Developing a Legal Framework for Privacy

•Download as PPT, PDF•

0 likes•591 views

Directorate of Information Security | Ditjen Aptika

Presented by Claro Parlade, Senior Privacy Counsel, Google Asia-Pacific, in Indonesia Information Security Forum 2012

Technology

Developing a Legal
Framework for Privacy

Claro Parlade
Senior Privacy Counsel,
Asia-Pacific

Google Confidential and Proprietary

APAC Privacy Law
Revising Privacy Laws
•Australia
•New Zealand
•Hong Kong

New and pending Privacy Laws
•Korea
•Malaysia
•Philippines
•Taiwan
•Singapore
•India
•Thailand
Google Confidential and Proprietary

Considerations
• Public Policy Goals
• Economic Impact of Privacy Regulation
o Cost-benefit analysis
• Need for Capacity-building
• Developing Public awareness
o Shared responsibility

Google Confidential and Proprietary

Characteristics
• Principles-based
• Technology and Device Neutral
• Clarity in scope
• Focused on outcomes, not on procedure
• Innovation-Friendly

Google Confidential and Proprietary

APEC Privacy Framework
• APEC’s 21 member economies outpaced the rest of the
world in 2011 with a growth rate of 4.1%. APEC’s
estimated growth in 2012 4.3% (vs. rest of the world at
3.5%) [see http://publications.apec.org/publication-detail.php?pub_id=1284]
• The Data Privacy Subgroup developed the APEC
Privacy Framework in 2004
• The Framework is a set of nine principles to assist APEC
economies in developing privacy approaches that
maximize privacy protection and the continuity of cross-
border information flows

Google Confidential and Proprietary

APEC Privacy Principles

1)Preventing Harm
2)Notice
3)Use
4)Collection Limitation
5)Choice
6)Security Safeguards
7)Integrity
8)Access and Correction
9)Accountability

Google Confidential and Proprietary

APEC CBPR
• The Framework states that international implementation
of these principles may be achieved through Cross
Border Privacy Rules (CBPRs)
• CBPRs are a set of voluntary rules developed by an
organization based upon the APEC Privacy Principles
• The organization then commits to apply these rules to its
activities involving transfers of personal information
across borders

Source: APEC-DPS

Google Confidential and Proprietary

Questions?
cparlade@google.com

Google Confidential and Proprietary

The document discusses user and device management in Microsoft. It states that users expect to access corporate resources from any location using various devices, but this creates challenges for IT departments. The document outlines how Microsoft's user and device management tools enable users by providing consistent access across devices, simplifying device enrollment, and synchronizing corporate data. It also allows IT to unify management of on-premises and cloud-based devices from a single console. Further, it discusses how these tools help protect corporate information by selectively wiping devices and identifying compromised ones.

Skema Akreditasi-Sertifikasi ISO 27001 Komite Akreditasi Nasional

Directorate of Information Security | Ditjen Aptika

Ringkasan dokumen tersebut adalah: (1) KAN (Komite Akreditasi Nasional) bertanggung jawab untuk melakukan akreditasi terhadap lembaga sertifikasi, laboratorium, dan lembaga inspeksi di Indonesia. (2) KAN telah mendapatkan pengakuan internasional (MLA/MRA) untuk berbagai skema akreditasi. (3) KAN sedang mengembangkan skema akreditasi untuk sertifikasi Sistem Manajemen Keamanan Informasi berdasarkan stand

20111214 iisf shinoda_

Directorate of Information Security | Ditjen Aptika

The document summarizes global information security threats trends from 2010 to 2011 based on a presentation given by Dr. Yoichi Shinoda. It discusses: 1. Updates on threats like drive-by downloads, Stuxnet, route hijacking and DDoS attacks. New threats from hacktivists, advanced persistent threats, and growing mobile malware were also noted. 2. Changes in the long term threat landscape showing a shift from network to web and malware attacks. Target areas have expanded from internet to intranet systems. 3. The need to change approaches through increased awareness, improved defenses, economic incentives, and synergistic collaborations between groups. Continued investments in research and development were also emphasized

02. R U Sure U R Secure

Directorate of Information Security | Ditjen Aptika

This document discusses sovereignty and governance in cyberspace, focusing on three key sites: the NSA and encryption policy, WIPO and anti-circumvention measures, and ICANN and internet identifier management. For each site, it analyzes the rhetoric used, realpolitik motivations, governance processes and challenges, and lack of legitimacy and effectiveness due to limited stakeholder participation and global technical constraints. Overall it argues that regulating technology and technologizing regulation in these areas has faced major challenges due to differing stakeholder positions and the difficulty of controlling cryptography, code, and network protocols on an open global internet.

