Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Please explain this statement and describe the characteristics of good change control.
Good change control often results in better operating performance because there are
fewer problems to fix. Companies with good change management and change control
processes also experience lower costs when security incidents do happen. Indeed, the
ability to quickly identify unauthorized changes and sanction those responsible for
intentionally circumventing the change control and change management process is one of
the most important characteristics that distinguishes top-performing organizations from
all others.
Therefore, it is not surprising that two of COBIT 5s key processes deal with managing
change (BAI06) and the procedures for testing and transitioning to new solutions
(BAI07). Characteristics of a well-designed change control and change management
process include:
LOG ANALYSIS
Most systems come with extensive capabilities for logging who accesses the system and
what specific actions each user performed. These logs form an audit trail of system
access. Like any other audit trail, logs are of value only if they are routinely examined.
Log analysis is the process of examining logs to identify evidence of possible attacks.
It is especially important to analyze logs of failed attempts to log on to a system
and failed attempts to obtain access to specific information resources
Log analysis is the term used for analysis of computer-generated records for helping
organizations, businesses or networks in proactively and reactively mitigating different
risks. Most organizations and businesses are required to do data logging and log
analysis as part of their security and compliance regulations. Log analysis helps in
reducing problem diagnosis, resolution time and in effective management of applications
and infrastructure.
Network intrusion detection systems (IDSs) consist of a set of sensors and a central
monitoring unit that create logs of network traffic that was permitted to pass the
firewall and then analyze those logs for signs of attempted or successful intrusions
PENETRATION TESTING
COBIT 5 control processes MEA01 and MEA02 state the need to periodically test the
effectiveness of business processes and internal controls (including security procedures).
We already discussed the use of vulnerability scanners to identify potential weaknesses in
system configuration. Penetration testing provides a more rigorous way to test the
effectiveness of an organizations information security. A penetration test is an
authorized attempt by either an internal audit team or an external security consulting firm
to break into the organizations information system
1. Apa itu Penetration Testing ?
Penetration Testing ad suatu kegiatan dimana seseorang mencoba mensimulasikan
serangan yang bisa dilakukan terhadap jaringan organisasi / perusahaan tertentu untuk
menemukan kelemahan yang ada pada sistem jaringan tersebut. Orang yang
melakukan kegiatan ini disebut penetration tester (disingkat pentester). Penetration
Testing mempunyai standar resmi sebagai acuan dalam pelaksanaannya. Standar ini
bisa dilihat di pentest-standard.org.
CONTINUOUS MONITORING
CIRT atau dengan kepanjangannya Computer Incident Response Team adalah sebuah tim yang diseleksi
dengan hati-hati dan berisi orang-orang yang ahli dalam menangani insiden (khususnya insiden pada aset
informasi), sehingga suatu insiden dapat dengan cepat dideteksi, diinvestigasi, dan diatasi.
Di Indonesia, hingga saat ini belum ada seorang CISO pada organisasi. CISO yang dimaksud
adalah posisi seorang yang bertanggung jawab terhadap keamanan informasi dengan tingkat
setara direktur atau bisa dikatakan Direktur Keamanan Informasi, dengan posisi tersebut seorang
CISO dapat melapor langsung kepada CEO.
Head of Compliance PT Sigma Cipta Caraka, Erry Setiawan mengutarakan, sejauh ini di Indonesia
baru ada satu perusahaan yang mengatakan membutuhkan CISO. Hal ini karena keamanan
informasi perusahaan sangat critical. Bisnis perusahaan tersebut berangkat dari keamanan
informasi, sehingga jika mengalami kebocoran informasi, bisnisnya akan habis.
PATCH MANAGEMENT
because it will not be long before an exploit, which is a program designed to take
advantage of a known vulnerability, is created. Although it takes considerable skill
to create an exploit, once it is published on the Internet it can be easily used by
anyone.
The widespread availability of many exploits and their ease of use make it
important for organizations to take steps to quickly correct known vulnerabilities
in software they use. A patch is code released by software developers that fixes a
particular vulnerability. Patch management is the process for regularly applying
patches and updates to all software used by the organization. This is not as
straightforward as it sounds. Patches represent modifica- tions to already complex
software. Consequently, patches sometimes create new problems because of
unanticipated side effects. Therefore, organizations need to carefully test the effect
of patches prior to deploying them; otherwise, they run the risk of crashing
important applications. Further complicating matters is the fact that there are likely
to be multiple patches released each year for each software program used by an
organization. Thus, orga- nizations may face the task of applying hundreds of
patches to thousands of machines every year. This is one area where IPSs hold
great promise. If an IPS can be quickly updated with the information needed to
respond to new vulnerabilities and block new exploits, the orga- nization can use
the IPS to buy the time needed to thoroughly test patches before applying them.
Selain itu, manajemen patch dalam perusahaan memiliki berbagai macam tantangan [1]
seperti di bawah ini.
kebutuhannya.
3) Jumlah tenaga kerja dan biaya yang tidak efektif.