metode bayesian network dan cosine -...
TRANSCRIPT
![Page 1: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/1.jpg)
LOGOMetode Bayesian Network dan Cosine
LOGOSimilarity untuk Sistem Identifikasi Kontrol Keamanan Informasi
![Page 2: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/2.jpg)
Identitas Penelitian
Nama mahasiswa: I d i S d ti RIndri Sudanawati Rozas
Pembimbing: Pembimbing: Prof. Drs.Ec. Ir. Riyanarto Sarno, M.Sc. Ph.D
Judul penelitian sidang proposal: Metode Bayesian untuk Perencanaan ContingencyDalam Manajemen Keamanan InformasiDalam Manajemen Keamanan Informasi
Judul proposal penelitian revisi: p p pMetode Bayesian Network dan Cosine Similarity untuk Sistem Identifikasi Kontrol Keamanan InformasiInformasi
![Page 3: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/3.jpg)
Struktur Pembahasan Tesis
Pendahuluan
Kajian Pustaka dan Dasar Teori
Metodologi
Analisis dan Desain
Hasil dan Pembahasan
![Page 4: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/4.jpg)
PENDAHULUANPENDAHULUAN
![Page 5: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/5.jpg)
PendahuluanLatar Belakang
BS 7799:1BS 7799:1BS 7799:2
ISO/IEC 27001NISTNIST
INFORMASI SMKIgangguan
![Page 6: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/6.jpg)
PendahuluanPerumusan Masalah
Bagaimana membuat struktur bayesian networkg ylengkap untuk jenis-jenis ancaman keamanan informasi (threats) dengan studi kasus lingkungan Institut Teknologi Sepuluh Nopember Surabaya
Bagaimana memilih kontrol keamanan informasi yang diperlukan sesuai dengan hasil perhitungan gangguan keamanan informasi pada studi kasus lingkungan Institut Teknologi Sepuluh Nopember Surabaya.
![Page 7: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/7.jpg)
PendahuluanTujuan dan Manfaat
Membuat model sistem pemilihan kontrol keamanan informasi
Menyusun struktur bayesiannetwork yang sesuai
Membantu Membantu manajemen manajemen
Pemilihan kontrol berdasarkan
kontrol internalkontrol internal
nilai similarity
![Page 8: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/8.jpg)
PendahuluanBatasan Masalah
Kontrol keamanan informasi yang digunakan adalah Annex A dokumen standar ISO/IEC 27001:2005.
Untuk mendapatkan term dan term frequency digunakan deskripsi dari objektif dan nama kontrol pada ISO/IEC 27001 200527001:2005.
Nama threats serta threats scenario yang digunakan berdasarkan pada hasil penelitian Rahmad, 2010.
Struktur bayesian network dan nilai conditional probability Struktur bayesian network dan nilai conditional probability table (CPT) yang digunakan berdasarkan hasil survey dan observasi yang tercatat di Puskom Institut Teknologi Sepuluh Nopember Surabaya.p y
![Page 9: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/9.jpg)
KAJIAN PUSTAKA KAJIAN PUSTAKA DANDAN
DASAR TEORIDASAR TEORI
![Page 10: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/10.jpg)
Kajian Pustaka
Pemilihan Kontrol
AURUM
Automated Risk and Utilit M tPemilihan Kontrol
ISO 27001
133 kontrol
Security ontologies: improving quantitative risk
Utility Management (AURUM, 2009)
Ontology-based Decision Support for I f ti S it 133 kontrol
Pemilihan kontrolnya memerlukan analisis dan pemahaman yang tidak mudah
quantitative risk analysis (2006)
Ontological mapping of common criteria’s security assurance
Information Security Risk Management(2009)
Formalizing I f ti S ityang tidak mudah
(Brewer 2010).security assurance requirements (2007)
Interactive selection of ISO 27001 controls under
Information Security Knowledge (2009)
controls under multiple objectives(2008)
![Page 11: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/11.jpg)
Kajian PustakaAURUM
Bayesian Network pada AURUM dibentuk untuk melakukan pemilihan kontrol berdasarkan masing-masing threat misal fire desk dllberdasarkan masing masing threat, misal fire, desk, dll.
