Daftar Pustaka

AusCERT. (2024). AusCERT RFC 2350: Description of AusCERT’s Incident Response Service. https://auscert.org.au/publications/policies-and-agreements/auscert-rfc2350/

Bappenas. (2024). Peta Okupasi Nasional. https://petaokupasi.bappenas.go.id/

Booth, H., Rike, D., & Witte, G. (2013). The National Vulnerability Database (NVD): Overview. ITL Bulletin. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=915172

BSSN. (2019). Peta Okupasi Nasional Keamanan Siber. https://www.bssn.go.id

BSSN. (2021). COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) STARTER KIT v1.0.

BSSN. (2024). Peraturan Badan Siber dan Sandi Negara Nomor 1 Tahun 2024 tentang Pengelolaan Insiden Siber.

Bugcrowd. (2022). Reporting a Bug. https://docs.bugcrowd.com/researchers/reporting-managing-submissions/reporting-a-bug/

CERT-Bund. (2024). RFC 2350: CERT-Bund Description according to RFC 2350. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KRITIS/rfc2350_CERT-Bund_txt.html

CERT-EU. (2024). RFC2350: CERT-EU Description according to RFC 2350. https://www.cert.europa.eu/static/files/RFC2350.pdf

Chaudhary, S., Gkioulos, V., & Katsikas, S. (2022). Developing metrics to assess the effectiveness of cybersecurity awareness program. Journal of Cybersecurity, 8(1), tyac006. https://doi.org/10.1093/cybsec/tyac006

Chen, K. Y. (2021). A Systematic Approach for Cybersecurity Risk Management [Massachusetts Institute of Technology]. https://dspace.mit.edu/handle/1721.1/139995

CISA. (2020). Cyber Resilience Review (CRR) Resource Guide: Vulnerability Management. https://www.cisa.gov/sites/default/files/publications/CRR_Resource_Guide-VM_0.pdf

CISA. (2024). Traffic Light Protocol (TLP) Definitions and Usage. https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage

Deputi III, B. (2024). Peraturan Deputi Bidang Keamanan Siber dan Sandi Pemerintahan dan Pembangunan Manusia Nomor 1 Tahun 2024 Tentang Pedoman Pembentukan Tim Tanggap Insiden Siber Sektor Pemerintahan.

Direktorat Operasi Keamanan Siber. (2023). Lanskap Keamanan Siber Indonesia 2023. https://www.bssn.go.id/wp-content/uploads/2024/03/Lanskap-Keamanan-Siber-Indonesia-2023.pdf

FIRST. (2015). Common Vulnerability Scoring System v3.0: Specification Document. Forum of Incident Response and Security Teams (FIRST), 1–21. https://www.first.org/cvss/cvss-v30-specification-v1.8.pdf

FIRST. (2017). Common Vulnerability Scoring System v3.0 Examples. https://www.first.org/cvss/cvss-v30-examples_v1.5.pdf

FIRST. (2023). CSIRT Services Framework v2.1. https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1

Foreman, P. (2019). Vulnerability Management (2nd ed.). Auerbach Publications. https://doi.org/10.1201/9780429289651

Gartner. (2020). A Guidance Framework for Developing and Implementing Vulnerability Management. https://www.gartner.com/en/documents/3747620

Goel, J. N., & Mehtre, B. M. (2015). Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology. Procedia Computer Science, 57, 710–715. https://doi.org/https://doi.org/10.1016/j.procs.2015.07.458

Government of South Australia. (2021). Vulnerability Management and Patching Guideline (SACSF-G11.0). https://www.security.sa.gov.au/documents/documents/SACSF-G11.0-Vulnerability-management-and-Patching-Guideline.pdf

Guidelines for Cyber Security Incidents. (2024). https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cyber-security-incidents

Hanford, S., & Heitman, M. (2015). Common Vulnerability Scoring System v3 . 0 : User Guide. FIRST-Forum of Incident Response and Security Teams, 1–15. https://www.first.org/cvss/cvss-v30-user_guide_v1.5.pdf

Huawei. (2023). Huawei Vulnerability Management White Paper 2023.

