ICT Review : 2014

Thursday, July 10, 2014

10 Visual Content Tools

1. Canva
2. PlaceIt
3. HubSpot
4. Death to the Stock Photo
5. NounProject
6. 55 Free Content Creation Templates
7. Google Fonts
8. Skitch
9. ColorPicker
10. GIFBrewery

http://blog.hubspot.com/marketing/visual-content-creation-tools?utm_campaign=blog-rss-emails&utm_source=hs_email&utm_medium=email&utm_content=13407664

Wednesday, April 30, 2014

Materi Dasar Cybersecurity

http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=13526&country=United+States

Course Outline

1. Cybersecurity Introduction, Job Roles, and Functions

Security Fundamentals
- Security Importance
- Human Influence
Vulnerabilities
- Typical Attack Sequence
- Social Engineering
- Footprinting
- Well-Known Parts
- Port Scanning
- Password/Passphrase Vulnerabilities
- Track Covering

2. Social Media Concerns

Social Media
- Types
- Vulnerabilities
- Social Networking Sites
- Social Engineering
Phishing
- Phishing via E-mail
Online Attacks
- Statistical Data
- Security Breach Sources

3. Cyber Awareness

CNCI
- Definition and Purpose of CNCI
- CNCI Initiative Details
Legalities
- Laws and Rules
- Legal Compliance
Cyber Attacks
- Malware
- Viruses
- Worms
- Logic Bombs
- Botnet
- Trojan Horse
- OSI Model
- DNS

4. Cyber Services

Cyber Threats
- Denial of Service Vulnerabilities
Server Hardening
- Web Server Hardening
- Mail Server Hardening
- FTP Server Hardening
- DNS Server Hardening
- Other Servers
- Workstation Considerations
- Network Appliances
- Wireless Access Hardening
- VLAN Security
- Software Attacks

5. Risk Management and Assessment

Risk Management
Risk Management Process
- Steps
- ALE Formula
- CRAMM Process
- Risk Management Lifecycle
- Protected Assets
- CIA Triad
Threat Determination Process
Risk Assessment
- Scenarios
- Criticality
- Prioritization
Risk Management Lifecycle
- Steps
- Policy
- Assessment
- Baselines and ePolicy
Vulnerabilities
- Vulnerability Categories
- Self-Assessment
- Weak Links in Security
- Technical Controls
- Due Care
- Insurance against Losses

6. Security Policy Management

Security Policies
- Security Policy Definition
- Security Policy Use
- Security Policy Importance
- Legal Issues
- Policy Example
- Policy References
- Policies, Guides, Standards, Procedures, and Controls
Coverage Matrix
- Preparing a Coverage Matrix
- Example Security Coverage Matrix
- Granular View of a Security Matrix
Basic Policies

7. Vulnerability Assessment and Tools

Vulnerability Testing
Penetration Testing
- Risks of Penetration Testing
- Methodologies
- Testing
- Technology Testing Tools

8. Business Continuity Planning

Disaster Types
Disaster Recovery Plan
- Goals
- Steps for Creation
- Contents
- Design Requirements
- Priorities
- Recovery Strategies
- High Availability Considerations
- Data Collection
- Written Plan Documentation
- Plan Testing Sequence
Business Continuity Planning
Business Continuity Planning Process
- BCP Process Steps
- Controls

9. Host Security

Types of Hosts
- General Configuration Guidelines
Clean Systems
Unnecessary Services
- Rules to Follow
- Warning Banners
Limiting Access
- Administrators
- Users
- Configuring and Logging
- Security Patches
Security Baselines
- Traffic Filtering
Monitoring

10. Architectural Integration

General Security Integration
Services
- Needs
Security Zones
- Filtering
- Screened Subnets
- Trusted Zones
Devices
- Routers
- Firewalls
- DMZ Hosts
Extenuating Circumstances
- Business-to-Business
- Exceptions to Policy
- Special Services and Protocols
- Configuration Management
Development
- Certification and Accreditation
- Common Criteria

11. Authentication and Cryptography

Authentication
- Identification
- Issues
Cryptosystems
- Elements
- Password Protocols
- Hashes
- Kerberos
- Symmetric Encryption
- Asymmetric Encryption
- Digital Signatures
Certificate Services
- Certificate Authorities
- Registration Authorities
- Models
- Policies
- Lifecycle
- Distribution

