SlideShare a Scribd company logo

02 sasaran kendali pencapaian tujuan v05

Download as PPTX, PDF
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

This document discusses key concepts related to information security management systems (ISMS), including: 1. The ISMS family of standards led by ISO/IEC 27001 which provides a framework for organizations to develop and implement systems to manage the security of information assets. 2. Fundamental principles of an ISMS including risk assessment, security controls, prevention and detection of incidents, and continual reassessment. 3. Key concepts of ISMS including information, information security, and management as they relate to protecting information assets and achieving business objectives.

Education
1 of 45
SASARANKENDALIPENCAPAIANTUJUAN (CONTROLOBJECTIVE–BUSINESSOBJECTIVE) KONSEP Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F Penasihat KPK 2017-2021 v05 Presentasi di DAS BIN Hotel Pesona Krakatau, Anyer, 6 September 2017
2 Current: Penasihat KPK 2017-2021 Past: • Anggota Pembina Yayasan Pendidikan Internal Audit • Cybersecurity Nexus Liaison, ISACA Indonesia Chapter • ISACA Academic Advocate at ITB • SME for Information Security Standard for ISO at ISACA HQ • Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung • Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01 Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo. • Lead Asesor Lembaga Sertifikasi SMKI KAN-BSN • Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008) • Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April 2009 – May 2011 Professional Certification: • Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of Engineering, the University of Texas at Austin. 2000 • IRCA Information Security Management System Lead Auditor Course, 2004 • ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005 • Brainbench Computer Forensic, 2006 • (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007 • ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007 Award: • (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior Information Security Professional. http://isc2.org/ISLA Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
KESEPAKATANDISKUSI • Mohon maaf jika gaya/kebiasaan saya di ITB muncul dalam diskusi ini • Niatnya agar Indonesia lebih berdaulat • Boleh buka laptop dan akses internet • Seluruh peserta harus bicara, bertanya, berpendapat, guyon sebagai pembuka kreatifitas • Sarwono Sutikno hanya fasilitator dan sedang belajar • Semoga saya dan semua insan Indonesia menjadi orang merdeka !!! • Semoga setiap insan Indonesia menjadi khalifah dalam arti tidak ada yang dapat membatasi potensi seorang insan kecuali impian dirinya dan tuhannya. Agar efektif berdiskusi
BLOOM’STAXONOMYOFEDUCATIONALOBJECTIVES Apply Comprehend Remember list, recite explain, paraphrase calculate, solve, determine, apply Analyze compare, contrast, classify, categorize, derive, model Synthesize create, construct, design, improve, produce, propose Evaluate judge, critique, justify, verify, assess, recommend
AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
RISK VS CONTROL
ERAMANAJEMENRISIKO
BATASANRISIKO specific item being reviewed 2.67 review objective statement describing what is to be achieved as a result of a review (2.65) 2.68 risk effect of uncertainty on objectives [SOURCE: ISO Guide 73:2009, 1.1, modified] Note 1 to entry: An effect is a deviation from the expected — positive or negative. Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event (2.25), its consequence (2.14), or likelihood (2.45). Note 3 to entry: Risk is often characterized by reference to potential events (2.25) and consequences (2.14), or a combination of these. Note 4 to entry: Risk is often expressed in terms of a combination of the consequences (2.14) of an event (2.25) (including changes in circumstances) and the associated likelihood (2.45) of occurrence. Note 5 to entry: In the context of information security (2.33) management systems (2.46), information security (2.33) risks can be expressed as effect of uncertainty on information security (2.33) objectives (2.56). Note 6 to entry: Information security (2.33) risk is associated with the potential that threats (2.83) will exploit vulnerabilities (2.89) of an information asset or group of information assets and thereby cause harm to an organization (2.57). 2.69
RISK-BASEDCATEGORIZATIONCONTROL
COBIT 5 SNI ISO 38500 Internal Control Framework COSO HUBUNGANANTAR KERANGKA PP60/2008 Sistem Pengendalian Intern Pemerintah TataKelola TataKelolaTI ManajemenTI Panduan Umum Tata Kelola TIK Nas + Kuesioner Evaluasi Pengendalian Intern TIK SNI ISO 27001SNI ISO 20000 SNI ISO 15408
AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
0.1OVERVIEW Through the use of the ISMS family of standards, organizations can develop and implement a framework for managing the security of their information assets including financial information, intellectual property, and employee details, or information entrusted to them by customers or third parties.
0.2ISMSFAMILYOFSTANDARDS • ISO/IEC 27000, Information security management systems — Overview and vocabulary • ISO/IEC 27001, Information security management systems — Requirements • ISO/IEC 27002, Code of practice for information security controls • ISO/IEC 27003, Information security management system implementation guidance • ISO/IEC 27004, Information security management — Measurement • ISO/IEC 27005, Information security risk management • ISO/IEC 27006, Requirements for bodies providing audit and certification of information security management systems • ISO/IEC 27007, Guidelines for information security management systems auditing
• ISO/IEC TR 27008, Guidelines for auditors on information security controls • ISO/IEC 27009, Sector-specific application of ISO/IEC 27001 — Requirements • ISO/IEC 27010, Information security management for inter-sector and inter-organizational communications • ISO/IEC 27011, Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 • ISO/IEC 27013, Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 • ISO/IEC 27014, Governance of information security • ISO/IEC TR 27015, Information security management guidelines for financial services • ISO/IEC TR 27016, Information security management — Organizational economics • ISO/IEC 27017, Code of practice for information security controls based on ISO/IEC 27002 for cloud services • ISO/IEC 27018, Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • ISO/IEC 27019, Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry
General Organizations of all types and sizes: a) collect, process, store, and transmit information; b) recognize that information, and related processes, systems, networks and people are important assets for achieving organization objectives; c) face a range of risks that may affect the functioning of assets; and d) address their perceived risk exposure by implementing information security controls.
3.2.1FUNDAMENTALPRINCIPLESOFANISMS a) awareness of the need for information security; b) assignment of responsibility for information security; c) incorporating management commitment and the interests of stakeholders; d) enhancing societal values; e) risk assessments determining appropriate controls to reach acceptable levels of risk; f) security incorporated as an essential element of information networks and systems; g) active prevention and detection of information security incidents; h) ensuring a comprehensive approach to information security management; i) continual reassessment of information security and making of modifications as appropriate
3.2.2INFORMATION Information is an asset that, like other important business assets, is essential to an organization’s business and consequently needs to be suitably protected. Information can be stored in many forms, including: digital form (e.g. data files stored on electronic or optical media), material form (e.g. on paper), as well as unrepresented information in the form of knowledge of the employees. Information may be transmitted by various means including: courier, electronic or verbal communication. Whatever form information takes, or the means by which the information is transmitted, it always needs appropriate protection.
3.2.3INFORMATIONSECURITY Information security ensures the confidentiality, availability and integrity of information. Information security involves the application and management of appropriate controls that involves consideration of a wide range of threats, with the aim of ensuring sustained business success and continuity, and minimizing consequences of information security incidents.
Information security is achieved through the implementation of an applicable set of controls, selected through the chosen risk management process and managed using an ISMS, including policies, processes, procedures, organizational structures, software and hardware to protect the identified information assets. These controls need to be specified, implemented, monitored, reviewed and improved where necessary, to ensure that the specific information security and business objectives of the organization are met. Relevant information security controls are expected to be seamlessly integrated with an organization’s business processes.
