlian : Memahami forensik tingkat lanjut
• Kebijakan : Menguraikan peran dan tanggung jawab, mendefinisikan ruang lingkup informasi yang akan dilindungi, dan memberikan gambaran tingkat tinggi dari kontrol untuk melindungi informasi • Standart : Standar terdiri daripengendalian khusus tingkat rendah wajib yang membantu menegakkan dan mendukung kebijakan keamanan informasi. • Pedoman : Pedoman terdiri dari yang direkomendasikan, non-wajib control yang membantu mendukung standar atau melayani sebagai referensi apabila standar yang berlaku adalah ditempat. • Prosedur : Prosedur terdiri dari langkah demi langkah petunjuk untuk membantu pekerja dalammelaksanakan berbagai kebijakan, standar dan pedoman. ISO 20000 (IT Service Management)
• Sensor : Untuk mengumpulkan event atau data • Log Management : Untuk mengumpulkan, normalisasi dan menyimpan log • Correlation Enggine : Untuk menganalisa Log dan Event • Response System : Untuk bereaksi terhadap serangan dan kemungkinan insiden
Arsitektur SOC
Monitoring SOC
Strategi Pembangunan SOC • In-house : Perangkat, Sumber Daya Manusia dan Proses (Kebijakan, Standar dan Prosedur) dikelola oleh internal • Managed Services (Outsourced) : Layanan dilakukan oleh Pihak ke-3 yang berkompeten di bidang SOC
Project
Shortener s.id
Single Sign-on u.id
DNS Whitelist Nusantara
My.ID (tidak dikembangkan lagi)
DNS Big Data Analytics
0813-8255-8221 shi@diq.my.id

Recommended

Déclaration d'applicabilité (DdA) - ISO27002:2013
Déclaration d'applicabilité (DdA) - ISO27002:2013Déclaration d'applicabilité (DdA) - ISO27002:2013
Déclaration d'applicabilité (DdA) - ISO27002:2013
Bachir Benyammi
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
n|u - The Open Security Community
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Présentation Méthode EBIOS Risk Manager
Présentation Méthode EBIOS Risk ManagerPrésentation Méthode EBIOS Risk Manager
Présentation Méthode EBIOS Risk Manager
Comsoce
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017
Splunk
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 

Recommended

Déclaration d'applicabilité (DdA) - ISO27002:2013
Déclaration d'applicabilité (DdA) - ISO27002:2013Déclaration d'applicabilité (DdA) - ISO27002:2013
Déclaration d'applicabilité (DdA) - ISO27002:2013
Bachir Benyammi
 
Welcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat IntelligenceWelcome to the world of Cyber Threat Intelligence
Welcome to the world of Cyber Threat Intelligence
Andreas Sfakianakis
 
SIEM and Threat Hunting
SIEM and Threat HuntingSIEM and Threat Hunting
SIEM and Threat Hunting
n|u - The Open Security Community
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Windows Threat Hunting
Windows Threat HuntingWindows Threat Hunting
Windows Threat Hunting
GIBIN JOHN
 
Présentation Méthode EBIOS Risk Manager
Présentation Méthode EBIOS Risk ManagerPrésentation Méthode EBIOS Risk Manager
Présentation Méthode EBIOS Risk Manager
Comsoce
 
Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017Financial Services Forum_New York, May 17, 2017
Financial Services Forum_New York, May 17, 2017
Splunk
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
Vishal Kumar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Conix - EBIOS Risk Manager
Conix - EBIOS Risk ManagerConix - EBIOS Risk Manager
Conix - EBIOS Risk Manager
Thierry Pertus
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Analyse de risques en cybersécurité industrielle
Analyse de risques en cybersécurité industrielleAnalyse de risques en cybersécurité industrielle
Analyse de risques en cybersécurité industrielle
Patrice Bock
 
Cloud Summit Canada com Rodrigo Montoro
Cloud Summit Canada com Rodrigo MontoroCloud Summit Canada com Rodrigo Montoro
Cloud Summit Canada com Rodrigo Montoro
Clavis Segurança da Informação
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
Michael Gough
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
Anton Chuvakin
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
ControlCase
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
NetEnrich, Inc.
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
Infosectrain3
 
Sister02
Sister02Sister02
Sister02Abbanae Dandim
 
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdfMAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MrChibi1
 

More Related Content

What's hot

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Prachi Mishra
 
Conix - EBIOS Risk Manager
Conix - EBIOS Risk ManagerConix - EBIOS Risk Manager
Conix - EBIOS Risk Manager
Thierry Pertus
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
Splunk
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
Analyse de risques en cybersécurité industrielle
Analyse de risques en cybersécurité industrielleAnalyse de risques en cybersécurité industrielle
Analyse de risques en cybersécurité industrielle
Patrice Bock
 
