Build a 24/7 Security Operations Center (SOC) with Free and Open Source Technologies

 Welcome to our comprehensive guide on building a 24/7 Security Operations Center (SOC) using free and open-source technologies. In the digital age, protecting your organization’s information assets has never been more important. Cyber threats are constantly evolving, and organizations of all sizes and industries are vulnerable to attacks. A well-structured and well-equipped SOC plays a pivotal role in an organization’s defense mechanisms by continuously monitoring and analyzing the organization’s security posture.

This ebook aims to provide businesses of all sizes a roadmap to building an effective SOC using free and open-source technologies. By leveraging these open-source tools, organizations can set up a fully functional SOC without breaking the bank.

An open-source SOC can provide an array of benefits including low costs, high adaptability, and a strong support community. They offer a degree of flexibility and customization that is not commonly found in commercial software. By choosing open-source technologies, you can modify the code to suit your specific needs, integrate it into your existing infrastructure, and start with a low budget.

We will guide you step by step on how to navigate the process, from understanding the importance of a SOC to planning, designing, team selection, technology selection, implementing procedures, continuous improvement, and avoiding common mistakes.

Whether you’re a business owner looking to enhance your defense against cyber threats or an IT professional seeking to broaden your knowledge in cybersecurity, this ebook is your guide to building an effective, round-the-clock SOC using free, open-source technologies. Let’s delve into the world of SOCs and begin our journey!

Understanding the Importance of a SOC

In any organization, regardless of its industry, size, or location, maintaining the security of data and network systems is of paramount importance. The SOC, or Security Operations Center, is the heart of an organization’s cybersecurity framework. It is responsible for detecting, analyzing, and responding to cybersecurity incidents using a combination of technology solutions and a strong set of processes.

Compliance with regulations is not just about avoiding penalties; it’s about ensuring that your organization can continue to function effectively in an increasingly digital world. A SOC helps organizations in maintaining compliance with regulations by monitoring network traffic, detecting anomalies, and responding promptly to any breaches.

Managed Security Service Providers (MSSPs) and Managed Service Providers (MSPs) benefit significantly from SOC services. As guardians of their client’s digital assets, they need a reliable SOC to assure their customers that their data is safe and secure. This not only helps in protecting their customers but also provides a robust foundation for growing their business by gaining new customers and retaining the existing ones.

For organizations that handle sensitive data – such as financial institutions, healthcare providers, or government agencies – having a SOC can be even more crucial. A breach in such organizations could lead to severe consequences, including financial loss, damage to reputation, and even threats to national security.

In conclusion, having a SOC is not a luxury, but a necessity in today’s digital world. The threats are real and ever-evolving, and having a dedicated team working around the clock to protect your organization is crucial. The next chapter will guide you through the first steps of setting up a SOC – planning and designing.

Planning and Designing a SOC

Building a Security Operations Center (SOC) requires more than just picking out the right technology. Before anything else, you need to carefully plan and design your SOC to ensure it meets the unique needs of your organization.

Start with defining the scope of your SOC. Are you building a SOC to monitor your own organization, or are you a managed service provider (MSP) who will provide SOC services to multiple clients? Your scope will significantly influence the structure and objectives of your SOC.

Next, determine your objectives. What do you aim to achieve with your SOC? Common objectives include improving threat detection, speeding up response times, and enhancing overall security posture. Your objectives will guide you in making key decisions throughout the process, such as which features you need and how to structure your SOC.

The size of your organization and the nature of your business will also influence your planning and design. Larger organizations and those with higher threat exposure may require a more sophisticated SOC with advanced features.

When considering features, you should look at what is necessary for your organization’s protection and compliance. You may need integrations with cloud services, the ability to correlate logs for better threat detection, threat intelligence for staying ahead of emerging threats, automated incident response to quickly react to attacks, dashboard builders for clear visualization of security data, and compliance reporting to meet regulatory requirements.

Remember, careful planning and design will set the foundation for your SOC. It’s worth taking the time to get this stage right, as it will influence the effectiveness of your SOC in meeting your cybersecurity needs.

