Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Reinforcement of Information Privacy and Security Nowadays


Published on

Delivered in a guest lecture session conducted for Faculty of Communication Science, Padjadjaran University, West Java, Indonesia. It includes the topic on Indonesia's Laws #14 Year of 2008 on Disclosure of Public Information.

Published in: Technology
  • any one can you please help me up with the topic "Challenges faced on threads and safety measures in digital age"
    Are you sure you want to  Yes  No
    Your message goes here

Reinforcement of Information Privacy and Security Nowadays

  1. 1. Image courtesy of Business Insider
  2. 2. INTRODUCTION Image courtesy of:
  3. 3. Presenter Profile • 16 years of working experience with exposure in IT advisory, consulting, audit, training and education and project management • Advisor at six companies • ISACA International Subject Matter Expert (COBIT 5 Configuration Management, COBIT 5 Enabling Information, Risk Scenarios with COBIT 5 for Risk, Big Data Privacy Risk and Control) • ISACA International Certification Exam and QAE Developer for CISA, CISM, CGEIT, and CRISC • Reviewer Panel at three international journals: AECT TechTrends, BJET and ISACA Journals • Have audited and consulted 30+ companies • More than 65 international certifications under his belt • Has been delivering and hosting 200+ sessions with 7,000+ attendees and 5000+ hours of training, lecture, conference, workshop, seminar across Indonesia and outside the country for 70+ organizations • Writes, reviews and edits 300+ articles, encyclopedia entries, manuscripts and white paper concerning ICT, management and business on more than 20 media, publications, organizations, journals and conferences. May 2014 3
  4. 4. First-off, Information Privacy May 2014 4 Image courtesy of
  5. 5. Getting Familiar with the Taxonomy May 2014 5 Courtesy of
  6. 6. Okay, Let’s Put it this Way Information Privacy is the relationship between collection and dissemination of: •Information •Technology •Personal and public expectations •Laws and regulations surrounding them May 2014 6
  7. 7. What does Privacy Mean Now? • In the past: Privacy is about secrecy. • These days: Privacy is all about control. People's relationship with privacy is socially complicated Agree or Disagree?  May 2014 7
  8. 8. Primary Concerns • The act of data collection: Legal versus Illegal • Improper access (Authentication) • Unauthorized use (Authorization) May 2014 8 Image courtesy of: City Caucus Image courtesy of:ngshire
  9. 9. Implications and Consequences May 2014 9 Image courtesy of
  10. 10. How Big Consumer Data is •In 1996 E-commerce revenue in 1996: US$600M •In 2015 E-commerce revenue expected to hit US$995B •Big Bang of Social Networks: 1 billion Facebook, 800 million Google+, 400 million Twitter, and 250 million LinkedIn users. May 2014 10
  11. 11. In Regards to Expectations • Individuals would expect reasonable measures on: • Technical • Physical • Administrative • Privacy (and Information Security) professionals in organizations handle compliance with privacy promises • No such thing as Perfect Privacy, just acceptable levels of risk May 2014 11
  12. 12. Wide Range of Information • Healthcare records • Criminal justice investigations • Financial institutions and transactions • Residence and geographic records • Invisible traces of our presence • Data trails • Credit Card Databases • Phone Company Databases • Customer Databases May 2014 12
  13. 13. Web Data Collection • Personal/profile • Other types of info • Device information • Cookies • Log information • User communications • Location • Software • Application • Behavior May 2014 13 Image courtesy of NBCNews
  14. 14. Government • Edward Snowden, Hero or Traitor (?) Company • Data and information collection • Revenue lost and recovery costs • Security awareness • Protect users’ data and information (from hacking, cracking and phreaking activities) • Safeguard the service-remote storage service “Cloud” • Image/Credibility • Legal charge/fine Costs for Information Privacy May 2014 14 Image courtesy of Wikipedia
