Vulnerability & Threat

Ini tentang sistem IT. Lebih spesifik lagi sistem IT untuk mendukung pembayaran atau electronic payment system. Mulanya saya agak bingung untuk membedakan vulnerability (kerawanan) dengan threat (ancaman). Kelihatannya mudah. Tapi ternyata agak mumet. Yang saya ceritakan di sini adalah garis besar tahap-tahap yang dilakukan untuk menentukan tindakan pengamanan terhadap sistem pembayaran elektronik.

Begini ceritanya. Di tahap awal saya membagi ancaman terhadap electronic payment system menjadi 3 :

  1. Fraud terhadap transaksi. Yaitu terjadinya transaksi tanpa sepengetahuan pihak-pihak yang berhak (pemilik account).
  2. Gangguan terhadap availability. Yaitu gangguan berupa kegagalan sistem, kelambatan layanan dll.
  3. Penyalahgunaan sistem. Yaitu penggunaan sistem pembayaran untuk tujuan-tujuan lain yang menyalahi hukum, misal : money laundering

Tiga ancaman tersebut saya anggap sebagai ancaman utama yang merupakan tujuan akhir dari berbagai agen yang melancarkan serangan terhadap sistem atau kerusakan akhir sistem yang disebabkan oleh hal-hal lain yang bersifat tidak disengaja/unintentional (misal: bencana alam, kelalaian dll).

Nah, kemudian saya menganggap hal-hal lain di luar ketiga hal di atas sebagai vulnerability (kerawanan). Misal:

  1. Kemungkinan tercurinya PIN
  2. Kurangnya pengamanan fisik terhadap core transaction system
  3. Tidak adanya enkripsi end-to-end
  4. Kemungkinan terjadinya man-in-the-middle-attack terhadap komunikasi data antara user dengan pusat layanan.
  5. dll

Jadi, serangan yang memanfaatkan (meng-exploit) satu atau gabungan vulnerability tersebut mungkin dapat merealisasikan threat (ancaman). Langkah selanjutnya, saya akan menghitung (kuantitatif kalau mungkin, jika tidak ya cukup kualitatif saja) risiko tiap-tiap vulnerability tersebut. Jika risikonya tinggi, maka prioritas tindakan pengamanan tinggi, jika rendah maka prioritasnya rendah. Semacam feasibility analysis terhadap tindakan pengamanan.

Di sinilah letak kebingungannya! Ternyata ada kesalahan yang saya lakukan ketika membuat daftar vulnerability (lihat contoh di atas…). Saya mencampuradukkan antara kerawanan dan subancaman. Subancaman? Maksudnya ancaman yang bukan ancaman utama, bukan tujuan akhir serangan. Ini membingungkan! Karena akan ada kesalahan klasifikasi, yaitu memasukkan subancaman ke dalam daftar kerawanan.

Setelah diskusi dgn P BR, saya memperoleh sudut pandang yg lebih tajam untuk membedakan vulnerability dan threat. Threat selalu melibatkan pihak luar atau agen di luar sistem sedangkan vulnerability merupakan sifat inheren sistem yang sedang dianalisa. Jadi lebih jelas! Kita kembali ke daftar kerawanan:

  1. No 1 seharusnya merupakan subancaman. Kerawanannya adalah: user sangat sering menyimpan PIN di perangkat handheld yang ia pergunakan untuk melakukan transaksi.
  2. No 2 sudah betul
  3. No 3 sudah betul
  4. No 4 merupakan subancaman. Kerawanannya, misal: tidak ada (atau tidak cukupnya) mekanisme otentikasi antara user dengan pusat layanan.
  5. dll

Ya, lumayan. Kebingungan berkurang.

74 pemikiran pada “Vulnerability & Threat

  1. Dari sisi pengguna, dengan on line, membuat transaksi menjadi lebih nyaman (on line real time). Begitu kita membayar (melalui counter atau ATM), saat itu juga telah tercatat/dibuku.

    Kerawanannya adalah risiko PIN bisa digunakan orang lain, ataupun human error lainnya. Jadi biasanya saya membuat pengamanan dengan batas maksimal uang yang ada di Tabungan yang ada ATM nya, sehingga kalau terjadi apa-apa risikonya tak terlalu besar. Juga tabungan yang ada ATM (yg bisa digunakan untuk pembayaran listrik, telepon dll), tak dicampur dengan tabungan sebagai penampung gaji ataupun cadangan lain.

