The increasingly varied cyber attacks require an increased model of resilience and awareness of the threat of cyber disaster attacks. This became the background for Nungky Awang Chandra to conduct research which was presented at the Doctoral Promotion Session of the Department of Electrical Engineering, FTUI (05/07).
In his dissertation entitled “Development of a Cyberdisaster Situation Awareness Model and the Concept of Testing Risk Control to Improve Cyber Resilience and Security,” Nungky revealed that the purpose of his research is to develop a cyber disaster situation awareness model that can assess the level of risk of cyber-disaster threats and test cybersecurity vulnerabilities through methods. auditing, tabletop exercises, and penetration testing. This study uses a formal risk method fuzzy Failure Modes and Effects Analysis (FMEA) and temporal risk.
The results of the first research conducted showed that the cyber disaster situation awareness model was able to increase cyber security resilience. With the fuzzy FMEA method, the highest disaster risk level is found in the threat of ransomware attacks and earthquakes. Of the two highest risk values, validation of the factors that affect the level of awareness in dealing with the threat of ransomware and earthquakes was carried out through a survey of 152 respondents. The survey results show that cyber disaster response decisions are influenced by system capability factors (p<0.05), knowledge factors (p<0.05), and awareness factors for disaster situations (p<0.05).
“In the second study, the results show that a cybersecurity vulnerability testing framework with a temporal risk approach can help improve cyber resilience and security. The audit testing method, tabletop exercise, and penetration testing will produce two risk classifications, namely tolerable risk, and intolerable risk. This research also uses an application to help measure the level of cybersecurity risk based on Annex ISO 27001:2013,” said Nungky.
From testing the risk value with the audit method based on annex ISO 27001:2013, it was found that the acceptable level of risk is the acquisition, development, and maintenance of the system, with a security performance index value of 38.29%. Meanwhile, with the tabletop exercise method, it was found that there was no high or unacceptable risk level, with a security performance index value of 75%. Finally, testing the risk value using the penetration testing method shows that the unacceptable risk is access control and communication security, with a security control index value of 16.66%.
“Based on the findings of the vulnerabilities that have been described, corrective actions can then be taken through the application to increase cyber resilience and security. This corrective action will result in a security performance that is 100% compliant with annexed ISO 27001:2013. In the end, this research creates a new cyber situation awareness framework model concept that can assess the risk of cybersecurity threats and test cybersecurity control vulnerabilities,” said Nungky in explaining the conclusions of his research.
His research dissertation on the development of the cyber disaster situation awareness model succeeded in bringing Nungky to a doctorate with cum-laude predicate. Nungky is listed as the 143rd doctoral graduate of the Department of Electrical Engineering and the 462nd Faculty of Engineering, University of Indonesia. The Promotion Session was chaired by Prof. Dr. Ir. Riri Fitri Sari M.M. MSc. with the promoter Prof. Dr.-Ing. Ir. Kalamullah Ramli, M.Eng., and co-promoter Dr. Ir. Anak Agung Putri Ratna, M.Eng. While the testing team consists of Prof. Dr. Ir. Bagio Budiardjo, M.Sc; Dr. Ir. Muhammad Salman, S.T., M.I.T; Dr. Yohan Suryanto, S.T., M.T.; Dr. Ruki Harwahyu, S.T., M.T., M.Sc.; and Dr. Rudi Lumanto, M.Eng.
***
Public Communication Bureau
Faculty of Engineering, Universitas Indonesia