  15. 15. Consumer • Time to learn (learning curve) • Credibility/Reputation • Opportunity/revenue loss • Recovery costs Costs of Information Privacy (cont’d) May 2014 15 Image courtesy of
  16. 16. Challenges in the Future • What is “private” information by now? • Make information more accessible • Evolve systems to prevent breaches May 2014 16 Image courtesy of
  17. 17. Moving Forward to Information Security May 2014 17 Image courtesy of
  18. 18. ISACA Says… Information shall be protected against disclosure to unauthorized users (confidentiality), improper modification (integrity) and non-access when required (availability). Explicitly, it says to us on what to do: • Confidentiality: preserving authorized restrictions on access and disclosure to protect privacy and proprietary information • Integrity: guarding against improper modification or destruction, and ensuring information non-repudiation and authenticity • Availability: making sure timely and reliable access and use of information May 2014 18
  19. 19. Information Security Principles According to Information Systems Security Certification Consortium A. Support the business • Focus on the business functions and processes • Deliver quality and value to stakeholders • Comply to law and regulation requirements • Provide timely and accurate information • Evaluate existing and future information threats • Improve information security continuously May 2014 19
  20. 20. Information Security Principles (cont’d) B. Secure the organization • Adopt a risk-based approach • Protect classified information • Focus on critical business processes • Develop systems securely C. Promote information security • Attain responsible behavior • Act in professional and ethical manner • Foster information security positive culture May 2014 20
  21. 21. Information Security Standards International wide named ‘ISO/IEC 27001’ Best practice recommendations for initiating, developing, implementing, and maintaining Information Security Management Systems (ISMS) with: • Risk Assessment • Security Policy • Asset Management • Physical/Environmental Security • Access Control • And many others May 2014 21
  22. 22. Constraints and Challenges May 2014 22
  23. 23. Business Priorities as Interpreted by IT May 2014 23 Courtesy of DataCenterJournal
  24. 24. What Takes Priority with IT Teams? May 2014 24 Courtesy of DataCenterJournal
  25. 25. How to Overcome? May 2014 25 Image courtesy of
  26. 26. How it Applies Country to Country “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.” —Universal Declaration of Human Rights, Article 12 May 2014 26
  27. 27. Laws by Countries • The U.S. • HIPAA • Electronic Communications Privacy Act • PATROIT Act • The Children’s Online Privacy Protection Act • European Union (EU) • Data Protection Directive • European Data Protection Regulation May 2014 27
  28. 28. For Indonesia? We Have UU #14 Year of 2008 Keterbukaan Informasi Publik (Disclosure of Public Information) “Setiap Badan Publik berkewajiban membuka akses bagi setiap pemohon informasi publik untuk memperoleh informasi publik, kecuali beberapa informasi tertentu” • 8 years of development and 64 clauses that regulates: 1. Menjamin hak warga negara untuk mengetahui rencana pembuatan kebijakan publik, program kebijakan publik, dan proses pengambilan keputusan publik, serta alasan pengambilan suatu keputusan publik; 2. Mendorong partisipasi masyarakat dalam proses pengambilan kebijakan publik; 3. Meningkatkan peran aktif masyarakat dalam pengambilan kebijakan publik dan pengelolaan Badan Publik yang baik; May 2014 28
  29. 29. UU No. 14 Year of 2008 (cont’d) 4. Mewujudkan penyelenggaraan negara yang baik, yaitu yang transparan, efektif dan efisien, akuntabel serta dapat dipertanggungjawabkan; 5. Mengetahui alasan kebijakan publik yang memengaruhi hajat hidup orang banyak; 6. Mengembangkan ilmu pengetahuan dan mencerdaskan kehidupan bangsa; 7. Meningkatkan pengelolaan dan pelayanan informasi di lingkungan Badan Publik untuk menghasilkan layanan informasi yang berkualitas. May 2014 29
