Strategi Implementasi SIEM untuk Mengurangi Risiko terhadap Kebocoran Informasi

Penulis

  • Taufik Rendi Anggara Universitas Esa Unggul

DOI:

https://doi.org/10.54914/jtt.v9i2.756

Kata Kunci:

Centralized Log Management, Early Warning Systems, Risiko IT, Rule and Policy Based Correlations, SIEM

Abstrak

Pada tahun 2022 terdapat lebih dari 100 kasus kebocoran informasi yang diakibatkan dari illegal akses. Penelitian ini, menggunakan metode System Development yang dikombinasikan dengan studi kasus. Early Warning Systems (EWS) dirancang untuk memberikan informasi secara realtime dari pelanggaran kejadian yang berlangsung. EWS juga membantu dalam verifikasi saat personil masuk ke dalam Console Perangkat. Teknik konfigurasi Policy Based Correlation dilakukan untuk mempermudah filter log yang masuk ke dalam Centralized Log Management (CLM). Konfigurasi Rule Based Correlation dilakukan pada perangkat Network Security dan log dari perangkat tersebut dikirimkan ke CLM. Log menjadi kunci dalam investigasi jika terjadi insiden. Teknik Pengamanan log yang dilakukan adalah dengan model CLM. Dari CLM inilah EWS dapat melakukan filter malicious activity dan malicious event dari seluruh perangkat. Malicious Activity dan Event yang ditangkap oleh EWS akan diteruskan informasinya melalui telegram dan email. Pengukuran Risiko IT dilakukan untuk mengukur seberapa jauh tingkat keamanan yang telah diterapkan dan dapat membantu mitigasi jika terjadi kebocoran data, informasi maupun pelanggaran dan insiden. Evaluasi dilakukan selama dua minggu dan mendapatkan hasil seperti berkurangnya aktivitas tanpa izin, kinerja maksimal pada sistem notifikasi yang dapat membantu verifikasi akses izin masuk ke dalam perangkat dan mudahnya pendeteksian jika terjadi ilegal akses, perubahan file dll.

Unduhan

Data unduhan belum tersedia.

Referensi

ISO/IEC, Information Security – Cyber Security and Privacy Protection – Information Security Management Systems – Requirement (27001), 2022

Berita kebocoran informasi di Indonesia dari Kompas.com, https://tekno.kompas.com/read/2022/12/29/09020067/kasus-data-bocor-di-indonesia-sepanjang-2022-dari-pln-pertamina-hingga-aksi?page=all – diakses pada tanggal 3 April 2023

Berita kebocoran informasi di Indonesia dari CNN Indonesia, https://www.cnnindonesia.com/teknologi/20221230125430-192-894094/10-kasus-kebocoran-data-2022-bjorka-dominan-ramai-ramai-bantah diakses pada tanggal 3 April 2023

Rekapitulasi daftar kejahatan siber tahun 2022 dari katadata.com, https://databoks.katadata.co.id/datapublish/2020/09/08/daftar-kejahatan-siber-yang-paling-banyak-dilaporkan-ke-polisi diakses pada tanggal 3 April 2023

Adabi Raihan Muhammad, et-al, Integrated Security Information and Event Management (SIEM) with Intrusion Detection System (IDS) for Live Analysis based on Machine Learning, Procedia Computer Science, Volume 217, Pages 1406-1415, 2023

Van der Merwe A, et-al, Guidelines for Conducting Design Science Research in Information Systems, Communications in Computer and Information Science book series (CCIS), pp. 163-178, 2020.

Kirsty Williamson, Graeme Johanson, Research Methods Information, Systems and Context (Second Edition), Chandos Publishing, 2018

ISACA. COBIT 5 for RISK. United States of America: ISACA, 2013

Miloslavskaya, Natalia. Analysis of SIEM Systems and Their Usage in Security Operations and Security Intelligence Centers. Conference: First International Early Research Career Enhancement School on Biologically Inspired Cognitive Architectures, Agustus 2018

Lipilini, J and Baiardi F, A Simulation Based SIEM Framework to Attribute and Predict Attacks, Pisa University Press, Oct 2015

González-Granadillo, G.; González-Zarzosa, S.; Diaz, R. Security Information and Event Management (SIEM): Analysis, Trends, and Usage in Critical Infrastructures. Sensors Vol. 21, 2021

A. Vazão, L. Santos, M. B. Piedade and C. Rabadão, "SIEM Open Source Solutions: A Comparative Study," Iberian Conference on Information Systems and Technologies (CISTI), Coimbra, Portugal, 2019

Ahmadian Ramaki, Ali & Ebrahimi Atani, Reza. A survey of IT early warning systems: architectures, challenges, and solutions. Security and Communication Networks. 2016

Baneres, D.; Guerrero-Roldán, A.E.; Rodríguez-González, M.E.; Karadeniz, A. A Predictive Analytics Infrastructure to Support a Trustworthy Early Warning System. MDPI, Journal Applied. Scinces. 2021

Abhinav Mehrotra, Mirco Musolesi, Intelligent Notification Systems: A Survey of the State of the Art and Research Challenges, ArXiv, Computer Science, 2017

Joshi M, Hadi T, A Review of Network Traffic Analysis and Prediction Techniques, CoRR (2015).

