SlideShare uma empresa Scribd logo

Biznet GIO National Seminar on Digital Forensics

Yusuf Hadiwinata Sutandar
Yusuf Hadiwinata Sutandar

Yusuf Hadiwinata Sutandar - Praktisi Cloud Computing dan Forensik Digital

Internet
1 de 81
Baixar para ler offline
CLOUD INFRASTRUCTURE Architecture & Security 14 June 2021 – 3rd National Seminar on Digital Forensics
3rd National Seminar on Digital Forensics Day-1
Yusuf Hadiwinata Sutandar Linux Geek, Opensource Enthusiast, Security Hobbies RHCT, RHCSAv5-v7, RHCEv5-v7, RHCVA, RHCI, RHCX, RHCSA- RHOS, RHCJA, CEI, CEH, CHFI, CND, EDRP , CCNA, MCTCNA, Security+, Network+, VCA, vExpert 2017-2018 VP Operation & Services – PT Biznet Gio Nusantara Introduction Disclaimer: All the information on this slide has been pass Legal & Compliance review on PT Biznet GIO Nusantara or the resources is Public accessible on the Internet
“Cloud security is a discipline of cyber security dedicated to securing cloud computing systems.” “This includes keeping data private and safe across online- based infrastructure, applications, and platforms. Securing these systems involves the efforts of cloud providers and the clientsthat use them, whether an individual, small to medium business, or enterprise uses.” “Its shared between the cloud provider and the customer. There are basically three categories of responsibilities in the Shared Responsibility Model” What is Cloud Security
• Data security • Identity and access management (IAM) • Governance (policies on threat prevention, detection, and mitigation) • Data retention (DR) and business continuity (BC) planning • Legal compliance At its Core, Cloud Security is Composed of the Following Categories
Source Checkpoint Shared Responsibility Model on Cloud Security
Shared Responsibility Varies by Provider and Service Type In a traditional data center model, Company are responsible for security across entire operating environment, including applications, physical servers, user controls, and even physical building security. In a cloud environment, Cloud provider offers valuable relief to customer teams by taking on a share of many operational burdens, including security.
Security-Centric Frameworks • ISO 27001 : 2013 • ISO 27017 : 2015 • ISO 27018 : 2019 • ISO 27701 : 2019 Industry & Location-Specific Regulations • Credit Card Payments: PCI DSS / PA DSS • Healthcare: HIPAA • Singapore: MAS-TRM • Malaysia: BNM-RMiT • Australia: APRA Prudential Practice Guide CPG 234 • EU: GDPR • NIST Cybersecurity Framework • CIS Controls • CSA STAR - Cloud Security Alliance (CSA) Security Trust And Risk Assurance (STAR) Regulation and Compliance On Cloud Security
The framework provides a foundation for building and improving Biznet GIO Cloud deployments using four key principles: • Operational excellence - Guidance on how to make design choices in the cloud to improve your operational efficiency. These include approaches for automating the build process, implementing monitoring and disaster recovery planning. • Security, privacy and compliance - Guidance on various security controls can choose along with a list of products and features best suited to support security needs for your deployments. • Reliability - How to build reliable and highly available solutions. Recommendations include defining reliability goals, improving Biznet GIO approach to observability (including monitoring), establishing an incident management function, and techniques to measure and reduce the operational burden on Biznet GIO teams. • Performance Cost Optimization - Suggestions on various available tools to tune your applications for a better end-user experience and analyze the cost of operation on Biznet GIO Cloud, while maintaining an acceptable level of service. Biznet GIO Well- Architected Lenses
How Biznet GIO Choose the framework • Discover: Use the framework as a discovery guide for Biznet GIO Cloud Platform offerings and learn how the various pieces fit together to build solutions. • Evaluate: Use the design questions outlined in each section to guide thought process while thinking about Biznet GIO system design. • Review: If you’re already on Biznet GIO Cloud, use the recommendations section to verify if you are following best practices or as a pulse check to review before deploying to production. Biznet GIO Well- Architected Lenses
SECURITY ARCHITECTURE On PCI-DSS Perspective
PCI Data Security Standard Goal PCI DSS Requirements Build and Maintain a Secure Network and Systems 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Identify and authenticate access to system components 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel Source PCI-DSS
PCI-DSS: Build and Maintain a Secure Network and Systems
Install and Maintain Firewall Biznet GIO Management Infrastructure and Services Portal Layer 4 Statefull Firewall Layer 7 Statefull Firewall Customer Isolate Network and Infrastructure Layer 4- 7 Firewall • Azure WAF • Azure DDoS Protection • VMware NSX Edge • Google Cloud Armor • AWS WAF • etc External DDoS Protection, Scrubbing and Blackhole • Cloudflare • Akamai • Incapsula The Customer is responsible for establishing and implementing firewall and router configuration standards. IDS IPS Thread Analysis High Level Firewall Topology Design
PCI-DSS Firewall Detail Biznet GIO Infrastructure Firewall Database Traffic Analysis Sandbox Analysis Statefull Inspection Anomali Detection Biznet GIO Infrastructure Biznet GIO Shared Service Infrastructure Default Deny All Super Spine DMZ Public Network Spine Private Network 1 Private Network 3 Biznet GIO Critical Infrastructure Biznet GIO Product Infrastructure Leaf Private Network 2 WAF NAT Log Collection SIEM Monitoring Alerting Private Network MNG
Use Case of Firewall Topology Study Case Asiangames2018
Install and Maintain Firewall Study Case Asiangames2018 - Copyright ITTD
Install and Maintain Multi-Zone Firewall ← WAF Protection Internal Internal WAF Protection to mitigate attack from Internal Network ← DDoS + WAF Protection Layer 4/7 DDoS Protection to Scrub DDoS Attack ← WAF Protection Additional WAF Protection using different Database Attack Study Case Asiangames2018 - Copyright Yusuf Hadiwinata
Examine Data-flow Diagram and Interview Personnel to Verify the Diagram "Data-flow diagrams identify the location of all data that is stored, processed, or transmitted within the network. Network and cardholder data-flow diagrams help an organization to understand and keep track of the scope of their environment, by showing how cardholder data flows across networks and between individual systems and devices." Source OpenIO
Visibility for Logical Data Input Flow Study Case Asiangames2018 - Copyright ITTD
PCI-DSS: Develop Configuration Standards for All System Components
Hardening Standard Sources of industry-accepted system hardening standards may include, but are not limited to: • Center for Internet Security (CIS) • International Organization for Standardization (ISO) • SysAdmin Audit Network Security (SANS) Institute • National Institute of Standards Technology (NIST). • ISSAF (Information Systems Security Assessment Framework)
Secure Configuratio n Standard for Cloud Image Source CIS Operating System Focus-Hardening
