Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jakarta, 14 Juli 2009 Andika Triwidada.  2000: awareness  2002: infrastructure security  2005: performance  2007: application security  2010: incident.

Similar presentations


Presentation on theme: "Jakarta, 14 Juli 2009 Andika Triwidada.  2000: awareness  2002: infrastructure security  2005: performance  2007: application security  2010: incident."— Presentation transcript:

1 Jakarta, 14 Juli 2009 Andika Triwidada

2  2000: awareness  2002: infrastructure security  2005: performance  2007: application security  2010: incident handling? co-operative security?

3  Phishing  Botnet  Virus  Internal  Social engineering  Bencana alam  Compliance  Convergence to IP:  WAN, voice, mobile  Less-cash society

4

5  Confidentiality  Integrity  Availability

6  Busway: 2 juta (?) transaksi per hari  Gaji pegawai negeri: 10 juta transaksi (?) sehari, setiap bulan  Micropayment Hongkong: 60+ juta transaksi per hari  stress-test!  rencana pertambahan kapasitas  OpenIXP: 4+ Gbps  intl. link: ~50 Gbps

7  what you know  what you have  what you are  single factor -> sangat rawan  two factor -> lebih mahal  N akun, N token?  M bank, M token?  shared token?

8  People  Process  Technology Security = mata rantai: selemah titik terlemah

9  PBI no 9 / > incl. vendors  PCI-DSS  ISO  ITIL  Cobit  Ukur  Banding  Perbaiki  Ulang

10  Top-down  Tidak efektif bila di-drive hanya oleh divisi IT  Bantuan konsultan?

11  Seringkali menjadi titik lemah  Never ending job  Contoh negatif TV/radio: password

12  Implikasi proses/policy  Memerlukan people yang kompeten  Contoh kasus: firewall intranet, IPS, over-spec, SSL vs IDS

13

14 Requirement And Use Case Feedback Post-Ship Test Plans Designs & Architecture Code Test & Test Result Risk Analysis External Review Code Review Security Operations Security Requirement & Abuse Cases Risk Analysis PenTest Risk-based security test

15  Incident sangat mungkin melibatkan outsider  Phishing seringkali cross-border  Botnet for hire!

16  Budaya: nama gadis ibu kandung?  Tahap konfirmasi  are you really Andika? tapi  are you really bank B?

17  Diskusi?


Download ppt "Jakarta, 14 Juli 2009 Andika Triwidada.  2000: awareness  2002: infrastructure security  2005: performance  2007: application security  2010: incident."

Similar presentations


Ads by Google