Teori dan Konsep Keamanan Informasi - Rian010/Journal GitHub Wiki
Keamanan informasi adalah studi dan praktik yang bertujuan untuk melindungi data dan sistem dari ancaman. Berikut adalah beberapa teori dan konsep dasar keamanan informasi:
Bab 1: Konsep Dasar
Bagian 1: Konfigurasi Kerhaan (Security Configuration)
- Prinsip minimal privilege
- Default deny policy
- Separation of duties
Bagian 2: Autentikasi (Authentication)
- Something you know
- Something you have
- Something you are
- Multi-factor authentication
Bagian 3: Authorisasi (Authorization)
- Access control matrix
- Capability-based access control
- Role-based access control (RBAC)
Bab 2: Teori Risiko
Bagian 1: Risiko Threat
- Asset
- Threat agent
- Vulnerability
- Impact
Bagian 2: Risiko Assessment
- Qualitative assessment
- Quantitative assessment
- Residual risk
Bagian 3: Risiko Management
- Acceptable risk
- Risk mitigation
- Risk transfer
Bab 3: Audit dan Monitoring
Bagian 1: Audit Trail
- Who, what, where, when, why
- Tamper evident logging
- Non-repudiation
Bagian 2: IDS/IPS
- Intrusion detection system (IDS)
- Intrusion prevention system (IPS)
- False positive and false negative rates
Bagian 3: SIEM
- Security information and event management (SIEM)
- Real-time threat detection
- Correlation and alert aggregation
Bab 4: Availability
Bagian 1: Denial of Service (DoS)
- Amplification attacks
- Reflection attacks
- SYN flood attacks
Bagian 2: Redundancy
- Load balancing
- Failover clustering
- Geographic redundancy
Bagian 3: Disaster Recovery Plan
- Business continuity planning
- Data backup and recovery
- Alternative site selection
Referensi: Information Security Management Handbook Computer Security Fundamentals