3.2.4 Management Management involves activities to direct, control, and continually improve the organization within appropriate structures. Management activities include the act, manner, or practice of organizing, handling, directing, supervising, and controlling resources. Management structures extend from one person in a small organization to management hierarchies consisting of many individuals in large organizations. In terms of an ISMS, management involves the supervision and making of decisions necessary to achieve business objectives through the protection of the organization’s information assets.
3.2.5 Management system A management system uses a framework of resources to achieve an organization’s objectives. The management system includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources. In terms of information security, a management system allows an organization to: a) satisfy the information security requirements of customers and other stakeholders; b) improve an organization’s plans and activities; c) meet the organization’s information security objectives; d) comply with regulations, legislation and industry mandates; and e) manage information assets in an organized way that facilitates continual improvement and adjustment to current organizational goals.
3.3 Process approach Organizations need to identify and manage many activities in order to function effectively and efficiently. Any activity using resources needs to be managed to enable the transformation of inputs into outputs using a set of interrelated or interacting activities; this is also known as a process. The output from one process can directly form the input to another process and generally this transformation is carried out under planned and controlled conditions. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as a “process approach”.
3.4 Why an ISMS is important Risks associated with an organization’s information assets need to be addressed. Achieving information security requires the management of risk, and encompasses risks from physical, human and technology related threats associated with all forms of information within or used by the organization. The adoption of an ISMS is expected to be a strategic decision for an organization and it is necessary that this decision is seamlessly integrated, scaled and updated in accordance with the needs of the organization.
BENEFITSOFSUCCESSFULISMS a) achieve greater assurance that its information assets are adequately protected against threats on a continual basis; b) maintain a structured and comprehensive framework for identifying and assessing information security risks, selecting and applying applicable controls, and measuring and improving their effectiveness; c) continually improve its control environment; and d) effectively achieve legal and regulatory compliance.
3.5 Establishing, monitoring, maintaining and improving an ISMS Overview a) identify information assets and their associated information security requirements (see 3.5.2); b) assess information security risks (see 3.5.3) and treat information security risks (see 3.5.4); c) select and implement relevant controls to manage unacceptable risks (see 3.5.5); d) monitor, maintain and improve the effectiveness of controls associated with the organization’s information assets (see 3.5.6).
KEAMANAN INFORMASI VERSIISACA Information security is a business enabler that is strictly bound to stakeholder trust, either by addressing business risk or by creating value for an enterprise, such as competitive advantage. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying. ISACA defines information security as something that: Ensures that information is readily available (availability), when required, and protected against disclosure to unauthorised users (confidentiality) and improper modification (integrity).
Presentation: KamInfo.ID18 18 KEAMANAN INFORMASI ......... pemerintah negara Indonesia yang melindungi segenap bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk memajukan kesejahteraan umum, mencerdaskan kehidupan bangsa, dan ikut melaksanakan ketertiban dunia yang berdasarkan kemerdekaan, perdamaian abadi dan keadilan sosial........ Pemanfaatan INFORMASI sebagai darah nadi kehidupan bangsa dalam perspektif Pertumbuhan Ekonomi untuk Kesejahteraan Rakyat
ISO27001PERSYARATAN:CLAUSE4-10
AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
ISO37001PERSYARATAN:CLAUSE4-10
AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
www.theiia.org/research Internal Audit Capability Model (IA-CM) for the Public Sector Using the IA-CM as a Self-assessment Tool IA-CM
•Q&A

