Hasil Pencarian  ::  Simpan CSV :: Kembali

"The 12 revised full papers were carefully reviewed and selected from numerous submissions. The papers address all aspects of fault tolerance and exception handling, safety modeling, supporting evolution, resilience in service-oriented computing, and applying formal methods in case studies."

"Skripsi ini membahas mengenai penerapan pasal perlindungan data pribadi yang terdapat dalam Undang-undang No. 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik yang dikaitkan dengan praktik layanan komputasi awan yang saat ini sedang berkembang pesat. Kebutuhan komputasi awan diperkirakan akan mengalami peningkatan yang sangat besar di masa mendatang. Hal tersebut didorong makin banyaknya penggunaan perangkat yang terhubung ke internet dan membutuhkan akses layanan berbasis data secara real time. Sebagai sebuah jenis layanan yang masih tergolong baru di Indonesia, isu keamanan dan perlindungan data pribadi dinilai masih menjadi poin penting yang dikhawatirkan dalam adopsi komputasi awan di Indonesia, menyusul banyaknya kasus pembobolan data yang merugikan pengguna layanan berbasis media elektronik seperti telepon selular dan kartu kredit. Dalam penelitian ini akan dibahas mengenai konsep umum perlindungan data, peraturan perundang-undangan yang mengatur tentang perlindungan data baik di dalam maupun luar negeri, tinjauan umum dari komputasi awan, analisis pasal 26 UU ITE dan tanggung jawab dari penyedia layanan komputasi awan terhadap data pribadi pengguna layanannya.

---

This paper discusses around the application of article about personal data protection that contained in Law No. 11 Year 2008 on Information and Electronic Transaction associated with the practice of cloud computing service that is growing rapidly nowadays. The need of cloud computing are predicted to get a huge increase in the future. It is driven more and more use of the devices that connected to the internet and require access to data-based services in real time. As a kind of the new service in Indonesia, the issue of security and personal data protection is still considered to be an important point of concern in the adoption of cloud computing in Indonesia, following a number of data leaked cases that adverse subject data of electronic media-based services such as mobile phones and credit cards. In this study will be discussed on the general concept of data protection, laws and regulations governing data protection both inside and outside the country, an overview of cloud computing, analysis of article 26 of Law of Information and Electroninc Transactions and responsibilities of providers of cloud computing services to the user's personal data from its services."

"The papers combine topics like modeling, benchmarking, testing, performance evaluation, and dependability, and aim at academic and industrial researchers in these areas as well as graduate students and lecturers in related fields."

"The critical infrastructure protection survey recently released by Symantec found that 53% of interviewed IT security experts from international companies experienced at least ten cyber attacks in the last five years, and financial institutions were often subject to some of the most sophisticated and large-scale cyber attacks and frauds.The book by Baldoni and Chockler analyzes the structure of software infrastructures found in the financial domain, their vulnerabilities to cyber attacks and the existing protection mechanisms. It then shows the advantages of sharing information among financial players in order to detect and quickly react to cyber attacks. Various aspects associated with information sharing are investigated from the organizational, cultural and legislative perspectives. The presentation is organized in two parts: Part I explores general issues associated with information sharing in the financial sector and is intended to set the stage for the vertical IT middleware solution proposed in Part II. Nonetheless, it is self-contained and details a survey of various types of critical infrastructure along with their vulnerability analysis, which has not yet appeared in a textbook-style publication elsewhere. Part II then presents the CoMiFin middleware for collaborative protection of the financial infrastructure."

"This volume constitutes the refereed proceedings of the 6th IFIP WG 11.2 International Workshop on Information Security Theory and Practice: Security, Privacy and Trust in Computing Systems and Ambient Intelligent Ecosystems, WISTP 2012, held in Egham, UK, in June 2012. The 9 revised full papers and 8 short papers presented together with three keynote speeches were carefully reviewed and selected from numerous submissions. They are organized in topical sections on protocols, privacy, policy and access control, multi-party computation, cryptography, and mobile security."

