Professional Documents
Culture Documents
i.
Security AuditbChecklist
o o
a h
Akbar Azwir / Mikrotik User Meeting Indonesia 2014
s
m
About me http://id.linkedin.com/in/akbarazwir/
c o
i.
Akbar Azwir
b
• Graduated from Binus University
o
• Certified Trainer since 2008
o
• Founded Forum Mikrotik Indonesia in 2007
• Working in PT Bayan Resouces Tbk since 2008
h
• Trainer at BelajarMikrotik.Com
s a 02
m
About me
o
Belajar Mikrotik
c
• Started in 2013 by Herry Darmawan and Akbar
i.
Azwir
b
• We deliver all Certified Mikrotik class, Academy
class, and Integration class
o
• Working with more than 10 partners we have
o
delivered almost 30 trainings throughout 2014
h
• Please visit our website at
www.belajarmikrotik.com or
a
www.belajarmikrotik.co.id for more information
s
• Please ask us for training discount coupon
during MUM Indonesia 2014 only
02
m
Information Security
c o
i.
Information
Assets that has a value which therefor needs
b
protection
o o
Information Security
s 02
m
Information Security
c o
b i.
o o
a h
s Graphic: http://www.cyberintelligence.my/our-approach/
03
m
Information Security
c o
b i.
o o
a h
There’s no such thing as Information Security is a
s
100% secure continuous effort
Graphic : http://www.iphonefaq.org/archives/ios-501,
http://idealway.tumblr.com/post/1434031686/3-reasons-why-continuous-improvement-efforts-fail 04
m
ISO 27001
c o
i.
ISO/IEC 27001:2013
b
Information technology – Security techniques –
o
Information security management systems -
Requirements
o
Standards that provides methodology for the implementation of
h
Information Security Management System in an organization.
a
Can be implemented in any kind of organization, profit or non-profit,
private or state-owned, small or large.
s 05
m
ISO 27001
c o
Benefit ISO 27001 PDCA Cycle
i.
• Achieve marketing
b
advantage
o
• Lower cost
o
• Better organization
• Comply with legal
h
requirements or regulations
s a Graphic : http://www.netgrowthltd.co.uk/ISO27001.aspx
06
m
ISO 27001 Structures
c o
Sections 0 to 3 are
i.
introductory and are not
Section 0 Section 1
Section 2 Section 3 mandatory for implementation
Normative Terms and
Introduction Scope
b
references definitions
Sections 4 to 10 contains
requirements that must be
o
Section 7 Section 6 Section 5
Section 4 implemented in an
o
Context of the
Support Planning Leadership
organization organization if it wants to
comply
h
Section 9
Annex A contains 114 controls
a
Section 8 Section 10
Operation
Performance
Improvement
Annex A that must be implemented if
evaluation
applicable
s 07
m
Checklist
co
i.
Mikrotik RouterOS Security
Audit Checklist contains
questions based on Annex A
b
controls that are applicable to
Mikrotik RouterOS
o
Derivative work from the same
o
document for Cisco Router from
www.iso27001security.com
h
This is not a security advice
a
document
s
Ver 0.91 – On going works
08
m
Checklist Download
c o
i.
Mikrotik RouterOS Security Audit Checklist is licensed under Creative
Commons
b
Can be downloaded from :
o
http://www.belajarmikrotik.com/?p=21598
ho
s a 08
m
Checklist Categories
c o
i.
Router Policy
Contains question regarding the existence of Router Security Policy
o b
Administrator Authentication
o
Questions about the procedure and technical control on how
administrator access to the router
s
Questions about services to access routers and snmp usage
09
m
Checklist Categories
c o
i.
Configuration Management
Contains question regarding the management of router configuration
Business Continuity
o b
o
Questions about the procedure for disaster recovery and business
continuity
s
Questions about how the logs are being managed and the procedure
for handling any incident
10
Thank you
o m
i. c
o b
ho
a
For more info please contact us
s
akbar@belajarmikrotik.com
www.belajarmikrotik.com
m
Credits
co
i.
Dirga Yosafat Hyasintus
b
Sigit Pratomo
o
Gajendran Kandasamy, PhD
ho Herry Darmawan
a
Adhie Lesmana
s 12