Kajian Ketahanan Siber - Manajemen Kerentanan
  • Cover
  • Tim Redaksi
  • Kata Pengantar
  • Kata Sambutan
    • Sambutan Kepala Badan Siber dan Sandi Negara - Letjen TNI (Purn) Hinsa Siburian
    • Sambutan Deputi Bidang Operasi Keamanan Siber dan Sandi - Mayjen TNI Dominggus Pakel, S.Sos. M.M.S.I
  • Prakata
    • Prakata - Direktur Operasi Keamanan Siber - Andi Yusuf, M.T.
    • Direktur Politeknik Siber dan Sandi Negara - Marsekal Pertama TNI R. Tjahjo Khurniawan S.T, M.Si
  • Ringkasan Eksekutif
  • BAB I. Latar Belakang
    • A. Lanskap Keamanan Siber Indonesia
    • B. Tren Kerentanan Sistem Elektronik Instansi Pemerintah di Indonesia
    • C. Urgensi Manajemen Kerentanan di Indonesia
  • BAB II. Dasar Hukum Keamanan Sistem Elektronik
    • Dasar Hukum Keamanan Sistem Elektronik
  • BAB III. Kerangka Kerja Manajemen Kerentanan di Indonesia
    • A. Kerangka Kerja Manajemen Kerentanan di Indonesia
    • B. Kolaborasi Manajemen Kerentanan pada Tingkat Nasional
    • C. Peran Setiap Pemangku Kepentingan pada Manajemen Kerentanan Tingkat Nasional
  • BAB IV. Benchmark Organisasi dan Tata Kelola Terkait Manajemen Kerentanan
    • A. Benchmark Organisasi dalam Praktik Manajemen Kerentanan
    • B. Standar Internasional dan Panduan Praktik Tata Kelola Manajemen Kerentanan
  • BAB V. Siklus Manajemen Kerentanan di Indonesia
    • A. Gambaran Umum Program Manajemen Kerentanan
    • B. Tahap Identifikasi
    • C. Tahap Prioritisasi
    • D. Tahap Penanganan
    • E. Tahap Verifikasi
    • F. Tahap Evaluasi
  • BAB VI. Strategi Penerapan Manajemen Kerentanan pada Organisasi
    • Strategi Penerapan Manajemen Kerentanan pada Organisasi
    • A. Tahap Identifikasi
    • B. Tahap Prioritisasi
    • C. Tahap Penanganan
    • D. Tahap Verifikasi
    • E. Tahap Evaluasi
  • BAB VII. Pengembangan Bakat Terkait Manajemen Kerentanan
    • A. Peta Okupasi
    • B. Kursus/sertifikasi Terkait
    • C. Kode Etik Pegiat Keamanan Siber
  • BAB VIII. Kesimpulan dan Rekomendasi
    • A. Kesimpulan
    • B. Rekomendasi
  • Daftar Pustaka
Powered by GitBook
On this page

Daftar Pustaka

AusCERT. (2024). AusCERT RFC 2350: Description of AusCERT’s Incident Response Service. https://auscert.org.au/publications/policies-and-agreements/auscert-rfc2350/

Bappenas. (2024). Peta Okupasi Nasional. https://petaokupasi.bappenas.go.id/

Booth, H., Rike, D., & Witte, G. (2013). The National Vulnerability Database (NVD): Overview. ITL Bulletin. https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=915172

BSSN. (2019). Peta Okupasi Nasional Keamanan Siber. https://www.bssn.go.id

BSSN. (2021). COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT) STARTER KIT v1.0.

BSSN. (2024). Peraturan Badan Siber dan Sandi Negara Nomor 1 Tahun 2024 tentang Pengelolaan Insiden Siber.

Bugcrowd. (2022). Reporting a Bug. https://docs.bugcrowd.com/researchers/reporting-managing-submissions/reporting-a-bug/

CERT-Bund. (2024). RFC 2350: CERT-Bund Description according to RFC 2350. https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KRITIS/rfc2350_CERT-Bund_txt.html

CERT-EU. (2024). RFC2350: CERT-EU Description according to RFC 2350. https://www.cert.europa.eu/static/files/RFC2350.pdf

Chaudhary, S., Gkioulos, V., & Katsikas, S. (2022). Developing metrics to assess the effectiveness of cybersecurity awareness program. Journal of Cybersecurity, 8(1), tyac006. https://doi.org/10.1093/cybsec/tyac006

Chen, K. Y. (2021). A Systematic Approach for Cybersecurity Risk Management [Massachusetts Institute of Technology]. https://dspace.mit.edu/handle/1721.1/139995

CISA. (2020). Cyber Resilience Review (CRR) Resource Guide: Vulnerability Management. https://www.cisa.gov/sites/default/files/publications/CRR_Resource_Guide-VM_0.pdf

CISA. (2024). Traffic Light Protocol (TLP) Definitions and Usage. https://www.cisa.gov/news-events/news/traffic-light-protocol-tlp-definitions-and-usage

Deputi III, B. (2024). Peraturan Deputi Bidang Keamanan Siber dan Sandi Pemerintahan dan Pembangunan Manusia Nomor 1 Tahun 2024 Tentang Pedoman Pembentukan Tim Tanggap Insiden Siber Sektor Pemerintahan.