![Page 12: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/12.jpg)
Kajian PustakaAURUM
((Min Tjoa A, 2008))(( j , ))
![Page 13: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/13.jpg)
Dasar Teori
Variabel
Model
Variabel
Kualitatif
Langkah Langkah Pembentukan Pembentukan
Struktur BayesianStruktur Bayesian
Langkah Langkah Pembentukan Pembentukan
Struktur BayesianStruktur BayesianKuantitatif Verifikasi Struktur Bayesian Struktur Bayesian
NetworkNetwork(Langsetha, 2007)(Langsetha, 2007)
Struktur Bayesian Struktur Bayesian NetworkNetwork
(Langsetha, 2007)(Langsetha, 2007)
Verifikasi
![Page 14: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/14.jpg)
Langkah Penyusunan Struktur BN
Dua kelompok
Pakar Pembangunan
model dan CPT
Data Pembangunan
model dan CPTmodel dan CPT berdasarkan pendapat pakar.
Pembentukan model bayesian
model dan CPT berdasarkan algoritma data mining.
Pembentukanmodel bayesian network sulit dan memakan waktu.
Pembentukan model bayesian network menjadi efisien.
(Langsetha, 2007)(Langsetha, 2007)
![Page 15: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/15.jpg)
Bayesian Network Inference (forward)
![Page 16: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/16.jpg)
Bayesian Network Inference (backward)
![Page 17: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/17.jpg)
Cosine Similarity
Cosine similarity adalah metode similarity yang li b k di k k hi paling banyak digunakan untuk menghitung
similarity dua buah dokumen (Pang Ning, 2006).
![Page 18: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/18.jpg)
Contoh Perhitungan Cosine Similarity
![Page 19: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/19.jpg)
METODOLOGIMETODOLOGI
![Page 20: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/20.jpg)
Skema Sistem
![Page 21: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/21.jpg)
Metode Penelitian
![Page 22: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/22.jpg)
Studi Literatur
Kerangka TeoritisKerangka Teoritisgg
Bayesian NetworkCosine Similarity
PemilihanPemilihan Hybrid riskHybrid risk Text Text 1 32
KontrolKontrolISOISO
yyassessmentassessment similaritysimilarity
![Page 23: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/23.jpg)
Perumusan Masalah
Metode analisis resiko yang dipilih adalah bayesian network.
Untuk pembentukan struktur network digunakan skenario yang disusun oleh Basuki Rahmad 2010 pada publikasi yang yang disusun oleh Basuki Rahmad, 2010, pada publikasi yang berjudul “Threat scenario dependency-based model of information security risk analysis”.
Penelitian mengambil studi kasus ancaman keamanan informasi yang termonitor dan tercatat di Puskom Institut informasi yang termonitor dan tercatat di Puskom Institut Teknologi Sepuluh Nopember Surabaya.
Metode pencocokan kata yang digunakan adalah cosine similarity. Data yang digunakan dalam penelitian berupa bahasa Inggris.gg
![Page 24: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/24.jpg)
Membangun Struktur Bayesian NetworkET9. Mailserver error
HA5. Virus
HA7. Packet error
HA14. Kernell error
HD1. Spyware
HD17. Intrusion
HD29. Unauthorized user
HD33. SYN attack
the hijaking of uses
espionage
exceeded limits of operation
damage
modifications
software asset
HA1. User’s error
HA5. Virus
HD1. Spyware espionage
damage
modifications
database & fileserver
HD26 Spam the hijaking of uses
23
Masternetwork Data
prior
ET1. Water damage
HA11. Database error
HD1. Spyware
HD26. Spam the hijaking of uses
espionage
damage
mediastore
HA5. Virus
HA16. Router down
HA18. System error
HD1. Spyware
espionage
exceeded limits of operation
modifications
server &workstation
HA5. Virus
HA18. System error
HD1. Spywareespionage
exceeded limits of operation
network hardware
HA5. Virus
HA7. Packet error
HA18. System error
HD1. Spyware
the hijaking of uses
exceeded limits of operation
communication network
espionage
HA17. Downtime ISP
HD29. Unauthorized user
modifications
ET1. Water damage
ET5. Power failure
ET12. AC’s trouble
exceeded limits of operation
damage
auxiliary equipment
HD1. Spyware espionage personnel
1 Daftarthreat
4NilaiCPT
5 Validasi
![Page 25: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/25.jpg)
1. Menentukan daftar threat
Berdasar katalog Magerit dan ISO/IEC 27005 (Rahmad, 2010), terdapat 73 buah threat (Tabel 3 1) disesuaikan dengan kondisi ITSterdapat 73 buah threat (Tabel 3.1) disesuaikan dengan kondisi ITS