Cloud Summit Canada com Rodrigo Montoro
Cloud Summit Canada com Rodrigo MontoroCloud Summit Canada com Rodrigo Montoro
Cloud Summit Canada com Rodrigo Montoro
Clavis Segurança da Informação
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
CrowdStrike
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
Michael Gough
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
Anton Chuvakin
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
Duy Do Phan
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
Hostway|HOSTING
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
ControlCase
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
NetEnrich, Inc.
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
ShivamSharma909
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
Priyanka Aash
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
Infosectrain3
 

What's hot (20)

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Conix - EBIOS Risk Manager
Conix - EBIOS Risk ManagerConix - EBIOS Risk Manager
Conix - EBIOS Risk Manager
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Threat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-onThreat Hunting with Splunk Hands-on
Threat Hunting with Splunk Hands-on
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
Analyse de risques en cybersécurité industrielle
Analyse de risques en cybersécurité industrielleAnalyse de risques en cybersécurité industrielle
Analyse de risques en cybersécurité industrielle
 
Cloud Summit Canada com Rodrigo Montoro
Cloud Summit Canada com Rodrigo MontoroCloud Summit Canada com Rodrigo Montoro
Cloud Summit Canada com Rodrigo Montoro
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Windows logging cheat sheet
Windows logging cheat sheetWindows logging cheat sheet
Windows logging cheat sheet
 
RSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics PresentationRSA 2016 Security Analytics Presentation
RSA 2016 Security Analytics Presentation
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
 
PCI DSS
PCI DSSPCI DSS
PCI DSS
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdfFrench PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
 
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
To Build Or Not To Build: Can SOC-aaS Bridge Your Security Skills Gap?
 
Soc analyst course content
Soc analyst course contentSoc analyst course content
Soc analyst course content
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
 

Similar to Membangun Security Operation Center

MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdfMAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MrChibi1
 
Sim keamanan sistem informasi
Sim keamanan sistem informasiSim keamanan sistem informasi
Sim keamanan sistem informasi
Selfia Dewi
 
ppt analisis kali linux.pptx
ppt analisis kali linux.pptxppt analisis kali linux.pptx
ppt analisis kali linux.pptx
NoobAka1
 
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and ResponseCyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
Panji Ramadhan Hadjarati
 
Pertemuan 6 keamanan informasi
Pertemuan 6 keamanan informasiPertemuan 6 keamanan informasi
Pertemuan 6 keamanan informasi
Yolan Meiliana
 
Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017
Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017 Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017
Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017
direktoratkaminfo
 
Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013
Ali Fuad R
 
SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...
SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...
SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...
HAJUINI ZEIN
 
Materi 4 Security Policies.pptx
Materi 4 Security Policies.pptxMateri 4 Security Policies.pptx
Materi 4 Security Policies.pptx
Rizqonrofi
 
Keamanan si (ugm)
Keamanan si (ugm)Keamanan si (ugm)
Keamanan si (ugm)
Fathoni Mahardika II
 
Kelompok 3 (keamanaan sistem terdistribusi)
Kelompok 3 (keamanaan sistem terdistribusi)Kelompok 3 (keamanaan sistem terdistribusi)
Kelompok 3 (keamanaan sistem terdistribusi)
AFirza
 
5-171004062344.pdf
5-171004062344.pdf5-171004062344.pdf
5-171004062344.pdf
abysugara3
 
Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017
Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017
Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017
direktoratkaminfo
 
Pengendalian SIA Berbasis Komputer
Pengendalian SIA Berbasis KomputerPengendalian SIA Berbasis Komputer
Pengendalian SIA Berbasis Komputer
dedidarwis
 
Pengendalian Sistem Informasi berdasarkan Komputer
Pengendalian Sistem Informasi berdasarkan KomputerPengendalian Sistem Informasi berdasarkan Komputer
Pengendalian Sistem Informasi berdasarkan Komputer
Indah Agustina
 
Keamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMI
Keamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMIKeamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMI
Keamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMI
Rani Nurrohmah
 
pengantar_keamanan_sistem_informasi_pptx.pptx
pengantar_keamanan_sistem_informasi_pptx.pptxpengantar_keamanan_sistem_informasi_pptx.pptx
pengantar_keamanan_sistem_informasi_pptx.pptx
BudiHsnDaulay
 
Module6 bahasa (1)
Module6 bahasa (1)Module6 bahasa (1)
Module6 bahasa (1)elimyudha
 
Pertemuan 10 monitoring 1 and logging in server
Pertemuan 10 monitoring 1 and logging in serverPertemuan 10 monitoring 1 and logging in server
Pertemuan 10 monitoring 1 and logging in server
MSyahidNurWahid
 

Similar to Membangun Security Operation Center (20)

Sister02
Sister02Sister02
Sister02
 
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdfMAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
MAKALAHITFTGS2 1901020056 Merrick Renee Thamrin.pdf
 
