Cybersecurity Risk and Privacy Risk Identification on RDAP Risk Assessment: Case study PANDI.ID

Budimansyah, Andi and Soetomo, Moh. A. Amin and Lim, Charles (2021) Cybersecurity Risk and Privacy Risk Identification on RDAP Risk Assessment: Case study PANDI.ID. Masters thesis, Swiss German University.

[img]
Preview
Text
Andi Budimansyah 21951025 TOC.pdf

Download (1MB) | Preview
[img] Text
Andi Budimansyah 21951025 1.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
Andi Budimansyah 21951025 2.pdf
Restricted to Registered users only

Download (6MB)
[img] Text
Andi Budimansyah 21951025 3.pdf
Restricted to Registered users only

Download (920kB)
[img] Text
Andi Budimansyah 21951025 4.pdf
Restricted to Registered users only

Download (4MB)
[img] Text
Andi Budimansyah 21951025 5.pdf
Restricted to Registered users only

Download (405kB)
[img]
Preview
Text
Andi Budimansyah 21951025 Ref.pdf

Download (824kB) | Preview

Abstract

The Registration Data Access Protocol (RDAP) is a WHOIS replacement protocol to find-out Domain Name registration information with one of its features, "user differentiated access," with limited Registrant data for anonymous and complete for authenticated users. It requires the placement of a complete Registrant Data in the Data Store, containing personal data protected by law. Previous papers guide Digital Forensic Investigators to collect digital evidence related to the domain and IP registrations and recommend getting complete Registration data. Another paper provides RDAP with the system, device, and method to improve mitigation from abnormal request analysis patterns. This research Explains RDAP system design and conducts a Risk Assessment using ISO / IEC 27 005 as a general guide and at the stage of risk identification, using LINDDUN for Privacy risk and STRIDE for cybersecurity risk. Furthermore, the mitigation suggestions at the Strategic, Tactical, and Operational level in the People, Process, and Technology. Finally, some institutions recommended having the complete Registrant data directly through Access Rights or indirectly through Request Rights.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Registration Data Access Protocol, RDAP, Risk Assessment, ISO 27005, STRIDE, LINDDUN, Cybersecurity Risk, Privacy Risk, PANDI.ID, Registry
Subjects: Q Science > QA Mathematics > QA76 Computer software > > QA76.93 Computer networks--Security measures
T Technology > T Technology (General) > T174.5 Technology--Risk assessment
T Technology > T Technology (General) > T58.5 Information technology
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Faisal Ifzaldi
Date Deposited: 06 Jan 2022 14:46
Last Modified: 06 Jan 2022 14:46
URI: http://repository.sgu.ac.id/id/eprint/2287

Actions (login required)

View Item View Item