Recommended

Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Smki vs smap v02
Smki vs smap v02Smki vs smap v02
Smki vs smap v02
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 

Recommended

Iso27001vs iso27003
Iso27001vs iso27003Iso27001vs iso27003
Iso27001vs iso27003
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smkiBim tek 15 juni 2017 konsep iso27000-2016 smki
Bim tek 15 juni 2017 konsep iso27000-2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Pindad iso27000 2016 smki
Pindad iso27000 2016 smkiPindad iso27000 2016 smki
Pindad iso27000 2016 smki
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Smki vs smap v02
Smki vs smap v02Smki vs smap v02
Smki vs smap v02
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Information Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO StandardsInformation Security between Best Practices and ISO Standards
Information Security between Best Practices and ISO Standards
PECB
 
Introduction to Information System Security
Introduction to Information System SecurityIntroduction to Information System Security
Introduction to Information System Security
chauhankapil
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
Goutama Bachtiar
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012
Hakem Filiz
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
Ramana K V
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 

More Related Content

What's hot

Introduction to Information System Security
Introduction to Information System SecurityIntroduction to Information System Security
Introduction to Information System Security
chauhankapil
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
ControlCase
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
Ahmed Riad .
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
Goutama Bachtiar
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012
Hakem Filiz
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
Arul Nambi
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information SecurityAna Meskovska
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
Ramana K V
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 

What's hot (20)

Introduction to Information System Security
Introduction to Information System SecurityIntroduction to Information System Security
Introduction to Information System Security
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
4 System For Information Security
4 System For Information Security4 System For Information Security
4 System For Information Security
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 

Similar to 02 sasaran kendali pencapaian tujuan v05

ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
LiiewaOfficial
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
ITIL Indonesia
 
Know more about exin unique information security program
Know more about exin unique information security programKnow more about exin unique information security program
Know more about exin unique information security program
Elke Couto Morgado
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
kevlekalakala
 
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
Khaltar Togtuun
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
360 BSI
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
360 BSI
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
Desmond Muchetu
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
113505 6969-ijecs-ijens
113505 6969-ijecs-ijens113505 6969-ijecs-ijens
113505 6969-ijecs-ijensgeekmodeboy
 

Similar to 02 sasaran kendali pencapaian tujuan v05 (20)

ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2Sarwono sutikno wisuda stsn - 10 nov 2015 v2
Sarwono sutikno wisuda stsn - 10 nov 2015 v2
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
ISO/IEC 27001.pdf
ISO/IEC 27001.pdfISO/IEC 27001.pdf
ISO/IEC 27001.pdf
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
(ONLINE) ITIL Indonesia Community - Manfaat Penerapan Sistem Manajemen Keaman...
 
Know more about exin unique information security program
Know more about exin unique information security programKnow more about exin unique information security program
Know more about exin unique information security program
 
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptxChapter 1 Best Practices, Standards, and a Plan of Action.pptx
Chapter 1 Best Practices, Standards, and a Plan of Action.pptx
 
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Cyber Security Management
Cyber Security ManagementCyber Security Management
Cyber Security Management
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAEIT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
IT Security Architecture & Leadership, 03 - 06 March 2019 Dubai, UAE
 
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
Cybersecurity Management: Preventing Data Breaches in the Age of Big Data, 25...
 
CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course CQI-IRCA 27001:2013 Lead Auditor Course
CQI-IRCA 27001:2013 Lead Auditor Course
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
 
113505 6969-ijecs-ijens
113505 6969-ijecs-ijens113505 6969-ijecs-ijens
113505 6969-ijecs-ijens
 

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdfKeamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset InformasiTata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Keamanan Informasi - batasan
Keamanan Informasi - batasanKeamanan Informasi - batasan
Keamanan Informasi - batasan
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPKBuku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019 Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TIIIndeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Materi wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 wonMateri wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 won
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Materi caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod wonMateri caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod won
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Antikorupsi mahasiswa
Antikorupsi mahasiswaAntikorupsi mahasiswa
Antikorupsi mahasiswa
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Perguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod wonPerguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod won
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Pengantar tot persiapan implementasi pak di lingkungan KKP
Pengantar tot persiapan implementasi pak di lingkungan KKPPengantar tot persiapan implementasi pak di lingkungan KKP
Pengantar tot persiapan implementasi pak di lingkungan KKP
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
 
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdfKeamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
 
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
 
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset InformasiTata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020
 
Keamanan Informasi - batasan
Keamanan Informasi - batasanKeamanan Informasi - batasan
Keamanan Informasi - batasan
 
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPKBuku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
 
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019 Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
 
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TIIIndeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
 
Materi wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 wonMateri wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 won
 
Materi caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod wonMateri caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod won
 
Antikorupsi mahasiswa
Antikorupsi mahasiswaAntikorupsi mahasiswa
Antikorupsi mahasiswa
 
Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02
 
SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04
 
Perguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod wonPerguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod won
 
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
 
Pengantar tot persiapan implementasi pak di lingkungan KKP
Pengantar tot persiapan implementasi pak di lingkungan KKPPengantar tot persiapan implementasi pak di lingkungan KKP
Pengantar tot persiapan implementasi pak di lingkungan KKP
 

Recently uploaded

The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
Steve Thomason
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
Col Mukteshwar Prasad
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
AzmatAli747758
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
Celine George
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
Jheel Barad
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
Vivekanand Anglo Vedic Academy
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
Jisc
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
Celine George
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
rosedainty
 

Recently uploaded (20)

The Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve ThomasonThe Art Pastor's Guide to Sabbath | Steve Thomason
The Art Pastor's Guide to Sabbath | Steve Thomason
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
Cambridge International AS A Level Biology Coursebook - EBook (MaryFosbery J...
 