Team Building and Certifications

A successful Security Operations Center (SOC) is backed by a proficient team. The team is the backbone of your SOC, and therefore, picking the right mix of professionals possessing the required skills is fundamental. In this chapter, we will explore the broad range of skills and competencies required, as well as the roles you’ll need to fill to build an effective SOC team.

The Roles

Every SOC team requires a blend of different roles, each contributing unique expertise and skills. The most common roles in the SOC team include:

1. Security Analysts: These professionals are responsible for monitoring, detecting, and analyzing potential threats and incidents, and escalating them when necessary. They are typically divided into tiers, with Tier 1 analysts dealing with routine threat monitoring, and higher tiers dealing with more complex analysis and response actions.

2. Incident Responders: These are the firefighting unit of your SOC. They are tasked with responding to and managing security incidents to mitigate the impact on your organization.

3. Security Engineers: These individuals are responsible for managing and maintaining the SOC’s technology infrastructure, including SIEM systems, firewalls, and intrusion detection systems.

4. SOC Managers: They oversee the operations of the SOC, coordinating the team’s activities and ensuring that the SOC meets its objectives.

Recruitment and Training

Finding talented professionals with the right skills can be challenging. Encourage diversity in your team by employing people with various backgrounds, such as IT, cybersecurity, or even non-technical fields. Provide them with training and development opportunities to upskill and adapt to your SOC’s specific needs.

Talent Retention

The cybersecurity industry is notorious for its high staff turnover rates, which can be detrimental to a SOC’s operations. Investing in your team’s professional and personal growth, offering competitive salaries, and maintaining a positive working environment are some strategies to retain your team members.

Useful Certifications

Certifications provide credibility to your team’s skills and knowledge. Consider encouraging or even sponsoring your team members to gain certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), and Certified Intrusion Analyst (GCIA).

In conclusion, building the right team is the first step towards establishing a robust SOC. Remember, a successful SOC relies significantly on the skills and expertise of its team. Invest wisely in your team, and it will pay dividends in the form of a secure and protected organization.

Technology Selection

Choosing the right technology is a crucial step in building an effective SOC. The technology you select will be the backbone of your operations, enabling your team to monitor, detect, and respond to threats effectively. Several tools and systems are essential for a SOC, and this chapter will guide you through each one, explaining their importance and how to choose the right one for your needs.

Firstly, a Security Information and Event Management (SIEM) system is a critical component of any SOC. SIEM systems aggregate and analyze data from various sources, providing real-time analysis of security alerts generated by applications and network hardware. With SIEM, your team can respond to threats faster and more effectively.

Threat Intelligence is another essential element. This technology provides information about the latest threats, helping your team anticipate and prepare for potential attacks. Threat intelligence can provide insights into threat actors, their tactics, techniques, and procedures (TTPs), and the vulnerabilities they exploit.

Incident response and log analysis technologies are also important. Incident response tools help your team react to security incidents swiftly and efficiently, while log analysis tools provide valuable data about activities happening on your network.

A vital aspect to consider is the ability for real-time correlation. This enables your team to correlate incidents, providing a more comprehensive view of security events. This feature can help you identify patterns, detect threats faster, and prioritize responses.

Compliance reporting is also an important consideration. With regulations like GDPR and HIPAA, compliance is essential. Compliance reporting tools can help you demonstrate your organization’s compliance with relevant regulations.

User entity management and cloud monitoring are two other technologies that should be part of your SOC. User entity management allows you to monitor and manage user behavior, helping to detect and respond to insider threats. Cloud monitoring, on the other hand, is essential for organizations using cloud services. It allows you to monitor the security of your cloud environment.

Lastly, a dashboard builder will facilitate the visualization and interpretation of data. This tool provides a one-stop view of your security status, allowing you to make informed decisions quickly.

One technology that integrates all these features is UTMStack. It’s an open-source and free solution, making it an excellent choice for organizations building a SOC on a budget. In the next sections, we will discuss in detail how you can leverage UTMStack to build a robust and cost-effective SOC.

Implementing Processes and Procedures

Building an efficient SOC requires the creation and implementation of well-defined processes and procedures. These procedures will form the backbone of your SOC operations, governing how your team responds to incidents, detects threats, and manages vulnerabilities.