Secure Confi guration Standard for Cloud Image List of Hardened Image • CIS Debian Linux 9 & 10 Benchmark • CIS Ubuntu Linux 16.04, 18.04, 20.04 LTS Benchmark (include container) • CIS CentOS Linux 6, 7, 8 Benchmark (include container version) • CIS Oracle Linux 6,7, 8 Benchmark • CIS RHEL Linux 6, 7, 8 Benchmark (include container version) • CIS SUSE Linux Enterprise 12 & 15 Benchmark • CIS NGINX on Centos Linux 7 Benchmark Webserver • CIS NGINX on Ubuntu Linux 18.04 LTS Benchmark Container • CIS PostgreSQL 11 on CentOS Linux 7 Benchmark • CIS PostgreSQL 10 on Ubuntu Linux 18.04 LTS Benchmark Container • CIS Microsoft Windows Server 2008, 2012, 2016, 2018 R2 Benchmark Operating System Focus-Hardening
Example Benchmark CIS Image for CentOS Operating System Focus-Hardening
Information Systems Security Assessment Framework Network Focus-Hardening • Wireless Security Assessment • Switch Security Assessment • Router Security Assessment • Firewall Security Assessment • Network Footprinting (Reconnaissance) • Network Backbone
Anti- Spoofing Network Focus-Hardening
Anti- Spoofing Network Focus-Hardening
Securing the World Routing Implement RPKI On Network
BGP Hijacking Prevention and Notification • Any of BGN prefixes loses visibility • Any of BGN prefixes is hijacked • BGN AS is announcing RPKI invalid prefixes (e.g., not matching prefix length) • BGN AS is announcing prefixes not covered by ROAs • ROAs covering your prefixes are no longer reachable (e.g., TA malfunction) • a ROA involving any of BGN prefixes or ASes was deleted/added/edited • BGN AS is announcing a new prefix that was never announced before • One of the AS paths used to reach BGN prefix matches a specific condition defined by you.
The CDN and Cloud Programme Actions 1. Prevent propagation of incorrect routing information 2. Prevent traffic with illegitimate source IP addresses 3. Facilitate global operational communication and coordination 4. Facilitate validation of routing information on a global scale 5. Encourage MANRS adoption 6. Provide monitoring and debugging tools to the peering partners https://www.manrs.org/cdn-cloud-providers/ Securing the World Routing
Implement RPKI On Network https://www.manrs.org/about/testimonial/testimonial-from-pt-biznet-gio-nusantara/ Securing the World Routing
PCI-DSS: Protect Cardholder Data
Database security is more than just important: it is essential to any company with any online component. Sufficient database security prevents data bring lost or compromised, which may have serious ramifications for the company both in terms of finances and reputation Importance of Database Security and Integrity
Database Security Conceptual View
Data Security Logical Architecture View • Implement logging on all component • Implement Audit on all component • Encrypt the Database and the Backup • Implement Data Masking and SQL Firewall
• Discover, classify and prioritize the databases containing your valuable information whether cloud based or on-premise • Discover, Track and Manage Your SQL Server Inventory • Manage known databases on your network and in the cloud; discover unknown databases outside the scope of current compliance controls Inventory Data Sources
Database Inventory Tools
• Define and manage security standards and compliance policies to be used to assess database security posture • Schedule or run ad-hoc job- based assessments to quantify cloud based or on- premise database adherence to selected policies Continuous Testing
• Fix potentially harmful password configurations, table access grants, user roles and other vulnerable areas identified in assessment of database assets. • Conduct regular and continuous assessments to identify issues and ensure that they are remediated in a timely manner. Eliminates Vulnerabilities
• Ensure employees and applications have only the rights needed to do their jobs • Understand who has access to what data and how they’ve been granted that access Key Point: Analyze membership to powerful server roles and groups such as administrators, systems administrators, and security administrators to ensure the level of access is warranted. From a group, see the list of group members and select a member for further analysis. From a user, see the group memberships and drill upwards to view inherited permissions. Enforce Least Privileges
• Inspect database access and activities for policy violations and attempted attacks • Audit actions of known privileged users as well as administrative activity Monitor for Anomalies
Fraud Detection Logical Architecture View Its highly recommended to Have Fraud Prevention and Data Leak Prevention Staff to monitor potential Data Leak and Fraud on the Organization
• Deploy policy-based Activity Monitoring to create an easily managed set of actionable security and compliance alerts. • Transparent Data Encryption (TDE) to protect sensitive data • Database Firewall acts as the first line of defense for databases, helping prevent internal and external attacks from reaching the database Protecting The Data
Data Leak Monitoring for Data Leak Prevention Logging and monitor all the User activity related to Data Access or sensitive document
Audit and Respond to suspicious activity and policy violations in real time • Send an alert to IT Security to prompt further investigation. • Notify the SIEM system to correlate database activity with web application logs. • Initiate a malware scan to remove any injected code. • Lockout the user’s account to prevent further attempts to access sensitive data. Respond to Incident
PCI-DSS: Implement Strong Access Control Measures
Example Access Flow to Critical Infrastructure Admin From Internet VPN Gateway 2fa Authenticator Directory Service & Audit Privileged Access Management or Jump/Step Server Server Server Server Farm Record desktop user activity, file transfer, and command history Sent log to Centralize log server and analyze on SIEM Alert and Notification DMZ Encrypted connection 7.1 Limit access to system components and critical data to only those individuals whose job requires such access.
Role Based Access Control (RBAC) 7.1.1 Define access needs for each role, including: • System components and data resources that each role needs to access for their job function • Level of privilege required (for example, user, administrator, etc.) for accessing resources. Source DNStuff
Attribute Based Access Control (ABAC) ABAC is implemented to reduce risks due to unauthorized access, as it can control security and access on a more fine-grained basis 7.2 Establish an access control system for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed. This access control system must include the following: Source DNStuff
Accessing Customer Infrastructure
PCI-DSS: Regularly Monitor and Test Networks
SIEM Analytics
SIEM Alerting and Notification Many breaches occur over days or months before being detected. Regular log reviews by personnel or automated means can identify and proactively address unauthorized access to the cardholder data environment. The log review process does not have to be manual. The use of log harvesting, parsing, and alerting tools can help facilitate the process by identifying log events that need to be reviewed.
Continuous Penetration Testing
User Risk Ranking Monitoring Logging mechaniss and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise
SIEM Security Information and Event Management
SIEM Alerting and Notification Implement multi-vendor SIEM Tools
SIEM Alerting and Escalation Management
Continuous Penetration Testing Regularly pentest and scan infrastructure based on up-to-date signature database
Continuous Penetration Testing
PCI-DSS: Maintain an Information Security Policy
