Upload File

keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

  • Home
  • Education
  • Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
27
1 KEAMANAN INFORMASI CYBERSECURITY, RISK AND CONTROL Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM Cybersecurity Nexus Liaison - ISACA, Indonesia/ Sekolah Teknik Elektro dan Informatika ITB Ruang Sidang Utama Rektorat ITS lantai 1 Surabaya, 17 Maret 2016

Upload: sarwono-sutikno-drengcisacisspcismcsx-f

Post on 16-Apr-2017

507 views

Category:

Education


1 download

Report

TRANSCRIPT

Page 1: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

KEAMANAN INFORMASICYBERSECURITY, RISK AND CONTROL

Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM

Cybersecurity Nexus Liaison - ISACA, Indonesia/ Sekolah Teknik Elektro dan Informatika ITB

Ruang Sidang Utama Rektorat ITS lantai 1Surabaya, 17 Maret 2016

Page 2: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

KESEPAKATAN DISKUSI• Mohon maaf jika gaya/kebiasaan saya di ITB muncul dalam diskusi ini• Niatnya agar Indonesia lebih berdaulat• Boleh buka laptop dan akses internet• Seluruh peserta harus bicara, bertanya, berpendapat, guyon sebagai

pembuka kreatifitas• Sarwono Sutikno hanya fasilitator dan sedang belajar• Semoga saya dan semua insan Indonesia menjadi orang merdeka !!!• Semoga setiap insan Indonesia menjadi khalifah dalam arti tidak ada

yang dapat membatasi potensi seorang insan kecuali impian dirinya dan tuhannya.

Agar efektif berdiskusi

Page 3: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

BLOOM’S TAXONOMY OF EDUCATIONAL OBJECTIVES

Apply

ComprehendRememberlist, recite

explain, paraphrase

calculate, solve,determine, apply

Analyzecompare, contrast, classify, categorize,

derive, model

Synthesizecreate, construct,

design, improve, produce,

propose

Evaluatejudge, critique, justify,

verify, assess, recommend

Page 4: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

4

Current:• Cybersecurity Nexus Liaison, ISACA Indonesia Chapter• ISACA Academic Advocate at ITB• SME for Information Security Standard for ISO at ISACA HQ• Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung• Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01 Program Nasional Penetapan

Standar bidang Teknologi Informasi, BSN – Kominfo. • Lead Assessor for ISMS Certification Body at KAN-BSNPast:• Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008)• Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April 2009 – May 2011

Professional Certification:• Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of Engineering, the University of Texas

at Austin. 2000• IRCA Information Security Management System Lead Auditor Course, 2004• ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005• Brainbench Computer Forensic, 2006• (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007• ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007Award:• (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior Information Security

Professional. http://isc2.org/ISLA

Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM

Page 5: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
Page 6: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
Page 7: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
Page 8: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

PETA RISIKO DAN PELUANG

Page 9: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

Presentation: KamInfo.ID99

KEAMANAN INFORMASI VERSI ISACA

Information security is a business enabler that is strictly bound to stakeholder trust, either by addressing business risk or by creating value for an enterprise, such as competitive advantage. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying.

ISACA defines information security as something that:Ensures that information is readily available (availability), when required, and protected against disclosure to unauthorised users (confidentiality) and improper modification (integrity).

Page 10: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

Presentation: KamInfo.ID1010

KEAMANAN INFORMASI

......... pemerintah negara Indonesia yang melindungi segenap bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk memajukan kesejahteraan umum, mencerdaskan kehidupan bangsa, dan ikut melaksanakan ketertiban dunia yang berdasarkan kemerdekaan, perdamaian abadi dan keadilan sosial........

Pemanfaatan INFORMASI sebagai darah nadi kehidupan bangsa dalam perspektif Pertumbuhan Ekonomi untuk Kesejahteraan Rakyat

Page 11: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

Presentation: KamInfo.ID1111

KEAMANAN NASIONAL

......... pemerintah negara Indonesia yang melindungi segenap bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk memajukan kesejahteraan umum, mencerdaskan kehidupan bangsa, dan ikut melaksanakan ketertiban dunia yang berdasarkan kemerdekaan, perdamaian abadi dan keadilan sosial........