Direktorat Operasi Keamanan Siber. (2023). Lanskap Keamanan Siber Indonesia 2023. https://www.bssn.go.id/wp-content/uploads/2024/03/Lanskap-Keamanan-Siber-Indonesia-2023.pdf

FIRST. (2015). Common Vulnerability Scoring System v3.0: Specification Document. Forum of Incident Response and Security Teams (FIRST), 1–21. https://www.first.org/cvss/cvss-v30-specification-v1.8.pdf

FIRST. (2017). Common Vulnerability Scoring System v3.0 Examples. https://www.first.org/cvss/cvss-v30-examples_v1.5.pdf

FIRST. (2023). CSIRT Services Framework v2.1. https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1

Foreman, P. (2019). Vulnerability Management (2nd ed.). Auerbach Publications. https://doi.org/10.1201/9780429289651

Gartner. (2020). A Guidance Framework for Developing and Implementing Vulnerability Management. https://www.gartner.com/en/documents/3747620

Goel, J. N., & Mehtre, B. M. (2015). Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology. Procedia Computer Science, 57, 710–715. https://doi.org/https://doi.org/10.1016/j.procs.2015.07.458

Government of South Australia. (2021). Vulnerability Management and Patching Guideline (SACSF-G11.0). https://www.security.sa.gov.au/documents/documents/SACSF-G11.0-Vulnerability-management-and-Patching-Guideline.pdf

Guidelines for Cyber Security Incidents. (2024). https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cyber-security-incidents

Hanford, S., & Heitman, M. (2015). Common Vulnerability Scoring System v3 . 0 : User Guide. FIRST-Forum of Incident Response and Security Teams, 1–15. https://www.first.org/cvss/cvss-v30-user_guide_v1.5.pdf

Huawei. (2023). Huawei Vulnerability Management White Paper 2023.

IoT Security Foundation. (2021). Vulnerability Disclosure Best Practice Guidelines, Release 2.0. https://www.iotsecurityfoundation.org/wp-content/uploads/2021/09/IoTSF-Vulnerability-Disclosure-Best-Practice-Guidelines-Release-2.0.pdf

ISO. (2018). ISO/IEC 29147:2018 Information technology – Security techniques – Vulnerability disclosure (Issue ISO/IEC 29147:2018). https://www.iso.org/standard/72311.html

ISO. (2019). ISO/IEC 30111:2019 Information technology – Security techniques – Vulnerability handling processes (Issue ISO/IEC 30111:2019). https://www.iso.org/standard/69725.html

JPCERT/CC. (2024). About JPCERT/CC. https://www.jpcert.or.jp/english/about/

Kissoon, T. (2022). Optimal Spending on Cybersecurity Measures: Risk Management. Routledge. https://www.routledge.com/Optimal-Spending-on-Cybersecurity-Measures-Risk-Management/Kissoon/p/book/9781032061412

Knerler, K., Parker, I., & Zimmerman, C. (2022). 11 Strategies of a World-Class Cybersecurity Operations Center.

Matwyshyn, A. M., Cui, A., Keromytis, A. D., & Stolfo, S. J. (2010). Ethics in security vulnerability research. IEEE Security & Privacy, 8(2), 67–72. https://doi.org/10.1109/MSP.2010.67

Mohammed, A. H. Y., Dziyauddin, R. A., & Latiff, L. A. (2023). Current Multi-factor of Authentication: Approaches, Requirements, Attacks and Challenges. International Journal of Advanced Computer Science and Applications, 14(1). https://doi.org/10.14569/IJACSA.2023.0140119

National Cyber Security Centre. (2022). Vulnerability Disclosure Toolkit. https://www.ncsc.gov.uk/files/NCSC-Vulnerability-disclosure-Toolkit-v2.pdf

NIST. (2012a). Computer Security Incident Handling Guide (Issue SP 800-61 Revision 2). https://doi.org/10.6028/NIST.SP.800-61r2

NIST. (2012b). Guide for Conducting Risk Assessments (Issue NIST Special Publication 800-30 Revision 1). https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

NIST. (2024). National Vulnerability Database (NVD). https://nvd.nist.gov/

Office of the CISO. (2024). Vulnerability management guidelines.

OWASP Foundation. (2021). OWASP Top Ten Web Application Security Risks. https://owasp.org/Top10/

Pipyros, K. (2019). A new systematic modelling methodology for improving cyber-attack evaluation on states’ Critical Information Infrastructure (CII) Kosmas Pipyros.

Presiden Indonesia. (2019). Peraturan Presiden Nomor 71 tahun 2019 tentang Penyelenggaran Sistem dan Transaksi Elektronik.

Recorded Future. (2022). The Intelligence Handbook: A Roadmap for Building an Intelligence-Led Security Program (4th ed.). Recorded Future.

Roytman, M., & Bellis, E. (2023). Modern Vulnerability Management: Predictive Cybersecurity. Artech. http://ieeexplore.ieee.org/document/10121000

Sarker, K. U., Yunus, F., & Deraman, A. (2023). Penetration Taxonomy: A Systematic Review on the Penetration Process, Framework, Standards, Tools, and Scoring Methods. Sustainability, 15(13). https://doi.org/10.3390/su151310471

Scarfone, K. A., Souppaya, M., Cody, A., & Orebaugh, A. (2008). Technical Guide to Information Security Testing and Assessment (Issues 800–115). https://doi.org/10.6028/NIST.SP.800-115

Scarfone, K., & Souppaya, M. (2022). Guide to Enterprise Patch Management Planning: Preventive Maintenance for Technology. https://doi.org/10.6028/NIST.SP.800-40r4

Swanagan, M. (2024, March 1). Vulnerability & Patch Management Metrics: Top 10 KPIs. https://purplesec.us/learn/vulnerability-management-metrics/

University of Toronto. (2024). Vulnerability Management Guidelines. https://security.utoronto.ca/wp-content/uploads/2024/01/vulnerability-management-guidelines-20240118.pdf

US-CERT. (2020). US-CERT InfoSheet v2. https://www.cisa.gov/sites/default/files/publications/infosheet_US-CERT_v2.pdf

PreviousB. Rekomendasi

Last updated 4 months ago