Perlindungan Data Pribadi Pengguna Sistem Elektronik: Protecting Data Privacy

  • 1,731 views
Uploaded on

Presented by Prof. Kalamullah Ramli, Executive Team National ICT Council (DeTIKNas) in IISF 2012, Bandung, 10 Oktober 2012

Presented by Prof. Kalamullah Ramli, Executive Team National ICT Council (DeTIKNas) in IISF 2012, Bandung, 10 Oktober 2012

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,731
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
146
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Perlindungan Data Pribadi Pengguna Sistem Elektronik: Protecting Data PrivacyProf. Kalamullah RamliExecutive Team National ICT Council Indonesia ICT Council
  • 2. Indonesia Profiles 2
  • 3. Indonesia Facts Indonesia is the worlds largest archipelago with over 17,000 islands and stretches across Sources: cnn.com 3,500 miles 3
  • 4. Indonesia Economics (first quarter 2012)• Economic growth: 6,3 %• Gross Domestic Product (GDP): US$ 825 Million• GDP - composition by sector: agriculture (14.9%), industry (46%), services (39.1%)• Member of G20 Jakarta night view• Indonesia regained its investment grade rating from Fitch Rating in late 2011, and from Moodys Rating in early 2012 4
  • 5. Indonesia ICT Numbers andFacts
  • 6. Mobile Phone Subscribers859 million 752 million Indonesia has million mobile phone subscribers, or the th largest in the world. 279 million 238 million 220 million 69,7 million 34,5 million 7,3millions China USA India Russia Indonesia Thailand Malaysia Singapore sources: cia.gov, last updated 7 Feb 2012 6
  • 7. Social Media: Facebook Users Indonesia has 43,1 million users or the 3th largest in the worlds.USA India Indonesia Thailand Malaysia Singapura Sources: socialbakers.com, last updated 7 Feb 2012 7
  • 8. Indonesia ICT Spending ICT Spending (Millions of U.S. Dollars)30,000.0 26.224,0 24.769,8 22.583,325,000.0 19.742,820,000.0 Communications Computer Hardware15,000.0 Computer Software Computer Services10,000.0 5,000.0 0.0 2008 2009 2010 2011* Sources: WorldBank * Prediction 8
  • 9. ICT Investment: Central Goverment Agencies ICT expenditure in government agencies increasing 18,24 % in 2009-2010. 2009 2010 9
  • 10. Indonesia National ICTCouncil (DETIKNAS)
  • 11. National ICT Council Mandate(Presidential Decree No. 20 – 2006) To formulate strategic direction of national development through ICT empowerment To study and solve strategic problems in order to develop ICT To coordinate nationally all stakeholders in the development of ICT To approve the impelementations of cross- department ICT so that effective and efficient 11
  • 12. Organization Structures Steering Committee Executive CommitteeChair : President Chair : Minister for Communication and ITVice Chair : Minister for Coord. Vice Chair : Zainal A. HasibuanEconomic Secretary : DG ICT Informatics ApplicationExecutive Chair: Minister for Communication Vice Secretary : Deputy Secretary Cabinet of Lawand IT Member : Gatot Sudariyono, SardjoeniMember : Minister for Finance Moedjiono, Rudi Lumanto, Adiseno, Setiadi Yazid, HerryMinister for Industry Pansila, Arief Mustain, Yan Rianto, Sekjen, DG PPI, DGMinister for Trade SDPPI, Head of BPPSDM, MCIT Expert Staff TechnologyMinister for National Education & Culture Sector, MCIT Expert Staff Politic and Security SectorMinister for Home AffairsMinister for Research and TechnologyMinister for Law and Human RightsMinister for Public Services ReformMinister for National PlanningSecretary of Cabinet Secretariat Working GroupsZainal A. Hasibuan Advisors Partners ICT experts from 4 Universities MASTEL; FTII & ICT Associations; Other ICT experts with national and Universities; Chamber of Commerce; international reputations and Technology Owner 12 experiences
  • 13. 10 DETIKNAS Strategic Program to Answer NationalProblems Using ICT Strategic Program for promoting industry, ICT human resources, and using e-Health Palapa Ring ICT as an enabler of economic growth
  • 14. Comprehensive View of ICT in Indonesia Kemkopolhukam National Cyber Security Kemkominfo e- e- e- Budgeting Procurement e- Education NSW Agriculture e-Cultural Kemkeu LKPP e- Heritage Kempertanian Kemdikbud KTP Kemkoekuin e- Kemdagri SoftwareHealth Kemdikbud Legal Kemkes Kemkominfo Palapa Ring Kemkominfo Kemperind Kemkominfo Kemkominfo G2B G2C G2E G2G 14
