A. B. Mutiara

Members and ISACA Certification holders shall:

■ Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for information systems.

■ Perform their duties with due diligence and professional care, in accordance with professional standards and best practices.

■ Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and character, and not engage in acts discreditable to the profession.

■ Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is required by legal authority. Such information shall not be used for personal benefit or released to inappropriate parties.

■ Maintain competency in their respective fields and agree to undertake only those activities, which they can reasonably expect to complete with professional competence.

■ Inform appropriate parties of the results of work performed; revealing all significant facts known to them.

■ Support the professional education of stakeholders in enhancing their understanding of information systems security and control.

RELATIONSHIP OF STANDARDS TO GUIDELINES AND PROCEDURES

IS Auditing Standards are mandatory requirements for certification holders’ reports on the audit and its findings. IS Auditing Guidelines and Procedures are detailed guidance on how to follow those standards. The IS Auditing Guidelines are guidance an IS Auditor will normally follow with the understanding that there may be situations where the auditor will not follow that guidance. In this case, it will be the IS Auditor’s responsibility to justify the way in which the work is done. The procedure examples show the steps performed by an IS Auditor and are more informative than IS Auditing Guidelines. The examples are constructed to follow the IS Auditing Standards and the IS Auditing Guidelines and provide information on following the IS Auditing Standards. To some extent, they also establish best practices for procedures to be followed.

AUDIT TABLES:

• Audit table for Application
• Audit table for Control Access
• Audit table for UNIX/LINUX Environments
• Audit table for Window XP/2000 Environments

ISACA Code of Ethics and All table could be found here

The audit program is designed to address the primary risks of virtually all computing systems. Therefore, the objective statement and steps in the program are general by design. Obviously, computing systems can have many different applications running on them, each with its own unique set of controls. However, the controls surrounding all computing systems are very similar. The IS controls in the audit program have been grouped into four general categories:

Objective:

1. To assess the adequacy of environmental, physical security, logical security, and operational controls designed to protect IS hardware, software, and data against unauthorized access and accidental or intentional destruction or alteration, and
2. to ensure that information systems are functioning in an efficient and effective manner to help the organization achieve its strategic objectives.

TESTS OF ENVIRONMENTAL CONTROLS

Step 1. Assess the adequacy and effectiveness of the organization’s IS security policy. In addition, assess whether the control requirements specified in the organization’s IS security standards adequately protect the information assets of the organization. At a minimum, the standards should specify the following controls and require them to
be applicable to all information systems:

a. The maiden password should be changed after the system is installed.

b. There is a minimum password length of eight or more characters.

c. Passwords require a combination of alpha and numeric characters.

d. The password is masked on the screen as it is entered.

e. The password file is encrypted so nobody can read it.

f. There is a password expiration period of 60 days or less.

g. Three or fewer unsuccessful sign-on attempts are allowed, then the user ID is suspended.

h. User sessions are terminated after a specified period of inactivity (e.g., five minutes or less).

i. Concurrent sign-on sessions are not allowed.

j. Procedures are in place to remove user IDs of terminated users in a timely manner.

k. Users are trained not to share or divulge their passwords with other users, post them in their workstations, store them in eletronic files, or perform any other act that could divulge theirpasswords.

l. Unsuccessful sign-on attempts and other logical security-related events (e.g., adding and deleting users, resetting passwords, restarting the system) are logged by the system, and the log is reviewed regularly by system security staff.

m. Fully developed and tested backup and recovery procedures exist to help ensure uninterrupted business resumption in the event of a full or partial disaster.

n. New information systems are required to be designed to enable the aforementioned controls to be implemented by system security administrators. New systems include those developed in house, those purchased from vendors, and third-party processor systems. In the case of software vendors and third-party processors,the above control requirements should be specified as requirements in the contract.

Step 2. For service organization applications, examine the most recent report in the policies and procedures placed in operation at the vendor’s data processing site as prepared by its external auditors. In the United States, the format and testing requirements are dictated by Statement on Auditing Standards 70 (SAS 70), issued by the American Institute of Certified Public Accountants.

