Weitere ähnliche Inhalte Ähnlich wie 01. Critical Information Infrastructure Protection (20) Mehr von Directorate of Information Security | Ditjen Aptika (20) Kürzlich hochgeladen (20) 01. Critical Information Infrastructure Protection2. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
R U Sure U R Secure?
3. Security is Like a Chain...
as Strong as The Weakest link
`
90% cyber security implementation is inconsistent... :’(
4. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Know Your Enemies
Threat Agent – People
Attacks carried out by unknown attacker (public)
Attacks carried out by known attacker, such as employees, contractors, partners
or customers both consciously and as victims of social engineering
Attacks carried out by authorized users both consciously and as victims of social
engineering
Threat Agent Resources
Low grade attacker: script kiddies, new born attacker, public tools, <USD1000.
Medium grade attacker: expert, public or custom tools, <USD100.000.
High grade attacker: advance custom tools, <USD 1 Million.
Government grade attacker.
5. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Gildas Deograt Lumy, CISA, CISSP, ISO 27001 LA
Senior Information Security Consultant - XecureIT
Consultancy, Audit, Assessment, Penetration Testing, Research
Experiences
21 years in IT, 16 years direct experiences in Information Security
25 years as social worker to take care homeless people and street children
Community Founder and Leader
Komunitas Keamanan Informasi (KKI)
(ISC)2 Indonesia Chapter
Forum Keamanan Informasi (FORMASI)
Cyber Security Certified Professional (CSCP) Association
Trainer
CISSP Common Body of Knowledge
Hacking Techniques & Defense Strategy
ISO27001 Implementation
6. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Do you know who are inside?
90% of Internal Network is “Public”
7. Complexity is the worst information security enemy
Information Security is A Complex Issue
Impossible to solve without strong management commitment
supported by highly competent professionals.
8. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Conventional Cyber Security
Easy to compromise
9. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade Security
10. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
End-to-End High Grade Security
The Key Principles
Balanced between preventive, detective and
corrective controls in all information life cycle:
Holistic
High Integrity
White List Approach
Defense in Depth
Least Privilege
Separation of Duties
Effective Change
Management
End-to-End Encryption
Good Performance
Full Redundancy
Integrated Monitoring
11. Standar Arsitektur Keamanan Tingkat Tinggi
Informasi (SAKTTI)
`
Konsisten, efektif dan efisien arsitektur untuk
menangani ancaman serangan tingkat tinggi.
12. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureIT Experiences
CARES Facts
Consultancy
High grade information security
architecture is very difficult and expensive
to implement and operate.
Assurance
99% security implementation can be
compromised if similar conditions with real
threat agent is created and allowed.
The reasons why we create XecureZone as
a high grade security solution.
Research & Development
Our solutions has been used by highly
sensitive systems.
Education
70% highly competent information
security profesional went abroad.
Secure Hosting
In house XecureZone has been used to
protect our customers sensitive
systems.
13. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
A Complete Integrated Solution
Technology
People
XecureZone
Physical
Administrative
14. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Key Objectives: S.O.S
Secure
Improve information security to the highest level through clear and
balance end-to-end prevention and detection strategy.
Optimize
Significantly reduce TCO through uniform strategy, hardware and
licenses optimization, and pre-configured systems.
Simplify
Simplify information security compliance and conformance, such as
UU ITE, PP PSTE, PBI, ISO 27001 and PCI DSS.
15. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Key Benefits: T.R.U.S.T
Transparant by using open source solutions for the core components.
Reliable by using the best software and hardware components.
Uniform strategy and implementation to optimize the TCO.
Simplify complex processes, from design to maintainance.
Tough solution - strong but flexible.
16. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology Implementation
17. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Technology
Key Feature: SAKTTI Implementation
18. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
XecureZone Overview
The Biggest Challenge is To Change The Mindset
“I feel convenience if...
I use the good safety belt and helmet properly and
the car has the effective breaking system to go fast !”
19. © PT IMAN Teknologi Informasi XecureITCritical Information Infrastructure Protectionv1.0 - IISF 2013
Summary
Conventional security strategy and implementation have failed.
SAKTTI answers the needs of high grade information security
architecture.
XecureZone simplifies and optimizes SAKTTI implementation and
operation.
XecureZone is built with 21 years experience on top of solid
hardware and software components.
XecureZone can be easily customized to accomodate various
needs.
XecureZone
Secure.Optimize.Simple