Establish, publish, maintain, and disseminate a security policy. "A company's information security policy creates the roadmap for implementing security measures to protect its most valuable assets. All personnel should be aware of the sensitivity of data and their responsibilities for protecting it."
Example Policy need to Provide and Maintain • Access Control Policy • Application Security Sample report • Change Management Process • Clean Desk Policy • Connected Entities • Corporate Roles & Responsibilities • Development Policy • Disaster Recovery Process • Document Generation • Electronic Communication Policy • Email Policy • Incident Response Process • Information Security Policy • Internal Audit Procedure • Internal Audit Report • Malicious Code Policy • Network Security Policy • Operational Procedure • Physical Access Policy • Risk Assessment Methodology • SOP Asset Management • SOP Development • SOP for SOP
Implement Risk- Assessment Process The main objective of Risk Assessment is to estimate the Risks that affect the current Biznet GIO assets. This is done by 1. Identifying Biznet GIO Assets, and defining their value as per the requirements of Confidentiality, Integrity and Availability. 2. Identifying the Vulnerabilitiesin the system and their value. 3. Identifying the Threats that can exploit these Vulnerabilities. 4. Estimating the probability of a Threat. 5. Calculating the Risk and then sorting them as per their relative significance. 6. Interpreting the results
Risk- Assessment Threat Matrix Example No Threat Events Source 1 Natural Causes (Flood, Fire, Animals, etc.) External 2 Cyber Crime (DDoS, Flooding, Abuse Usage etc.) External 3 Social Engineering (Impersonation, Shoulder Surfing) External 4 Vendor Failure (ISP failure, Disgruntled Vendor, etc.) External 5 Theft (Theft of Data, Theft of Hardware, Hacking etc.) External 6 Change of Regulation External 7 Unauthorized Access (copying, manipulation of data, etc.) Internal 8 Loss/deletion of data (Loss Integrity, data deletion, human error etc.) Internal 9 Hardware Failure (UPS, Cable, Disk, Power, etc.) Internal 10 Software Failure (bug, virus, OS, etc) Internal
Risk Calculation Matrix Example Asset Classification • Hardcopy Asset:Contract documents, NDA, PKWT, Legal, etc • Softcopy Asset:SOP , Payroll, etc • People Asset:Top Level, VP , Operational Staff, etc • Data Asset:Customer List, Infra Data, Cust Subscription • Electronic Asset: Branding, Event Report, Billing, etc • Software Asset:Windows, Linux, Portal Software, etc • Physical Asset:Laptop, PC, Server, Storage, etc • Physical Facility:Main Office, Branch Office, Data Center • Organizational Issue:Human Aspect, Market Factor, Regulation Factor • Interested Parties: Customer, Supplier, Investor, etc
No Asset Description of Asset Type of Threat Risk Owner Confidentiality Integrity Availability Asset Value 1 Resource Internal Issue • Natural Causes • Vendor Failure • Theft • Hardware Failure • Software Failure Top Management 3 2 2 7 2 Human Aspects Internal Issue • Social Engineering • Change of Regulation Top Management 3 2 3 8 3 Managements Internal Issue • Social Engineering • Change of Regulation Top Management 3 2 3 8 Risk Calculation Matrix Example
Risk Treatment Plan No Process/ Function Asset Potential Failure Severity Level Mitigation 1 MarketingMarketing's Asset Deletion of data Low Use data recovery in the cloud, disciplinary process 2 MarketingMarketing's Asset Unauthorized copying Low Disciplinary Process, destroy the copy 3 Sales Customer related (list, tickets, etc.) Sabotage, Tampering Medium Gather the evidence and report to authority 4 Sales Customer related (list, tickets, etc.) Deletion of data Low Use data recovery in the cloud 5 Sales Customer related (list, tickets, etc.) Unauthorized copying Medium Disciplinary Process, destroy the copy 6 Sales Sales's confidential Asset (contract, report, etc.) Unauthorized copying Medium Disciplinary Process, destroy the copy Risk Treatment Plan Example
NIST CLOUD FORENSICS CHALLANGE
NIST Cloud Computing Forensic Science Challenges Various process models have been developed for digital forensics, including the following distinctive steps and attributes 1. Search authority. Legal authority is required to conduct a search and/or seizure of data. 2. Chain of custody. In legal contexts, chronological documentation of access and handling of evidentiary items is required to avoid allegations of evidence tampering or misconduct. 3. Imaging/hashing function. When items containing potential digital evidence are found, each should be carefully duplicated and then hashed to validate the integrity of the copy. 4. Validated tools. When possible, tools used for forensics should be validated to ensure reliability and correctness. 5. Analysis. Forensic analysis is the execution of investigative and analy tical techniques to examine, analyze, and interpret the evidentiary artifacts retrieved
NIST Cloud Computing Forensic Science Challenges Identification stage Challange 1. Access to evidence in logs 2. Physical inaccessibility 3. Volatile data 4. Client side identification 5. Dependence on cloud service provider - trust Preservation Collection Stage 1. Integrity and stability - multi-tenancy and privacy 2. Imaging 3. Bandwidth limitation 4. Multi-jurisdiction distribution - collaboration 5. Dependence on cloud service provider - trust Examination analysis stage 1. Lack of forensic tools 2. Volume of data 3. Encryption 4. Time synchronization—reconstruction 5. Unification of log formats
Cloud Forensics Tips Disk Imaging and Acquisition tips 1. Rsync – Raw copy Virtualization disk image (eg: qcow, vmdk, etc) 2. Using Clone or Snapshoot features on Cloud provider portal to clone instance 3. Using Suspends or Pause features on Cloud provider portal to maintain integrity 4. Take note the software and version for future investigation on Lab
CLOUD INFRASTRUCTURE 1O1
Connectivity 10 Gbps Local​ 1 Gbps International​ Redundant with Same Backup Link Capacity​ from different Providers MULTIPLE AVAILABILITY ZONES & CLOUD CONNECTIVITY ✓ Scalability & High Availability ✓ Business Continuity Planning ✓ Disaster Recovery Center ✓ Hybrid Cloud Data Center 1 Technovillage Cimanggis JAWA BARAT Data Center 2 MidPlaza Sudirman JAKARTA Data Center 3 BANTEN Inclusive Inter-DC Link for up to 10 Gbps
PRIVACY COMMITMENTAND SECURITY SOC 2 Type 2 Service Organization Control Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systemsthe service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems…. Type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; Type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2rep ort.html The First Local Cloud Service Provider with 3 Security Certification
BIZNETGIO SERVICE ADVANTAGES 24 Hours Local Support Managed Service Response Time < 15 minutes Uptime SLA 99.9% Unlimited Network Traffic Bandwidth up to 10 Gbps No Traffic Quota Design, Implement to Day to day Operations 81
Investigation Process on Biznet GIO Mailing/e-Mail Search Warrant To Biznet GIO Address Biznet GIO CEO Biznet Legal PIC and NDA Signing Subject Matter Expert Evidence Collection Domain Expert Security Expert Evidence Collection Evidence Collection
In today’s world, people put most everything on computes/cloud. We need the forensics capability to go in and retrieve that information off the company’s networks - Earl Devaney For any Inquiry related security : security@biznetgio.com
THANK YOU