![Page 26: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/26.jpg)
2. Membuat master network
Network yang dibentuk didasarkan pada skenario yang diusulkan oleh Rahmad 2010 disesuaikan dengan ITSdiusulkan oleh Rahmad, 2010 disesuaikan dengan ITS
[Re]-routing error
Sequence error
ET9. Mailserver error
HA7. Packet error
HA14 Kernell error
HD1. Spyware
HD17. Intrusionthe hijaking of uses
espionage
exceeded limits of operation software asset
Sequence error
Information leaks
Illegal usage of software
Masquerading of user identity
Abuse of access privileges
Software misuse
Unauthorized access
the hijaking of uses
Spying by a foreignstate or a mafia usingimportant resources
HA5. Virus
HA14. Kernell error
HD29. Unauthorized user
HD33. SYN attack
damage
modifications
HA1. User’s error
HA5. Virus
HD1. Spyware espionage
damage
modifications
database & fileserver
p
Eavesdropping
espionage
Software failure
Bug on software
Defects in software maintenance
or updating
exceeded limit of operation
Administrator's error
Malware diffusion
Vandalism from inside: by people
authorized within the i ( l
damage
communication network
ET1. Water damage
HA11. Database error
HD1. Spyware
HD26. Spam the hijaking of uses
espionage
damage
mediastore
HA5 Vi
HA18. System error
HD1. Spyware
espionage
exceeded limits of operation server &workstation
Configuration Error
Defects insoftware maintenance or
updating
Malicious modification (director indirect) of the functionalities of a program or of the
operation of an office program: Excel,
Access, etc
Malicious erasure of
modification
premises (personnel, sub-contractor, etc
Unauthorized access
HA5. Virus
HA16. Router down
p
modifications
HA5. Virus
HA18. System error
HD1. Spywareespionage
exceeded limits of operation
network hardware
HA7. Packet error
HD1 Spyware
the hijaking of uses
espionageMalicious erasure of software configurations
[Re]-routing message
Sequence alteration
Software manipulation
Malicious erasure (directly or
indirectly) of software on its storage
loss of propertyHA5. Virus
HA17. Downtime ISP
HA18. System error
HD1. Spyware
HD29. Unauthorized user
exceeded limits of operation
modifications
communication network
espionage
ET1. Water damage
ET12. AC’s trouble
exceeded limits of operation
auxiliary equipment
ET5. Power failure damage
auxiliary equipment
HD1. Spyware espionage personnel
![Page 27: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/27.jpg)
3. Mengumpulkan data prior
![Page 28: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/28.jpg)
4. Menentukan nilai CPTHA7. Packet error
HD17 Intrusionthe hijaking of uses
ET9. Mailserver error
HD1. Spyware
HD17. Intrusion
espionage
d d li it f
HA5. Virus
HA14. Kernell error
exceeded limits of operation
damage
software asset
HD29. Unauthorized user
HD33. SYN attack
modifications
![Page 29: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/29.jpg)
4. Menentukan nilai CPTHA7. Packet error
HD17. Intrusionthe hijaking of uses
ET9. Mailserver error
HA5 Virus
HA14. Kernell error
HD1. Spyware espionage
exceeded limits of operation
damage
software asset
HA5. Virus
HD29. Unauthorized user
HD33. SYN attack
damage
modifications
![Page 30: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/30.jpg)
5. Melakukan validasi
Dengan bantuan visualisasi program Netica. H il hit t i di ji lidit d k Hasil perhitungan posterior di uji validitas dengan pakar.
![Page 31: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/31.jpg)
Perhitungan Cosine Similarityg y
ditampilkan secara ascending
Merangking Nilai Cosine
)( yx
Menghitung Nilai Cosine||||||||
),cos(yx
yxyx
133 dokumen .txtMenghitung Term Frequency
http://fivefilters.org/term-extraction/
Menentukan Term ISO
![Page 32: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/32.jpg)
Membangun Sistemg
Bahasa PemrogramanVisual Basic 6.0
SiPKoKISiPKoKI
DBMSMicrosoft Access 2007
![Page 33: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/33.jpg)
Melakukan Validasi
ValidasiValidasiSiPKoKI
B i C iBayesian Network
Cosine Similarity
Netica SiPKoKI
SiPKoKI Manual
Rekomendasi
Brewer, 2010
![Page 34: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/34.jpg)
Parameter Penelitian
Menggunakan hasil penelitian (Brewer, 2010) antara January 2007 December 2010 January 2007 - December 2010.
Publikasi yang berjudul “Insight into the ISO/IEC 27001 Annex A”.
![Page 35: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/35.jpg)
ANALISISANALISISDAN
DESAIN
![Page 36: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/36.jpg)
Analisis
Penyusunan strukur bayesian
Analisa Permasalahan
network
Menentukan term yang digunakanPermasalahan yang digunakan
Melakukan perhitungan
Analisis
perhitungan cosine
Gambaran umum
Definisi K b t h d
sistem
Kebutuhan Kebutuhan dan Batasan Sistem
Kebutuhan sistem
Batasan sistem
![Page 37: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/37.jpg)
Analisa Permasalahan
Bagaimana cara mendapatkan sebuah struktur b i k b d i d CPT bayesian network beserta data prior dan CPT lengkap agar dapat dilakukan proses perhitungan resiko yang tepat?resiko yang tepat?
Bagaimana menentukan term yang akan Bagaimana menentukan term yang akan digunakan sebagai variabel pada perhitungan cosine similarity?y
Bagaimanakah melakukan perhitungan cosine Bagaimanakah melakukan perhitungan cosine similarity antara dokumen ISO 27001 dan term pada threat?
![Page 38: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/38.jpg)
Definisi Kebutuhan dan Batasan Sistem
Kebutuhan Sistem (System Requirements)R 1 M b t k t kt b i t k R.1 Membentuk struktur bayesian network
R.2 Mengisi daftar variabel (threat, attack type, dan asset) R 3 Membuat net / link antar variabelR.3 Membuat net / link antar variabel R.4 Melakukan inference R.5 Menghitung nilai cosine similarity
Batasan SistemD k ISO 27001 di k d h di k t k d l Dokumen ISO 27001 yang digunakan sudah di konvert ke dalam bentuk dokumen .txt
Bahasa permograman yang digunakan adalah Visual Basic versi p g y g g6.0
Database yang digunakan adalah Microsoft Acces 2007
![Page 39: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/39.jpg)
Desain
Desain database
DesainDesain usecase
Desain antarmuka
![Page 40: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/40.jpg)
Relationship DB SiPKoKI
![Page 41: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/41.jpg)
Desain Use Case Deskripsi Use Case
Membuat
Membuat threat
Membuat network
threat
Membuat attack type
Membuat asset
Membuat linkManajemen
Melakukan inferencing
jKontrol Internal
![Page 42: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/42.jpg)
Desain Antarmuka
![Page 43: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/43.jpg)
HASILHASILDAN
PEMBAHASAN
![Page 44: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/44.jpg)
Hasil dan Pembahasan
Implementasi
Validasi Sistem
Perhitungan bayesian
Hasil dan
S stePerhitungan
cosine
Pembahasan Ujicoba dan Pembahasan
Terhadap 8 buah asset
Analisis
Nilai resiko
Rekomendasi Analisis Keseluruhan
Rekomendasi kontrol
Extended Extended term
![Page 45: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/45.jpg)
Implementasi
![Page 46: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/46.jpg)
Validasi SiPKoKI
![Page 47: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/47.jpg)
Validasi SiPKoKI
![Page 48: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/48.jpg)
Pembahasan Software asset
![Page 49: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/49.jpg)
Pembahasan Database and fileserver asset
![Page 50: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/50.jpg)
Pembahasan Mediastore asset
![Page 51: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/51.jpg)
Pembahasan Server and workstation asset
![Page 52: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/52.jpg)
Pembahasan Network hardware asset
![Page 53: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/53.jpg)
Pembahasan Communication network asset
![Page 54: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/54.jpg)
Pembahasan Auxiliary equipment asset
![Page 55: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/55.jpg)
Pembahasan Personnel asset
![Page 56: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/56.jpg)
Analisis Hasil
![Page 57: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/57.jpg)