"Salah satu tantangan utama investigasi insiden kebocoran data adalah tidak tersedianya kerangka kerja spesifik yang sesuai dengan karakteristik insiden kebocoran, disertai langkah-langkah yang jelas dan memberikan hasil investigasi yang komprehensif. Tantangan lain berupa proses analisis terhadap logs berjumlah besar akan menghabiskan waktu dan berpotensi terjadi human-error bila dilakukan secara manual. Pendekatan machine learning (ML) dapat dijadikan solusi, namun kinerja ML seringkali tidak optimal dikarenakan kondisi ketidakseimbangan dataset. Untuk itu, pada penelitian ini dikembangkan kerangka kerja forensik digital baru yang bernama KARAFFE (Kalamullah Ramli–Arif Rahman Hakim–Forensic Framework for Exfiltration), yang bersifat spesifik sesuai dengan karakteristik kebocoran data. Tahapan dan komponen pada KARAFFE mampu menghasilkan jawaban atas pertanyaan investigatif berupa What, When, Who, Where, Why dan How (5WH) dari insiden yang diinvestigasi. Berdasarkan karakteristik pembanding yang ditetapkan, KARAFFE memenuhi enam indikator karakteristik mengungguli kerangka kerja existing lainnya. Lebih lanjut, analisis studi kasus menunjukkan bahwa KARAFFE mampu menginvestigasi insiden secara utuh disertai jawaban 5WH yang lengkap atas insiden yang diuji. Metode lain yang dikembangkan adalah ARKAIV (Arif Rahman Hakim-Kalamullah Ramli-Advanced Investigation). Metode ARKAIV berbasis ML mampu memprediksi terjadinya exfilration berdasarkan event logs yang dipetakan ke adversarial tactics. Untuk prediksi tersebut dilakukan modifikasi dataset berupa rangkain tactics dengan exfiltration sebagai target dan didesain skema resampling untuk mengatasi kondisi ketidakseimbangan dataset. SMOTEENN menghasilkan kinerja terbaik mengungguli empat teknik resampling lainnya, dengan meningkatkan nilai geometric-mean 0 pada initial dataset menjadi 0.99 pada resampled dataset. Selain itu, model ML pada metode ARKAIV dipilih dengan kinerja paling optimal berdasarkan lima teknik feature selection, menerapkan lima classifiers ML, dan dua teknik validasi model. Hasil ML-ARKAIV menunjukkan bahwa Random Forest melampaui kinerja empat classifiers lainnya (XGBoost, Logistic Regression, Naive Bayes, dan Support Vector Machine), dengan mean accuracy sebesar 99.1% (5-folds), 99.8% (10-folds), 99.7% (5-folds 5-repetitions), dan 99.74% (10-folds 10-repetitions). Selain itu, analisis studi kasus menunjukkan bahwa ARKAIV mampu memprediksi secara akurat dua insiden exfiltration dan satu insiden non-exfiltration. Dengan demikian, ARKAIV menunjukkan konsistensi kinerja dan efektifitasnya dalam memprediksi terjadinya exfiltration dalam berbagai skenario.

