Andi Budimansyah REFERENCES

(Viagenie), M. B. (2015). RFC 7484 Finding the Authoritative Registration Data (RDAP) Service. RFC, 13(3), 1576–1580.

A. Newton (ARIN), & S. Hollenbeck (Verisign Lbas). (2015). RFC 7483 JSON Responses for the Registration Data Access Protocol (RDAP). RFC, 53(9), 1689–

1699.

A Newton, A., B. Ellacott (APNIC), & N. KONG (CNNIC). (2015). RFC 7480 HTTP Usage in the Registration Data Access Protocol (RDAP). IETF FRC 7480, 53(9), 1689–1699.

Abi Tyas Tunggal - upguard.com. (2020). What Is Cybersecurity Risk? A Thorough

Definition | UpGuard. Upguard.Com.

https://www.upguard.com/blog/cybersecurity-risk

Adam Shostack. (2014). 【AdamShostack】Threat Modeling： Designing for Security.

Ahmadian, A. S., Strüber, D., Riediger, V., & Jürjens, J. (2018). Supporting privacy impact assessment by model-based privacy analysis. Proceedings of the ACM

Symposium on Applied Computing, 1467–1474.

https://doi.org/10.1145/3167132.3167288

Arians, I. L., & Us, V. A. (2017). Searchable web whois - United States Patent 9613146B2 (Patent No. 9613146B2).

Barron, T., Miramirkhani, N., & Nikiforakis, N. (2019). Now You See It, Now You Don’t: A Large-scale Analysis of Early Domain Deletions. Raid 2019, 383–397.

https://www.usenix.org/system/files/raid2019-barron.pdf

Clark, T. C., & Westin, A. F. (1968). Privacy and Freedom. California Law Review,

Andi Budimansyah 56(3), 911. https://doi.org/10.2307/3479272

Committee, S. A. (2007). SAC 023 : Is the WHOIS Service a Source for email Addresses for Spammers ? October.

Default Password - an overview | ScienceDirect Topics. (n.d.). Retrieved December 10, 2020, from https://www.sciencedirect.com/topics/computer-science/default- password

Deng, M., Wuyts, K., Scandariato, R., Preneel, B., & Joosen, W. (2011). A privacy threat analysis framework: Supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering, 16(1), 3–32.

https://doi.org/10.1007/s00766-010-0115-7

Evolution of WHOIS Protocol to RDAP - What You Need to Know - ICANN. (n.d.).

ICANN Blog. Retrieved August 18, 2020, from

https://www.icann.org/news/blog/evolution-of-whois-protocol-to-rdap-what-you- need-to-know

HOME | LINDDUN. (n.d.). Retrieved February 4, 2021, from https://www.linddun.org/

House of Representatives and Government of the Republic of Indonesia. (2008). Law of the Republic of Indonesia Number 11 of 2008 concerning Electronic Information and Transactions. In setneg (Issue SETNEG).

IANA. (2020). Bootstrap Service Registry for Domain Name Spacewww.iana.org › rdap-dns. IANA. https://data.iana.org/rdap/dns.json

IANA — Root Zone Database. (n.d.). Retrieved February 15, 2020, from https://www.iana.org/domains/root/db

ICANN. (n.d.). Registration Data Access Protocol Timeline - ICANN. ICANN.

Retrieved December 7, 2020, from https://www.icann.org/resources/pages/rdap- background-2018-08-31-en

Andi Budimansyah ICANN Security and Stability Advisory Committee (SSAC). (2018). SSAC Advisory

Regarding Access to Domain Name Registration Data (Issue June).

IETF, A. N. A., & S. Hollenbeck, V. L. (2015, March). RFC 7482 - Registration Data Access Protocol (RDAP) Query Format. IETF Prosose Standard.

https://tools.ietf.org/html/rfc7482

IETF RFC 3912 - L. Daigle. (2004, August). WHOIS Protocol Specification.

IETF.ORG. https://www.ietf.org/rfc/rfc3912.txt

Igi-global.com. (2021). What is Privacy risk | IGI Global. Igi-Global.Com.

https://www.igi-global.com/dictionary/effect-perceived-risk-commerce- acceptance/23425

Indonesia, R. (2016). Law of The Republic of Indonesia number 19 of 2016 Concerning Amendment to Law number 11 of 2008 about Electronic Information and Transaction. UU No. 19 Tahun 2016, 1, 1–31.

ISO / IEC 27005 Information security risk management, Third Edit (2018).

