Case study on web ICT security incidents in government sector: guideline of log file analysis / Mohd Azrai Manap

Website and online application is one of the most important elements in our life. The development of these elements change the way we live our life to make so much things easier such as every manual procedure that we have turned into computerized environment and the delivering of services to target group no matter where and when. There are so many benefits that we can gain from the developer perspective and the target group which is the end user. From a user perspective, it provides a means of acquiring computer services with simpler way than before. From an organizational perspective, it delivers services for consumer and business needs in simplified way, providing scalability and availability for providing their services. The Malaysian Government also aggressively promotes the use of website to offer their services to public. In recent years they are a lot of online services created such as My E-Government, My ID and many more. One of the important aspects of developing the website is security. However, most of the security aspect in developing website that offers such an online application is always been ignored. Some of government agencies thought that the security is not important because of lack of financial resource and knowledge also security it’s not the main aspect in the development process. As evidence, there was an increase in number the number of web defacement incidents recorded each year. One of the factors to contribute in this increasing number of incident is there no proper action taken after security incident happen. Usually they just restore the latest backup available rather than to investigate the root cause of the incident. In this research, we will focus on two mechanisms that can be use for analyze the intruders activities and the vulnerability that lead to web defacement which are Intrusion Detection System and Log File Analysis. For ID technology, it has been used in government of Malaysia since 2004 but only covers 177 agencies out of 724 agencies today. Nowadays in the critical security environment, the use of this technology must be use widely to covers all the agencies. For the log file analysis, this is an alternatives to analyze the intruder’s activities without investing any money on it. Later on, we will compare the outcome result of these two mechanisms to determine the effectiveness to identify the intruder’s activity and type of attacks so the agencies will take necessary action based on the finding to secure from future attacks.