---

One of the primary challenges in investigating data breach incidents is the lack of a specific framework tailored to the characteristics of such incidents, accompanied by clear steps to ensure comprehensive investigative results. Another challenge lies in the analysis of large volumes of logs, which is time-consuming and prone to human error when performed manually. Machine learning (ML) approaches offer a potential solution; however, their performance is often suboptimal due to the imbalance in datasets. This study proposes a novel digital forensic framework named KARAFFE, designed specifically to address the unique characteristics of data breach incidents. The stages and components of KARAFFE are structured to answer investigative questions encompassing What, When, Who, Where, Why, and How (5WH) of the incidents under investigation. Case study analysis demonstrates that KARAFFE provides a complete investigation of incidents, delivering comprehensive 5WH responses for the examined cases. Based on the established comparative characteristics, KARAFFE meets six key indicators, outperforming other existing frameworks. Furthermore, the case study analysis demonstrates that KARAFFE enables comprehensive incident investigation, providing complete 5WH answers for the tested incidents. Additionally, this study introduces the ARKAIV method. ARKAIV is an ML-based approach capable of predicting exfiltration attacks based on event logs mapped to adversarial tactics. To facilitate these predictions, the dataset was modified to include a sequence of tactics with exfiltration as the target, and a resampling scheme was designed to address dataset imbalance. SMOTEENN achieved the best performance, surpassing four other resampling techniques by improving the geometric mean value from 0 on the initial dataset to 0.99 on the resampled dataset. Furthermore, the ML models in ARKAIV were selected for optimal performance through the application of five feature selection techniques, five ML classifiers, and two model validation methods. The results of ML-ARKAIV indicate that Random Forest outperformed four other classifiers (XGBoost, Logistic Regression, Naive Bayes, and Support Vector Machine), with mean accuracy rates of 99.1% (5-folds), 99.8% (10-folds), 99.7% (5-folds with 5 repetitions), and 99.74% (10-folds with 10 repetitions). Additionally, the case study analysis demonstrated that ARKAIV accurately predicted two exfiltration incidents and one non-exfiltration incident. These findings underscore ARKAIV's consistent performance and effectiveness in predicting exfiltration across various scenarios."

"Sertifikasi di lingkungan Direktorat XYZ sebagai salah satu aktivitas utama di lingkungan Direktorat XYZ tidak lepas dari peran SI/TI untuk mendukung layanan sertifikasi secara optimal, yang pada akhirnya dapat memberikan layanan optimal sertifikasi. Agar dapat memberikan layanan prima sertifikasi, diperlukan adanya data yang berkualitas, yang dapat memenuhi kriteria, reliabilitas, integritas, dan ketersediaannya.COBIT 4.1 dan SNI ISO/IEC 27001:2009 merupakan kerangka kerja tata kelola TI dan standar keamanan informasi yang merupakan praktik terbaik. Pengkombinasian keduanya dalam penyusunan kebijakan tata kelola TI digunakan dalam penelitian sebagai dasar dalam penyusunan rancangan kebijakan dan prosedur pengelolaan data, dengan harapan dapat menghasilkan kebijakan dan prosedur yang komprehensif dan memberikan manfaat pengelolaan keamanan informasi bagi organisasi yang menerapkan keduanya.Metode yang digunakan dalam penelitian ini adalah observasi, kuisioner dan wawancara berdasarkan COBIT 4.1 dan SNI ISO/IEC 27001:2009. Selain itu, digunakan metode Delphi untuk validasi rancangan kebijakan dan prosedur. Berdasarkan hasil penilaian dan analisis risiko, dipilih kontrol-kontrol yang dapat diterapkan untuk meningkatkan keamanan informasi. Kontrol-kontrol tersebut dimasukkan dalam rancangan kebijakan dan prosedur keamanan informasi. Berdasarkan hasil kuisioner dan wawancara, dilakukan identifikasi dan analisis hasil pengukuran kematangan, analisis kesenjangan tingkat kinerja dan tingkat kematangan, analisis hasil penilaian risiko, identifikasi dan analisis dampak, identifikasi dan analisis kelemahan kontrol. Berdasarkan COBIT 4.1 dipilih proses-proses yang menghasilkan masukan (input) dalam proses pengelolaan data dan memastikan keamanan sistem sebagai aktivitas dan proses dalam rancangan kebijakan dan prosedur pengelolaan data.Hasil pengukuran kinerja berdasarkan COBIT 4.1 menunjukkan bahwa kinerja DS5 dann DS11 masih kurang. Sedangkan hasil pengukuran kematangan menunjukkan proses pengelolaan data dan memastikan keamanan sistem berada pada tingkat 2 (dua), dengan harapan tingkat kematangan berada pada tingkat 4 (empat). Berdasar hasil penilaian kematangan disusun rekomendasi tindakan perbaikan untuk peningkatan kematangan, antara lain penyusunan kebijakan dan prosedur pengelolaan data dengan memperhatikan aspek keamanan sistem serta tim/kelompok kerja yang bertugas mengevaluasi dan mengawasi pelaksanaan kebijakan dan prosedur. Pengendalian dalam kebijakan dan prosedur keamanan informasi sesuai dengan ISO/IEC 27001:2005 meliputi pengendalian: organisasi keamanan informasi,pengelolaan aset informasi, keamanan SDM, keamanan fisik dan lingkungan, pengelolaan komunikasi dan operasional, pengaturan akses, keamanan informasi dalam pengadaan dan pemeliharaan sistem informasi, pengelolaan gangguan keamanan informasi, keamanan informasi dalam pengelolaan kealngsungan kegiatan, dan kepatuhan.Dalam rancangan kebijakan dan prosedur pengelolaan data dengan memperhatikan aspek keamanan informasi, COBIT 4.1 digunakan sebagai payung kebijakan tata kelola TI khususnya pada pengelolaan data; sedangkan dan ISO/IEC 27001:2005 digunakan sebagai acuan dalam penyusunan kebijakan keamanan informasi. Keduanya saling melengkapi menghasilkan kebijakan dan prosedur yang komprehensif mencakup people, process, dan technology untuk mencapai kerahasiaan, ketersediaan, dan integritas informasi. Kerahasiaan, ketersediaan, dan integritas data dan informasi dicapai melalui aktivitas dan proses serta kontrol yang sesuai untuk diterapkan.

