Sabtu, 21 April 2012

Incidents Response (I)


Dalam dunia keamanan komputer dan jaringan komputer, dikenal istilah yang disebut incident response. Apa yang dimaksud dengan incident response?

Berikut saya berikan beberapa pengertian yang dikemukakan sumber-sumber terpercaya ...
Wikipedia mengartikan incidents response sebagai:
In the fields of computer security and information technology, computer security incident management involves the monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events. Computer security incident management is a specialized form of incident management, the primary purpose of which is the development of a well understood and predictable response to damaging events and computer intrusions.
Search  Security mengartikan incidents response sebagai:
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.

Wikipedia mengartikan incident response dari sudut pandang management keamanan komputer dan jaringan komputer. Sedangkan Search Security juga melihatnya sebagai bagian dari pengelolaan manajemen keamanan komputer dan jaringan komputer. Kedua pengertian ini sengaja saya tampilkan untuk menunjukkan betapa luasnya spektrum bahasan dari incident response.

Untuk memahami incident response, kita harus paham terlebih dahulu tentang apa yang dimaksud dengan incidents. Dalam keilmuan Teknologi Informasi (IT Risk Management), incidents dipahami sebagai events (atau kejadian-kejadian) yang mengganggu, menyela, menginterupsi aktivitas normal suatu sistem, dan akan dapat menciptakan/menyebabkan suatu level of crisis, sebagai akibat lanjutnya. Incident responses tidak sekedar berhubungan dengan masalah2 teknis dan detail, tapi juga menyangkut masalah policy, management dan pengorganisasian.

Incidents dalam Keamanan Komputer dan Jaringan Komputer misalnya adalah computer intrusion, denial-of-service attactks, insider theft information dan setiap unauthorize or unlawful network-based activity. Incidents ini membutuhkan respons dari petugas keamanan, system administrator ataupun seorang investigator profesional. Incidents ditandai dengan intense pressure, batasan waktu dan sumber daya. Biasanya, sebuah incidents akan mempengaruhi sumber daya kritis dan cenderung akan membesar pengaruhnya. Tambahan lagi, dari pengalaman saya, incidents biasanya tidak identik, sehingga penangannya selalu unik.

SANS Institue memberikan 6 Petunjuk Dasar untuk menangani incident, yaitu:
Persiapan (Preparation):
The organization educates users and IT staff of the importance of updated security measures and trains them to respond to computer and network security incidents quickly and correctly.
Identifikasi (Identification):
The response team is activated to decide whether a particular event is, in fact, a security incident. The team may contact the CERT Coordination Center, which tracks Internet security activity and has the most current information on viruses and worms.
Penampungan (Containment):
The team determines how far the problem has spread and contains the problem by disconnecting all affected systems and devices to prevent further damage.
Eradikasi (Eradication):
The team investigates to discover the origin of the incident. The root cause of the problem and all traces of malicious code are removed.
Pemulihan (Recovery):
Data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for any sign of weakness or recurrence.
Lessons learned:
The team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence.

ID SIRTII ( Tim Insiden Keamanan Internet dan Infrastruktur Indonesia atau Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center) sebagai lembaga resmi yang menangani incidents komputer dan jaringan komputer Indonesia membagikan resources sebagai panduan dalam menangani incidents response. Resources tersebut dapat diunduh disini.

Tidak ada komentar:

Posting Komentar