3. About Honeynet
• Volunteer open source computer security
research organization since 1999 (US 501c3
non-profit)
• Mission: ¨learn the tools, tactics and motives
involved in computer and network attacks,
and share the lessons learned¨ -
http://www.honeynet.org
4. About Honeynet
• Share all of our tools, research and findings, at
no cost to the public – “Know Your Tools”
(KYT)
• “Know Your Enemy”(KYE) white papers
regularly published on current research topics
• Members release regular activity status reports
• Committed to open source and creative
commons
• Partially funded by sponsors, nothing to sell!
8. About Indonesia Honeynet Project
• 15 passionate security
professionals, academicians
and government officials
met signed a petition in 25
November 2011
• Indonesia Chapter officially
recognized 9 January 2012
• Current members: 130 (20
active members)
9. About Indonesia Honeynet Project
• Yearly Seminar and Workshop since 2012
• Focus on Security Awareness and Security
Research
• Honeynet communities: Jakarta, Semarang,
Surabaya, Yogya, Denpasar, Palembang,
Lampung
• Research Topics: Incident handling,
Vulnerability Analysis, Malware, Digital
Forensics, Penetration Testing, Threats
Intelligence
10. About Indonesia Honeynet Project
Honeynet Seminar & Workshop | 10-11 Juni 2015 | Lampung, Indonesia
11. Honeypots Research & Deployment
2009 2011 2013 2015
Learning
Period
Early
Period
Growing
Period
Expanding
Period
Honeypot:
Nepenthes
Honeypot:
Nepenthes, Dionaea
Honeypot:
Dionaea
Honeypot:
Dionaea, Kippo,
Glastopf, Honeytrap
Learning How to
install and configure
Deployed 1st
Honeypot in SGU
Target: Academic,
Government, ISP
Coverage: Java, Bali,
Sumatera,
# Honeypots
deployed: None
# Honeypots
deployed: 1
# Honeypots
deployed: 5
# Honeypots
deployed: 17
Hardware: Client Hardware: Simple
Client and Server
Hardware: Mini PC
and Server
Hardware:
Raspberry Pi and
Dedicated servers
16. Join Us
• Indonesia Honeynet Project
• idhoneynet
• http://www.honeynet.or.id
• http://groups.google.com/group/id-honeynet
17. Why Cyber Security Governance?
• We live in the interconnected world
• Constant security threats to individuals,
organizations, or countries
• Businesses continue to evolve to stay ahead
• Governing these threats to our
organizations is critical to survivability
19. Why Framework?
• Example: COBIT Framework
• Framework for the governance and
management of IT Enterprise
“a framework is a real or conceptual structure intended
to serve as a support or guide for the building of
something that expands the structure into something
useful.”
Reference: http://whatis.techtarget.com/definition/framework
21. Benefits
• From chaos to order and organization
• Manageable practice
• From tools / mechanisms architecture /
policy strategy / governance
22. Cyber Security Framework
• Framework for Improving Critical Infrastructure Cybersecurity,
version 1.0, the National Institute of Standards and Technology
(NIST), February 12, 2014.
– A response to the President’s Executive Order 13636, “Improving
Critical Infrastructure Cybersecurity” on February 12, 2013.
• Critical infrastructure: “systems and assets, whether physical or
virtual, so vital to the United States that the incapacity or destruction
of such systems and assets would have a debilitating impact on
security, national economic security, national public health or safety,
or any combination of those matters.”
• a voluntary risk-based Cybersecurity Framework
– a set of industry standards and best practices to help
organizations manage cybersecurity risks
• The Framework is technology neutral
24. NIST Cyber Security Framework
• Three parts:
– The Framework Core
– The Framework Profile
– The Framework Implementation Tiers
• Framework Core
– A set of activities, outcomes, and informative
references
– Providing the detailed guidance for developing
individual organizational Profiles
25. Framework Core
• Five concurrent and continuous Functions
– Identify
– Protect
– Detect
– Respond
– Recover
• (Altogether) the functions provide a high-level,
strategic view of the lifecycle of an
organization’s management of cybersecurity
risk.
27. Functions and Categories
• Functions organize basic cybersecurity activities at their highest level.
• Categories are the subdivisions of a Function into groups of cybersecurity
outcomes closely tied to programmatic needs and particular activities.
o Example Categories: “Asset Management,” “Access Control,” “Detection
Processes.”
28. 28
• Represents the outcomes based on business
needs that an organization has selected from the
Framework Categories and Subcategories
• Aligning standards, guidelines, and practices to
the Framework Core in a particular
implementation scenario
• “Current” profile “Target” profile
• Comparison of Profiles may reveal gaps to be
addressed to meet cybersecurity risk
management objectives.
Framework Profile
29. 29
• The Framework document does not prescribe
Profile templates, allowing for flexibility in
implementation.
• Example profiles can be found:
http://www.nist.gov/itl/upload/discussion-draft_illustrative-
examples-082813.pdf
Example Profiles for Threat Mitigation:
1. Mitigating intrusions
2. Mitigating malware
3. Mitigating insider threats
Framework Profile
35. Implementation Tiers
• Describe the degree to which an organization’s
cybersecurity risk management practices exhibit the
characteristics defined in the Framework.
• Characterize an organization’s practices over a range
– from Partial (Tier 1) to Adaptive (Tier 4)
• Partial: risks are managed in an ad hoc manner
• Risk Informed: Risk management practices are approved by
management but may not be established as organizational-wide
policy.
• Repeatable: Risk management practices are formally approved and
expressed as policy.
• Adaptive: The organization adapts its cybersecurity practices based
on lessons learned and predictive indicators derived from previous
and current cybersecurity activities.
– Reflect a progression from informal, reactive responses to
approaches that are agile and risk-informed.
35
36. Challenges
• Governance begins at the top of the
organization Executive need to lead
• Managing Cyber Security Challenges
Managing Risk continuously
• Evolving Risks Evolving Challenges
37. Thank you
Support the first cissp class training on 25 to 29 April 2016 in Jakarta www.indo-infosec.com
• Our ANNUAL ICION EVENT IN BALI
• www.icion-leadership.com
• Watch our last CISSP COMMUNITY VIDEO EVENT IN
PONDOH INDAH
• https://www.youtube.com/watch?v=fqUjXIlCcfM
