Hasil Pencarian  ::  Simpan CSV :: Kembali

"Collaboration with cloud computing discusses the risks associated with implementing these technologies across the enterprise and provides you with expert guidance on how to manage risk through policy changes and technical solutions.Drawing upon years of practical experience and using numerous examples and case studies, author Ric Messier discusses :- The evolving nature of information security- The risks, rewards, and security considerations when implementing SaaS, cloud computing and VoIP- Social media and security risks in the enterprise- The risks and rewards of allowing remote connectivity and accessibility to the enterprise network"

"It may seem a strange place to start, but a good beginning here is the Boston Marathon bombings in April, 2013 and the days that followed. In particular, the Friday when officials shut down the city of Boston and neighboring communities. Businesses all over the city were forced to shut down while the manhunt took place over the course of the day on Friday. While retail establishments were really out of luck because no one on the streets meant no one in the stores, other businesses were able to continue to operate because of a number of technologies that allowed remote workers to get access to their files, the systems they needed and their phone systems. Any business that implemented a full Unified Communications (UC) solution could have employees also communicating with instant messaging and know who was on-line because of the presence capabilities. Additionally, news of the events spread quickly and less because of news outlets who were, quite rightly, not allowed to provide specifics about many of the activities"-- Provided by publisher."

"Layanan cloud merupakan sumber daya infrastruktur yang efisien, fleksibel dan memiliki skalabilitas serta performa yang lebih baik. PT. Bank XYZ saat ini menggunakan layanan infrastruktur public cloud untuk 22 aplikasi non-transaksional namun menyimpan data pribadi nasabah. Meningkatnya tren serangan siber mendorong Bank XYZ untuk menetapkan indikator kinerja kunci zero incident data breach yang menjadi acuan dalam melakukan pengamanan informasi pada Bank XYZ. Namun, pada kenyataannya terdapat temuan kerentanan pada aplikasi Bank XYZ yang terletak di public cloud dan kebocoran kredensial akses public cloud yang menyebabkan terjadinya penyalahgunaan resource cloud. Kedua masalah ini dapat memberikan dampak terjadinya insiden kebocoran data yang pada akhirnya menimbulkan kerugian finansial dan reputasi bagi Bank XYZ. Salah satu penyebab utama dari masalah ini adalah belum adanya tata kelola keamanan informasi public cloud yang mendefinisikan secara jelas penentuan wewenang dan tanggung jawab perusahaan maupun penyedia layanan cloud. Oleh karena itu penelitian ini bertujuan untuk melakukan perancangan tata kelola keamanan informasi public cloud pada Bank XYZ. Framework yang digunakan dalam menyusun rancangan tata kelola keamanan informasi yaitu ISO/IEC 27001:2022, ISO/IEC 27002:2022, ISO/IEC 27017:2015. Selain itu ketentuan regulator POJK No.11/OJK.03/2022 dan Undang-Undang Perlindungan Data Pribadi (UU PDP) No.27 Tahun 2022 juga menjadi landasan teori dalam penyusunan tata kelola keamanan informasi public cloud. Pelaksanaan penelitian ini dilakukan dengan metode kualitatif yaitu melalui wawancara, Focus Group Discussion (FGD), dan analisis dokumen internal dan ketentuan terkait dengan tata kelola cloud. Wawancara, FGD, dan analisis dokumen yang dilakukan pada penelitian ini menghasilkan daftar risiko dan kontrol risiko yang harus diterapkan dalam pengamanan public cloud, yang kemudian digunakan sebagai dasar dalam menyusun rancangan tata kelola keamanan informasi public cloud pada Bank XYZ. Luaran dari penelitian ini adalah rancangan tata kelola keamanan informasi public cloud pada Bank XYZ.