Recomendados

It infrastructure management services @ yash
It infrastructure management services @ yashIt infrastructure management services @ yash
It infrastructure management services @ yashYASH Technologies
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Cloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & IssuesCloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & IssuesArtizen, Inc.
 
Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...
Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...
Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...Mojtaba HOUSHMAND
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook TemplateMark S. Mahre
 

Recomendados

It infrastructure management services @ yash
It infrastructure management services @ yashIt infrastructure management services @ yash
It infrastructure management services @ yashYASH Technologies
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Cloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & IssuesCloud Migration - Cloud Computing Benefits & Issues
Cloud Migration - Cloud Computing Benefits & IssuesArtizen, Inc.
 
Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...
Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...
Authentication & Authorization and Accounting (AAA) in Telecommunications Ind...Mojtaba HOUSHMAND
 
Tenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityTenable Solutions for Enterprise Cloud Security
Tenable Solutions for Enterprise Cloud SecurityMarketingArrowECS_CZ
 
SOC Certification Runbook Template
SOC Certification Runbook TemplateSOC Certification Runbook Template
SOC Certification Runbook TemplateMark S. Mahre
 
Data Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesData Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesSlideTeam
 
Mimecast Presentation
Mimecast PresentationMimecast Presentation
Mimecast PresentationMichelle6518
 
Azure Migration Program Pitch Deck
Azure Migration Program Pitch DeckAzure Migration Program Pitch Deck
Azure Migration Program Pitch DeckNicholas Vossburg
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt omalreda
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdfPencilData
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 
Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliantEvgeniya Shumakher
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 

Mais conteúdo relacionado

Mais procurados

Data Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesData Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesSlideTeam
 
Mimecast Presentation
Mimecast PresentationMimecast Presentation
Mimecast PresentationMichelle6518
 
Azure Migration Program Pitch Deck
Azure Migration Program Pitch DeckAzure Migration Program Pitch Deck
Azure Migration Program Pitch DeckNicholas Vossburg
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecturePriyanka Aash
 
Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt omalreda
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxArianeSpano
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideMaticmind
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdfPencilData
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014Paul Simidi
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Priyanka Aash
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEryk Budi Pratama
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity AssessmentDoreen Loeber
 

Mais procurados (20)

Data Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation SlidesData Center Infrastructure Management Powerpoint Presentation Slides
Data Center Infrastructure Management Powerpoint Presentation Slides
 
Mimecast Presentation
Mimecast PresentationMimecast Presentation
Mimecast Presentation
 
Azure Migration Program Pitch Deck
Azure Migration Program Pitch DeckAzure Migration Program Pitch Deck
Azure Migration Program Pitch Deck
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 
Data center disaster recovery.ppt
Data center disaster recovery.ppt Data center disaster recovery.ppt
Data center disaster recovery.ppt
 
Fortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptxFortinet Corporate Overview Deck.pptx
Fortinet Corporate Overview Deck.pptx
 
Cisco Meraki Portfolio Guide
Cisco Meraki Portfolio GuideCisco Meraki Portfolio Guide
Cisco Meraki Portfolio Guide
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Qradar - Reports.pdf
Qradar - Reports.pdfQradar - Reports.pdf
Qradar - Reports.pdf
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept Overview
 
GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014GRC - Isaca Training 16.9.2014
GRC - Isaca Training 16.9.2014
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Practical Enterprise Security Architecture
Practical Enterprise Security Architecture Practical Enterprise Security Architecture
Practical Enterprise Security Architecture
 
Enterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating ModelEnterprise Cybersecurity: From Strategy to Operating Model
Enterprise Cybersecurity: From Strategy to Operating Model
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORKZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
 
Cyber Security Maturity Assessment
Cyber Security Maturity Assessment Cyber Security Maturity Assessment
Cyber Security Maturity Assessment
 

Semelhante a Biznet GIO National Seminar on Digital Forensics

Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...NetworkCollaborators
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...Ulf Mattsson
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...Cisco DevNet
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecRobb Boyd
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshChristian Posta
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsCisco DevNet
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Canada
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Canada
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security processUlf Mattsson
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Zeeve
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Canada
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​AlgoSec
 
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Canada
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 

Semelhante a Biznet GIO National Seminar on Digital Forensics (20)

Will your cloud be compliant
Will your cloud be compliantWill your cloud be compliant
Will your cloud be compliant
 
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
Cisco Connect 2018 Malaysia - Secure data center-building a secure zero-trus...
 
How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...How the latest trends in data security can help your data protection strategy...
How the latest trends in data security can help your data protection strategy...
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
Compliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient MeshCompliance and Zero Trust Ambient Mesh
Compliance and Zero Trust Ambient Mesh
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
5787355.ppt
5787355.ppt5787355.ppt
5787355.ppt
 
DEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIsDEVNET-1166 Open SDN Controller APIs
DEVNET-1166 Open SDN Controller APIs
 
Cisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre securityCisco Connect Ottawa 2018 data centre security
Cisco Connect Ottawa 2018 data centre security
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
Cisco Connect Toronto 2018 DNA automation-the evolution to intent-based net...
 
Time to re think our security process
Time to re think our security processTime to re think our security process
Time to re think our security process
 
Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...Standards for protection of data on storage device are emerging from both the...
Standards for protection of data on storage device are emerging from both the...
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
 
Cisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper diveCisco Connect Halifax 2018 Cisco dna - deeper dive
Cisco Connect Halifax 2018 Cisco dna - deeper dive
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
 
Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​Zero Trust Framework for Network Security​
Zero Trust Framework for Network Security​
 
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
Cisco Connect Ottawa 2018 dna automation the evolution to intent-based netw...
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 

Mais de Yusuf Hadiwinata Sutandar

LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeYusuf Hadiwinata Sutandar
 
March of the Penguin - 31 years Linux Snapshot
March of the Penguin - 31 years Linux SnapshotMarch of the Penguin - 31 years Linux Snapshot
March of the Penguin - 31 years Linux SnapshotYusuf Hadiwinata Sutandar
 
Choose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesChoose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesYusuf Hadiwinata Sutandar
 
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...Yusuf Hadiwinata Sutandar
 
Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali
Kubernetes Jakarta Meetup 010 - Service Mesh Observability with KialiKubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali
Kubernetes Jakarta Meetup 010 - Service Mesh Observability with KialiYusuf Hadiwinata Sutandar
 
Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018Yusuf Hadiwinata Sutandar
 
Devops Indonesia Presentation Monitoring Framework
Devops Indonesia Presentation Monitoring FrameworkDevops Indonesia Presentation Monitoring Framework
Devops Indonesia Presentation Monitoring FrameworkYusuf Hadiwinata Sutandar
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayYusuf Hadiwinata Sutandar
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftYusuf Hadiwinata Sutandar
 
create auto scale jboss cluster with openshift
create auto scale jboss cluster with openshiftcreate auto scale jboss cluster with openshift
create auto scale jboss cluster with openshiftYusuf Hadiwinata Sutandar
 

Mais de Yusuf Hadiwinata Sutandar (20)

LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPracticeLOUCA23 Yusuf Hadiwinata Linux Security BestPractice
LOUCA23 Yusuf Hadiwinata Linux Security BestPractice
 
How DevOps works in the Enterprise
How DevOps works in the EnterpriseHow DevOps works in the Enterprise
How DevOps works in the Enterprise
 
Acronis Meet and Learn
Acronis Meet and LearnAcronis Meet and Learn
Acronis Meet and Learn
 
BiznetGio Presentation Business Continuity
BiznetGio Presentation Business ContinuityBiznetGio Presentation Business Continuity
BiznetGio Presentation Business Continuity
 
March of the Penguin - 31 years Linux Snapshot
March of the Penguin - 31 years Linux SnapshotMarch of the Penguin - 31 years Linux Snapshot
March of the Penguin - 31 years Linux Snapshot
 
Choose the Right Container Storage for Kubernetes
Choose the Right Container Storage for KubernetesChoose the Right Container Storage for Kubernetes
Choose the Right Container Storage for Kubernetes
 
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
PHPIDOL#80: Kubernetes 101 for PHP Developer. Yusuf Hadiwinata - VP Operation...
 
Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali
Kubernetes Jakarta Meetup 010 - Service Mesh Observability with KialiKubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali
Kubernetes Jakarta Meetup 010 - Service Mesh Observability with Kiali
 
Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018
 
Devops Indonesia Presentation Monitoring Framework
Devops Indonesia Presentation Monitoring FrameworkDevops Indonesia Presentation Monitoring Framework
Devops Indonesia Presentation Monitoring Framework
 
Biznet Gio Presentation - Database Security
Biznet Gio Presentation - Database SecurityBiznet Gio Presentation - Database Security
Biznet Gio Presentation - Database Security
 
Biznet Gio Presentation - Cloud Computing
Biznet Gio Presentation - Cloud ComputingBiznet Gio Presentation - Cloud Computing
Biznet Gio Presentation - Cloud Computing
 
Bssn book security awarness
Bssn book security awarnessBssn book security awarness
Bssn book security awarness
 
Job vacancies cti group
Job vacancies cti groupJob vacancies cti group
Job vacancies cti group
 
Devops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source WayDevops Indonesia - DevSecOps - The Open Source Way
Devops Indonesia - DevSecOps - The Open Source Way
 
Devops indonesia - The Future Container
Devops indonesia - The Future ContainerDevops indonesia - The Future Container
Devops indonesia - The Future Container
 
Journey to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshiftJourney to the devops automation with docker kubernetes and openshift
Journey to the devops automation with docker kubernetes and openshift
 
War of Openstack Private Cloud Distribution
War of Openstack Private Cloud DistributionWar of Openstack Private Cloud Distribution
War of Openstack Private Cloud Distribution
 
create auto scale jboss cluster with openshift
create auto scale jboss cluster with openshiftcreate auto scale jboss cluster with openshift
create auto scale jboss cluster with openshift
 
Docker handons-workshop-for-charity
Docker handons-workshop-for-charityDocker handons-workshop-for-charity
Docker handons-workshop-for-charity
 

Último

I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirtrahman018755
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresencePC Doctors NET
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebJie Liau
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsrahman018755
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfOndejSur
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxChloeMeadows1
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsrahman018755
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.Tortogel
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideVarun Mithran
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?Linksys Velop Login
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfappinfoedgeca
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkklolsDocherty
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appscristianmanaila2
 

Último (16)

I’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 ShirtI’ll See Y’All Motherfuckers In Game 7 Shirt
I’ll See Y’All Motherfuckers In Game 7 Shirt
 
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital PresenceCyber Security Services Unveiled: Strategies to Secure Your Digital Presence
Cyber Security Services Unveiled: Strategies to Secure Your Digital Presence
 
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
Pvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdfPvtaan Social media marketing proposal.pdf
Pvtaan Social media marketing proposal.pdf
 
Thank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirtsThank You Luv I’ll Never Walk Alone Again T shirts
Thank You Luv I’ll Never Walk Alone Again T shirts
 
Statistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdfStatistical Analysis of DNS Latencies.pdf
Statistical Analysis of DNS Latencies.pdf
 
Production 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptxProduction 2024 sunderland culture final - Copy.pptx
Production 2024 sunderland culture final - Copy.pptx
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 
Reggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirtsReggie miller choke t shirts
Reggie miller choke t shirtsReggie miller choke t shirts
 
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
TORTOGEL TELAH MENJADI SALAH SATU PLATFORM PERMAINAN PALING FAVORIT.
 
Bug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's GuideBug Bounty Blueprint : A Beginner's Guide
Bug Bounty Blueprint : A Beginner's Guide
 
How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?How Do I Begin the Linksys Velop Setup Process?
How Do I Begin the Linksys Velop Setup Process?
 
GOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdfGOOGLE Io 2024 At takes center stage.pdf
GOOGLE Io 2024 At takes center stage.pdf
 
Premier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdfPremier Mobile App Development Agency in USA.pdf
Premier Mobile App Development Agency in USA.pdf
 
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkkaudience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
audience research (emma) 1.pptxkkkkkkkkkkkkkkkkk
 
Development Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of appsDevelopment Lifecycle.pptx for the secure development of apps
Development Lifecycle.pptx for the secure development of apps
 