How to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS ModuleHow to Split Bills in the Odoo 17 POS Module
How to Split Bills in the Odoo 17 POS Module
 
Instructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptxInstructions for Submissions thorugh G- Classroom.pptx
Instructions for Submissions thorugh G- Classroom.pptx
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
Chapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptxChapter 3 - Islamic Banking Products and Services.pptx
Chapter 3 - Islamic Banking Products and Services.pptx
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)Template Jadual Bertugas Kelas (Boleh Edit)
Template Jadual Bertugas Kelas (Boleh Edit)
 

02 sasaran kendali pencapaian tujuan v05

  • 1. SASARANKENDALIPENCAPAIANTUJUAN (CONTROLOBJECTIVE–BUSINESSOBJECTIVE) KONSEP Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F Penasihat KPK 2017-2021 v05 Presentasi di DAS BIN Hotel Pesona Krakatau, Anyer, 6 September 2017
  • 2. 2 Current: Penasihat KPK 2017-2021 Past: • Anggota Pembina Yayasan Pendidikan Internal Audit • Cybersecurity Nexus Liaison, ISACA Indonesia Chapter • ISACA Academic Advocate at ITB • SME for Information Security Standard for ISO at ISACA HQ • Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung • Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01 Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo. • Lead Asesor Lembaga Sertifikasi SMKI KAN-BSN • Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008) • Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April 2009 – May 2011 Professional Certification: • Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of Engineering, the University of Texas at Austin. 2000 • IRCA Information Security Management System Lead Auditor Course, 2004 • ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005 • Brainbench Computer Forensic, 2006 • (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007 • ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007 Award: • (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior Information Security Professional. http://isc2.org/ISLA Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
  • 3. KESEPAKATANDISKUSI • Mohon maaf jika gaya/kebiasaan saya di ITB muncul dalam diskusi ini • Niatnya agar Indonesia lebih berdaulat • Boleh buka laptop dan akses internet • Seluruh peserta harus bicara, bertanya, berpendapat, guyon sebagai pembuka kreatifitas • Sarwono Sutikno hanya fasilitator dan sedang belajar • Semoga saya dan semua insan Indonesia menjadi orang merdeka !!! • Semoga setiap insan Indonesia menjadi khalifah dalam arti tidak ada yang dapat membatasi potensi seorang insan kecuali impian dirinya dan tuhannya. Agar efektif berdiskusi
  • 4. BLOOM’STAXONOMYOFEDUCATIONALOBJECTIVES Apply Comprehend Remember list, recite explain, paraphrase calculate, solve, determine, apply Analyze compare, contrast, classify, categorize, derive, model Synthesize create, construct, design, improve, produce, propose Evaluate judge, critique, justify, verify, assess, recommend
  • 5. AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
  • 6. AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
  • 7.
  • 8. AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
  • 9.
  • 11.
  • 12.
  • 13.
  • 15. BATASANRISIKO specific item being reviewed 2.67 review objective statement describing what is to be achieved as a result of a review (2.65) 2.68 risk effect of uncertainty on objectives [SOURCE: ISO Guide 73:2009, 1.1, modified] Note 1 to entry: An effect is a deviation from the expected — positive or negative. Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event (2.25), its consequence (2.14), or likelihood (2.45). Note 3 to entry: Risk is often characterized by reference to potential events (2.25) and consequences (2.14), or a combination of these. Note 4 to entry: Risk is often expressed in terms of a combination of the consequences (2.14) of an event (2.25) (including changes in circumstances) and the associated likelihood (2.45) of occurrence. Note 5 to entry: In the context of information security (2.33) management systems (2.46), information security (2.33) risks can be expressed as effect of uncertainty on information security (2.33) objectives (2.56). Note 6 to entry: Information security (2.33) risk is associated with the potential that threats (2.83) will exploit vulnerabilities (2.89) of an information asset or group of information assets and thereby cause harm to an organization (2.57). 2.69
  • 17.
  • 18.
  • 19.
  • 20. COBIT 5 SNI ISO 38500 Internal Control Framework COSO HUBUNGANANTAR KERANGKA PP60/2008 Sistem Pengendalian Intern Pemerintah TataKelola TataKelolaTI ManajemenTI Panduan Umum Tata Kelola TIK Nas + Kuesioner Evaluasi Pengendalian Intern TIK SNI ISO 27001SNI ISO 20000 SNI ISO 15408