Step 3. If the system was purchased from and supported by a vendor, assess the financial stability of the system vendor using the most recent audited financial statements prepared by the vendor’s external auditors.

Step 4. Examine the vendor software license agreement and any agreements for ongoing maintenance and support to ensure that they are current, address service needs, and do not contain or omit any wording that could be detrimental to your organization.

TESTS OF PHYSICAL SECURITY CONTROLS
Step 5. Assess the adequacy of physical security over the computer system hardware and storage media.

Step 6. Determine whether an adequately trained backup system security administrator has been designated.

Step 7. Assess the adequacy and effectiveness of the written business resumption plan, including the results of mock disaster tests that have been performed.

Step 8. Assess the adequacy of insurance coverage over the hardware, operating system, application software, and data.

TESTS OF LOGICAL SECURITY CONTROLS
Step 9. Determine whether the maiden password for the system has been changed and whether controls exist to change it on a periodic basis in conformity with the computing system security policy, standards, or guidelines identified in Step 1.

Step 10. Observe the system security administrator sign on and print a list of current system users and their access capabilities. Alternatively, if you can obtain appropriate system access, you can obtain the list of users independently.

Step 11. Document and assess the reasonableness of the default system security parameter settings. The settings should conform to the organization’s computing system security policy, standards, or guidelines tested in Step 1. (Be alert to the fact that in some systems, individual user parameter settings override the default system security
parameter settings.)

Step 12. Test the functionality of the logical security controls of the system (e.g., password masking, minimum password length, password expiration, user ID suspended after successive invalid sign-on attempts, log-on times allowed, and session time-outs).

Step 13. Determine whether the file containing user passwords is encrypted and cannot be viewed by anyone, including the system security administrator.

Step 14. Determine whether sensitive data, including passwords, are adequately
encrypted throughout their life cycles, including during storage, transmission through any internal or external network or telecommunications devices, and duplication on any backup media.

Step 15. Assess the adequacy of procedures to review the log of system security-related events (e.g., successive invalid sign-on attempts, system restarts, changes to user access capabilities and user parameter settings).

Step 16. Assess the adequacy of remote access controls (e.g., virtual private networks [VPNs], token devices [CRYPTOCard, SecurID, etc.], automatic dial-back, secure sockets layer [SSL]).

TESTS OF INFORMATION SYSTEMS OPERATING CONTROLS
Step 17. Determine whether duties are adequately segregated in the operating
areas supporting the information system (e.g., transactions should be authorized only by the originating department, programmers should not have the capability to execute production programs, procedures should be adequately documented, etc.).

Step 18. Determine whether there have been any significant software problems with the system. Assess the adequacy, timeliness, and documentation of resolution efforts.

Step 19. Assess the adequacy of controls that help ensure that IS operations are functioning in an efficient and effective manner to support the strategic objectives and business operations of the organization (e.g., system operators should be monitoring CPU processing and storage capacity utilization throughout each day to ensure that adequate reserve capacities exist at all times).

more details read here (pdf)

Panduan Terpadu dalam “Analysis dan Design Modeling” menggunakan UML pada studi kasus “On_line Shoping“

(Maciaszek, L.A. (2001): Requirements Analysis and System Design, Developing Information System with UML, Addison Wesley)

Dissection of an Oracle Attack in the Absence of Auditingby David Lichtfield

Why Oracle Forensics?

• Since the state of California passed the Database Security Breach Notification Act (SB 1386) in 2003 another 34 states have passed similar legislation with more set to follow.
• In January 2007 TJX announced they had suffered a database security breach with 45.6 million credits card details stolen – the largest known breach so far.
• In 2006 there were 335 publicized breaches in the U.S.; in 2005 there were 116 publicized breaches; between 1st January and March 31st of 2007, a 90 day period, there have been 85 breaches publicized.
• There are 0 (zero) database-specific forensic analysis and incident response tools on the market – free or commercial.