---

Cloud services offer efficient, more scalability, better performance, and adaptable infrastructure resources. PT. Bank XYZ presently uses public cloud infrastructure services for 22 non-transactional applications that store customer data. The increasing cyber-attack trend has driven Bank XYZ to set a key performance indicator of a zero-incident data breach as the reference for securing information at Bank XYZ. However, system vulnerabilities were detected in the Bank XYZ application that uses public cloud infrastructure and leaks of cloud access credentials, leading to misuse of cloud resources. This problem may impact the occurrence of data leakage incidents that end up causing financial and reputational losses to Bank XYZ. One of the main causes of this problem is the absence of public cloud information security governance that clearly defines the authority and responsibility of companies and cloud service providers. Therefore, this research aims to establish public cloud information security governance for Bank XYZ. ISO/IEC 27001:2022, ISO/IEC 27002:2022, and ISO/IEC 27017:2015 were utilized to create the public cloud information security governance design. Regulatory compliance, such as POJK No.11/OJK.03/2022 and personal data protection law (UU PDP) No.27 of 2022, also provides a theoretical basis for developing public cloud information security governance. This study utilized qualitative approaches such as interviews, Focus Group Discussions (FGD), and an analysis of internal documentation and cloud governance compliance. The interviews, focus groups, and document analysis conducted for this study result in a list of risk controls that must be used in the public cloud, which is then used to establish public cloud information security governance for Bank XYZ. The outcome of this research is the design of Bank XYZ's public cloud information security governance."

"This book presents the latest research findings, as well as innovative theoretical and practical research results, methods and development techniques related to P2P, grid, cloud and Internet computing. It also reveals the synergies among such large scale computing paradigms. P2P, Grid, Cloud and Internet computing technologies have rapidly become established as breakthrough paradigms for solving complex problems by enabling aggregation and sharing of an increasing variety of distributed computational resources on a large scale.Grid computing originated as a paradigm for high-performance computing, offering an alternative to expensive supercomputers through different forms of large-scale distributed computing. P2P computing emerged as a new paradigm following on from client-server and web-based computing and has proved useful in the development of social networking, B2B (Business to Business), B2C (Business to Consumer), B2G (Business to Government), and B2E (Business to Employee). Cloud computing has been described as a “computing paradigm where the boundaries of computing are determined by economic rationale rather than technical limits”. Cloud computing has fast become the computing paradigm with applicability and adoption in all domains and providing utility computing at large scale. Lastly, Internet computing is the basis of any large-scale distributed computing paradigm; it has very quickly developed into a vast and flourishing field with enormous impact on today’s information societies and serving as a universal platform comprising a large variety of computing forms such as grid, P2P, cloud and mobile computing."

"Emerging trends in ICT security, an edited volume, discusses the foundations and theoretical aspects of ICT security; covers trends, analytics, assessments and frameworks necessary for performance analysis and evaluation; and gives you the state-of-the-art knowledge needed for successful deployment of security solutions in many environments. Application scenarios provide you with an insider?s look at security solutions deployed in real-life scenarios, including but limited to smart devices, biometrics, social media, big data security, and crowd sourcing."

"Teknologi komputasi cloud merupakan sebuah pool besar yang terdiri dari sumber daya komputasi yang di virtualisasikan, sehingga pengguna dapat mengakses dan menggunakannya. Cloud telah diadaptasi oleh banyak perusahaan besar di bidang IT, seperti Google, IBM, Amazon dan masih banyak lagi. Oleh karena itu, keamanan pada teknologi cloud menjadi prioritas utama, sehingga bisa terhindar dari serangan cyber. Advanced Persistent Threat (APT) merupakan sebuah serangan cyber yang bertujuan untuk mendapatkan akses terhadap sistem atau jaringan, sehingga bisa melakukan pencurian data. Berbeda dengan teknik pencurian data biasa yang bersifat "smash and grab", APT akan tetap berada pada sistem target dalam periode waktu tertentu, sehingga penyerang bisa mengakses dan mengambil data target secara terus menerus, tanpa bisa terdeteksi. Hal ini membuat APT menjadi salah satu ancaman cyber yang sulit untuk dicegah, khususnya pada cloud environment. Metode keamanan analitik menjadi salah satu solusi yang bisa digunakan untuk bisa mengatasi serangan APT pada cloud environment, hal ini dikarenakan data yang dihasilkan semakin banyak, dan infrastruktur dari cloud juga mempunyai kapasitas yang besar untuk bisa menangani banyak nya data yang dihasilkan, sehingga metode keamanan lama yang sering diterapkan menjadi tidak lagi efisien. Salah satu metode keamanan analitik yang dapat diterapkan pada teknologi cloud adalah dengan menggunakan Security Information Event Management (SIEM) yang disediakan oleh banyak vendor seperti IBM dengan IBM QRadar. Hasilnya didapatkan bahwa kinerja tingkat deteksi SIEM dengan IBM Qradar terhadap ancaman serangan APT tidak optimal dengan pendeteksian hanya sebesar 57,1% dan yang terdeteksi sebagai kategori penyerangan sebesar 42,9% dari total 4 serangan yang dilancarkan. Hal ini dikarenakan IBM Qradar memerlukan beberapa ekstensi tambahan, sehingga membutuhkan resource komputasi yang lebih besar agar bisa meningkatkan kemampuan deteksi terhadap serangan APT.