Personal security

Directorate of Information Security | Ditjen Aptika

This document provides information and recommendations for protecting personal computers and information from security threats. It discusses using updated operating systems and software, regular backups, safe wireless network usage, caution with external devices, secure email practices, password management, and protecting portable devices. The overall message is to remain vigilant against hacking, viruses, and data theft by maintaining secure systems and practices.

Privacy and Data Protection

Directorate of Information Security | Ditjen Aptika

Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012Directorate of Information Security | Ditjen Aptika

Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government

Directorate of Information Security | Ditjen Aptika

Dokumen tersebut membahas tentang pentingnya interoperabilitas dokumen perkantoran dalam pemerintahan berbasis elektronik (e-government) untuk mempercepat proses pengambilan keputusan, meningkatkan transparansi dan akuntabilitas, serta mengurangi biaya transaksi. Ada beberapa tantangan dalam implementasinya seperti kepemimpinan, SDM, kesadaran akan teknologi informasi, dan budaya dokumentasi yang perlu diatasi dengan berbagai

Chuan weihoo_IISF2011

Directorate of Information Security | Ditjen Aptika

The document discusses critical infrastructure protection (CIP). It outlines recent and past failures of CIP and possible causes. It then discusses taking a practical "inside-out" approach to CIP that involves identifying assets, exploring threats to each type of asset, assessing impacts and likelihoods, and determining controls. Key messages are that there is no single solution; organizations must know their assets, review existing plans and controls, and continue user education.

Rancangan Peraturan Menteri Sistem Manajemen Pengamanan Informasi

Directorate of Information Security | Ditjen Aptika

Abubakar munir iisf2011

Directorate of Information Security | Ditjen Aptika

Data protection laws are coming to Asia. The document discusses the concept of privacy and how it is recognized as a human right. It outlines several international instruments that have influenced the development of data protection laws, including the OECD Guidelines from 1980, the Council of Europe Convention from 1981, the European Union Directive from 1995, and the APEC Privacy Framework from 2004. The document also discusses different national approaches to data protection legislation, including comprehensive legislation, legislation with self-regulation, self-regulation only, and doing nothing. It provides examples of countries that have taken each approach. The document concludes by noting that several Asian countries, including China, India, Indonesia, and Thailand are in the process of developing data protection laws.

Persyaratan perangkat lunak 20141118_18november2014

Directorate of Information Security | Ditjen Aptika

Penanganan Kasus Cybercrime

Directorate of Information Security | Ditjen Aptika

Surat kepada seluruh Rektor Perguruan Tinggi dan Ketua Prodi di NKRI

Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

Surat ini mengundang rektor perguruan tinggi untuk mendukung Perlombaan Kepedulian Keamanan Siber 2016 Gelombang II yang diselenggarakan oleh ISACA Indonesia Chapter. Perlombaan ini bertujuan meningkatkan pemahaman dan kesadaran akan pentingnya keamanan siber di kalangan akademisi dan mahasiswa melalui unduhan buku panduan dan ujian sertifikasi online dengan diskon harga. Perguruan tinggi dan prodi yang mendapatkan nilai tertinggi berdasarkan

RPM SMPI

Directorate of Information Security | Ditjen Aptika

Sertifikat Digital - Kasubdit Teknologi Keamanan Informasi

Directorate of Information Security | Ditjen Aptika

Perlindungan Data Pribadi Pengguna Sistem Elektronik: Protecting Data Privacy

Directorate of Information Security | Ditjen Aptika

ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)

Directorate of Information Security | Ditjen Aptika

Dokumen tersebut membahas tentang ruang lingkup sistem teknologi informasi (TI) dalam penyelenggaraan lelang pengadaan secara elektronik (LPSE). Termasuk infrastruktur data, komunikasi, aplikasi, dan pengelolaannya. Juga dibahas tentang perkembangan dan upaya peningkatan layanan LPSE sejak 2009 hingga 2013 meliputi pengembangan infrastruktur, sertifikasi manajemen keamanan informasi, serta pengujian kelangsungan layanan

Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama

Directorate of Information Security | Ditjen Aptika

12 Best Privacy Frameworks

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

The document provides an overview of 12 privacy frameworks that can be used to develop comprehensive privacy programs. It describes each framework, including its organization, cost, and key benefits. The top frameworks are ISO 29100, ISO 27701, the ICO Accountability Framework, and the TrustArc-Nymity Framework. They provide standards, guidelines and best practices for building privacy into products and governance. The document aims to help privacy professionals select the most appropriate framework for their needs without needing to reinvent existing approaches.

EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group

Feroot

This document provides an overview and summary of a webinar on the convergence of privacy and cybersecurity. The webinar featured presentations from privacy and security experts on the current state of privacy globally, steps to achieve alignment between privacy and cybersecurity, and a case study. It also included a question and answer session on managing overlapping requirements, reducing risk, gaining organizational buy-in, and tools to help with convergence. Key topics discussed included the results of a global privacy enforcement sweep, borrowing existing cybersecurity processes to support privacy requirements, and converging legislations, standards and frameworks where there is overlap.

Viewers also liked

Information Security Governance

Directorate of Information Security | Ditjen Aptika

Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDFDirectorate of Information Security | Ditjen Aptika

04. SAKTTI Introduction

Directorate of Information Security | Ditjen Aptika

Summary report cc brtiDirectorate of Information Security | Ditjen Aptika

Sovereignty in Cyberspace

Directorate of Information Security | Ditjen Aptika

Personal security

Directorate of Information Security | Ditjen Aptika

Privacy and Data Protection

Directorate of Information Security | Ditjen Aptika

Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012Directorate of Information Security | Ditjen Aptika

Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government

Directorate of Information Security | Ditjen Aptika

Chuan weihoo_IISF2011

Directorate of Information Security | Ditjen Aptika

Rancangan Peraturan Menteri Sistem Manajemen Pengamanan Informasi

Directorate of Information Security | Ditjen Aptika

Abubakar munir iisf2011

Directorate of Information Security | Ditjen Aptika

Persyaratan perangkat lunak 20141118_18november2014

Directorate of Information Security | Ditjen Aptika

Penanganan Kasus Cybercrime

Directorate of Information Security | Ditjen Aptika

Surat kepada seluruh Rektor Perguruan Tinggi dan Ketua Prodi di NKRI

Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

RPM SMPI

Directorate of Information Security | Ditjen Aptika

Sertifikat Digital - Kasubdit Teknologi Keamanan Informasi

Directorate of Information Security | Ditjen Aptika

Perlindungan Data Pribadi Pengguna Sistem Elektronik: Protecting Data Privacy

Directorate of Information Security | Ditjen Aptika

ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)

Directorate of Information Security | Ditjen Aptika

Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama

Directorate of Information Security | Ditjen Aptika

Viewers also liked (20)

Information Security Governance

Rusmanto - Pengantar PDF dan Aplikasi Open Source terkait PDF

04. SAKTTI Introduction

Summary report cc brti

Sovereignty in Cyberspace

Personal security

Privacy and Data Protection

Budaya keamanan informasi dari perspektif psikologi ia-14 mar2012

Tasdik Kinanto - Interoperabilitas Dokumen Perkantoran dalam e-Government

Chuan weihoo_IISF2011

Rancangan Peraturan Menteri Sistem Manajemen Pengamanan Informasi

Abubakar munir iisf2011

Persyaratan perangkat lunak 20141118_18november2014

Penanganan Kasus Cybercrime

Surat kepada seluruh Rektor Perguruan Tinggi dan Ketua Prodi di NKRI

RPM SMPI

Sertifikat Digital - Kasubdit Teknologi Keamanan Informasi

Perlindungan Data Pribadi Pengguna Sistem Elektronik: Protecting Data Privacy

ISO 27001 LPSE Prov. Jawa Barat_Ika Mardiah (Kepala Balai LPSE Prov. Jawa Barat)

Presentasi Sinkronisasi Waktu Sistem Elektronik by Dr. Hasyim Gautama

Similar to Developing a Legal Framework for Privacy

12 Best Privacy Frameworks

Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group

Feroot

CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...

Phil Agcaoili

RuleBookForTheFairDataEconomy.pptx

noraelstela1

Privacy frameworks 101

Saumya Vishnoi

RFT for Business Intelligence and Data Strategy

SustainableEnergyAut

CBPR - Navigating Cross-Border Data Privacy Compliance

TrustArc

Just over a year ago, on 21 April 2022, seven economies, including Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA, announced the launch of the Global CBPR Forum. Since then, Australia and Mexico have joined the Forum, marking a significant stride towards a global approach to data privacy cooperation. In this highly anticipated webinar, we explore the background, the future direction, and assess the potential business case for companies considering certification under the new Global CBPR System. As an Associate Member of the Forum, the UK has demonstrated a keen interest in joining this innovative system, making it the first country outside the APEC region to express such intent.

4 Phases of Cloud Optimization

CloudHealth by VMware

DGIQ 2018 Presentation: How to be successful in the post GDPR landscape – bui...