Pemanfaatan INFORMASI sebagai darah nadi kehidupan bangsa dalam perspektif Pertumbuhan Ekonomi untuk Kesejahteraan Rakyat

Page 12: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

12

Page 13: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

NETWORK IS COMPROMISED

Page 14: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

APT LIFE CYCLE

Page 15: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

HOW FAST

Page 16: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

THREAT

Page 17: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

RISK-BASED CATEGORIZATION CONTROL

Page 18: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
Page 19: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

PIRT

Page 20: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
Page 21: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
Page 22: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

The CSX Liaison reports to the chapter president.

Page 23: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

Presentation: KamInfo.ID23

IMPLEMENTINGFRAMEWORKS TO POPULATE BMIS

ISO 27031

COBIT 5 Enabling Process

Page 24: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01
Page 25: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

I SO 3

3000

COBIT 5SNI ISO 38500

Internal Control Framework COSO

HUBUNGAN ANTAR KERANGKA

PP60/2008 Sistem Pengendalian

Intern PemerintahTata

Kel

ola

Tata

Kel

ola

TIM

anaj

emen

TI

Panduan Umum Tata Kelola TIK Nas+

Kuesioner Evaluasi Pengendalian Intern TIK

SNI ISO 27001SNI ISO 20000

SNI ISO 15408

Pera

ngka

t TI

I SO 3

1000

Page 26: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

SARAN

•Strategis dan Kebijakan•Kaji manfaat dan risiko cyber•Sumber daya manusia diutamakan

•Kaji risiko dan manfaat perangkat teknologi, manusia, process dan organisasi

Page 27: Keamanan informasi cybersecurity risk opportunity and control - surabaya 17 maret 2016 ver01

Q&ACYBERSECURITY.ISACA.ORGISACA CYBERSECURITY TEACHING MATERIALS


Ch12 Global Market Opportunity Assessment

PENGARUH PROFITABILITAS, GROWTH OPPORTUNITY

ID IGF 2016 - Hukum 2 - HAM dan Cybersecurity + resilience

PENGARUH INVESTMENT OPPORTUNITY SET, VOLUNTARY

BUSINESS OPPORTUNITY

PENGARUH PROFITABILITAS, INVESTMENT OPPORTUNITY …

Invesment opportunity set Ana

PROBAIT BUSINESS OPPORTUNITY SEMINAR

Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - jakarta 7 juli 2015 ver01

Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01

BUKU PANDUAN TI 2G Ver01 January 2010 Bahasa Indonesia

Jeunesse Opportunity Preview

global.theiia.org · Ini bukanlah semata-mata tugas bagi ahli cybersecurity. Cybersecurity harus Cybersecurity harus diperhitungkan secara holistik dan sistemik, karena efek dari

TIENS Opportunity Preview

Reliv Business Opportunity - Indonesia

Sarwono sutikno nisd2013 - transforming cybersecurity

Green World Indonesia Business Opportunity

Production Possibility Frontier dan Opportunity Cost · Possibility Frontier dan Opportunity Cost Production Possibility Frontier Opportunity Cost (biaya pengorbanan) adalah manfaat

Green Business Opportunity

Buku Panduan TI 3G Ver01 January 2010 Bahasa Indonesia

theONE Opportunity Preview 2013

Bussines opportunity presentation zstarglobal

eBook Excel 2007 Ver01 - Computer1001dotCom

Herbalife Business Opportunity

Scope And Significance Of Data Science In CyberSecurity - Phdassistance

Cybersecurity Policy - Director of Information Security

Business Opportunity Generali

PENGARUH PRESSURE, OPPORTUNITY, DAN …

Global Bussiness Opportunity

Business Opportunity ES KRIM RENKO

Cybersecurity Trends Emerging in 2021

Yusep Rosmansyah (twitter: @yusepros) Cybersecurity & Learning … · 2016. 7. 27. · Yusep Rosmansyah (twitter: @yusepros) Cybersecurity & Learning Technology Center Institut Teknologi

Share The Opportunity HWI

SOP Pembayaran Bank Mandiri & BSM Unit SD Ver01

presentasi workshop national cybersecurity 2012