  • 21.
  • 22. AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
  • 23. 0.1OVERVIEW Through the use of the ISMS family of standards, organizations can develop and implement a framework for managing the security of their information assets including financial information, intellectual property, and employee details, or information entrusted to them by customers or third parties.
  • 24. 0.2ISMSFAMILYOFSTANDARDS • ISO/IEC 27000, Information security management systems — Overview and vocabulary • ISO/IEC 27001, Information security management systems — Requirements • ISO/IEC 27002, Code of practice for information security controls • ISO/IEC 27003, Information security management system implementation guidance • ISO/IEC 27004, Information security management — Measurement • ISO/IEC 27005, Information security risk management • ISO/IEC 27006, Requirements for bodies providing audit and certification of information security management systems • ISO/IEC 27007, Guidelines for information security management systems auditing
  • 25. • ISO/IEC TR 27008, Guidelines for auditors on information security controls • ISO/IEC 27009, Sector-specific application of ISO/IEC 27001 — Requirements • ISO/IEC 27010, Information security management for inter-sector and inter-organizational communications • ISO/IEC 27011, Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 • ISO/IEC 27013, Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 • ISO/IEC 27014, Governance of information security • ISO/IEC TR 27015, Information security management guidelines for financial services • ISO/IEC TR 27016, Information security management — Organizational economics • ISO/IEC 27017, Code of practice for information security controls based on ISO/IEC 27002 for cloud services • ISO/IEC 27018, Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors • ISO/IEC 27019, Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry
  • 26. General Organizations of all types and sizes: a) collect, process, store, and transmit information; b) recognize that information, and related processes, systems, networks and people are important assets for achieving organization objectives; c) face a range of risks that may affect the functioning of assets; and d) address their perceived risk exposure by implementing information security controls.
  • 27. 3.2.1FUNDAMENTALPRINCIPLESOFANISMS a) awareness of the need for information security; b) assignment of responsibility for information security; c) incorporating management commitment and the interests of stakeholders; d) enhancing societal values; e) risk assessments determining appropriate controls to reach acceptable levels of risk; f) security incorporated as an essential element of information networks and systems; g) active prevention and detection of information security incidents; h) ensuring a comprehensive approach to information security management; i) continual reassessment of information security and making of modifications as appropriate
  • 28. 3.2.2INFORMATION Information is an asset that, like other important business assets, is essential to an organization’s business and consequently needs to be suitably protected. Information can be stored in many forms, including: digital form (e.g. data files stored on electronic or optical media), material form (e.g. on paper), as well as unrepresented information in the form of knowledge of the employees. Information may be transmitted by various means including: courier, electronic or verbal communication. Whatever form information takes, or the means by which the information is transmitted, it always needs appropriate protection.
  • 29. 3.2.3INFORMATIONSECURITY Information security ensures the confidentiality, availability and integrity of information. Information security involves the application and management of appropriate controls that involves consideration of a wide range of threats, with the aim of ensuring sustained business success and continuity, and minimizing consequences of information security incidents.
  • 30. Information security is achieved through the implementation of an applicable set of controls, selected through the chosen risk management process and managed using an ISMS, including policies, processes, procedures, organizational structures, software and hardware to protect the identified information assets. These controls need to be specified, implemented, monitored, reviewed and improved where necessary, to ensure that the specific information security and business objectives of the organization are met. Relevant information security controls are expected to be seamlessly integrated with an organization’s business processes.
