SCENE-CSIRT (Evaluasi Kompetensi Berbasis Skenario Untuk TTIS)

Faizal Wahyu Romadhon; Muhammad  Salman

doi:10.25126/jtiik.2025125

Penulis

Faizal Wahyu Romadhon Universitas Indonesia, Depok
Muhammad Salman Universitas Indonesia, Depok

DOI:

https://doi.org/10.25126/jtiik.2025125

Kata Kunci:

Tim Tanggap Insiden Siber (TTIS), Model Evaluasi Kompetensi, Pemerintah Daerah, Keterampilan Teknis dan Non-teknis, Pemetaan Kompetensi, Pendekatan Berbasis Skenario

Abstrak

Tim Tanggap Insiden Siber (TTIS) merupakan tim yang bertanggung jawab untuk melaksanakan berbagai fungsi manajemen insiden, seperti deteksi, triase, analisis, dan respons insiden. Namun, dengan meningkatnya kompleksitas ancaman siber serta adanya kesenjangan kompetensi pada TTIS terutama di tingkat pemerintah daerah, diperlukan model evaluasi yang dapat menilai kesiapan personel secara komprehensif. Model SCENE-CSIRT (Evaluasi Kompetensi Berbasis Skenario untuk TTIS) merupakan model yang dikembangkan dengan mengintegrasikan kerangka regulasi nasional (Peraturan yang ada di Indonesia, Peta Okupasi BSSN) dengan standar internasional (NIST, FIRST, NICE Framework), sehingga relevan untuk konteks lokal maupun global. Pendekatan ini belum pernah dilakukan sebelumnya dalam konteks evaluasi TTIS di Indonesia. Selain itu, pendekatan berbasis skenario digunakan untuk mengevaluasi keterampilan teknis, seperti analisis insiden dan mitigasi, serta keterampilan non-teknis, seperti komunikasi dan koordinasi. Dengan model evaluasi yang telah disusun diharapkan dapat mengidentifikasi kesenjangan kompetensi serta memberikan rekomendasi pengembangan yang terarah guna meningkatkan efektivitas TTIS. Hasil validasi menunjukkan 97.7% ahli menyetujui model ini dengan mencakup aspek-aspek yang dibutuhkan oleh personel TTIS dalam menangani insiden siber. Penelitian ini diharapkan dapat menjadi acuan dalam pengembangan kebijakan dan penguatan kapasitas TTIS di pemerintah daerah, sehingga meningkatkan kesiapan dan ketangguhan dalam mengelola insiden siber secara efektif.

Abstract

Computer Incident Response Team (CSIRT) is responsible for carrying out various incident management functions, such as detection, triage, analysis, and response. However, with the increasing complexity of cyber threats and existing competency gaps within CSIRTs—particularly at the local government level—there is a need for an evaluation model that can comprehensively assess personnel readiness. The SCENE-CSIRT model (Scenario-Based Competency Evaluation for CSIRT) was developed by integrating national regulatory frameworks (including existing Indonesian regulations and the BSSN Occupational Map) with international standards (such as NIST, FIRST, and the NICE Framework), making it relevant to both local and global contexts. This integrated approach has not been previously applied in the context of CSIRT evaluation in Indonesia. Furthermore, the scenario-based approach is used to evaluate both technical skills (such as incident analysis and mitigation) and non-technical skills (such as communication and coordination). The model is designed to identify competency gaps and provide targeted development recommendations to improve the effectiveness of CSIRTs. Validation results indicate that 97.7% of experts agree that the model encompasses the necessary aspects required by CSIRT personnel in managing cyber incidents. This study is expected to serve as a reference for policy development and capacity building for CSIRTs at the local government level, thereby enhancing preparedness and resilience in managing cyber incidents effectively.

Downloads

Download data is not yet available.

Referensi

ALBERTS, C., DOROFEE, A., KILLCRECE, G., RUEFLE, R. and ZAJICEK, M., 2004a. Defining Incident Management Processes for CSIRTs: A Work in Progress.

ALBERTS, C., DOROFEE, A., KILLCRECE, G., RUEFLE, R. and ZAJICEK, M., 2004b. Defining Incident Management Processes for CSIRTs: A Work in Progress.

ALOTHMAN, B., ALHAJRAF, A., ALAJMI, R., AL FARRAJ, R., ALSHAREEF, N. and KHAN, M., 2022. Developing a Cyber Incident Exercises Model to Educate Security Teams. Electronics 2022, Vol. 11, Page 1575, [online] 11(10), p.1575. https://doi.org/10.3390/ELECTRONICS11101575.

ANGAFOR, G.N., YEVSEYEVA, I. and MAGLARAS, L., 2023. Scenario-based incident response training: lessons learnt from conducting an experiential learning virtual incident response tabletop exercise. Information and Computer Security, 31(4), pp.404–426. https://doi.org/10.1108/ICS-05-2022-0085/FULL/PDF.

BSSN, 2019. Peta Okupasi Nasional dalam Kerangka Kualifikasi Nasional Indonesia pada Area Fungsi Keamanan Siber.

BSSN, 2023. Indeks KAMI Versi 5.0. [online] Available at: <https://www.bssn.go.id/indeks-kami/> [Accessed 27 April 2025].

BSSN, 2024. Peraturan BSSN No. 1 Tahun 2024.

BSSN, 2025. Lanskap Keamanan Siber Indonesia 2024. pp.1–107.

Carnegie Mellon University, 2014. Computer Security Incident Response Plan.

CREST, 2014. Introduction Cyber Security Incident response process.

Federal Trade Commission, 2021. Data Breach Response: A Guide for Business | Federal Trade Commission. [online] Available at: <https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business> [Accessed 4 November 2024].

