Budimansyah, Andi and Soetomo, Moh. A. Amin and Lim, Charles (2021) Cybersecurity Risk and Privacy Risk Identification on RDAP Risk Assessment: Case study PANDI.ID. Masters thesis, Swiss German University.
|
Text
Andi Budimansyah 21951025 TOC.pdf Download (1MB) | Preview |
|
|
Text
Andi Budimansyah 21951025 1.pdf Download (1MB) | Preview |
|
|
Text
Andi Budimansyah 21951025 2.pdf Download (6MB) | Preview |
|
|
Text
Andi Budimansyah 21951025 3.pdf Download (920kB) | Preview |
|
|
Text
Andi Budimansyah 21951025 4.pdf Download (4MB) | Preview |
|
|
Text
Andi Budimansyah 21951025 5.pdf Download (405kB) | Preview |
|
|
Text
Andi Budimansyah 21951025 Ref.pdf Download (824kB) | Preview |
Abstract
The Registration Data Access Protocol (RDAP) is a WHOIS replacement protocol to find-out Domain Name registration information with one of its features, "user differentiated access," with limited Registrant data for anonymous and complete for authenticated users. It requires the placement of a complete Registrant Data in the Data Store, containing personal data protected by law. Previous papers guide Digital Forensic Investigators to collect digital evidence related to the domain and IP registrations and recommend getting complete Registration data. Another paper provides RDAP with the system, device, and method to improve mitigation from abnormal request analysis patterns. This research Explains RDAP system design and conducts a Risk Assessment using ISO / IEC 27 005 as a general guide and at the stage of risk identification, using LINDDUN for Privacy risk and STRIDE for cybersecurity risk. Furthermore, the mitigation suggestions at the Strategic, Tactical, and Operational level in the People, Process, and Technology. Finally, some institutions recommended having the complete Registrant data directly through Access Rights or indirectly through Request Rights.
Item Type: | Thesis (Masters) |
---|---|
Uncontrolled Keywords: | Registration Data Access Protocol, RDAP, Risk Assessment, ISO 27005, STRIDE, LINDDUN, Cybersecurity Risk, Privacy Risk, PANDI.ID, Registry |
Subjects: | Q Science > QA Mathematics > QA76 Computer software > > QA76.93 Computer networks--Security measures T Technology > T Technology (General) > T174.5 Technology--Risk assessment T Technology > T Technology (General) > T58.5 Information technology |
Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
Depositing User: | Faisal Ifzaldi |
Date Deposited: | 06 Jan 2022 14:46 |
Last Modified: | 06 Dec 2024 09:19 |
URI: | http://repository.sgu.ac.id/id/eprint/2287 |
Actions (login required)
View Item |