---

Certification in Directorate XYZ as one of the main activities of the Directorate XYZ can’t be separated from the role of IS / IT to support optimal certification services, which in turn can provide excellent service in certification. In order to provide excellent service certification, that is required a high-quality data, which can meet the criteria, reliability, integrity, and availability.

COBIT 4.1 and ISO / IEC 27001:2009 is an IT governance framework and information security standards that are best practices. Combine both in policy making IT governance is used in this research as a basis for drafting policies and procedures of data management, with the hope of producing a comprehensive policy and procedures and provide the benefits of information security management for organizations that implement them. The method used in this study is the observation, questionnaires and interviews based on COBIT 4.1 and ISO / IEC 27001:2009. In addition, the Delphi method was used to validate the design of policies and procedures. Based on the results of risk assessment and analysis, controls that can be applied to improve information security are selected. The controls are incorporated in the draft of information security policies and procedures. Based on the results of questionnaires and interviews, to identify and analyze the results of the measurement of maturity, gap analysis and the maturity level of performance, analysis of the results of risk assessment, identification and impact analysis, identification and analysis of control weaknesses. This selection is based on COBIT 4.1 processes that produce inputs to the data management process and ensure the security of the system as activities and processes in the design of data management policies and procedures.

The results of performance measurements based on COBIT 4.1 shows that the performance of DS5 and DS11 is still lacking. While the results of measurements show the maturity of data management and ensure the security of the system is at the level of 2 (two), in the hope of maturity level is at level 4 (four). Based on maturity assessments prepared recommendations for the improvement of the maturity of remedial actions, including design of policies and procedures for data management by taking into account the security aspects of the system and the team / work group charged with evaluating and overseeing the implementation of policies and procedures. Control the information security policies and procedures in accordance with ISO/IEC 27001:2005 covers control: the organization of information security, asset management information, human resources security, physical and environmental security, communications and operations management, access arrangements, the security of information in the procurement and maintenance of information systems, management of information security threats, business continuity management, and compliance.

In the design of policies and procedures with respect to data management aspects of information security, COBIT 4.1 is used as a reference policy governance of IT especially in data management; while and ISO / IEC 27001:2005 is used as a reference for information security policy. Both complement each other producing a comprehensive policy and procedures covering people, process, and technology to achieve confidentiality, availability, and integrity of information. Confidentiality, availability and integrity of data and information are achieved through the activities and processes and controls that are appropriate to be applied."