Biznet GIO National Seminar on Digital Forensics

  • 1. CLOUD INFRASTRUCTURE Architecture & Security 14 June 2021 – 3rd National Seminar on Digital Forensics
  • 3. Yusuf Hadiwinata Sutandar Linux Geek, Opensource Enthusiast, Security Hobbies RHCT, RHCSAv5-v7, RHCEv5-v7, RHCVA, RHCI, RHCX, RHCSA- RHOS, RHCJA, CEI, CEH, CHFI, CND, EDRP , CCNA, MCTCNA, Security+, Network+, VCA, vExpert 2017-2018 VP Operation & Services – PT Biznet Gio Nusantara Introduction Disclaimer: All the information on this slide has been pass Legal & Compliance review on PT Biznet GIO Nusantara or the resources is Public accessible on the Internet
  • 4. “Cloud security is a discipline of cyber security dedicated to securing cloud computing systems.” “This includes keeping data private and safe across online- based infrastructure, applications, and platforms. Securing these systems involves the efforts of cloud providers and the clientsthat use them, whether an individual, small to medium business, or enterprise uses.” “Its shared between the cloud provider and the customer. There are basically three categories of responsibilities in the Shared Responsibility Model” What is Cloud Security
  • 5. • Data security • Identity and access management (IAM) • Governance (policies on threat prevention, detection, and mitigation) • Data retention (DR) and business continuity (BC) planning • Legal compliance At its Core, Cloud Security is Composed of the Following Categories
  • 7. Shared Responsibility Varies by Provider and Service Type In a traditional data center model, Company are responsible for security across entire operating environment, including applications, physical servers, user controls, and even physical building security. In a cloud environment, Cloud provider offers valuable relief to customer teams by taking on a share of many operational burdens, including security.
  • 8. Security-Centric Frameworks • ISO 27001 : 2013 • ISO 27017 : 2015 • ISO 27018 : 2019 • ISO 27701 : 2019 Industry & Location-Specific Regulations • Credit Card Payments: PCI DSS / PA DSS • Healthcare: HIPAA • Singapore: MAS-TRM • Malaysia: BNM-RMiT • Australia: APRA Prudential Practice Guide CPG 234 • EU: GDPR • NIST Cybersecurity Framework • CIS Controls • CSA STAR - Cloud Security Alliance (CSA) Security Trust And Risk Assurance (STAR) Regulation and Compliance On Cloud Security
  • 9. The framework provides a foundation for building and improving Biznet GIO Cloud deployments using four key principles: • Operational excellence - Guidance on how to make design choices in the cloud to improve your operational efficiency. These include approaches for automating the build process, implementing monitoring and disaster recovery planning. • Security, privacy and compliance - Guidance on various security controls can choose along with a list of products and features best suited to support security needs for your deployments. • Reliability - How to build reliable and highly available solutions. Recommendations include defining reliability goals, improving Biznet GIO approach to observability (including monitoring), establishing an incident management function, and techniques to measure and reduce the operational burden on Biznet GIO teams. • Performance Cost Optimization - Suggestions on various available tools to tune your applications for a better end-user experience and analyze the cost of operation on Biznet GIO Cloud, while maintaining an acceptable level of service. Biznet GIO Well- Architected Lenses
  • 10. How Biznet GIO Choose the framework • Discover: Use the framework as a discovery guide for Biznet GIO Cloud Platform offerings and learn how the various pieces fit together to build solutions. • Evaluate: Use the design questions outlined in each section to guide thought process while thinking about Biznet GIO system design. • Review: If you’re already on Biznet GIO Cloud, use the recommendations section to verify if you are following best practices or as a pulse check to review before deploying to production. Biznet GIO Well- Architected Lenses
  • 12. PCI Data Security Standard Goal PCI DSS Requirements Build and Maintain a Secure Network and Systems 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Implement Strong Access Control Measures 7. Restrict access to cardholder data by business need to know 8. Identify and authenticate access to system components 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy 12. Maintain a policy that addresses information security for all personnel Source PCI-DSS
  • 13. PCI-DSS: Build and Maintain a Secure Network and Systems
  • 14. Install and Maintain Firewall Biznet GIO Management Infrastructure and Services Portal Layer 4 Statefull Firewall Layer 7 Statefull Firewall Customer Isolate Network and Infrastructure Layer 4- 7 Firewall • Azure WAF • Azure DDoS Protection • VMware NSX Edge • Google Cloud Armor • AWS WAF • etc External DDoS Protection, Scrubbing and Blackhole • Cloudflare • Akamai • Incapsula The Customer is responsible for establishing and implementing firewall and router configuration standards. IDS IPS Thread Analysis High Level Firewall Topology Design
  • 15. PCI-DSS Firewall Detail Biznet GIO Infrastructure Firewall Database Traffic Analysis Sandbox Analysis Statefull Inspection Anomali Detection Biznet GIO Infrastructure Biznet GIO Shared Service Infrastructure Default Deny All Super Spine DMZ Public Network Spine Private Network 1 Private Network 3 Biznet GIO Critical Infrastructure Biznet GIO Product Infrastructure Leaf Private Network 2 WAF NAT Log Collection SIEM Monitoring Alerting Private Network MNG
  • 16. Use Case of Firewall Topology Study Case Asiangames2018
  • 17. Install and Maintain Firewall Study Case Asiangames2018 - Copyright ITTD
  • 18. Install and Maintain Multi-Zone Firewall ← WAF Protection Internal Internal WAF Protection to mitigate attack from Internal Network ← DDoS + WAF Protection Layer 4/7 DDoS Protection to Scrub DDoS Attack ← WAF Protection Additional WAF Protection using different Database Attack Study Case Asiangames2018 - Copyright Yusuf Hadiwinata
  • 19. Examine Data-flow Diagram and Interview Personnel to Verify the Diagram "Data-flow diagrams identify the location of all data that is stored, processed, or transmitted within the network. Network and cardholder data-flow diagrams help an organization to understand and keep track of the scope of their environment, by showing how cardholder data flows across networks and between individual systems and devices." Source OpenIO
  • 20. Visibility for Logical Data Input Flow Study Case Asiangames2018 - Copyright ITTD
  • 22. Hardening Standard Sources of industry-accepted system hardening standards may include, but are not limited to: • Center for Internet Security (CIS) • International Organization for Standardization (ISO) • SysAdmin Audit Network Security (SANS) Institute • National Institute of Standards Technology (NIST). • ISSAF (Information Systems Security Assessment Framework)
  • 23. Secure Configuratio n Standard for Cloud Image Source CIS Operating System Focus-Hardening
  • 24. Secure Confi guration Standard for Cloud Image List of Hardened Image • CIS Debian Linux 9 & 10 Benchmark • CIS Ubuntu Linux 16.04, 18.04, 20.04 LTS Benchmark (include container) • CIS CentOS Linux 6, 7, 8 Benchmark (include container version) • CIS Oracle Linux 6,7, 8 Benchmark • CIS RHEL Linux 6, 7, 8 Benchmark (include container version) • CIS SUSE Linux Enterprise 12 & 15 Benchmark • CIS NGINX on Centos Linux 7 Benchmark Webserver • CIS NGINX on Ubuntu Linux 18.04 LTS Benchmark Container • CIS PostgreSQL 11 on CentOS Linux 7 Benchmark • CIS PostgreSQL 10 on Ubuntu Linux 18.04 LTS Benchmark Container • CIS Microsoft Windows Server 2008, 2012, 2016, 2018 R2 Benchmark Operating System Focus-Hardening