---

Cloud computing technology is a large pool of virtualized computing resources, so that users can access and use them. Cloud has been adapted by many large companies in the IT field, such as Google, IBM, Amazon and many more. Therefore, security in cloud technology is a top priority, so that it can avoid cyber attacks. Advanced Persistent Threat (APT) is a cyber attack that aims to gain access to a system or network, so that it can carry out data theft. Unlike the usual "smash and grab" data theft technique, the APT will remain on the target system for a certain period of time, so that attackers can access and retrieve target data continuously, without being detected. This makes APT one of the most difficult cyber threats to prevent, especially in cloud environments. Analytical security methods are one of the solutions that can be used to overcome APT attacks in the cloud environment, this is because more and more data is generated, and the infrastructure of the cloud also has a large capacity to be able to handle a lot of data generated, so the old security method which are often applied become inefficient. One of the analytical security methods that can be applied to cloud technology is to use Security Information Event Management (SIEM) that have been provided by many vendors such as IBM with IBM Qradar. The result shows that the performance of SIEM detection rate with IBM Qradar against APT attack is not optimal with only 57.1% detection rate and 42.9% detected as an attack category out of a total of 4 attacks launched. This is because IBM Qradar needs some additional extension, thus requiring more additional computing resources in order to increase the detection rate ability against APT attack."

"This book analyses the various security threats in cloud computing. A host-based IDS (HIDS) using signature verification is developed and implemented for the concerned security issues. Further, owing to the vulnerability of distributed denial of service (DDoS) attacks in cloud computing, a network based IDS (NIDS) is developed and implemented against such attacks. The performance of these IDS is verified in the Cloud scenario as well against the standard data set. Finally, a simple data storage and security model is developed and implemented for the Cloud computing scenario. The contents of this book will be of interest to researchers and professionals alike."

"Cloud computing is full of tremendous opportunity, but is also riddled with hype and confusion. Business and technology leaders know the cloud is essential, but they lack clarity and experience. To the Cloud cuts through the noise and addresses the Why, What, and How of enterprise cloud adoption. This unique guide lays out a four-step framework, leveraging the experience and best practices of Microsoft's own IT group. The book delivers end-to-end business and technology guidance, describing how to analyze application portfolios to identify good cloud candidates, choose the right cloud models, consider architecture and security, and understand how shifting operations to the cloud affects budgeting and staffing. Applicable to all cloud platforms and providers, this practical resource debunks myths, revealing that real clouds are more than just web hosting, virtualization, or the Internet itself rebranded. It takes a balanced approach, addressing concerns and hybrid adoption scenarios alike. Based on the authors' proven expertise working for Microsoft's CIO on cloud migration and with cloud platform development teams, the book is supported by clear frameworks, graphics, tables, summaries, and checklists to provide a true practitioner's guide to the cloud. To the Cloud helps you: Explore cloud computing to understand its promise and challenges. Envision how cloud computing can transform your organization. Enable your organization with the necessary resources and skills. Execute the design, development, and operation of cloud workloads. To the Cloud is essential for IT professionals seeking to lower total cost of ownership, improve the return on IT investment of existing services, and help the business bring new products to market more quickly."

"This book examines the role ontology engineering can play in providing solutions to the problems of information interoperability and linked data. At the same time as introducing basic concepts of ontology engineering, the book discusses methodological approaches to formal representation of data and information models, thus facilitating information interoperability between heterogeneous, complex and distributed communication systems. In doing so, the text advocates the advantages of using ontology engineering in telecommunications systems. In addition, it offers a wealth of guidance and best-practice techniques for instances in which ontology engineering is applied in cloud services, computer networks and management systems."