  • 31. 3.2.4 Management Management involves activities to direct, control, and continually improve the organization within appropriate structures. Management activities include the act, manner, or practice of organizing, handling, directing, supervising, and controlling resources. Management structures extend from one person in a small organization to management hierarchies consisting of many individuals in large organizations. In terms of an ISMS, management involves the supervision and making of decisions necessary to achieve business objectives through the protection of the organization’s information assets.
  • 32. 3.2.5 Management system A management system uses a framework of resources to achieve an organization’s objectives. The management system includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources. In terms of information security, a management system allows an organization to: a) satisfy the information security requirements of customers and other stakeholders; b) improve an organization’s plans and activities; c) meet the organization’s information security objectives; d) comply with regulations, legislation and industry mandates; and e) manage information assets in an organized way that facilitates continual improvement and adjustment to current organizational goals.
  • 33. 3.3 Process approach Organizations need to identify and manage many activities in order to function effectively and efficiently. Any activity using resources needs to be managed to enable the transformation of inputs into outputs using a set of interrelated or interacting activities; this is also known as a process. The output from one process can directly form the input to another process and generally this transformation is carried out under planned and controlled conditions. The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as a “process approach”.
  • 34. 3.4 Why an ISMS is important Risks associated with an organization’s information assets need to be addressed. Achieving information security requires the management of risk, and encompasses risks from physical, human and technology related threats associated with all forms of information within or used by the organization. The adoption of an ISMS is expected to be a strategic decision for an organization and it is necessary that this decision is seamlessly integrated, scaled and updated in accordance with the needs of the organization.
  • 35. BENEFITSOFSUCCESSFULISMS a) achieve greater assurance that its information assets are adequately protected against threats on a continual basis; b) maintain a structured and comprehensive framework for identifying and assessing information security risks, selecting and applying applicable controls, and measuring and improving their effectiveness; c) continually improve its control environment; and d) effectively achieve legal and regulatory compliance.
  • 36. 3.5 Establishing, monitoring, maintaining and improving an ISMS Overview a) identify information assets and their associated information security requirements (see 3.5.2); b) assess information security risks (see 3.5.3) and treat information security risks (see 3.5.4); c) select and implement relevant controls to manage unacceptable risks (see 3.5.5); d) monitor, maintain and improve the effectiveness of controls associated with the organization’s information assets (see 3.5.6).
  • 37. KEAMANAN INFORMASI VERSIISACA Information security is a business enabler that is strictly bound to stakeholder trust, either by addressing business risk or by creating value for an enterprise, such as competitive advantage. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying. ISACA defines information security as something that: Ensures that information is readily available (availability), when required, and protected against disclosure to unauthorised users (confidentiality) and improper modification (integrity).
  • 38. Presentation: KamInfo.ID18 18 KEAMANAN INFORMASI ......... pemerintah negara Indonesia yang melindungi segenap bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk memajukan kesejahteraan umum, mencerdaskan kehidupan bangsa, dan ikut melaksanakan ketertiban dunia yang berdasarkan kemerdekaan, perdamaian abadi dan keadilan sosial........ Pemanfaatan INFORMASI sebagai darah nadi kehidupan bangsa dalam perspektif Pertumbuhan Ekonomi untuk Kesejahteraan Rakyat
  • 40. AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
  • 42. AGENDA 0. VUCA 1. Control, Control Objective, Risk 2. Sistem Manajemen Keamanan Informasi – ISO 27001 3. Sistem Manajemen Anti Penyuapan – ISO 37001 4. IA-CM (Internal Audit Capability Model)
  • 43.
  • 44. www.theiia.org/research Internal Audit Capability Model (IA-CM) for the Public Sector Using the IA-CM as a Self-assessment Tool IA-CM