Sulaman, Sardar & Weyns, Kim & Höst, Martin. A Review of Research on Risk Analysis Methods for IT Systems. ACM International Conference Proceeding Series, 2013.

Mohammad, Sikender Mohsienuddin, Risk Management in Information Technology, SSRN 2020.

ISACA, RISK IT Framework, 2015

Barret, Shaun. Effects of Information Technology Risk Management and Institution Size on Financial Performance, Dissertation Doctoral Thesis, Walden Universtiy, 2016

##submission.downloads##

Diterbitkan

2023-12-12

Cara Mengutip

[1]
T. R. Anggara, “Strategi Implementasi SIEM untuk Mengurangi Risiko terhadap Kebocoran Informasi”, j. teknologi terpadu, vol. 9, no. 2, hlm. 101–107, Des 2023.

Terbitan

Bagian

Artikel
                                                                  ADOConnection.CacheExecute(3600, SELECT 				o.submission_id, 				MAX(s.context_id) AS journal_id, 				MAX(i.date_published) AS i_pub, 				MAX(p.date_published) A..., Array[2]) % line  132, file: DAO.inc.php
                                                               DAO.retrieveCached(SELECT 				o.submission_id, 				MAX(s.context_id) AS journal_id, 				MAX(i.date_published) AS i_pub, 				MAX(p.date_published) A..., Array[2], 3600) % line   91, file: ArticleSearchDAO.inc.php
                                                            ArticleSearchDAO.getPhraseResults(Object:Journal, Array[1], null, null, , 500, 1) % line  202, file: SubmissionSearch.inc.php
                                                         SubmissionSearch._getMergedPhraseResults(Object:Journal, Array[1], , null, null, 500, 1) % line  147, file: SubmissionSearch.inc.php
                                                      SubmissionSearch._getMergedKeywordResults(Object:Journal, Array[4], , null, null, 500, 1) % line  195, file: SubmissionSearch.inc.php
                                                   SubmissionSearch._getMergedPhraseResults(Object:Journal, Array[4], null, null, null, 500, 1) % line  147, file: SubmissionSearch.inc.php
                                                SubmissionSearch._getMergedKeywordResults(Object:Journal, Array[3], null, null, null, 500, 1) % line  133, file: SubmissionSearch.inc.php
                                             SubmissionSearch._getMergedArray(Object:Journal, Array[1], null, null) % line  264, file: SubmissionSearch.inc.php
                                          SubmissionSearch.retrieveResults(Object:Request, Object:Journal, Array[1], null, null, null, Object:DBResultRange, Array[1]) % line   92, file: RecommendBySimilarityPlugin.inc.php
                                       RecommendBySimilarityPlugin.callbackTemplateArticlePageFooter(Templates::Article::Footer::PageFooter, Array[3]) % line  107, file: HookRegistry.inc.php
                                    HookRegistry.call(Templates::Article::Footer::PageFooter, Array[3]) % line 1256, file: PKPTemplateManager.inc.php
                                 PKPTemplateManager.smartyCallHook(Array[1], Object:Smarty_Internal_Template) % line   43, file: 42362804174f266c598cdb32c3208fc745b92101^1c372c95cd85572e0fbc9a53d0323a0b229cfc78_0.app.frontendpagesarticle.tpl.php
                              content_65c1debf27c931_01007250(Object:Smarty_Internal_Template) % line  123, file: smarty_template_resource_base.php
                           Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) % line  114, file: smarty_template_compiled.php
                        Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) % line  216, file: smarty_internal_template.php
                     Smarty_Internal_Template.render(false, 1) % line  232, file: smarty_internal_templatebase.php
                  Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, 42362804174f266c598cdb32c3208fc745b92101, null, 1) % line  134, file: smarty_internal_templatebase.php
               Smarty_Internal_TemplateBase.display(frontend/pages/article.tpl, null, 42362804174f266c598cdb32c3208fc745b92101, null) % line  924, file: PKPTemplateManager.inc.php
            PKPTemplateManager.display(frontend/pages/article.tpl) % line  292, file: ArticleHandler.inc.php
         ArticleHandler.view(Array[1], Object:Request) % line  391, file: PKPRouter.inc.php