Where is the evidence?

Evidence of a compromise can be found in many places – for example

• TNS Log files
• Trace files
• Redo Logs
• Datafiles
  • Metadata and statistics
• Apache logs (Oracle Application Server)

This talk specifically covers the datafiles, redo logs In the essence of time we’ll be cutting out several parts of the forensic process which you wouldn’t do in a real scenario of course!

Search for evidence related to SELECTs

To start with we’ll look at an Oracle Data Block

More detailed see here

Test Results for Hardware Write Block Device: FastBloc FE (USB Interface)
June 2007
Posted June 29, 2007 This NIJ Special Report presents the results from testing the FastBloc FE (USB Interface) against Hardware Write Blocker (HWB) Assertions and Test Plan Version 1.0. It documents results against four top-level tool requirements identified by the specification and several test assertions related to those requirements, describes the testing environment, provides an interpretation of the test results, and includes test results summary log files for numerous test cases. The results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools’ capabilities. (NCJ 21837

Full Text pdf

Test Results for Hardware Write Block Device: FastBloc FE (FireWire Interface)
June 2007
Posted June 29, 2007

This NIJ Special Report presents the results from testing the FastBloc FE (FireWire Interface) against Hardware Write Blocker (HWB) Assertions and Test Plan Version 1.0. It documents results against four top-level tool requirements identified by the specification and several test assertions related to those requirements, describes the testing environment, provides an interpretation of the test results, and includes test results summary log files for numerous test cases. The results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools’ capabilities. (NCJ 218379)

Full Text pdf

Test Results for Hardware Write Block Device: Tableau T5 Forensic IDE Bridge (USB Interface)
June 2007
Posted June 29, 2007

This NIJ Special Report presents the results from testing the Tableau T5 Forensic IDE Bridge (USB Interface) against Hardware Write Blocker (HWB) Assertions and Test Plan Version 1.0. It documents results against four top-level tool requirements identified by the specification and several test assertions related to those requirements, describes the testing environment, provides an interpretation of the test results, and includes test results summary log files for numerous test cases. The results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools’ capabilities. (NCJ 218380)

Full Text pdf

Test Results for Hardware Write Block Device: Tableau T5 Forensic IDE Bridge (FireWire Interface)
June 2007
Posted June 29, 2007 This NIJ Special Report presents the results from testing the Tableau T5 Forensic IDE Bridge (FireWire Interface) against Hardware Write Blocker (HWB) Assertions and Test Plan Version 1.0. It documents results against four top-level tool requirements identified by the specification and several test assertions related to those requirements, describes the testing environment, provides an interpretation of the test results, and includes test results summary log files for numerous test cases. The results provide the information necessary for developers to improve tools, users to make informed choices, and the legal community and others to understand the tools’ capabilities. (NCJ 218381)

Full Text pdf

‘Standard Bullet’ Identifies Suspected Firearms
Posted June 19, 2007

Researchers at the National Institute of Standards and Technology (NIST) have developed a copper bullet that can help end crime sprees—without being fired once.

Crime laboratories can use NIST’s “Standard Bullet” to optimize the settings on the computerized optical imaging instruments they use to match markings on fired bullets from a suspected weapon.

The Standard Bullet helps crime labs verify that:

• Bullet signature acquisitions and correlations are under control and traceable to the National Laboratory Center of the Bureau of Alcohol, Tobacco, Firearms and Explosives.
• Profile measurements of bullets are traceable to the NIST virtual standard for bullet profile signatures.

Learn more in the article “NIST ‘Standard Bullet’ Fights Gang Violence“
Exit Notice from ScienceDaily (January 22, 2007).

Purchase the Standard Bullet (SRM 2460) online or contact:

NIST, Measurement Services Division
Telephone (301) 975–2200
Fax (301) 948–3730
e-mail: srminfo@nist.gov

This project was funded through an interagency agreements 2003–IJ–R–029 with the Office of Justice Programs’ National Institute of Justice.