  2. Mbak Ratna ternyata sama dg saya. Untuk pengamanan saya selalu menggunakan account cadangan dg uang limited. setiap mo bertransaksi baru diisi. begitu juga dg account online lainnya. untuk publikasi pake yg siap dikorbankan saja. jd sampe skarang aman2 aja tuh!😀

  3. Jadi malu.. saya kerja di Dept IT salah satu perusahaan swasta, dulu pernah kuliah di Teknik Informatika dapat dua semester, dan harus Out gara2 mentok di Logika saya yang nggak nyambung!

    lainnya sudah tingkat kecerdasan yang tinggi, sementara saya tetep stack dan loading terus!! he3x..

    akhirnya memutuskan untuk pindah jurusan ke Fakultas Komunikasi. dan sampai saat ini enjoy di jurusan broadcasting. sampai saat ini masih kerja full time di IT, tapi tetep nggak ngerti apa2!! sementara yang enjoy dan part time di dunia broadcast lagi kesandung batu, terjatuh dan kesakitan!!

    Coment-nya koq malah curhat ya?!!
    ya intinya.. saya masih harus banyak belajar tentang dunia IT lah.. terutama yang berbau dengan server AS/400 Based.
    IBM dan systemnya!!

  4. When he skin light got home he could not discern.

    But while the food was good, the child, whose parents had skin light been killed in the
    past. Brown or black is inferior. This will make your skin soft and supple.

    The 79-year-old geneticist reopened the explosive debate about race and inheritance is the
    best-selling book, translated into many languages.

  5. Health Day — how to whiten your skin without bleach In a new study from researchers at Tufts University’s School of Arts and Sciences and Harvard Business School. One striking quality is common to have small bright spots appear on MRI, as shown.

  6. Cut stalks close hgh yellow top to the skull, hands and feet.
    Never do partial or half squats EVER! 4 Regular use of the HGH homeopathic products are available in the market.
    You can also break open a vitamin E gel capsule, and
    apply the resultant paste on the hgh yellow top scars and the scars
    will reduce considerably. When lifestyle and dietary changes fail to lower triglyceride levels.

  7. Thanks for another great article. The place else may anybody get that kind of information in such a perfect method of writing?

    I have a presentation next week, and I am on the look
    for such info.

  8. This design is steller! You obviously know how to keep a reader entertained.
    Between your wit and your videos, I was almost moved to start my own
    blog (well, almost…HaHa!) Excellent job. I really loved what you had to say, and more than that, how you presented it.

    Too cool!

  9. I’m not sure the place you are getting your info, but great topic. I needs to spend a while learning much more or working out more. Thanks for wonderful info I was looking for this information for my mission.

  10. Unquestionably believe that which you stated. Your favorite
    justification appeared to be on the net the simplest thing to be aware of.
    I say to you, I certainly get irked while people consider worries that they just do not
    know about. You managed to hit the nail upon the top and also defined
    out the whole thing without having side effect ,
    people could take a signal. Will probably be back to get more.
    Thanks

  11. Thanks on your marvelous posting! I genuinely enjoyed reading it, you could be a great author.

    I will make certain to bookmark your blog and will eventually come
    back later in life. I want to encourage you to definitely continue your
    great job, have a nice morning!

  12. A person essentially help to make seriously articles I’d state. This is the very first time I frequented your website page and thus far? I amazed with the research you made to make this particular put up amazing. Magnificent job!

  13. The website need to look appealing and catch the visitor’s eye. While promoting a charity is the ultimate priority, ensure all administrative procedures are up to scratch and meet both charity and tax policies allow an organisation to work effectively. The first and many important would be to add your amount for charity within your budget.

  14. Limited Risk: you can never lose more compared to the cost
    of the option, and there’s never a margin call.
    These are just some of the basics of binary options.
    Trading this is completed having a broker exactly like it is inside Forex and stock marketplace.

  15. Just want to say your article is as surprising. The clearness on your submit is just spectacular and that i can assume you are a professional in
    this subject. Fine along with your permission let me to grab
    your RSS feed to stay updated with coming near near
    post. Thanks one million and please keep up the gratifying work.

  16. Thank you for every other informative web site. Where else could I get that type of
    information written in such an ideal approach? I’ve a project that I am simply now operating on,
    and I have been on the look out for such info.

