THE DESIGN OF SECURITY OPERATION CENTER (SOC) ON APPLICATION PROGRAMMING INTERFACE (API)
The development of information technology is increasingly rapid, the need for companies and organizations to use information technology is a necessity to facilitate routine work activities. This makes more and more applications that are connected. Information security is a crucial issue in the ma...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/54509 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | The development of information technology is increasingly rapid, the need for companies and
organizations to use information technology is a necessity to facilitate routine work activities. This
makes more and more applications that are connected. Information security is a crucial issue in the
management of data centers owned by state administering agencies. The existence of strategic
electronic systems demands serious security. One of the efforts made in maintaining information
security is using an Application Program Interface (API), an API is a program or system that can
be accessed by other programs. API has brought about revolutionary changes in current
applications. However, API has several vulnerabilities that pose a threat. for data confidentiality,
one of which is the abuse of access rights. This can be minimized by monitoring and detection of
the API. This monitoring is related to information security with an emphasis on confidentiality,
integrity and availability of information. This activity can be applied to a special work function
responsible for information security, namely the Security Operation Center (SOC). SOC is a work
unit with competence in information security, both in terms of the process and the technology used,
so it is hoped that SOC can secure the API during the interaction process. The design begins with
an analysis of the existing risks in the API and calculating information security index (KAMI),
followed by designing an organizational structure using an analysis of the ideal situation. The
business process is carried out using ISO 27001: 2013 and OWASP API Security TOP 10 and
followed by designing technology using GAP analysis. The research methodology used is a case
study with the Design Research Methodology (DRM) approach. Data collection in the form of
interviews, document studies, and observations. This study's results are the design of the SOC and
the roadmap for implementing the SOC to fulfil the objectives of ensuring information security on
the API. |
|---|