ISO 31000 - Risk Management Guidelines. (2018). BS ISO 31000 : 2018 BSI Standards Publication Risk management — Guidelines. BSI Standards Publication, ISO31000, 26. https://www.ashnasecure.com/uploads/standards/BS ISO 31000- 2018.pdf

Labs, S. H. V., & N Kong, C. (2015). RFC 7481 Security Services for the Registration Data Access Protocol (RDAP). X(3), 373–379.

LINDDUN | LINDDUN. (n.d.). Retrieved October 27, 2020, from https://www.linddun.org/linddun

Liu, S., Foster, I., Savage, S., Voelker, G. M., & Saul, L. K. (2015). Who is .com?

Learning to parse WHOIS records. Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, 2015-Octob, 369–380.

Andi Budimansyah https://doi.org/10.1145/2815675.2815693

Matthew Ward, Adrew Fregly, S. S. (2020). System, Device and Method for Improved RDAP Traffic Analysis and Mitigation - US010599725B2 (Patent No. 10599725).

US.

National Institute of Standards and Technolgy. (2020). NIST Privacy Framework. In

January 16, 2020.

https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.01162020.pdf%0Ahttps://

www.nist.gov/privacy- framework

Nikkel, B. (2017). Registration Data Access Protocol (RDAP) for digital forensic investigators. Digital Investigation, 22, 133–141.

https://doi.org/10.1016/j.diin.2017.07.002

NIST 800-30 Rev 1. (2012). NIST Special Publication 800-30 Revision 1 - Guide for Conducting Risk Assessments. NIST Special Publication, September, 95.

https://doi.org/10.6028/NIST.SP.800-30r1

PANDI.ID. (2021). Tentang PANDI. PANDI.ID. https://pandi.id/tentang-pandi/

PANDI. (2020). Policies and Procedures for Risk Management of Indonesian Internet Domain Name Registry. September 2020.

Registration Data Access Protocol (RDAP) - ICANN. (n.d.). ICANN. Retrieved August 13, 2020, from https://www.icann.org/rdap

Reuben, J., Martucci, L. A., Fischer-Hübner, S., Packer, H. S., Hedbom, H., & Moreau, L. (2016). Privacy impact assessment template for provenance. Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016, May 2016, 653–660. https://doi.org/10.1109/ARES.2016.95

Robles-González, A., Parra-Arnau, J., & Forné, J. (2020). A LINDDUN-Based framework for privacy threat analysis on identification and authentication

Andi Budimansyah

processes. Computers and Security, 94(February).

https://doi.org/10.1016/j.cose.2020.101755

Session hijacking attack Software Attack | OWASP Foundation. (n.d.). Retrieved

December 10, 2020, from https://owasp.org/www-

community/attacks/Session_hijacking_attack

Setneg. (2019). Republic of Indonesia Draft Law on Personal Data Protection. 105(3), 129–133.

https://webcache.googleusercontent.com/search?q=cache:BDsuQOHoCi4J:https:

//media.neliti.com/media/publications/9138-ID-perlindungan-hukum-terhadap- anak-dari-konten-berbahaya-dalam-media-cetak-dan-

ele.pdf+&cd=3&hl=id&ct=clnk&gl=id

Shevchenko, N., Frye, B. R., Woody, C., & States, C. M. U. S. E. I. P. U. (2018). Threat Modeling: Evaluation and Recommendations. September.

https://apps.dtic.mil/sti/pdfs/AD1083907.pdf

Solove, D. J. (2006). A TAXONOMY OF PRIVACY. California Law Review, 90(4), 1087–1155. https://doi.org/10.2307/3481326

SQL Injection | OWASP. (n.d.). Retrieved December 10, 2020, from https://owasp.org/www-community/attacks/SQ L_Injection

SSAC Report on WHOIS Terminology and Structure SAC051. (2011).

Velez, T. U. (2015). Risk Centric Threat Modeling. Wiley.

Warren, S. D., & Brandeis, L. D. (1890). The Right to Privacy. Harvard Law Review, 43(2), 297. https://doi.org/10.2307/1330091

Wei, Y. C., Wu, W. C., Lai, G. H., & Chu, Y. C. (2020). pISRA: privacy considered information security risk assessment model. Journal of Supercomputing, 76(3), 1468–1481. https://doi.org/10.1007/s11227-018-2371-0

Andi Budimansyah What is shoulder surfing? - Definition from WhatIs.com. (n.d.). Retrieved December

10, 2020, from https://searchsecurity.techtarget.com/definition/shoulder-surfing Wuyts, K. (2014). LINDDUN : a privacy threat analysis framework.

Wuyts, K., & Joosen, W. (2015a). LINDDUN Privacy Threat Modeling Tutorial: Vol.

C (Issue July).

Wuyts, K., & Joosen, W. (2015b). LINDDUN tutorial. C(July).