  • 15. An Overview of CyberSecurity in Indonesia
  • 16. Policies and Regulations: ICT Security Telecommunication Act No 36/1999 Information Transaction Electronic Act No. 11/2008 Implementation Of Telecommunications Government Regulation No. 52/2000 Organizational structure of information security Ministerial Regulation PM 17/PER/M.KOMINFONational Act:2 IP-based network security Ministerial Regulation No.Government Regulation:1 16/PER/M.KOMINFO/10/2010Ministerial Regulation:2Ministerial Decree:2 CA Supervisory Board ad hoc team Ministerial Decree No.Ministerial Letter:3 197/KEP/M.KOMINFO/05/2010 Information security coordination team Ministerial Decree No. 33/KEP/M.KOMINFO/04/2010 Web server security Ministry Letter Wifi Security Ministry Letter Guidelines for the use of ISO 27001 Ministry Letter 16
  • 17. Technical and Procedural• Indonesia National Standard (SNI ISO/IEC 27001:2009: Information Security Management System): National Standardization Agency (BSN) has established an identical adoption of ISO 27001 become SNI ISO/IEC 27001, This standard covers all types of organizations such as commercial enterprises, government, & nonprofit organization. This standard specifies requirements for establishing, implementing, operating, monitoring, assessment, improving & maintenance of Information Security.• Health and Safe Internet Program: This program contains educational and public awareness about the importance of information security. It is hoped that through this program, community in ICT sector participate in maintaining security in cyberspace.• Trust+: Trust Positive (Trust+) is negative content filtering technology based which is developed by models and the workings of this system is to perform filtering of the top level domain, URL and Content, Keyword, Expression. Implementation Trust+ is performed in MCIT, telcooperators and ISPs. 17
  • 18. Security: Organizational StructuresGoverment MCIT Agencies Infromation Security Directorate General of Directorate General of Postal Coordination Team Applications Informatics Devices and Informatics Directorate of Information Indonesia Security Incident Security Response Team on Internet Infrastructure (ID-SIRTII)Community ID-CERT ID-ACAD-CSIRT Structural Adhoc 18
  • 19. Security: Organizational Structures Information Security Directorate of Indonesia Security Incident Response Team on Coordination Team Information Internet Infrastructure Security Legal Decree of the Minister of Regulation of the Regulation of the Minister of MCIT Number: Basis MCIT Number: Minister of MCIT 26/PER/M.KOMINFO/5/2007 133/KEP/M/KOMINFO/ Number:17/PER/M.K 04/2010 OMINFO/10/2010Tasks and To coordinate, develop To formulate and Internet traffic monitoring for incident handlingFunctions policy, develop technical implement policies, purposes;Managing log files to support law guidelines, conducting preparation of norms, enforcement;Educating public for security awareness campaigns, standards, procedures awareness;Assisting institutions in managing and conduct monitoring and criteria, providing security;Providing training to constituency and and submit reports on the technical guidance stakeholders;Running laboratory for simulation implementation of and evaluation in the practices;Establishing external and international information security in field of information collaborations. Indonesia. security. 19
  • 20. Cyber Security Threats
  • 21. Cyber Space in work and daily life• Daily Life • In Work – Online shopping – E-Business – Mobile – E-Commerce Communication – E-Government – Social Media – G2C, G2B,B2G, – Etc. G2E – Etc. 21
  • 22. Threats in Cyber Space Logical/Computer Virus Worm ..... Hacking Cyber Attack Information Technology Physical Attack Theft Cuts ..... Bomb 22
  • 23. Security Context and Motivation• The current threat for every country is not only come from physical threat, but also from cyber threat, because the cyber threat potentially destroying the economy and destabilize the countrys security.• To anticipate the threats that come from cyberspace, the government needs to develop a defense and security system and strategy.• The National cyber security system and strategy consist of five aspects: Legal, technical and procedural, Organizational Structures, Capacity Building and International Cooperation (ITU).