  • 26. Information Systems Security Assessment Framework Network Focus-Hardening • Wireless Security Assessment • Switch Security Assessment • Router Security Assessment • Firewall Security Assessment • Network Footprinting (Reconnaissance) • Network Backbone
  • 30. BGP Hijacking Prevention and Notification • Any of BGN prefixes loses visibility • Any of BGN prefixes is hijacked • BGN AS is announcing RPKI invalid prefixes (e.g., not matching prefix length) • BGN AS is announcing prefixes not covered by ROAs • ROAs covering your prefixes are no longer reachable (e.g., TA malfunction) • a ROA involving any of BGN prefixes or ASes was deleted/added/edited • BGN AS is announcing a new prefix that was never announced before • One of the AS paths used to reach BGN prefix matches a specific condition defined by you.
  • 31. The CDN and Cloud Programme Actions 1. Prevent propagation of incorrect routing information 2. Prevent traffic with illegitimate source IP addresses 3. Facilitate global operational communication and coordination 4. Facilitate validation of routing information on a global scale 5. Encourage MANRS adoption 6. Provide monitoring and debugging tools to the peering partners https://www.manrs.org/cdn-cloud-providers/ Securing the World Routing
  • 32. Implement RPKI On Network https://www.manrs.org/about/testimonial/testimonial-from-pt-biznet-gio-nusantara/ Securing the World Routing
  • 34. Database security is more than just important: it is essential to any company with any online component. Sufficient database security prevents data bring lost or compromised, which may have serious ramifications for the company both in terms of finances and reputation Importance of Database Security and Integrity
  • 36. Data Security Logical Architecture View • Implement logging on all component • Implement Audit on all component • Encrypt the Database and the Backup • Implement Data Masking and SQL Firewall
  • 37. • Discover, classify and prioritize the databases containing your valuable information whether cloud based or on-premise • Discover, Track and Manage Your SQL Server Inventory • Manage known databases on your network and in the cloud; discover unknown databases outside the scope of current compliance controls Inventory Data Sources
  • 39. • Define and manage security standards and compliance policies to be used to assess database security posture • Schedule or run ad-hoc job- based assessments to quantify cloud based or on- premise database adherence to selected policies Continuous Testing
  • 40. • Fix potentially harmful password configurations, table access grants, user roles and other vulnerable areas identified in assessment of database assets. • Conduct regular and continuous assessments to identify issues and ensure that they are remediated in a timely manner. Eliminates Vulnerabilities
  • 41. • Ensure employees and applications have only the rights needed to do their jobs • Understand who has access to what data and how they’ve been granted that access Key Point: Analyze membership to powerful server roles and groups such as administrators, systems administrators, and security administrators to ensure the level of access is warranted. From a group, see the list of group members and select a member for further analysis. From a user, see the group memberships and drill upwards to view inherited permissions. Enforce Least Privileges
  • 42. • Inspect database access and activities for policy violations and attempted attacks • Audit actions of known privileged users as well as administrative activity Monitor for Anomalies
  • 43. Fraud Detection Logical Architecture View Its highly recommended to Have Fraud Prevention and Data Leak Prevention Staff to monitor potential Data Leak and Fraud on the Organization
  • 44. • Deploy policy-based Activity Monitoring to create an easily managed set of actionable security and compliance alerts. • Transparent Data Encryption (TDE) to protect sensitive data • Database Firewall acts as the first line of defense for databases, helping prevent internal and external attacks from reaching the database Protecting The Data
  • 45. Data Leak Monitoring for Data Leak Prevention Logging and monitor all the User activity related to Data Access or sensitive document
  • 46. Audit and Respond to suspicious activity and policy violations in real time • Send an alert to IT Security to prompt further investigation. • Notify the SIEM system to correlate database activity with web application logs. • Initiate a malware scan to remove any injected code. • Lockout the user’s account to prevent further attempts to access sensitive data. Respond to Incident
  • 48. Example Access Flow to Critical Infrastructure Admin From Internet VPN Gateway 2fa Authenticator Directory Service & Audit Privileged Access Management or Jump/Step Server Server Server Server Farm Record desktop user activity, file transfer, and command history Sent log to Centralize log server and analyze on SIEM Alert and Notification DMZ Encrypted connection 7.1 Limit access to system components and critical data to only those individuals whose job requires such access.
  • 49. Role Based Access Control (RBAC) 7.1.1 Define access needs for each role, including: • System components and data resources that each role needs to access for their job function • Level of privilege required (for example, user, administrator, etc.) for accessing resources. Source DNStuff
  • 50. Attribute Based Access Control (ABAC) ABAC is implemented to reduce risks due to unauthorized access, as it can control security and access on a more fine-grained basis 7.2 Establish an access control system for systems components that restricts access based on a user’s need to know, and is set to “deny all” unless specifically allowed. This access control system must include the following: Source DNStuff
  • 54. SIEM Alerting and Notification Many breaches occur over days or months before being detected. Regular log reviews by personnel or automated means can identify and proactively address unauthorized access to the cardholder data environment. The log review process does not have to be manual. The use of log harvesting, parsing, and alerting tools can help facilitate the process by identifying log events that need to be reviewed.
  • 56. User Risk Ranking Monitoring Logging mechaniss and the ability to track user activities are critical in preventing, detecting, or minimizing the impact of a data compromise
  • 60. Continuous Penetration Testing Regularly pentest and scan infrastructure based on up-to-date signature database
  • 63. Establish, publish, maintain, and disseminate a security policy. "A company's information security policy creates the roadmap for implementing security measures to protect its most valuable assets. All personnel should be aware of the sensitivity of data and their responsibilities for protecting it."