NIJ Journal Issue No. 257
June 2007
Posted June 18, 2007

Why did participants in an intensive prisoner reentry program recidivate at a higher rate than inmates who received no programming at all? In the latest issue of the NIJ Journal, Dr. James Wilson explores possible explanations for the rather surprising results of an NIJ-funded evaluation of Project Greenlight. The Journal also looks at the national debate on hate crime laws and, in another article, investigates the role of law enforcement in preventing and responding to an act of “agroterrorism.”

Also in the Journal:

• LAPD Chief Bratton offers a practitioner’s perspective on criminal justice research.
• Does “real work” prison employment work?
• The 40th anniversary of the Nation’s first “crime report.”
• Profile of criminal justice guru Al Blumstein.
• Unique issues faced by deaf victims of sexual assault.
• Programs that help inmates get medical benefits.

Full Text

• HTML | PDF

This guide is intended for use by law enforcement officers and other members of the law
enforcement community who are responsible for the examination of digital evidence.
This guide is not all-inclusive. Rather, it deals with common situations encountered during
the examination of digital evidence. It is not a mandate for the law enforcement
community; it is a guide agencies can use to help them develop their own policies and
procedures.
Technology is advancing at such a rapid rate that the suggestions in this guide are best
examined in the context of current technology and practices. Each case is unique and the
judgment of the examiner should be given deference in the implementation of the procedures suggested in this guide. Circumstances of individual cases and Federal, State,
and local laws/rules may also require actions other than those described in this guide.
When dealing with digital evidence, the following general forensic and procedural principles
should be applied:

• Actions taken to secure and collect digital evidence should not affect the integrity of hat evidence.
• Persons conducting an examination of digital evidence should be trained for that purpose.
• Activity relating to the seizure, examination, storage, or transfer of digital evidence should be documented, preserved, and available for review.

Through all of this, the examiner should be cognizant of the need to conduct an accurate
and impartial examination of the digital evidence.

How is digital evidence processed?

1. Assessment. Computer forensic examiners should assess digital evidence thoroughly with respect to the scope of the case to determine the course of action to take.
2. Acquisition. Digital evidence, by its very nature, is fragile and can be altered, damaged, 0r destroyed by improper handling or examination. Examination is best conducted on a copy of the original evidence. The original evidence should be acquired in a manner that protects and preserves the integrity of the evidence.
3. Examination. The purpose of the examination process is to extract and analyze digital evidence. Extraction refers to the recovery of data from its media. Analysis refers to the interpretation of the recovered data and putting it in a logical and useful format.
4. Documenting and reporting. Actions and observations should be documented throughout the forensic processing of evidence. This will conclude with the preparation of a written report of the findings.

Here is the document (pdf)

Once again, the bad guys are lining their arsenals with new tools to use against you. Computer forensics is an emerging field of study and anti-forensics is certainly developing right alongside.Some say anti-forensics is developing faster. Why? Because what was once only possible for the elite has now washed downstream in the form of automated tools. More or less, anyone can throw trashcans in the path of forensic investigators now that the tools are there to make it all possible.

One of the most well known exploit toolkits on the net is the Metasploit project. Some of the MetaSploit tools you’ll find in use by the cybercriminal are Slacker, Transmogrify and Timestomp.

Slacker is named after the slack space at the end of files. This tool takes data and breaks it up into thousands of pieces and spreads it across file slack space. To the unassuming forensic investigator, this will appear as nothing more than white noise rather than a database containing millions of credit card numbers.

Transmogrify is most notorious for being the first tool to ever to defeat the file signature capabilities of Encase. The tool allows you to mask and unmask files as any type.