Incident Response Procedures
Incident response is a vital part of SOC operations. When a security incident occurs, the speed and effectiveness of your response can significantly impact the damage caused. Your incident response procedures should outline the steps your team will take when a security incident is detected. This can include identifying and verifying the incident, containing the threat, eradicating the threat, and documenting the incident for future reference.

Threat Detection Procedures
Threat detection is another crucial SOC activity. Your procedures should define how your team identifies and classifies threats. This can involve using automated systems to monitor your network and identify suspicious activity or analyzing logs for signs of a potential attack.

Vulnerability Management Procedures
Your SOC should also have procedures in place for managing vulnerabilities. This includes identifying potential vulnerabilities, assessing the risk they pose to your organization, and taking action to mitigate these risks.

Creating and Implementing Procedures
To implement these procedures, you’ll need to document them clearly and ensure that your team is fully trained. Regular reviews and updates will also be needed to ensure that your procedures remain effective as the threat landscape evolves.

Role of Technology in Implementing Procedures
The right technologies can support and streamline your SOC procedures. For instance, security information and event management (SIEM) systems can automate many aspects of threat detection and incident response, while vulnerability assessment tools can help you identify and manage potential weak points in your network.

In summary, creating and implementing processes and procedures is a crucial step in building a SOC. They provide the structure your team needs to respond effectively to security incidents and manage ongoing threats, helping to protect your organization from cyber-attacks.

Continuous Improvement

Building a SOC is not a one-time task. As the cybersecurity landscape continues to evolve, your SOC must also adapt and grow to meet these changes. This means, a SOC should be seen as a living entity, constantly changing and improving based on the changing threat and technology landscapes. In this chapter, we will cover the essence of continuous improvement in SOC operations, providing you with a roadmap on how to maintain the effectiveness of your SOC over time.

Understanding The Need for Continuous Improvement
We will begin this chapter by highlighting the importance of continuous improvement in a SOC. This will involve analyzing the fluid nature of cybersecurity threats and how they impact your SOC operations.

Setting Improvement Goals
The chapter will continue with providing strategies on setting goals for improvement. This will include discussions on the key performance indicators (KPIs) to measure and how to set realistic improvement targets.

Implementing a Continuous Improvement Plan
Next, we will delve into the steps involved in implementing a continuous improvement plan. These steps will include identifying areas of improvement, brainstorming solutions, implementing changes, measuring results, and refining processes.

Continuous Training and Learning
The human factor is crucial in SOC operations. Thus, the chapter will also cover the importance of continuous training and learning for your SOC team. This includes keeping abreast with the latest cybersecurity trends, enhancing their skills, and learning from experiences.

Reviewing and Updating Technologies
Technology is at the heart of a SOC, therefore, regular evaluation of your technology stack is crucial. We will discuss how to keep your technology updated – from your SIEM systems to your threat intelligence tools.

Adapting to New Regulations
With new cybersecurity regulations being introduced frequently, it’s important to ensure your SOC is compliant. This section will guide you on adapting your SOC to meet these new regulatory requirements.

Conclusion

The chapter will conclude with a summary of why continuous improvement should be an integral part of your SOC operations. It will emphasize the importance of maintaining a proactive, rather than a reactive stance in managing cybersecurity threats. Furthermore, it will reiterate how continuous improvement can help your SOC stay ahead in the ever-evolving world of cybersecurity.

Common Mistakes to Avoid

Establishing a Security Operations Center is a critical task that requires precision, expertise, and comprehensive understanding. Despite having the best intentions, however, mistakes can creep in, jeopardizing the efficiency and effectiveness of the SOC. This chapter will point out these common pitfalls, helping you steer clear and build a highly functional SOC.

One of the most common oversights in SOC establishment is neglecting staff training. Building a SOC isn’t just about assembling a team, it also involves augmenting their skills continuously to keep pace with evolving cyber threats. Therefore, a well-planned and regular training program is essential for your SOC team to stay ahead.

Another prevalent mistake is failing to define clear roles and responsibilities. Without clear delegation and delineation of duties, confusion could reign, leading to inefficiencies and gaps in your cybersecurity defense. It’s crucial to have well-defined job roles and responsibilities for your security analysts, engineers, and managers to ensure smooth operations.

