Protecting Data Privacy:Perlindungan Data Pribadi Pengguna Sistem Elektronik RUDI LUMANTO -ID-SIRTII- 10 October 2012 Indonesia Information Security Forum (IISF 2012) Hotel Hilton, Bandung, Indonesia
The moderns thief can steal more with a computer than a gun
Defining Privacy According to Ruth Gavison (Law and Human Right Professor), there are three elements in privacy: secrecy, anonymity and solitude. It is a state which can be lost, whether through the choice of the person in that state or through the action of another person The Calcutta Committee in the United Kingdom said that, "nowhere have we found a wholly satisfactory statutory definition of privacy." But the committee was satisfied that it would be possible to define it legally and adopted this definition in its first report on privacy: The right of the individual to be protected against intrusion into his personal life or affairs, or those of his family, by direct physical means or by publication of information
Data Privacy : what is to be protect ? What is actually personal data? personal data means any information concerning commercial transactions stored or recorded and which can be managed automatically or as a file system (Under Section 4 of the PDPA Malaysia) Generally, personal data has a very wide scope, covering sensitive and personal information such as blood type, health records and descriptions, political and religious beliefs, mental or physical conditions, or any other data needed by the authority from time to time. Normal personal data also involves details on bank accounts, credit cards, telecommunication links like telephone or any other information stipulated by the minister under the PDPA from time to time. When you purchase an item online : ◦ your credit card data is online as well. ◦ Your banking activities precipitate the storage, retrieval as well as the movement of your credit and debit records Reff : Protecting your personal data By DATUK SERI DR RAIS YATIM
What is to be mentioned ? on the rights and liabilities pertaining to information; protection of information from unlawful use; the right to information; the status of information belonging to individuals and the overall issues pertaining to the future of online trade and commerce using other people’s data. Reff : Protecting your personal data By DATUK SERI DR RAIS YATIM
How to protect ? Organizationally Tecnologically : Encryption, PKI, e-ID etc Legally Socially : mindset and habit ◦ Kompetisi Cyber Jawara (ID-SIRTII) ◦ Amazing drill test ◦ Forensic dan anti forensic ◦ Seminar Indonesia cyber army – Aptikom ◦ dll
Lesson Learned from Malaysia The Personal Data Protection Act 2010 (PDPA) is one of the cyber legislations aimed at regulating the processing of personal data in commercial transactions. The Act was passed by Parliament in May 2010 and the Personal Data Protection Department was created a year later While the PDPA functions in the commercial environment, abuse of telephony communication networks or other channels through violations of personal data are also closely associated with the Communications and Multimedia Act (CMA) 1998. For example, a person who intentionally infiltrates and gets without permission any information, including data through telephony or other means of communications under S.234 of the CMA, can be jailed up to one year or fined up to RM50,000 or both, if convicted. Reff : Protecting your personal data By DATUK SERI DR RAIS YATIM
Cyber threat to data privacy Low of security awareness of internet users (non obscurity model) Vulnerabilties Social engineering So many free tools and techniques for retrieving information (search engines, crawling techniques etc) Malware E-KTP 180 juta an data penduduk !!!
SOCIAL ENGINEERING the strength of a chain depends on the weakest link The art of manipulating people into performing actions or divulging confidential information. Exploiting Human Vulnerabilities. A non-technical kind of intrusion that relies heavily on human interaction
Malware threats• Symantec blocked a total of over 5.5 billion malware attacks in 2011, an 81% increase over 2010.• Web based attacks increased by 36% with over 4,500 new attacks each day.• 403 million new variants of malware were created in 2011, a 41% increase of 2010.• 39% of malware attacks via email used a link to a web page. Reff: norton symanted security threat report 2011
Indonesia Internet Profile YEAR INTERNET USER 2000 2 Million 2006 20 Million 2007 25 Million 2008 31 Million 2009 40.4 Million 2010 48,7 Million 2011 55 Million Source : IDC, PT Telkom, Nokia Siemens Network.User growth within 10 years, 2600 % increase !!!
Indonesia Internet Profile : the Value is Increase !! The value of trade transactions conducted via the Internet or online this year(2011) is estimated to reach U.S. $ 4.1 billion, growing at about 20.5% of the value of online transactions in the last year. Indonesian People communicate differently today, people dotransaction and trade differently today, and it drives todays threats and crime !!
Indonesia Security :incidents 2012 Top 5 Events Top % Ports
SAMPLE BIG CASE (2012) Aneka Tambang (ANTAM) Tbk data leak. PT ANTAM (Persero) Tbk. Antam is a vertically integrated, export-oriented, diversified mining and metals company. Land mines data leak caused by internal employee (2012) Telco Operator customer data leak, hundreds of customer email id and passwd leaks, caused by external intrusion. (2011) 25 million customer data leak from Telco Operator that cause many spam emails
Thank you Contact ID-SIRTII : http://www.id-sirtii.or.id email : email@example.com TEL : 021-319305556