(1) Network Security
Teknologi Informasi yang berkembang cukup pesat dan terintegrasi ke dalam sistem bisnis yang dijalankan membutuhkan perhatian yang khusus dan tidak bisa dipandang sebelah mata.
Proses kontrol harus selalu dilakukan untuk mengetahui bahwa sistem yang digunakan sudah sesuai dan mencukupi kebutuhan proses bisnis yang dijalankan. Tingkat keamanan dari sistem yang dimiliki setidaknya harus sesuai dan berimbang dengan tingkat kerahasiaan informasi yang ada.
Lantas, bagaimana kita dapat mengetahui bahwa sistem yang kita miliki sudah cukup aman? Bagaimana melakukan self assessment terhadap sistem yang digunakan? Langkah-langkah apa saja yang harus ditempuh untuk melakukan pengamanan pada sistem tersebut? Kendali (security control) apa dan bagaimana yang harus diterapkan?
Begitu banyak jawaban terhadap pertanyaan-pertanyaan di atas, namun salah satu jawaban yang pasti adalah ketersediaan Sumber Daya Manusia (SDM) yang paham dan tanggap terhadap masalah keamanan. Masalah keamanan sistem IT hendaknya dipahami oleh semua pihak yang terkait dengan sistem informasi dan IT, mulai dari pengguna biasa (user), system administrator, pengelola jaringan, pengembang aplikasi, sampai ke pucuk pimpinan (top level management).
Schedule
Tuesday, 21 Apr 2009
Introduction to Network Security
Introduction to Linux/UNIX
10 Domains of Security
Cryptography
Wednesday, 22 Apr 2009
Server and Internet Services Security
Initial Access
Casing the Joint
Penetration Testing
Thursday, 23 Apr 2009
Firewall, IDS & IPS Theory
Firewall, IDS & IPS Practice
Log Monitoring
Discussion
(2) Application and Database Security
Behind the information systems that electronically govern almost every aspect of our lives, there are applications and databases that process and keep our data. If the application and the database -parts of system that we all implicitly trust to process and hold our critical or sensitive data- are not secure, the potential impact on our lives, and even on our broader society, could be devastating.
In many cases, deploying network security countermeasures can defend our system against malicious attacks. But in other cases, the original vulnerability lies with the software. Software can be correct without being secure. Software can meet every requirement and perform every specified action flawlessly, yet still be exploited by a malicious user. Even after putting so much time, money, and effort on network security, the potential problems will still be there as long as the application's and database's security vulnerabilities get no serious attention.
Some of the vulnerabilities perhaps are already discovered over the years as we deploy the application and the database. The rest of the software vulnerabilities remain undiscovered. But they're there. They all have the potential to be discovered and be exploited. Something that matters: by whom.
Why then do we think it's necessary to share the methods for attacking and securing application with you? Because we want to put this information into your hands, so that you understand how others may attack your systems and how to defend. In this hands-on course, you will gain experience in the core application security vulnerability discovery, exploitation, and remediation methods.
Schedule
Tuesday, 21 Apr 2009
Introduction to Application Security
Secure Software Development Methodologies
Demo: Security Requirements & Secure Design
Wednesday, 22 Apr 2009
Common Web-application Security Vulnerabilities, Threats, and Countermeasures
Hands-on Session#1: ASP.NET Sample Application
Thursday, 23 Apr 2009
Hands-on Session#2: Java Sample Application
Discussion: Application Security Checklist and Cheatsheet
Tuition
These courses will be delivered in Bahasa Indonesia.
All coursewares (course materials, security tools in a live CD, computer facility for each), coffee break, lunch, and certificate are included with IDR 5.250.000,00 per person per course.
Registration
For further information, please do not hesitate to contact:
Fikri, Nursidah, Rois
PT. Indo Cisc
Gedung Cyber Lantai 7, Jl. Kuningan Barat No.8 - Jakarta 12710
Tel. (021) 5208049; Fax (021) 5208005
Email: fa@indocisc.com, nur@indocisc.com, rois@indocisc.com