One of the most detrimental missteps is not investing in the right technology. A SOC needs robust and dynamic technology like Security Information and Event Management (SIEM) systems, Threat Intelligence, Incident Response, and more. Settling for subpar or unsuitable technology can cripple your SOC’s effectiveness.

A common mistake often overlooked is not fine-tuning correlation rules as per customer. Each customer has unique needs and risks, and therefore, the correlation rules need to be tailored accordingly to ensure precise threat detection and response.

Further, not defining false positive rule tags might lead to alert fatigue, reducing the efficiency of your analysts. Additionally, failing to create custom dashboards and reports for customers can negatively impact service delivery and customer satisfaction.

Lastly, not leveraging Artificial Intelligence (AI) for alert analysis is a missed opportunity. AI can significantly speed up threat detection and response, thereby strengthening your SOC’s defense capabilities.

Traditional SIEM systems often lack some of these essential features, leaving gaps in your cybersecurity defense. This is where UTMStack comes into play. Being a comprehensive, open-source, and free platform, UTMStack provides all these essential features and more, helping you avoid these common mistakes while building your SOC. In the following chapters, we will delve deeper into how UTMStack facilitates the creation of a robust and efficient SOC.

Legal Considerations

Before delving into the technical specifics of setting up your SOC, it’s crucial to consider the legal aspects. In the world of cybersecurity, where sensitive data protection is paramount, understanding the legalities is essential for both your business and your customers. This chapter will offer advice on how to structure your Statement of Work (SOW) and Master Service Agreement (MSA) to ensure both parties are adequately protected.

The SOW is a critical document that outlines the specific services you will provide, scope of work including the tasks, responsibilities, and timeline. It is here that you will detail the specific parameters of your SOC services, such as 24/7 monitoring, incident response, threat detection, and periodic reporting. Carefully defining these aspects will help avoid any misunderstanding and set clear expectations for your clients.

An essential part of the SOW is the Service Level Agreement (SLA), which defines the expected performance levels of your SOC. This could include response times, resolution times, and system uptime guarantees. The SLA forms the basis of your accountability to your clients and is an integral part of establishing trust.

The MSA, on the other hand, is a contract that outlines the general legal and contractual terms between you and your client. It covers areas such as data protection and confidentiality, liability limitations, dispute resolution, payment terms, and service termination conditions. Given the sensitive nature of the information your SOC will handle, it’s crucial to have a robust MSA that protects both parties’ interests.

To make the process easier, we’ve included a link to a resource offering a customizable template that can be adapted to suit your business needs. However, we strongly advise seeking legal counsel to ensure your SOW, SLA, and MSA are comprehensive and legally sound.

Remember, building a SOC isn’t just about technology; it’s also about establishing a legal framework that ensures smooth operations while protecting your business and your clients.

Conclusion

Building a SOC (Security Operations Center) is a complex task, but it’s a necessary step for businesses and organizations looking to protect their digital assets and maintain robust cybersecurity measures. However, this doesn’t have to be an uphill battle. With careful planning, building the right team, and selecting the right technology, you’re well on your way to having a well-functioning SOC.

Throughout this ebook, we’ve explored each of these areas in detail, providing you with a comprehensive guide to building your SOC from scratch. We’ve covered everything from understanding the importance of a SOC to planning and designing your SOC, building a competent team, selecting the right technology, implementing processes and procedures, and continuously improving your SOC. We’ve also shared common mistakes to avoid and legal considerations to ensure your SOC is not only effective but also compliant with all necessary regulations.

As we’ve discussed, one of the key advantages of building your own SOC is the ability to customize it to suit your specific needs. This includes the integration of various technologies and tools, depending on the nature of your business and the level of threat exposure.

A key point we’ve mentioned is the importance of open-source technologies. Tools like UTMStack, for instance, come with a wealth of features necessary for a SOC, including security information and event management (SIEM), threat intelligence, incident response, log analysis, and more. Moreover, since it is open source and free, it reduces the costs associated with building and operating a SOC significantly.