  • 24. Why We Need Information Security?• Extremely rely on information technology• Unacceptable loss (Tangible and Intangible)• The existence of various threats 24
  • 25. Information Security Basic Foundation Main Consideration I Integrity • Confidentiality • Integrity • Availability Asset A CAvailability Confidentiality 25
  • 26. Integrated Information Security Framework Administrative Approach Security Strategic Level International Cooperation Technical and Procedural Organization Structures Capacity Building ConfidentialityDirect control Availability Integrity Legal Security Managerial Level Direct control Security Operational Level Execute Technology Approach 26
  • 27. Information Security Approach Administrative Information Technology Approach Approach Security
  • 28. Information Security: Administrative Approach Level/Document Policy Standard ProcedureStrategic VTactical VOperational V
  • 29. Information Security: Technology Approach- Defensein Depth Data Application Host Internal Network External Network
  • 30. Information Security: Adminstrative and Technology Approach (Defense in Depth)DMZVPN FirewallsLogging Proxy IDSAuditing Logging IPS AuthenticationPenetration Stateful Packet Logging Antivirus SSOTesting Inspection Auditing IDS Content EncryptionVulnerability Penetration Filtering Auditing IPS Access ControlsAnalysis Testing Data Validation Penetration Password Backup Vulnerability Testing Hashing Auditing Analysis Penetration Vulnerability Penetration Logging Testing Analysis Testing Vulnerability Auditing Vulnerability Analysis Penetration Analysis Testing Vulnerability Analysis External Network Internal Network Perimeter Network Host Application Data
  • 31. Esensi Pertukaran Informasi
  • 32. Pertukaran Informasi– Informasi Elektronik– Bukti Elektronik • Bukti elektronik menjelaskan adanya informasi elektronik yang dipertukarkan dalam transaksi elektronik– Transaksi Elektronik • Transaksi tidak sekedar pertukaran yang dapat dilihat secara fisik sebagaimana terjadi dalam pengertian konvensional, seperti jual dan beli, namun diperluas mencakup pertukaran informasi elektronik melalui media elektronik (Internet). 32
  • 33. Informasi Elektronik• Informasi Elektronik & / Dokumen Elektronik & / hasil cetaknya merupakan alat bukti hukum yang sah, dan merupakan perluasan dari alat bukti yang diatur dalam Hukum Acara yang berlaku di Indonesia.• Informasi elektronik dapat berupa catatan elektronik, dokumen elektronik, kontrak elektronik, surat elektronik, atau tanda tangan elektronik.• Informasi Elektronik & Dokumen Elektronik dinyatakan sah bila mengguna-an Sistem Elektronik sesuai ketentuan dalam UU ITE 33
  • 34. Informasi Elektronik• Ketentuan mengenai Informasi Elektronik & Dokumen Elektronik tidak berlaku untuk : • Surat yang menurut UU harus dibuat dalam bentuk tertulis, diantaranya yaitu surat berharga, surat yang berharga, dan surat yang digunakan dalam proses penegakan hukum acara perdata, pidana, dan administrasi negara. • Surat beserta dokumennya yang menurut UU harus dibuat dalam bentuk akta notaril atau akta yang dibuat oleh pejabat pembuat akta 34
  • 35. Informasi Elektronik• Selain pengecualian sebelumnya yang mensyaratkan suatu informasi elektronik harus berbentuk tertulis atau asli, Informasi Elektronik &/ Dokumen Elektronik dianggap sah bila informasi yang tercantum didalamnya memenuhi ketentuan UU sbb :1. Dapat terjamin keutuhannya dan dapat dipertanggung-jawabkan Pesan yang dimaksud dalam informasi elektronik tersebut tidak berubah isinya dalam proses penyimpanan, pengiriman, penerimaan dan tampilannya.2. Dapat diakses Informasi elekronik tersebut dapat ditelusuri keberadaannya.3. Dapat ditampilkan sehingga menerangkan suatu keadaan Informasi elektronik tersebut memiliki makna tertentu atau menjelaskan isi atau substansi yang dimaksud oleh penggunanya. 35