IoT Security Foundation. (2021). Vulnerability Disclosure Best Practice Guidelines, Release 2.0. https://www.iotsecurityfoundation.org/wp-content/uploads/2021/09/IoTSF-Vulnerability-Disclosure-Best-Practice-Guidelines-Release-2.0.pdf

ISO. (2018). ISO/IEC 29147:2018 Information technology – Security techniques – Vulnerability disclosure (Issue ISO/IEC 29147:2018). https://www.iso.org/standard/72311.html

ISO. (2019). ISO/IEC 30111:2019 Information technology – Security techniques – Vulnerability handling processes (Issue ISO/IEC 30111:2019). https://www.iso.org/standard/69725.html

JPCERT/CC. (2024). About JPCERT/CC. https://www.jpcert.or.jp/english/about/

Kissoon, T. (2022). Optimal Spending on Cybersecurity Measures: Risk Management. Routledge. https://www.routledge.com/Optimal-Spending-on-Cybersecurity-Measures-Risk-Management/Kissoon/p/book/9781032061412

Knerler, K., Parker, I., & Zimmerman, C. (2022). 11 Strategies of a World-Class Cybersecurity Operations Center.

Matwyshyn, A. M., Cui, A., Keromytis, A. D., & Stolfo, S. J. (2010). Ethics in security vulnerability research. IEEE Security & Privacy, 8(2), 67–72. https://doi.org/10.1109/MSP.2010.67

Mohammed, A. H. Y., Dziyauddin, R. A., & Latiff, L. A. (2023). Current Multi-factor of Authentication: Approaches, Requirements, Attacks and Challenges. International Journal of Advanced Computer Science and Applications, 14(1). https://doi.org/10.14569/IJACSA.2023.0140119

National Cyber Security Centre. (2022). Vulnerability Disclosure Toolkit. https://www.ncsc.gov.uk/files/NCSC-Vulnerability-disclosure-Toolkit-v2.pdf

NIST. (2012a). Computer Security Incident Handling Guide (Issue SP 800-61 Revision 2). https://doi.org/10.6028/NIST.SP.800-61r2

NIST. (2012b). Guide for Conducting Risk Assessments (Issue NIST Special Publication 800-30 Revision 1). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

NIST. (2024). National Vulnerability Database (NVD). https://nvd.nist.gov/

Office of the CISO. (2024). Vulnerability management guidelines.

OWASP Foundation. (2021). OWASP Top Ten Web Application Security Risks. https://owasp.org/Top10/

Pipyros, K. (2019). A new systematic modelling methodology for improving cyber-attack evaluation on states’ Critical Information Infrastructure (CII) Kosmas Pipyros.

Presiden Indonesia. (2019). Peraturan Presiden Nomor 71 tahun 2019 tentang Penyelenggaran Sistem dan Transaksi Elektronik.

Recorded Future. (2022). The Intelligence Handbook: A Roadmap for Building an Intelligence-Led Security Program (4th ed.). Recorded Future.

Roytman, M., & Bellis, E. (2023). Modern Vulnerability Management: Predictive Cybersecurity. Artech. http://ieeexplore.ieee.org/document/10121000

Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13). https://doi.org/10.3390/su151310471

Scarfone, K. A., Souppaya, M., Cody, A., & Orebaugh, A. (2008). Technical Guide to Information Security Testing and Assessment (Issues 800–115). https://doi.org/10.6028/NIST.SP.800-115

Scarfone, K., & Souppaya, M. (2022). Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology. https://doi.org/10.6028/NIST.SP.800-40r4

Swanagan, M. (2024, March 1). Vulnerability & Patch Management Metrics: Top 10 KPIs. https://purplesec.us/learn/vulnerability-management-metrics/

University of Toronto. (2024). Vulnerability Management Guidelines. https://security.utoronto.ca/wp-content/uploads/2024/01/vulnerability-management-guidelines-20240118.pdf

US-CERT. (2020). US-CERT InfoSheet v2. https://www.cisa.gov/sites/default/files/publications/infosheet_US-CERT_v2.pdf

PreviousB. Rekomendasi

Last updated 9 months ago