Kepatuhan Terhadap Security

About This Presentation

Title:

Kepatuhan Terhadap Security

Description:

Kepatuhan Terhadap Security Budi Rahardjo budi_at_indocisc.com Cisco Security Summit Shangri La Hotel, Jakarta, Desember 2005 Top CIO Priorities 2004 Security Disaster ... – PowerPoint PPT presentation

Number of Views:118

Avg rating:3.0/5.0

Slides: 16

Provided by: Budi69

Category:

more less

Transcript and Presenter's Notes

Title: Kepatuhan Terhadap Security

1
Kepatuhan Terhadap Security

Budi Rahardjo
budi_at_indocisc.com
Cisco Security Summit
Shangri La Hotel, Jakarta, Desember 2005

2
Top CIO Priorities 2004

Security
Disaster Recovery / Business Continuity
PC Replacements
Existing Application Upgrades
Compliance with Government Regulation

3
Masalah keamanan

Virus
Phising
Perangkat makin kecil
USB flash disk
Handphone berkamera
Credit card fraud
Internal fraud
Banking fraud
Telecommunication fraud

Mulai beranjak dari teknis (teknologi) ke masalah
non-teknis
Manusia
Proses, Prosedur

4
Masalah non-teknis

Terkait dengan kebijakan keamanan (security
policy)
Belum ada kebijakan
Kebijakan tidak diketahui keberadaannya
Kebijakan tidak dimengerti (lack of awareness)
Kebijakan tidak dipatuhi
Kebijakan tidak ditegakkan (lack of enforcement)

5
Perlunya Kendali

Perlu adanya kendali (control) untuk menangani
masalah keamanan
Tanpa kendali, resiko terlalu besar

6
Kepatuhan (compliance)

Kepatuhan terhadap regulasi
Dari Pemerintah / Regulator
Sabarnes Oxley (untuk perusahaan terbuka)
Dari Industri
HIPPA Kesehatan (USA)
Basel II Perbankan
Umum
ISO 17799 Code of practice for information
security management
Kebiasaan baik (best practice)

7
ISO 17799

Merupakan kelanjutan dari British Standard (BS)
7799

8
ISO 17799 control objectives

Security policy
Organizational security
Asset classification and control
Personel security
Physical and environmental security
Communication dan operations management
Access control
System development and maintenance
Business continuity management
Compliance

9
Security Policy

Policy Lifecycle
Development
Implementation
Maintenance
Disposal

10
Organizational Security
Information Security Infrastructure Management Information Security Forum
Information Security Infrastructure Information Security Coordination
Information Security Infrastructure Allocation of Information Security Responsibilities
Information Security Infrastructure Authorisation process for information processing facilities
Information Security Infrastructure
Security of third party access Identification of risk from third party access
Security of third party access Security requirement from third party access
Outsourcing Security requirements in outsourcing contracts
11
Asset Classification Control