FIRST, 2019a. CSIRT Roles and Competences (Addendum).

FIRST, 2019b. CSIRT Services Framework Version 2.1. [online] Available at: <https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2.1> [Accessed 8 October 2024].

FORTINET, 2024. 2024 Cybersecurity Skills Gap Global Research Report.

FURNELL, S., 2021. The cybersecurity workforce and skills. Computers & Security, 100, p.102080.

https://doi.org/10.1016/J.COSE.2020.102080.

GEBREMESKEL, B.K., JONATHAN, G.M. and YALEW, S.D., 2023. Information Security Challenges During Digital Transformation. Procedia Computer Science, 219, pp.44–51. https://doi.org/10.1016/J.PROCS.2023.01.262.

GFCE, 2019. Global CSIRT Maturity Framework Stimulating the development and maturity enhancement of national CSIRTs.

GHOSH, T. and FRANCIA, G., 2021. Assessing Competencies Using Scenario-Based Learning in Cybersecurity. Journal of Cybersecurity and Privacy 2021, Vol. 1, Pages 539-552, [online] 1(4), pp.539–552.

https://doi.org/10.3390/JCP1040027.

HRANICKÝ, R., BREITINGER, F., RYŠAVÝ, O., SHEPPARD, J., SCHAEDLER, F., MORGENSTERN, H. and MALIK, S., 2021.

What do incident response practitioners need to know? A skillmap for the years ahead. Forensic Science International: Digital Investigation, 37, p.301184.

https://doi.org/10.1016/J.FSIDI.2021.301184.

JASON KICK, 2014. Cyber Exercise Playbook.

KENT, K., CHEVALIER, S., GRANCE, T. and DANG, H., 2006. Guide to Integrating Forensic Techniques into Incident Response. [online] https://doi.org/10.6028/NIST.SP.800-86.

KOUTSOURIS, N., VASSILAKIS, C. and KOLOKOTRONIS, N., 2021. Cyber-security training evaluation metrics. Proceedings of the 2021 IEEE International Conference on Cyber Security and Resilience, CSR 2021, pp.192–197. https://doi.org/10.1109/CSR51186.2021.9527946.

MARTIN, A., SCHNEIDER, S., RIGBY, Y. and HALLETT, J., 2021. The Cyber Security Body of Knowledge. The National Cyber Security Centre 2021.

NELSON, A., REKHI, S., SOUPPAYA, M. and SCARFONE, K., 2025. Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. https://doi.org/10.6028/NIST.SP.800-61R3.

NIST, 2024. The NIST Cybersecurity Framework (CSF) 2.0. [online] https://doi.org/10.6028/NIST.CSWP.29.

NORRIS, D., JOSHI, A. and FININ, T., 2015. Cybersecurity Challenges to American State and Local Governments. 15th European Conference on eGovernment, pp.196–202.

Northern Illinois University Center for Innovative Teaching and Learning, 2012. Rubrics for assessment. [online] Available at: <https://www.niu.edu/citl/resources/guides/instructional-guide>.

PATRICK KRAL, 2012. Incident Handler’s Handbook.

PETERSEN, R., SANTOS, D., SMITH, M.C., WETZEL, K.A. and WITTE, G., 2020a. Workforce Framework for Cybersecurity (NICE Framework). [online] https://doi.org/10.6028/NIST.SP.800-181R1.

PETERSEN, R., SANTOS, D., SMITH, M.C., WETZEL, K.A. and WITTE, G., 2020b. Workforce Framework for Cybersecurity (NICE Framework). [online]

https://doi.org/10.6028/NIST.SP.800-181R1.

PRABASWARI, P., ALFIKRI, M. and AHMAD, I., 2022. Evaluasi Implementasi Kebijakan Pembentukan Tim Tanggap Insiden Siber pada Sektor Pemerintah. Matra Pembaruan, 6(1), pp.1–14. https://doi.org/10.21787/mp.6.1.2022.1-14.

Presiden Republik Indonesia, 2019. Peraturan Presiden Republik Indonesia Nomor 18 Tahun 2020 tentang Rencana Pembangunan Jangka Menengah Nasional Tahun 2020-2024.

SALWA, N.D.K., 2024. Tantangan & Hambatan Besar yang Dihadapi CSIRT-BSSN Indonesia. [online] Available at: <https://csirt.or.id/pengetahuan-dasar/tantangan-csirt-bssn> [Accessed 26 January 2025].

Software Engineering Institute, 2017. What Skills are Needed when Staffing your CSIRT?

STIKVOORT, D., KOSSAKOWSKI, K.-P. and MAJ, M., 2023. SIM3 v2 interim-Security Incident Management Maturity Model Acknowledgement and Justification.

U.S Department of Energy, 2022.

Cybersecurity Capability Maturity Model (C2M2).

VILLEGAS-CH, W., ORTIZ-GARCES, I. and SÁNCHEZ-VITERI, S., 2021. Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus. Computers 2021, Vol. 10, Page 102, [online] 10(8), p.102. https://doi.org/10.3390/COMPUTERS10080102.

SCENE-CSIRT (Evaluasi Kompetensi Berbasis Skenario Untuk TTIS)

Penulis

DOI:

Kata Kunci:

Abstrak

Downloads

Referensi

Unduhan

Diterbitkan

Terbitan

Bagian

Lisensi

Cara Mengutip

Kirim Naskah

side menu

sertifikat akreditasi

pengindeks

Mendeley

Citations & Reference Manager

pengunjung

Keywords

Information

Supported by

Technical Support

Laboratorium

Direktori UB