  30. 30. UU #14 Year of 2008 (cont’d) Definition of undisclosed information : 1. Informasi Publik yang apabila dibuka dan diberikan kepada Pemohon Informasi Publik dapat menghambat proses penegakan hukum; 2. Informasi Publik yang apabila dibuka dan diberikan kepada Pemohon Informasi Publik dapat mengganggu kepentingan perlindungan hak atas kekayaan intelektual dan perlindungan dari persaingan usaha tidak sehat; 3. Informasi Publik yang apabila dibuka dan diberikan kepada Pemohon Informasi Publik dapat membahayakan pertahanan dan keamanan negara; 4. Informasi Publik yang apabila dibuka dan diberikan kepada Pemohon Informasi Publik dapat mengungkapkan kekayaan alam Indonesia; May 2014 30
  31. 31. UU #14 Year of 2008 (cont’d) 5. Informasi Publik yang apabila dibuka dan diberikan dapat merugikan ketahanan ekonomi nasional; 6. Informasi Publik yang apabila dibuka dan diberikan dapat merugikan kepentingan hubungan luar negeri; 7. Informasi Publik yang apabila dibuka dapat mengungkapkan isi akta otentik yang bersifat pribadi dan kemauan terakhir ataupun wasiat seseorang; 8. Informasi Publik yang apabila dibuka dan diberikan dapat mengungkap rahasia pribadi; 9. Memorandum atau surat-surat antar Badan Publik atau intra Badan Publik, kecuali atas putusan Komisi Informasi atau pengadilan; 10. Informasi yang tidak boleh diungkapkan berdasarkan Undang-Undang. May 2014 31
  32. 32. State-Owned Companies Must Provide • Nama dan tempat kedudukan, maksud dan tujuan serta jenis kegiatan usaha, jangka waktu pendirian, dan permodalan, • Nama lengkap pemegang saham, anggota direksi, dan anggota Dewan Komisaris perseroan; • Laporan tahunan, laporan keuangan, neraca laporan laba rugi, dan laporan tanggung jawab sosial perusahaan yang telah diaudit; • Hasil penilaian oleh auditor eksternal, lembaga pemeringkat kredit dan lembaga pemeringkat lainnya; • Sistem dan alokasi dana remunerasi anggota komisaris/dewan pengawas dan direksi; • Mekanisme penetapan direksi dan komisaris/dewan pengawas; May 2014 32
  33. 33. State-Owned Companies Must Provide (cont’d) • Kasus hukum yang berdasarkan Undang-Undang terbuka sebagai Informasi Publik; • Pedoman pelaksanaan tata kelola perusahaan yang baik berdasarkan prinsip-prinsip transparansi, akuntabilitas, pertanggungjawaban, kemandirian, dan kewajaran; • Pengumuman penerbitan efek yang bersifat utang; • Penggantian akuntan yang mengaudit perusahaan; • Perubahan tahun fiskal perusahaan; • Kegiatan penugasan pemerintah dan/atau kewajiban pelayanan umum atau subsidi; • Mekanisme pengadaan barang dan jasa; • Informasi lain yang ditentukan oleh Undang-Undang yang berkaitan dengan BUMN dan BUMD May 2014 33
  34. 34. By Utilizing Such Framework and or Standard Reduce complexity of activities and processes Deliver better understanding of information security Attain cost-effectiveness in managing privacy and security Enhance user satisfaction with the arrangements and outcomes Improve integration of information security May 2014 34
  35. 35. By Utilizing Such Framework and or Standard (cont’d) Inform risk decisions and risk awareness Enhance prevention, detection and recovery Reduce probability and impact of security incidents Leverage support for organization innovation and competitiveness May 2014 35
  36. 36. ISACAFramework on Information Security May 2014 36 ISMS: Information Security Management Systems R: Responsible; A: Accountable; C: Coordinate; I: Informed
  37. 37. Lessons Learned on IP and IS May 2014 37 Image courtesy of
  38. 38. Highlight these and Give Them A Boom! Having IS policies, procedures, and technologies in place to prevent and deal with Information Privacy issues is a MUST. Negligence in IS and maintaining PII can have damaging effects on the customer satisfaction and employee relationship. May 2014 38
  39. 39. For Individuals, Here is the Takeaways • One user, one device (PC, notebook, mobile) • One user, one account (email, social media, social network and others) • Password safety, complexity and routines • Do periodic back-up and put it off-site • If shared, be mindful to be at your own risk • Your information, your privacy • Your privacy, your security May 2014 39
  40. 40. May 2014 40 Image: