SIT 31 Okt Kelompok 3 (1)

8/17/2019 SIT 31 Okt Kelompok 3 (1)

1/53

Cybersecurity, Risk Management & FinancialCrime

Antonius Hernanda375998Ari Haryadi376764

Bagus Mayang Seto376007

Systems of Information Technology Jogiyanto Hartono, M..!., C.M.!., "h.#., "rof.


2/53

The Reason for dataBreaches

Data records breached wordwide

!009"!0#3

The main cause of data breach is hacking.Negligence : Management not doing enough to defend against cyberthreatsDisregard the value of the condential data they storeData security must be treated as a key business issue

and not simply the responsibility of the T department


3/53

!hy are cybercriminals sosuccessful "

• Negligence # that is management not doing enough todefend against cyberthreats.

• $ven high tech companies and market leader seem to

disregards the value of the condential data the storeand the threat posed by prot minded hackers.

• Data security must be treated as a key business issueand not simply the responsibility of the T department

• %acking is a business and hackers are too &ell funded

and motivated. 'rotecting data and net&ork againstcyber threats demands diligence( commitment andinvestment in the latest defense tools and techni)ue


4/53

DDo* + Distributed denial,of,service -

ttack bombards a net&ork or&ebsites &ith tra/c to crash itand leave it vulnerable to otherthreats

'T + dvanced 'ersistent Threat -

stealth net&ork attack in &hichan authori0ed entity + hacker ormal&are - gains access to anet&ork and remains undetectedfor a long time

*ocial $ngineering + %uman

%acking -

Tricked into revealing their log,in

credentials access to corporatenet&ork accounts as authori0edusers

B12D + Bring our o&n devices - $mployees using their personal

smartphones( tablets or othercomputing devices in the


5/53

!hat are the ob3ectives of cybersecurity "

• 'repare( prevent and recover

4. mplement and enforce procedures and acceptable usepolicies + 5's - for data( net&orks( hard&are and soft&arethat are company or employee o&ned

6. 'romote secure and legal sharing of information amongauthori0ed persons and partners

7. $nsure compliance &ith government regulations and la&s

8. 'revent attacks by having net&ork intrusion defenses in place

9. Detect( diagnose and respond to incidents and attacks in realtime

. Maintain internal controls to prevent unauthori0ed alterationof data and records

;. Be able to recover from business disasters and disruptions)uickly


6/53

8 *teps T *ecurity Model

4. *enior management commitmentand support

6. cceptable use policies and T

security Training

7. T *ecurity procedures andenforcement

8. %ard&are and soft&are+ keep up,to,date -


7/53

Three $ssential Defenses

4. ntivirus soft&are• Tools are designed to detect malicious codes and

prevent users from do&nloading them

• *can system from the presence of &orms( tro3an( etc

6. ntrusion detection system + D*s-• n D* scans for unusual or suspicious tra/c

• dentify the start of a Do* attack( alerting thenet&ork administrator to take defensive actions

7. ntrusion 'revention *ystem + '*s -• Designed to take immediate action # such as

blocking specic ' address.


8/53

Basic T *ecurity a& in a system thatallo&s an attack to be successful

uence ho& vulnerable they are

to threats

sset*omething of value that needs to

protected


9/53

Three 2b3ectives of data andinformation *ystem *ecurity

+on,dentiaity

No unauthori0ed data disclosure

-ntegrityData( documents( messages and

other les have not been altered inany unauthori0ed &ay

A.aiabiityData is accessible &hen needed by

those authori0ed to do so


10/53

@actors that e=pose companies andusers to attacks

pp and mobilescreate attack

vectors

Business operations arecontrolled by apps(

systems and net&orks thatare so interconnected thatanyone?s mobile device is

an entry point for attacks


11/53

Minimum security defenses for Mobiledevices

4. Mobile biometrics + voice A ngerprintbiometrics -

6. Rogue app monitoring + to detect and

destroy malicious app in the &ild -7. Remote &ipe capability + remote erase

capability -

8. $ncryption


12/53

Internet Technologies & Search Strategies





13/53


14/53

*C

$*

nformation search

Navigational search

Transactional *earch

rch engine Marketing + *$M - has become an integral business strateg

ple much more likely to be interested to the topic they are searching f rt to reach this targeted audience are much more likely to produce sal

nsist of designing and advertising a &ebpage( &ith the goal of increasinnic listing on *$R's + *earch engine Results 'ages - and tra/c to their

*earch $ngine Marketing

% t ti i b it


15/53

%o& to optimi0e &ebsitedesign

• !ebsite &ith good content &ill be morepopular than sites &ith poor )uality content

• *ocial media indicator( site tra/c( Reputationon revie& sites( *$R' click,through rate

Reputation or'opularity

• Eey&ord( page titles( relevant phrases inte=t( amount of t=t on page that appearsrelevant( *$R' click,through rate

Relevancy

• D&ell time( site speed( reading level( %ackedsites( mal&are( &ebsite satisfaction survey

5ser*atisfaction


16/53

'aid search advertising campaigns in orderto increase a&areness that lead to sales

M&*$-+S


17/53

Three $volutionary stages of thenternet

&)/1*-/2 o *H& &B

!eb 4.F + The initial !eb - !eb of pages

• 'ages or documents are hyperlinkedmaking t easier than ever before to accessconnected information.

• Built using %TMC + %yperte=t markuplanguage -

• $= : cnn.com( bhinneka.com

!eb 6.F + The *ocial !eb - !eb of pplication

• pplications are created that allo& peopleto easily create( share( and organi0einformation.

• Built using language like GMC + eGtensibleMarkup Canguage - and Hava*cript

• $= : youtube.com

!eb 7.F + The *emantic!eb - !eb of Data

• nformation &ithin documents or pages istagged &ith metadata( allo&ing users toaccess specic information acrossplatforms( regardless of the originalstructure of the le( page or document thatcontains it. t turn the !eb into one giantdatabase.

• 5ses language developed by the !7


18/53

%o& semantic !eb technology enhances theaccuracy of search engine result

*emantic !eb uses three languages to improve the )uality and accuracy of se

A21A&S

RD@ Canguage

To represent information about resources on theinternet. t &ill describe these resources usingmetadata uniform resource identiers + 5Rs - like

I title I( J author I( Jcopyright and licenseinformation.I t is one of the feature that allo&data to be used by multiple applications

2!Cs the !7< language used to categori0e andaccurately identify the nature of things found on

the internet

*'RKCs used to &rite programs that can retrieve andmanipulate data stored in RD@ @ormat


19/53

ho& business can optimi0e their &ebsites totake advantage of this emerging technology

• The need to optimi0etheir &ebsites forsemantic search

•


20/53

recommendation to enhance the user e=perience

and increase e,commerce sales

+ontent"based,tering

• Recommend products based on the productfeatures of items the customer hasinteracted &ith it in the past

• nclude vie&ing an item( liking an item(purchasing an item( saving an item in to &ishlist

+oaborati.e,tering

• Makes recommendation based on a user?ssimilarity to other people

• $= : recommendation based on the purchaseof other people( demographic system baserecommendation

HybridStrategies

• Develop recommendation based on acombination of methodologies content baseltering( collaborative ltering( kno&ledgebase and demographic system

• %ybrid system are used to increase the)uality of recommendation and address

shortcomings of system that only use asingle methodology


21/53


22/53

Social Me$ia Strategies an$ Metrics





23/53

ocia Media• Socia Media refer to nternet,based platforms( applications and services.

5sing social media( consumers talk about products( brands( customer service and

their e=perience. uence public opinion.

• successful social strategy re)uires companies to to kno& the customers( theire=pectations and preferences

• @or customer interactions( e=ternal social media platforms are used to engage&ith e=isting and prospective customers( reinforce brand messaging( in>uencecustomer opinions( provide targeted oers and service customers more e/ciently.

• nternal social media tools help drive greater employee engagement(collaboration and productivity.

• @or ne& product development and launch( both internal and e=ternal social mediatools help idea generation and evaluation


24/53

ia Media Strategies• *ocial media mistakes decrease the value of social strategy for 6 reasons :

*ocial media does not align &ith and reinforce the rest of the marketingprogram

Resources are &asted

• *trategic approach for building social media programs :

4. Begin &ith a foundation dene the goal and ho& to achieve it

6. Dene and understand target audience &ho the target audience are(&hich social media they use( ho& they use them

7. Build and e=ecute the social media strategy

•. Measurable ob3ectives and social media channels to be used

•. Metrics( E's and tools to measure success

•. content strategy of genuine interest to target audience•.


25/53

cia +ounities• *ocial net&ork analysis +*N- the mapping and measuring of

relationships and >o&s bet&een people( groups( organi0ations(computers or other information or kno&ledge,processing entities.

• *ocial Net&orking *ervices +*N*s- a special type of virtualcommunity and are no& the dominant form of online community.

!ith social net&orking( individual users maintain an identitythrough their prole and can be selective about &hich members ofthe larger community they choose to interact &ith. 2ver time( usersbuild their net&ork by adding contacts or friends.

@acebook.com


26/53

Monitoring Metrics and Anaytics• *ocial monitoring services allo& users to track conversations taking place on

social media sites. @our basic metrics used :

4.*trength the likelihood that a brand &ill be mentioned in social media

6.Reach an in>uence measure based on the number of uni)ue people &hopost or t&eet about a brand

7.'assion measure of the likelihood people &ill post repeatedly about abrand

8.*entiment a ratio of positive to negative mentions about a brand

•. Hay Baer identied four metric categories to measure the value of speciccontent. These metrics build on each other to ultimately improveperformance :

4.


27/53

cia Media aiures• mportant lessons learned from social media fails are the follo&ing :

Do not mi= marketing eorts &ith corporate social responsibility(humanitarian eorts or community engagements

!hat start as small mistakes or lapses in 3udgement can escalateinto big crisis via social media in minutes

Take full responsibility for mistakes because trying to shift blame

&ill backre pologies must be sincere( &ithout reservation( and &ithout

perceived benet to the company


28/53

Retail, Mobile an$ e%Commerce

Antonius Hernanda375998Ari Haryadi376764Bagus Mayang Seto376007



29/53

at is e"+oerce

source : https:&&&.youtube.com&atch"vNOmf@i43'PQ

Lideo


30/53

ng 1( +ustoer Deands ; Beha.ior• $mpo&ered 'rice *ensitivity uence patterns the path by &hichconsumers pursue purchases if often varied and unpredictable

•


31/53

/ni"+hanne $etaiing +once(t

• Business recogni0e the value of integrating their channels # in

eect( blurring the distinction bet&een the ne&er channel andin,store retailing

• *trategies integrating the customer e=perience across channel&ill emerge resulting in omni,channel retailing


32/53

ess"to"+ustoer


33/53

ess"to"+ustoer


34/53

(e o B!+ e"+oerce @ Aaon?co

*ource : https:&&&.youtube.com&atch"v5tBayLPBHM

Lideo


35/53

e o B!+ e"+oerce @ MatahariMa?c


36/53

s"to"Business


37/53

obie +oerce• Mobie e"coerce emphasi0es the use of mobile apps and

mobile &ebsites for carrying out transactions and does notnecessarily involve interaction &ith a traditional retail store

• Mobie retaiing emphasi0es in,store shopping using a mobiledevice but could include situations &here the customer ultimately

orders from &ebsite or mobile app

• Mobie ar%eting promotional strategies and tactics thatencourage both mobile e,commerce and mobile retail. This overlapis a re>ection of the evolution to&ard the omni,channel retail

concept


38/53

tion @ +o(etiti.e Ad.antage in Mobie +o

• -n"store *rac%ing n,store shopping e=periences can be optimi0edthrough mobile technology that can track a customer?s movement through

a retail store. This can be e=tremely helpful for understanding individualconsumer preferences as &ell as creating optimal store layout.

• Cuic% $es(onse


39/53

her Mobie +oerce• Mobie entertainent is e=panding on &ireless devices. Most

notable are music( movies( videos( games( adult entertainment(sports( and gambling apps.

• Hote ser.ices and tra.e go wireess? *martphones and othermobile devices have become essential travel aids. Most ma3orairlines( hotel chains( and nternet travel agencies have developedmobile apps to help travelers manage their arrangements


40/53

bie *ransactions• Mobie eectronic (ayent systes

s mobile commerce gro&s( there is a greater demand for paymentsystems that make transactions from smartphones and othermobile devices convenient( safe( and secure

• Mobie ban%ing and ,nancia ser.ices

Mobile banking is generally dened as carrying out bankingtransactions and other related activities via mobile devices. Theservices oered include bill payments and money transfers(account administration and check book re)uests( balance in)uiriesand statements of account( interest and e=change rates( and so on


41/53

Artice 3 @

Business -(act o eb !?0 *echoogies




42/53


43/53

mpact

• $kspektasi secara umum positifdansebagian besar responden mengharapkanteknologi !eb 6.F mempunyai dampak

yang signicant bagi perusahaan• *ebagian besar responden mengharapkan

dampak terhadap kno&ledge management(collaboration dan komunikasi S sebagian

3uga berharap dampak positif terhadapcustomer relationship management(innovation dan training.


44/53

• Dari pengukuran dampak terhadap kno&ledgemanagement. Eeempat metriksharing(retrieving( organi0ing( and leveragingkno&ledge mengindikasikan bah&ateknologi !eb 6.F memberikan kontribusi yangsignicant terhadap sharing( retrieving danorgani0ing kno&ledge

• Teknologi !eb 6.F technologies + untukkno&ledge management- lebih cenderungdescriptive daripada prescriptive( lebih bersifatoperasional daripada strategis

Eno&ledge Management


45/53

• Teknologi !eb 6.F mempunyai dampak yangmasih kecil terhadap customer relationshipmanagement( sementara teknologi ini mempunyaipotensi yang besar untuk mengembangkan

customer relationship management tersebut.• !ikis dan e=ternal customer blogs memberikan

kontribusi besar terbesar terhadap customerrelationship management

• *ecara keseluruhan customer relationshipmanagement tidak dilihat sebagai dampak utamadari teknologi !eb 6.F


46/53

nnovation

• Meskipun tidak terlalu banyakantusiasme( namun terdapatperkembangan baha&a !eb 6.F bisa

memberikan kontribusi terhadap inovasiyang dilakukan perusahaan

• Dari tabel 49( hasil survey menyatakanbah&a !eb 6.F 3uga belum di

maksimalkan untuk memberikankontribusi terhadap training dandevelopment karya&an

* i


47/53

*ecurity

• @aktor keamanan men3adi isu utama dalampenggunaan teknologi !eb 6.F *ecurity remains ama3or issue in the adoption of !eb 6.F technology.

• Beberapa perusahaan melakukan pemblokiran

akses terhadap situs 3e3aring sosial dari 3aringanperusahaan( beberapa perusahaan membuat 3aringan internalnya sendiri.

• Beberapa perusahaan tersebut 3uga mempunyai

perhatian terhadap &aktu yang di gunakan olehkarya&an untuk melakukan akses terhadap situs 3e3aring sosial tersebut.


48/53

+ase 4 @

in%ed-n Hac% @ essons earned and HiddenDangers




49/53

ase 4-n Hac% @ essons earned and Hidden Dangers


50/53


4. Cinkedn does not collect the credit card or other nancial accountinformation of its members. !hy then &ould prot,motivated hackers beinterested in stealing Cinkedn?s stored data" !hat data &ould they bemost interested in"•. %ackers bisa mendapatkan database telpon dan alamat email

pelanggan Cinkedn dan men3ual database tersebut ke banyak

perusahaan marketing•. Biasanya alamat email dan pass&ord bersifat universal untuk

beberapa akun online sehingga dengan mengetahui informasitersebut( hackers bisa login ke social media ataupun cloud databasedan dapat men3ual data,data berharga yang tersimpan( misalnya datakeuangan( list klien( rahasia perusahaan atau foto,foto

•. Hika email yang digunakan adalah email kantor( hackers bisa masuk kedatabase perusahaan dan mencuri data berharga

•. %ackers bisa mengirim email kepada list klien menggunakan emailperusahaan dan meminta klien masuk ke &eb gadungan yangmeminta mereka memasukkan data login dan pass&ord


51/53


6.


52/53


9. dentify and evaluate the actual and potential business risks anddamages from Cinkedn?s data breach.•. %ackers bisa membobol data berharga pelanggan di social media atau

cloud yang lain•. 'embobolan dapat menurunkan penghasilan Cinkedn dari iklan•. Cinkedn dapat terkena 3eratan hukum dan harus membayar denda

•. Cinkedn harus mengeluarkan biaya yang sangat besar untukmembersihkan datanya

. !hy is data encryption an important information security defense"•. Earena pass&ord yang terenkripsi secara lemah akan gampang dibobol

oleh hackers

;. Discuss &hy information security is a concern of senior managers.•. Data Security sangat mempengaruhi sebuah perusahaan dalam aspek

operasi( reputasi dan kepercayaan konsumen( yang pada akhirnyaberengaruh pada revenue A prot

Q. $=plain &hy someone &ho used the same pass&ord for several sites

$


53/53

$eerences

• https:

&&&.youtube.com&atch"vNOmf@i4 3'PQ

• https:

&&&.youtube.com&atch"v5tBayLPBHM

• https:

&&&.mataharimall.comstaticfa),cara,pembayaran
https://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaranhttps://www.mataharimall.com/static/9/faq-cara-pembayaran

Documents

SIT 31 Okt Kelompok 3 (1)