Timestomp simply changes attributes relating to file date stamps, which can disrupt the forensic timeline the investigator is attempting to establish.

more detail article here

Information Retrieval (IR) merupakan disiplin terkait dengan perolehan kembali (retrieval) data ‘tidak-tersturktur’, khususnya dokumen-dokuemn tekstual, sebagai tanggapan atas sebuah statement ‘query’ atau topik, yang bisa jadi tidak terstruktur juga, misal, sebuah kalimat atau bahkan dokument lain, atau bisa jadi terstruktur, misal, ekspresi boolean. Kebutuhan akan “metode efektif IR terotomatisasi” telah menjadi keharusan karena sudah sedemikian besar (the tremendous explosion in the amount) jumlah data tidak-terstruktur, baik koleksi data ‘corporate’ internal maupun dokumen yang diperoleh dari internet.

Report ini merupakan sebuah tutorial dan survey mengenai ‘state of the art’ , baik riset maupun komersial pada bidang yang dinamis ini.

Topik-topik yang dibahas antara lain:

1. Formulasi statement query dan topik tidak-terstruktur dan terstruktur,
2. Peng-indeks-an koleksi-koleksi dokumen,
3. Metode komputasu similaritas query dan dokumen
4. Klasifikasi dan routing dokumen ke pemakai berdasarkan statement topik atau kebutuhan.
5. Clustering koleksi dokumen berdasarkan bahasa atau topik
6. Metode statistik, probabilitas, dan semantik untuk menganalisis dan me-retrieve dokumen-dokumen.

Hasil survey bisa di DL di sini

opentaps is a complete open source solution for your enterprise. Its sophisticated features and modern architecture will help bring together your entire organization, automate business processes, and improve efficiency. Download opentaps today and see what it can do for you.opentaps Open Source ERP + CRM brings you the advanced features and power of Tier 1 ERP and CRM software with the flexibility and low cost of ownership that only open source can deliver. You can use opentaps as an alternative to expensive and inflexible commercial ERP solutions, as a replacement for in-house solutions that are difficult to maintain or extend, or as a starting point to build your unique business model and processes.

opentaps is also ideal for hosted on-demand ERP and CRM offerings. It is easy to customize, can be delivered over the web, and it can be deployed on a low-cost open source stack, using MySQL, PostgreSQL, Linux, or FreeBSD, or commercial databases and operating systems such as Windows, Oracle, or SQL Server. As your business grows, it can be scaled without limits through clustering.

Key features of opentaps Open Source ERP + CRM include:

• A complete suite that deliver a 360-degree view of your business, from customers to orders to inventory to accounting. opentaps is one application running on one unified data model with over 700 tables, so you’ll never have to do messy integration again.
• Compatible all major open source and commercial relational databases, including MySQL, PostgreSQL, Oracle, Sybase, and Microsoft SQL Server.
• Runs on Linux, Unix, and Windows operating platforms.
• Service-Oriented Architecture for easy interoperability with external or legacy applications.
• Modular and tiered architecture allows for easy modifications or additions. An add-on application could be unzipped into a directory and start running.
• Remote and local synchronization for scalability and high availability.
• Workflow for adapting to unique business processes.

BMC bioinformatics telah menerbitkan sebuah supplement dengan issue khusus terkait dengan Semantic e-science for biomedicine. Supplement memuat enam papers yang up-to- date terkait penggunaan “semantic web technologies” pada life-sciences atau biomedicine. Topik-topik meliputi mulai modelling networks sampai ke “traditional Chinese Medicine”.

Salah satu paper yaitu Advancing translational medicine research with the semantic web menyajikan sebuah overview dari “W3C Semantic Web Health Care and Life Sciences Interest Group (HCLSIG)”. Paper ini mendeskripsikan tujuan dari HCLSIG dan sebuah contoh use-case yang mengcover pencapaian dan arah kedepan dari grup. Tidak seperti kebanyakan paper-paper “Semantic Web”, paper-paper menyajikan suatu gambaran dasar yang baik mengenai teknologi dan tantangan semantic web pada biomedicine, dan tidak memproklamirkan untuk menyelesaikan masalah ‘bio-data’ melalui penerapan sebuah set teknologi baru.