But building a SOC is not a one-off task. It requires continuous improvement to keep up with evolving cybersecurity threats and technologies. This is where regular training and updates come into play, ensuring your team is always at the top of their game.

In conclusion, whether you’re a business owner, an MSP, or a MSSP aiming to establish your own 24×7 cybersecurity operations center, this guide offers comprehensive insights and practical advice to help you succeed. Building a SOC is a significant investment, but it’s an investment that will undoubtedly pay dividends in the form of robust cybersecurity defense for your organization.

sumber: https://utmstack.com/build-a-24-7-soc-with-free-and-open-source-technologies/

Pemerintah Brazil gunakan open source seluruhnya.

Brazil at forefront of open source initiatives

Posted 15 Aug 2012 by 

Fabio Muller

Feed

up

9 readers like this

Image by : 

opensource.com

   inShare1 

Since the workers’ party won the Brazilian Presidential election in 2003, an open source movement has continued to grow in government and public spheres. Now, the country appears to be at the forefront of open source initiatives, which isn’t news to most inside the community that, despite initial uncertainties, saw the movement growing each year. The workers’ party has without a doubt signaled that open source should be included at the top of the government's agenda.

Before this presidential win, some states governed by the party were already making efforts to implement open source initiatives, but due to knowledge limitations, economic pressures, and prevailing attitudes, these initiatives were not as valued as they deserved to be. The first open source ATM network implemented in Rio Grande do Sul, Brazil's southernmost state, was not credited as it should had been. Even Forum Internacional Software Livre, now in its 13th year with world-wide recognition as a mainstream event, was starting to take off. But today, due to several factors—wider adoption of and trust in open source software, pressure to cut expenses due to the current economic crisis, a well-formed and regular user base, and concern with digital inclusion—the open source scene in Brazil has changed, and additional initiatives are starting to get off the shelves and into practice. And some cases are worth mentioning, as they could be replicated by others. 

One lesson to be learned is that without government support, these initiatives probably would not have happened; the market would not have allowed such initiatives to succeed as they were not principally matters of competition but rather matters of "sharing the cake." In such cases, open source is the uninvited guest at the party—hence myths that open source is not profitable and inferior.

One initiative in the Brazilian government is an open source software portalmaintained by the Ministry of Planning, Budget and Management. Created in 2007, the portal offers open source software programs developed by government bodies and hosts communities so that citizens, companies and public administrations can have access to a great variety of software. Everything on the portal is produced and made available according to the standards ruled by the normative instruction (N.1), a legal document based strongly on FSF rules, and a free license model created specifically for the portal; though all FSF license models prohibit the use of proprietary tools, libraries, software, or components. The aim was and is to keep the software free in the spirit of FSF philosophy.

The portal now has 59 available software programs and the list keeps growing. Each has its own community of users who are free to participate in any other community, and all together represent a great variety of uses from education to banking. Linux Educational is a local Kubuntu version modified for public schools. And Tucunaré is a debian modified version developed by Banco do Brasil, one of our most successful banks capable of deploying a hole telecentre with a few keystrokes. These programs have all been part of a huge effort that is starting to show by returning value to the society, which is the open source philosophy!

Another initiative is CDTC, a project first designed to disseminate open source software between IBM and the National Institute of IT, a government organization linked to the presidential cabinet. It has since evolved into an e-learning platform under the management of Djalma Valois Filho, a well-known member of the open source community in Brazil and founder of CIPSGA. Filho was able to rally open source supporters and explain the potential of open source with courses and seminars—even those taken by the Brazilian parliament. The project's framework was then transformed using Moodle, as the base, and university scholarship students were hired to develop written material and moderate forums.

CDTC started with four courses and now it has 160! And includes courses that aren't available anywhere else. For example, I have used LaTeX software for years and was curious, so I reached out to the community and found the first free e-learning class for it in the world at CDTC. Before, I would have had to start from scratch, searching in books for answers. 

Note: All courses and seminars are written in Portuguese, none are in-depth like on Coursera (but they have great potential to be), and there are many interesting unpublished courses (like Audacity, Joomla, SQL, Brazilian Literature, and more). 

Initially, training was planned to be for government employees only, but now all public courses are free to any citizen with a .br email account. Citizens can even qualify for certifications if they complete a certain number of courses. At the end of 2011, the CDTC project was migrated to the Ministry of Work with the idea to turn some free courses into qualification courses so that thousands at telecentres or unemployment centers could be certified. The goal is: 1 million by 2014.

All in all, CDTC has given more than 18,000 classes and reached almost 95,000 people in 4,305 cities. And all without marketing! Many well-connected people in the open source community didn't and don't know about the project, so imagine how much it could grow. 

Another national program, Telecentros, supports digital inclusion in communities who have access to the following: students for hire, an uninterrupted power supply, HVAC, drinking water, furniture, and Internet. In remote locations without cable access, a telecentre can qualify for the funding to buy a satellite antenna. And through a program called Formations Network, students from 16 to 28 years of age are trained to act as “multipliers of digital technologies appropriation in public equipment”.

What's important is to have a space where the local community can connect to the Internet with proper software, hardware, and people support. And what makes all the difference is that the software is open source. Like, Tucunaré, a suite used at these telecentres so that students can qualify for certification using CDTC training—closing the loop and returning value back to the society; more than just internet access.

These initiatives are good examples of the solid open source foundation developing in Brazil. Those who were once excluded can now connect, qualify, and get certificated. They now have hope for a better life like never before thanks to open source.

And because these initiatives don't start by themselves, there must be a strong commitment from the government and society to understand and contribute to them. They must offer a better return to the taxpayers by ceasing to spend huge amounts of money on software licenses that only return value to the owner. The true spirit of community is collaboration, sharing and returning, and something I believe will never happen outside of an open source sphere.

Recently, Ricardo Fritsch, General Coordinator for the Software Livre Association, wrote a letter to President Dilma Rousseff on behalf of FISL participants alerting her to recent happenings that are not in line with community thinking (and not in their best interest). It is an alert to show that sometimes problems arise, directions change, and projects evolve into something different than originally planned—but that's all part of it and support must continue. Otherwise, we risk losing rewards we've reaped from past and current efforts.

In the beginning, open source was viewed only as an alternative to a paid model, but with its evolution and maturity, open source is a proven new environment for growth. Among the BRICS group—developing or newly industrialized countries like Brazil—open source is a necessity because these governments simply cannot afford the price of a licensed model. Today, Brazil has a strong open source community allowing us to be at forefront of open source initiatives and it's up to us to continue to support candidates who understand the importance of open source

source: https://opensource.com/life/16/1/my-linux-story-carlos-aguayo

Pemerintah UK beralih ke open source

UK Government Leaves Microsoft Office For Open Source Technology!

UK government will save millions after this shift as the country has spent over £200 million on Microsoft’s ubiquitous software suite in the last three years.    Rate this news:   (2 Votes) Thursday, January 30, 2014:  In yet another blow to the proprietary technology and boost to open source tech, UK government has now given up on Microsoft's Office and is resorting to open source alternatives. The move has come in order to restrict expenditure and put an end to 'oligopoly' in the IT market. According to reports, Cabinet Office minister Francis Maude is working to outline plans, to make the desired shift from Microsoft Office to free productivity software such as OpenOffice and Google Docs. Maude shared an update on the plans at a cross-government event. UK government will save millions after this shift as the country has spent over £200 million on Microsoft’s ubiquitous software suite in the last three years. Maude said, “We know the best technology and digital ideas often come from small businesses but too often in the past they were excluded from government work. In the civil service there was a sense that if you hired a big multi-national, who everyone knew the name of, you'd never be fired. We weren't just missing out on innovation, we were paying top dollar for yesterday's technology.” The government believes that this will put an end to the 'oligopoly' amongst suppliers of technologies. Maude said, “The software we use in government is still supplied by just a few large companies. A tiny oligopoly dominates the marketplace. I want to see a greater range of software used, so civil servants have access to the information they need and can get their work done without having to buy a particular brand of software. In the first instance, this will help departments to do something as simple as share documents with each other more easily. But it will also make it easier for the public to use and share government information.” The government is already working in the direction. “We have been talking to users about the problems they face when they read or work with our documents – and we have been inviting ideas from experts on how to solve these challenges. Technical standards for document formats may not sound like the first shot in a revolution […] but be in no doubt: the adoption of compulsory standards in government threatens to break open Whitehall's lock-in to proprietary formats. In turn we will open the door for a host of other software providers,” he stated.

Open Source GIS untuk Banjir Jakarta

Putting Free and Open Source GIS Software (QGIS 2.0) Under-Stress for producing Jakarta Flood Map

Posted on Friday January 24th, 2014 by emir — 3 Comments ↓

Peta banjir di website BPBD DKI Jakarta

The peak of rain season has arrived, and as usual, Jakarta always got flooded around December until February each year. Information about where flood happen is very important, public need open access to know and understand where the affected areas are. But, of course textual information is not enough. That is why DKI Jakarta Provincial Disaster Agency (Badan Penanggulangan Bencana Daerah (BPBD) Provinsi DKI Jakarta) with assistance from Humanitarian OpenStreetMap Team (HOT), funded by Australia-Indonesia Facility for Disaster Reduction (AIFDR-DFAT Australian Aid ) is creating Jakarta flood map this year.

Control room in BPBD DKI Jakarta

HOT team + AIFDR staff are creating maps for Jakarta flood response.

Everyone needs to know that all maps that have been published to the public are NOT produced with commercial or paid software. We are using free and open source software, QGIS 2.0 which is available in qgis.org for Windows, OSX, and Linux. We are putting this free software under stress to create good maps with fast and efficiently.

QGIS 2.0 in OSX

During the producing process, there are 3 phases:

1. Data collection, data processing, and entry data
2. Symbology setting
3. Layouting

Phase 1: Data collection, data processing, and entry data

For BPBD flood maps, data are collected from report (where head of villages reporting regularly) through call center, fax, even BBM. All the report goes into BPBD DKI Jakarta Operation Center. Then, BPBD staff are recaping all the data into form like this: 

This form showing list which villages and sub-villages affected with flood, including water level information

No data = no maps. Data is important!

That kind of recapitulation is reported every 6 hours (if the flooding is quite intense). So, there will be 4 reports each day: 12am, 6am, 12pm, and 6pm. 

Then, we are processing the data by creating class of water level.

1. Class 1: 10 – 70 cm
2. Class 2: 71 – 150 cm
3. Class 3: > 150 cm
4. Class 4: Reported that the area is affected, but there is no water level information yet.

Next, we are entrying the data using QGIS 2.0. We are using sub-villages boundary from OpenStreetMap. We are pulling the vector file from OpenStreetMap then we set the attributes table like this: 

KAB_NAME is District, KEC_NAME is Sub-District, KEL_NAME is Village, and RW is sub-village

We are adding new column, “affected” and “tinggi”. To indicate that a sub-village is affected by flood, we give value 1. And to indicate the water level class, we put value based on water level class inside “tinggi” column. We are putting the value based on the report given by BPBD staff. The longer the report (meaning lot of sub-village affected), the longer the entry data process. It can take 1-2 hours during intense flood, even more.

Phase 2: Symbology setting

After data entry, we are setting up the symbology. QGIS 2.0 layer properties UI is quite simple and easy to understand. We can set the symbology based on value from a column. If we want to show affected sub-villages, we are using “affected” column. But if we want to show water level classification, we are using “tinggi” column. Other symbology such as boundary needs to be set up too, so the map will be easy to understand and anyone can read it 

Phase 3: Layouting

Layouting maps in QGIS 2.0

Designing a map layout is setting up a final map so the map will be ready to print and distribute. We are paying attention the maps component such as title, scale, legend, etc. The layout should be designed perfectly, and each component has meaning. The more information that you put into layout, then the map will be more amenable. Since people would know where they have to reach if there is something wrong with the map. So, if you want to display the map, it should be displayed completely with the additional information :)

All final products can be seen at http://bpbd.jakarta.go.id/peta-banjir/

For chronological map animation, actually it’s a group of map that we designed with the same symbology and layout. And we compiled those maps based on time-series. All maps are joined with GIF creator software (GIFFun is good enough for OSX, in case you wondering  )

Want to learn more about OSM and QGIS? We have the guide: http://openstreetmap.or.id/resources/guide/