  • 36. Tanda Tangan Elektronik• Tanda tangan elektronik memiliki kekuatan hukum dan akibat hukum yang sah selama memenuhi ketentuan dalam undang-undang ini. – Undang-undang memberikan pengakuan secara tegas bahwa tanda tangan elektronik meskipun hanya merupakan suatu kode akan tetapi memiliki kedudukan yang sama dan sejajar dengan tanda tangan manual pada umumnya yang memiliki kekuatan hukum dan akibat hukum 36
  • 37. Tanda Tangan Elektronik• Teknik, metode, sarana, atau proses pembuatan tanda tangan elektronik memiliki kedudukan hukum yang sah selama memenuhi persyaratan yang ditetapkan dalam undang-undang ini. – Tanda tangan elektronik yang dimaksud dalam pasal ini termasuk penggunaan infrastruktur kunci publik, biometrik, kriptografi simetrik, dan sebagainya. 37
  • 38. Penyelenggaraan Sertifikasi Elektronik Setiap Orang berhak menggunakan jasa Penyelenggara Sertifikasi Elektronik untuk pembuatan Tanda Tangan Elektronik. Penyelenggara Sertifikasi Elektronik harus memastikan keterkaitan suatu Tanda Tangan Elektronik dengan pemiliknya. Penyelenggara Sertifikasi Elektronik terdiri atas : a. Penyelenggara Sertifikasi Elektronik Indonesia, berbadan hukum Indonesia, berdomisili di Indonesia b. Penyelenggara Sertifikasi Elektronik asing. Jika beroperasi di Indonesia harus terdaftar di Indonesia. 38
  • 39. Penyelenggaraan Sertifikasi Elektronik Penyelenggara Sertifikasi Elektronik harus menyediakan informasi yang akurat, jelas, dan pasti kepada setiap pengguna jasa, minimum meliputi : a. metode yang digunakan untuk mengidentifikasi Penanda Tangan; b. hal yang dapat digunakan untuk mengetahui data diri pembuat Tanda Tangan Elektronik; dan c. hal yang dapat digunakan untuk menunjukkan keberlakuan dan keamanan Tanda Tangan Elektronik. 39
  • 40. Penyelenggaraan Sertifikasi Elektronik• Informasi dan transaksi elektronik diselenggarakan oleh sistem elektronik yang terpercaya, yakni : 1. Andal artinya sistem elektronik tersebut memiliki kemampuan yang sesuai dengan kebutuhan penggunaannya. 2. Aman artinya sistem elektronik tersebut terlindungi baik secara fisik mapun non fisik. 3. Beroperasi sebagaimana mestinya artinya sistem elektronik tersebut memiliki kemampuan sesuai spesifikasinya.• Penyelenggara sistem elektronik bertanggung jawab terhadap penyelenggaraan sistem elektronik yang diselenggarakannya. Yang dimaksud dengan bertanggung-jawab artinya ada subyek hukum yang bertanggung-jawab terhadap penyelenggaraan sistem elektronik tersebut. 40
  • 41. Persyaratan Minumun Sistem Elektronika. Dapat menampilkan kembali Informasi Elektronik & / Dokumen Elektronik secara utuh sesuai dengan masa retensi yang ditetapkan dengan Peraturan Perundang-undangan;b. Dapat melindungi ketersediaan, keutuhan, keotentikan, kerahasia- an, dan keteraksesan Informasi Elektronik dalam Penyelenggaraan Sistem Elektronik tersebut;c. Dapat beroperasi sesuai dengan prosedur atau petunjuk dalam Penyelenggaraan Sistem Elektronik tersebut;d. Dilengkapi dengan prosedur atau petunjuk yang diumumkan dengan bahasa, informasi, atau simbol yang dapat dipahami oleh pihak ybs dengan Penyelenggaraan Sistem Elektronik tersebut;e. Memiliki mekanisme yang berkelanjutan untuk menjaga kebaruan, kejelasan, dan kebertanggung-jawaban prosedur atau petunjuk 41
  • 42. Penutup
  • 43. Kesimpulan• UU Informasi dan Transaksi Elektronik (ITE) melindungi keamanan data pribadi yang bersifat elektronik dari pengaksesan (Pasal 30) maupun penggunaan data tanpa izin (Pasal 26).• Mekanisme pertukaran data pribadi yang bersifat rahasia hendaknya menggunakan tanda tangan elektronik dan sertifikat elektronik.• Perlunya sosialisasi mengenai kesadaran perlindungan data pribadi. 43
  • 44. INDONESIA NATIONAL ICT COUNCIL www.detiknas.org pmo.detiknas@kominfo.go.id ©2012