      PKPRouter._authorizeInitializeAndCallRequest(Array[2], Object:Request, Array[1], false) % line  231, file: PKPPageRouter.inc.php
   PKPPageRouter.route(Object:Request) % line  143, file: Dispatcher.inc.php
Dispatcher.dispatch(Object:Request) % line  281, file: PKPApplication.inc.php
PKPApplication.execute() % line   68, file: index.php
                                                                  ADOConnection.CacheExecute(3600, SELECT 				o.submission_id, 				MAX(s.context_id) AS journal_id, 				MAX(i.date_published) AS i_pub, 				MAX(p.date_published) A..., Array[2]) % line  132, file: DAO.inc.php
                                                               DAO.retrieveCached(SELECT 				o.submission_id, 				MAX(s.context_id) AS journal_id, 				MAX(i.date_published) AS i_pub, 				MAX(p.date_published) A..., Array[2], 3600) % line   91, file: ArticleSearchDAO.inc.php
                                                            ArticleSearchDAO.getPhraseResults(Object:Journal, Array[1], null, null, , 500, 1) % line  202, file: SubmissionSearch.inc.php
                                                         SubmissionSearch._getMergedPhraseResults(Object:Journal, Array[1], , null, null, 500, 1) % line  147, file: SubmissionSearch.inc.php
                                                      SubmissionSearch._getMergedKeywordResults(Object:Journal, Array[4], , null, null, 500, 1) % line  195, file: SubmissionSearch.inc.php
                                                   SubmissionSearch._getMergedPhraseResults(Object:Journal, Array[4], null, null, null, 500, 1) % line  147, file: SubmissionSearch.inc.php
                                                SubmissionSearch._getMergedKeywordResults(Object:Journal, Array[3], null, null, null, 500, 1) % line  133, file: SubmissionSearch.inc.php
                                             SubmissionSearch._getMergedArray(Object:Journal, Array[1], null, null) % line  264, file: SubmissionSearch.inc.php
                                          SubmissionSearch.retrieveResults(Object:Request, Object:Journal, Array[1], null, null, null, Object:DBResultRange, Array[1]) % line   92, file: RecommendBySimilarityPlugin.inc.php
                                       RecommendBySimilarityPlugin.callbackTemplateArticlePageFooter(Templates::Article::Footer::PageFooter, Array[3]) % line  107, file: HookRegistry.inc.php
                                    HookRegistry.call(Templates::Article::Footer::PageFooter, Array[3]) % line 1256, file: PKPTemplateManager.inc.php
                                 PKPTemplateManager.smartyCallHook(Array[1], Object:Smarty_Internal_Template) % line   43, file: 42362804174f266c598cdb32c3208fc745b92101^1c372c95cd85572e0fbc9a53d0323a0b229cfc78_0.app.frontendpagesarticle.tpl.php
                              content_65c1debf27c931_01007250(Object:Smarty_Internal_Template) % line  123, file: smarty_template_resource_base.php
                           Smarty_Template_Resource_Base.getRenderedTemplateCode(Object:Smarty_Internal_Template) % line  114, file: smarty_template_compiled.php
                        Smarty_Template_Compiled.render(Object:Smarty_Internal_Template) % line  216, file: smarty_internal_template.php
                     Smarty_Internal_Template.render(false, 1) % line  232, file: smarty_internal_templatebase.php
                  Smarty_Internal_TemplateBase._execute(Object:Smarty_Internal_Template, null, 42362804174f266c598cdb32c3208fc745b92101, null, 1) % line  134, file: smarty_internal_templatebase.php
               Smarty_Internal_TemplateBase.display(frontend/pages/article.tpl, null, 42362804174f266c598cdb32c3208fc745b92101, null) % line  924, file: PKPTemplateManager.inc.php
            PKPTemplateManager.display(frontend/pages/article.tpl) % line  292, file: ArticleHandler.inc.php
         ArticleHandler.view(Array[1], Object:Request) % line  391, file: PKPRouter.inc.php
      PKPRouter._authorizeInitializeAndCallRequest(Array[2], Object:Request, Array[1], false) % line  231, file: PKPPageRouter.inc.php
   PKPPageRouter.route(Object:Request) % line  143, file: Dispatcher.inc.php
Dispatcher.dispatch(Object:Request) % line  281, file: PKPApplication.inc.php
PKPApplication.execute() % line   68, file: index.php