  17. Nice post. I was checking constantly this blog and I am
    impressed! Very useful information specifically the
    last part🙂 I care for such info much. I was looking for this particular information
    for a very long time. Thank you and best of luck.

  18. I actually enjoy how how you will have depicted your ideas via words and phrases.
    This is the first-time I am looking at this website. And That I adored it.
    You possess inspired me a good deal

  19. hey there and thank you for your info – I’ve certainly
    picked up anything new from right here. I did however expertise a few technical points using
    this website, since I experienced to reload the website lots of times
    previous to I could get it to load properly.
    I had been wondering if your hosting is OK? Not that I’m
    complaining, but sluggish loading instances times will sometimes affect your placement in
    google and could damage your high quality score
    if advertising and marketing with Adwords. Well I am adding this RSS to my
    email and could look out for much more of your respective intriguing content.
    Make sure you update this again soon.

  20. Good day very nice website!! Man ..Beaufiful ..
    Wonderful .. I’ll bookmark your wsbsite and take the feeds also?
    I am happy to seek outt so many useful information right here in the submit, we want develop more strategies iin this regard, thanks for sharing.
    . . . . .

  21. Hey there just wanted to give you a quick heads up.
    The text in your article seem to be running off the screen in Opera.
    I’m not sure if this is a format issue or something to do
    with internet browser compatibility but I figured I’d post to let you know.
    The layout look great though! Hope you get the problem resolved soon.
    Kudos

  22. Instead of turning knobs or dials, electronic sewing machines
    use button to adjust length or width of the stitch.
    Go on and shop to the most amazing new sewing machine that will supply the support you
    have to enhance your sewing skills as well as may help
    you earn accolades. ‘ Designed and manufactured in-house using specialized machinery.

  23. Traditional or classical furniture that have beautiful but very complicated designs, are normally
    made from cast aluminum, one of the most attractive features
    of cast aluminum furniture rust proof and
    prevent peeling and chipping. Check out Seasonal Concepts Online
    for more of the Hanamint outdoor furniture also has seating sets and benches for your
    patio or porch. You certainly have a lot of designs
    and furniture styles to choose from with the Hanamint outdoor furniture is an aluminum
    bar furniture ideal furniture choice for your patio, or in the backyard.

  24. With havin so much content and articles do you ever run into any problems of plagorism or
    copyright violation? My site has a lot of exclusive content I’ve either authored myself or outsourced but it looks
    like a lot of it is popping it up all over the internet without my authorization.
    Do you know any solutions to help prevent content from
    being stolen? I’d really appreciate it.

  25. Av denna anledning är det roligt, det är snabbt, och det
    har också en riktigt bra drag att lära sig och det kommer att
    vara ganska låg. Roller Derby är en 5 hjuls, 25-linjers videoslot med Real Time Gaming
    har 5 hjul, 100 rader med en min. Så det går att rulla hela vägen över hålet,
    som snurrar hörnet, för att ta båten runt. Trevligt
    och lågt, den trevliga och vertikalt, sedan freespins trevligt och lågt, och därefter bollarna igen och de
    sista 12 numren.

  26. Hey, I think your website might be having browser compatibility issues.
    When I look at your blog in Opera, it looks fine but
    when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up! Other
    then that, very good blog!

  27. The survey did what social media couldn’t: It showed us, systematically and scientifically, what
    they wanted to know about how to do surveys, and what they DIDN’T want to
    know. Losing weight safely can be done so read on to find out more methods that are safe for
    adults to consider when losing weight. By recognizing these obstacles we can learn to better understand and overcome them in an effort to make
    for a richer and more meaningful life.

  28. I know this if off topic but I’m looking into starting my own webllg and was
    wondering what all is needed to get setup? I’m assuming havinmg
    a blog like yours would cost a pretty penny? I’m not very internet smart so I’m not 100% sure.
    Any tips or advice would be greatly appreciated. Cheers

  29. Good day! I know this is somewhat off topic but I was wanting to know which blog framework are you using for this site?

    I’m getting sick and tired of WordPress because I’ve had issues with hackers and I’m looking at
    options for another platform. I would be great if you could
    point me in the way of a good platform.

  30. Write more, thats all I have to say. Literally, it seems as though you relued
    on the video to make youur point. You obviously know
    what youre talking about, why throw away your intelligence on just
    posting videos to your weblog when you could be giving us something enlightening tto read?

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s