12. Securing Communications

Terminology
- Tunnels
- Applying Cryptography to OSI Model
Securing Services
- E-Mail
- FTP and Telnet
Transport
- SSL and TLS
- Gateway-to-Gateway VPN
- IPSec
Wireless
- Wireless Weakness
- Wireless Security
Steganography and NTFS Data Streams
- Steganography
- NTFS Alternate Data Streams

13. Intrusion Detection and Prevention Systems

Intrusion
- Definition
Defense in Depth
- Perimeter Router
- Firewall Monitoring
- Network Device Logging
- Host Monitoring
- Events Correlation
IDS/IPS
- Placement of IDS Monitors and Sensors
- Monitoring
- Host-Based and Network-Based Differences
- Policy Management
- Behavioral Signatures
IDS/IPS Weakness
- Encryption
- Coverage
- Overwhelmed
- False Positives
- Incorrect Configuration

14. Cyber Challenge Activities

Network Analysis Review

15. Forensic Analysis

Incident Handling
- Response
- Time and Reaction Sensitivity
- Issues for Consideration
- Response Procedures
- Evidence
Logging
- Process
- Log Analysis Tools

16. Cyber Evolution

Cyber Organization
- Cyber Forces
- Internet Leadership
- Internet Defenders
Cyber Future
- Future Challenges
- Evolving Needs
- Cyber Maturity Barriers
- Einstein 2 and Future
- Goals

Labs

Lab 1: Social Media

Phishing and Spyware
Windows Activation
Antivirus Notice
Commercial Web Site

Lab 2: Cyber Awareness

Scanning with Nmap
Scanning with Zenmap

Lab 3: Cyber Services

Telnet Banner Grabbing
FTP Banner Grabbing
SMTP Banner Grabbing
Netcat

Lab 4: Risk Assessment

Use Nessus to Identify Assets and Threats
Asset Worksheet Completion

Lab 5: Business Continuity Plan

Team Members/Key Contacts
Team Status Reporting
Priority IT Systems
IT System Backup Details
Recovery Process

Lab 6: Vulnerability Assessments and Audits

Mapping Site Content Using Teleport Pro
Using Cheops for Graphical Display of Network
Working with LANguard

Lab 7: Host Security - Malware

Connecting Remotely
RECUB Service

Lab 8: Authentication and Cryptography

Perform activities using Ettercap utility
Perform and Witness a Man in the Middle (MITM) Attack

Lab 9: Cryptographic Attacks

Using Steganographic Tools
Advanced NTFS File Streaming

Lab 10: SNORT (Eagle X IDS) Install

Installing Eagle X
Configuring Eagle X
Configure Rule to Ignore Hosts in SNORT

Lab 11: Cyber Challenge Activities

Identifying Assets and Threats
Completing Asset Worksheet

Lab 12: Forensics Analysis IIS Event Log Analysis

Identifying Common Attacks through IIS Log Analysis

Monday, April 28, 2014

Ini 10 tools gratis untuk admin server.

Ini 10 tools gratis untuk admin server.
http://lp.netwrix.com/top_10_free_tools_that_it_pros_love.html?cID=70170000000l24j

Silahkan dicoba!

Tuesday, March 4, 2014

Contoh scope implementasi ISO 20000

Dalam membuat scope implementasi ISO 20000 harus jelas.

Contohnya:
Planning, managing and delivery of all internal IT services to <>, as defined in the Service Catalog.

The system of internal IT service provision within <> for the staff located in Jakarta.

Provision of the <> and the management of associated systems for the <>, located in Jakarta.

The SMS of <service provider> that delivers <services>.

The SMS of <service provider> that delivers <technology> <services> from <service provider location> to <customer> at <customer location>.

Dari contoh di atas dalam scope bisa dimasukkan service, geografik, dan fungsional atau gabungan ketiganya.

Thursday, February 27, 2014

Free OLAP

Bagi yang berminat untuk melakukan OLAP dengan menggunakan free software bisa gunakan FreeAnalysis Scheme Designer.

http://bpm-conseil.com/content/freeanalysis-schema-designer

Selamat mencoba.

Wednesday, February 26, 2014

Open Source Project Management Software

Bagi yang menyukai open source software untuk manajemen proyek bisa menggunakan salah satu atau salah dua software yang ada di link ini:

http://opensource.com/business/14/1/top-project-management-tools-2014

Selamat mencoba!!

Tuesday, February 25, 2014

GSoC 2014

Tahun ini yang diterima untuk mengikuti GSoC 2014, bisa lihat di sini.
http://www.google-melange.com/gsoc/org/list/public/google/gsoc2014

Subscribe to: Posts (Atom)