Analisis Hasil Kontrol Rekomendasi
Nilai Cosine Similarity
0,72
Term Standart Extended Term
0,58 0,580,58 0,58
0,62
0,55
0,71
0,71
0,56 0,530,57 0,57
0,610,55
0,50
Software asset Database and Mediastore Server and Network Communication Auxiliary Personnel fileserver asset asset workstation
assethardware asset network asset
yequipment
assetasset
![Page 58: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/58.jpg)
Analisis Hasil Kontrol Rekomendasi
Relevansi Kontrol Rekomendasi
100,00100,00 100,00 100,00 100,00 100,00
Term Standart Extended Term
80,00 80,00
100,00100,00 100,00 100,00
80,00 80,00
100,00 100,00
60,00 60,00 60,00 60,00 60,0060,00
Software asset Database and Mediastore Server and Network Communication Auxiliary Personnel fileserver asset asset workstation
assethardware asset network asset
yequipment
assetasset
![Page 59: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/59.jpg)
KESIMPULANKESIMPULANDAN
SARAN
![Page 60: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/60.jpg)
Kesimpulan
Bayesian network dapat membantu menghitung nilai resiko dari data threat yang dimiliki oleh Puskom ITSdari data threat yang dimiliki oleh Puskom ITS
Pemilihan kontrol keamanan informasi menggunakan cosine ggsimilarity dan term standar pada data threat memiliki nilai akurasi rata-rata sebesar 70% sedangkan menggunakan term yang diperluas mencapai 90%term yang diperluas mencapai 90%.
Nilai cosine similarity yang dihasilkan menggunakan term standar rata-rata sebesar 0,58 sedangkan menggunakan term yang diperluas mencapai 0,62.
Perluasan term dapat meningkatkan nilai presisi dan cosine similarity hasil rekomendasi secara signifikan.
![Page 61: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/61.jpg)
Saran
Menyusun kamus kata / daftar istilah khusus W d k d k ISO 27001semacam Wordnet untuk dokumen ISO 27001.
Melakukan perbaikan proses pembentukan struktur bayesian network SiPKoKI dengan menambahkan algoritma pembentuk struktur menambahkan algoritma pembentuk struktur Bayesian Network dari data mining.
![Page 62: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/62.jpg)
DAFTARDAFTARSPUSTAKA
![Page 63: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/63.jpg)
Daftar Pustaka Alberts C., dkk., (2004) Defining Incident Management Processes for
CSIRTs: A Work in Progress, CMU/SEI,. Ekelhart, dkk,. (2007). Security ontologies: Improving quantitative risk
analysis. In: 40th Hawaii International Conference on System Sciences (HICSS’07), pp. 156–162. IEEE Computer Society, Los Alamitos, CA, USA.
Huang A (2008) Similarity Measures for Text Document Clustering New Huang, A (2008), Similarity Measures for Text Document Clustering, New Zealand Computer Science Research Student Conference, NZCSRSC 2008, April 2008, Christchurch, New Zealand.
Min Tjoa A, (2008). Ontology and Bayesian based Threat Probability Min Tjoa A, (2008). Ontology and Bayesian based Threat Probability Determination. Proceeding of The Junior Scientist.
Ekelhart, dkk,. (2009). Automated Risk and Utility Management. Sixth International Conference on Information Technology: New Generations.
National Institute of Standart and Technology/NIST (2010), Contingency Planning Guide for Federal Information Systems (NIST 800-34), NIST.
Rahmad B., dkk., (2010). Threat Scenario Dependency-Based Model of Information Security Risk Analysis, International Journal of Computer Science and Network Security, IJCSNS vol.10 No.8, August 2010
Sarno, R., Iffano, I. (2009). Sistem Manajemen Keamanan Informasi Berbasis ISO 2001 ITS Press SurabayaBerbasis ISO 2001. ITS Press, Surabaya.
![Page 64: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/64.jpg)
LOGOLOGO
![Page 65: Metode Bayesian Network dan Cosine - digilib.its.ac.iddigilib.its.ac.id/public/ITS-Master-16174-Presentation-1712691.pdf · Judul ppp proposal penelitian revisi: ... Kuantitatif Verifikasi](https://reader031.vdocuments.mx/reader031/viewer/2022030402/5a78cd097f8b9a70238ca4d7/html5/thumbnails/65.jpg)
Threat dependency n not