  • 64. Example Policy need to Provide and Maintain • Access Control Policy • Application Security Sample report • Change Management Process • Clean Desk Policy • Connected Entities • Corporate Roles & Responsibilities • Development Policy • Disaster Recovery Process • Document Generation • Electronic Communication Policy • Email Policy • Incident Response Process • Information Security Policy • Internal Audit Procedure • Internal Audit Report • Malicious Code Policy • Network Security Policy • Operational Procedure • Physical Access Policy • Risk Assessment Methodology • SOP Asset Management • SOP Development • SOP for SOP
  • 65. Implement Risk- Assessment Process The main objective of Risk Assessment is to estimate the Risks that affect the current Biznet GIO assets. This is done by 1. Identifying Biznet GIO Assets, and defining their value as per the requirements of Confidentiality, Integrity and Availability. 2. Identifying the Vulnerabilitiesin the system and their value. 3. Identifying the Threats that can exploit these Vulnerabilities. 4. Estimating the probability of a Threat. 5. Calculating the Risk and then sorting them as per their relative significance. 6. Interpreting the results
  • 66. Risk- Assessment Threat Matrix Example No Threat Events Source 1 Natural Causes (Flood, Fire, Animals, etc.) External 2 Cyber Crime (DDoS, Flooding, Abuse Usage etc.) External 3 Social Engineering (Impersonation, Shoulder Surfing) External 4 Vendor Failure (ISP failure, Disgruntled Vendor, etc.) External 5 Theft (Theft of Data, Theft of Hardware, Hacking etc.) External 6 Change of Regulation External 7 Unauthorized Access (copying, manipulation of data, etc.) Internal 8 Loss/deletion of data (Loss Integrity, data deletion, human error etc.) Internal 9 Hardware Failure (UPS, Cable, Disk, Power, etc.) Internal 10 Software Failure (bug, virus, OS, etc) Internal
  • 67. Risk Calculation Matrix Example Asset Classification • Hardcopy Asset:Contract documents, NDA, PKWT, Legal, etc • Softcopy Asset:SOP , Payroll, etc • People Asset:Top Level, VP , Operational Staff, etc • Data Asset:Customer List, Infra Data, Cust Subscription • Electronic Asset: Branding, Event Report, Billing, etc • Software Asset:Windows, Linux, Portal Software, etc • Physical Asset:Laptop, PC, Server, Storage, etc • Physical Facility:Main Office, Branch Office, Data Center • Organizational Issue:Human Aspect, Market Factor, Regulation Factor • Interested Parties: Customer, Supplier, Investor, etc
  • 68. No Asset Description of Asset Type of Threat Risk Owner Confidentiality Integrity Availability Asset Value 1 Resource Internal Issue • Natural Causes • Vendor Failure • Theft • Hardware Failure • Software Failure Top Management 3 2 2 7 2 Human Aspects Internal Issue • Social Engineering • Change of Regulation Top Management 3 2 3 8 3 Managements Internal Issue • Social Engineering • Change of Regulation Top Management 3 2 3 8 Risk Calculation Matrix Example
  • 69. Risk Treatment Plan No Process/ Function Asset Potential Failure Severity Level Mitigation 1 MarketingMarketing's Asset Deletion of data Low Use data recovery in the cloud, disciplinary process 2 MarketingMarketing's Asset Unauthorized copying Low Disciplinary Process, destroy the copy 3 Sales Customer related (list, tickets, etc.) Sabotage, Tampering Medium Gather the evidence and report to authority 4 Sales Customer related (list, tickets, etc.) Deletion of data Low Use data recovery in the cloud 5 Sales Customer related (list, tickets, etc.) Unauthorized copying Medium Disciplinary Process, destroy the copy 6 Sales Sales's confidential Asset (contract, report, etc.) Unauthorized copying Medium Disciplinary Process, destroy the copy Risk Treatment Plan Example
  • 71. NIST Cloud Computing Forensic Science Challenges Various process models have been developed for digital forensics, including the following distinctive steps and attributes 1. Search authority. Legal authority is required to conduct a search and/or seizure of data. 2. Chain of custody. In legal contexts, chronological documentation of access and handling of evidentiary items is required to avoid allegations of evidence tampering or misconduct. 3. Imaging/hashing function. When items containing potential digital evidence are found, each should be carefully duplicated and then hashed to validate the integrity of the copy. 4. Validated tools. When possible, tools used for forensics should be validated to ensure reliability and correctness. 5. Analysis. Forensic analysis is the execution of investigative and analy tical techniques to examine, analyze, and interpret the evidentiary artifacts retrieved
  • 72. NIST Cloud Computing Forensic Science Challenges Identification stage Challange 1. Access to evidence in logs 2. Physical inaccessibility 3. Volatile data 4. Client side identification 5. Dependence on cloud service provider - trust Preservation Collection Stage 1. Integrity and stability - multi-tenancy and privacy 2. Imaging 3. Bandwidth limitation 4. Multi-jurisdiction distribution - collaboration 5. Dependence on cloud service provider - trust Examination analysis stage 1. Lack of forensic tools 2. Volume of data 3. Encryption 4. Time synchronization—reconstruction 5. Unification of log formats
  • 73. Cloud Forensics Tips Disk Imaging and Acquisition tips 1. Rsync – Raw copy Virtualization disk image (eg: qcow, vmdk, etc) 2. Using Clone or Snapshoot features on Cloud provider portal to clone instance 3. Using Suspends or Pause features on Cloud provider portal to maintain integrity 4. Take note the software and version for future investigation on Lab
  • 74.
  • 76. Connectivity 10 Gbps Local​ 1 Gbps International​ Redundant with Same Backup Link Capacity​ from different Providers MULTIPLE AVAILABILITY ZONES & CLOUD CONNECTIVITY ✓ Scalability & High Availability ✓ Business Continuity Planning ✓ Disaster Recovery Center ✓ Hybrid Cloud Data Center 1 Technovillage Cimanggis JAWA BARAT Data Center 2 MidPlaza Sudirman JAKARTA Data Center 3 BANTEN Inclusive Inter-DC Link for up to 10 Gbps
  • 77. PRIVACY COMMITMENTAND SECURITY SOC 2 Type 2 Service Organization Control Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy These reports are intended to meet the needs of a broad range of users that need detailed information and assurance about the controls at a service organization relevant to security, availability, and processing integrity of the systemsthe service organization uses to process users’ data and the confidentiality and privacy of the information processed by these systems…. Type 2 report on management’s description of a service organization’s system and the suitability of the design and operating effectiveness of controls; Type 1 report on management’s description of a service organization’s system and the suitability of the design of controls. Use of these reports are restricted. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2rep ort.html The First Local Cloud Service Provider with 3 Security Certification
  • 78. BIZNETGIO SERVICE ADVANTAGES 24 Hours Local Support Managed Service Response Time < 15 minutes Uptime SLA 99.9% Unlimited Network Traffic Bandwidth up to 10 Gbps No Traffic Quota Design, Implement to Day to day Operations 81
  • 79. Investigation Process on Biznet GIO Mailing/e-Mail Search Warrant To Biznet GIO Address Biznet GIO CEO Biznet Legal PIC and NDA Signing Subject Matter Expert Evidence Collection Domain Expert Security Expert Evidence Collection Evidence Collection
  • 80. In today’s world, people put most everything on computes/cloud. We need the forensics capability to go in and retrieve that information off the company’s networks - Earl Devaney For any Inquiry related security : security@biznetgio.com