Sim keamanan sistem informasi
Sim keamanan sistem informasiSim keamanan sistem informasi
Sim keamanan sistem informasi
 
ppt analisis kali linux.pptx
ppt analisis kali linux.pptxppt analisis kali linux.pptx
ppt analisis kali linux.pptx
 
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and ResponseCyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
CyberOps Associate Modul 28 Digital Forensics and Incident Analysis and Response
 
Pertemuan 6 keamanan informasi
Pertemuan 6 keamanan informasiPertemuan 6 keamanan informasi
Pertemuan 6 keamanan informasi
 
Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017
Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017 Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017
Presentasi Sosialisasi PM SMPI- Bandung 10 Mei 2017
 
Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013Awareness ISMS ISO 27001:2013
Awareness ISMS ISO 27001:2013
 
SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...
SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...
SIPI,6,Hajuini,Hapzi Ali, Konsep dasar keamanan sistem informasi,Universitas ...
 
Materi 4 Security Policies.pptx
Materi 4 Security Policies.pptxMateri 4 Security Policies.pptx
Materi 4 Security Policies.pptx
 
Keamanan si (ugm)
Keamanan si (ugm)Keamanan si (ugm)
Keamanan si (ugm)
 
Kelompok 3 (keamanaan sistem terdistribusi)
Kelompok 3 (keamanaan sistem terdistribusi)Kelompok 3 (keamanaan sistem terdistribusi)
Kelompok 3 (keamanaan sistem terdistribusi)
 
5-171004062344.pdf
5-171004062344.pdf5-171004062344.pdf
5-171004062344.pdf
 
Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017
Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017
Materi V Sosialisasi Permen SMPI Serpong 4 Oktober 2017
 
Pengendalian SIA Berbasis Komputer
Pengendalian SIA Berbasis KomputerPengendalian SIA Berbasis Komputer
Pengendalian SIA Berbasis Komputer
 
Pengendalian Sistem Informasi berdasarkan Komputer
Pengendalian Sistem Informasi berdasarkan KomputerPengendalian Sistem Informasi berdasarkan Komputer
Pengendalian Sistem Informasi berdasarkan Komputer
 
Keamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMI
Keamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMIKeamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMI
Keamanan Dan Pengendalian Komputer_Rani Nurrohmah_STIAMI
 
pengantar_keamanan_sistem_informasi_pptx.pptx
pengantar_keamanan_sistem_informasi_pptx.pptxpengantar_keamanan_sistem_informasi_pptx.pptx
pengantar_keamanan_sistem_informasi_pptx.pptx
 
Module6 bahasa (1)
Module6 bahasa (1)Module6 bahasa (1)
Module6 bahasa (1)
 
Pertemuan 10 monitoring 1 and logging in server
Pertemuan 10 monitoring 1 and logging in serverPertemuan 10 monitoring 1 and logging in server
Pertemuan 10 monitoring 1 and logging in server
 

Membangun Security Operation Center

  • 1. Oleh : M. Shidiq Purnama
  • 2.
  • 3.
  • 4.
  • 5. • Analis Level 1 : bertugas untuk operasional pemantauan Log dan korelasi Keahlian : Dasar IT, Network dan Security terutama dalam membaca log • Analis Level 2 : Bertugas untuk menangani serangan serta memastikan apakah sudah menjadi insiden Keahlian : Level 1 + analisa serangan dan forensik dasar • Analis Level 3 : Bertugas melakukan investigasi. Forensik sampai penanganan insiden Keahlian : Memahami forensik tingkat lanjut
  • 6. • Kebijakan : Menguraikan peran dan tanggung jawab, mendefinisikan ruang lingkup informasi yang akan dilindungi, dan memberikan gambaran tingkat tinggi dari kontrol untuk melindungi informasi • Standart : Standar terdiri daripengendalian khusus tingkat rendah wajib yang membantu menegakkan dan mendukung kebijakan keamanan informasi. • Pedoman : Pedoman terdiri dari yang direkomendasikan, non-wajib control yang membantu mendukung standar atau melayani sebagai referensi apabila standar yang berlaku adalah ditempat. • Prosedur : Prosedur terdiri dari langkah demi langkah petunjuk untuk membantu pekerja dalammelaksanakan berbagai kebijakan, standar dan pedoman. ISO 20000 (IT Service Management)
  • 7. • Sensor : Untuk mengumpulkan event atau data • Log Management : Untuk mengumpulkan, normalisasi dan menyimpan log • Correlation Enggine : Untuk menganalisa Log dan Event • Response System : Untuk bereaksi terhadap serangan dan kemungkinan insiden
  • 10. Strategi Pembangunan SOC • In-house : Perangkat, Sumber Daya Manusia dan Proses (Kebijakan, Standar dan Prosedur) dikelola oleh internal • Managed Services (Outsourced) : Layanan dilakukan oleh Pihak ke-3 yang berkompeten di bidang SOC
  • 16. DNS Big Data Analytics