TITLE:
Knowledge Management Strategy for Handling Cyber Attacks in E-Commerce with Computer Security Incident Response Team (CSIRT)
AUTHORS:
Fauziyah Fauziyah, Zhaosun Wang, Gabriel Joy
KEYWORDS:
Knowledge Management, Cyber Security, Computer Security Incident Response Team (CSIRT)
JOURNAL NAME:
Journal of Information Security,
Vol.13 No.4,
September
23,
2022
ABSTRACT: Electronic Commerce (E-Commerce) was created to help expand the market
share network through the internet without the boundaries of space and time.
However, behind all the benefits obtained, E-Commerce also raises the issue of
consumer concerns about the responsibility for personal data that has been
recorded and collected by E-Commerce companies. The personal data is in the form of consumer
identity names, passwords, debit and credit card numbers, conversations in
email, as well as information related to consumer requests. In Indonesia, cyber
attacks have occurred several times against 3 major E-Commerce companies in
Indonesia. In 2019, users’ personal data in the form of email addresses, telephone numbers, and residential addresses
were sold on the deep web at Bukalapak and Tokopedia. Even though E-Commerce affected
by the cyber attack already has a Computer Security Incident Response Team (CSIRT)
by recruiting various security engineers, both defense and attack, this system
still has a weakness, namely that the CSIRT operates in the aspect of handling
and experimenting with defense, not yet on how to store data and prepare for
forensics. CSIRT will do the same thing again, and so on. This is called an
iterative procedure, one day the attack will come back and only be done with
technical handling. Previous research has succeeded in revealing that
organizations that have Knowledge Management (KM), the organization has
succeeded in reducing costs up to four times from the original without using KM
in the cyber security operations. The author provides a solution to create a
knowledge management strategy for handling cyber incidents in CSIRT E-Commerce
in Indonesia. This research resulted in 4 KM Processes
and 2 KM Enablers which were then translated into concrete actions. The KM
Processes are Knowledge Creation, Knowledge Storing, Knowledge Sharing,
and Knowledge Utilizing. While the KM Enabler is Technology Infrastructure and
People Competency.