DATUM LLC

This was presented on June 13, 2018 at the DGIQ Conference. May 25th isn’t the end of a journey, it’s really just the beginning. GDPR is one piece of the compliance puzzle. One of the most important things to remember about GDPR is that it’s not a one off compliance effort. It is a continuous process that will need to be continually evaluated and evolved over time. In order to be successful long term, a strategy must be built across all functions in the organization. Join us to learn how to build a strategy that will help you identify and link GDPR related processes, rules, standards and metrics to your organization's compliance goals and objectives to meet the new regulatory landscape. In this session, Jonathan will highlight how to develop processes and controls to build a strategy that ensure that the information being utilized is compliant, accessible, and manageable.

Governance and management of IT.pptx

Prashant Singh

Cookie Consent was Only the Beginning of Your Privacy Journey

TrustArc

This document is a presentation about taking a framework-based approach to privacy compliance and how the TrustArc Privacy Management Platform can help organizations achieve full compliance. The presentation discusses how cookie consent is just the beginning and a broader compliance program is needed. It advocates adopting an industry framework to streamline compliance with changing regulations. TrustArc's PrivacyCentral product is introduced as a way to dynamically monitor laws, prescribe actions, and help weave privacy into business operations.

Privacy Enhancing Technologies: Exploring the Benefits and Recommendations

TrustArc

Privacy Enhancing Technologies (PETs) comprise a range of tools that mitigate the risks associated with the collection of data. These technologies offer various functionalities, which help uphold data governance choices, foster data collaboration, and enhance accountability. As privacy regulations continue to evolve, organizations are increasingly turning to Privacy Enhancing Technologies (PETs) to protect personal data while enabling data-driven business decisions. In this webinar, we will explore the benefits of PETs, how they are used, and why they are critical for enhancing privacy.

Cor concepts information governance-protection-of-personal-information-act-popi

Robust Marketing & Consulting (Pty) Ltd

In this presentation, 10 steps (10 P's of POPI) are introduced as essential ingredients of meeting Protection of Personal Information (POPI) requirements. As a privacy law, POPI relies heavily on sound information management principles. The COR Concepts Integrated Information Governance model is also discussed, providing a framework for ensuring that POPI is not treated in isolation, and that it forms part of a cohesive approach to managing enterprise-wide information.

Introdction to Cloud Regulation for Enterprise by 2Bsecure

Idan Tohami

EUCI Mapping Cybersecurity to CIP

Scott Baron

This document summarizes a presentation about mapping cybersecurity programs to CIP compliance. The presentation discusses: 1) The stages organizations go through to converge IT governance, risk management, and compliance programs from separate silos to an integrated approach. 2) How to establish governance bodies, policies, standards, controls, and consistent risk analysis and management processes to build an integrated program. 3) The role of automation, tools, and metrics and how a single empowered compliance team can partner with governance and risk.

Don’t Just Trust Cloud Providers - How To Audit Cloud Providers

Michael Davis

This document discusses how to audit cloud providers to verify security and compliance. It begins by explaining the challenges of auditing cloud providers and what SSAE16 reports are and are not. It then provides tips on what aspects of a cloud provider to audit, such as encryption, certifications, and vulnerability scanning. The document recommends performing technical audits and assessments that go beyond just legal contracts or questionnaires. It emphasizes the importance of transparency and following the data when auditing cloud providers.

Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security s...

Erkan Kahraman

A Global Info Sec Policy Strategy

H Contrex

The document outlines a strategy for developing a global information security policy and standards framework at a multinational company (X-Co) through collaboration, convergence, adoption, and governance. Key elements include establishing an intranet portal to host security policies and standards; integrating existing policies from operating companies (OpCos); obtaining high-level endorsements; and forming a global information security council to govern policies on an ongoing basis. Milestones include finalizing an initial policy version, communicating compliance requirements, and conducting annual reviews. The goal is to create a unified set of security policies and standards to protect X-Co's interests globally.

Curlew Research Brussels 2014 Electronic Data & Knowledge Management

Nick Lynch

CIS14: NSTIC - Why the Identity Ecosystem Steering Group (IDESG)?

CloudIDSummit

The document discusses the Identity Ecosystem Steering Group (IDESG), which aims to create an identity ecosystem framework that is privacy-enhancing, secure, interoperable, and easy to use. The IDESG is working to complete version 1 of the framework by the end of 2014. It also outlines how individuals and organizations can get involved by joining committees, attending events, or running for leadership positions to help shape the future of digital identity.

Similar to Developing a Legal Framework for Privacy (20)

12 Best Privacy Frameworks

EXPERT WEBINAR: Convergence of Cybersecurity & Privacy with Herjavec Group

CSA Atlanta and Metro Atlanta ISSA Chapter Meeting May 2014 - Key Threats to ...

RuleBookForTheFairDataEconomy.pptx

Privacy frameworks 101

RFT for Business Intelligence and Data Strategy

CBPR - Navigating Cross-Border Data Privacy Compliance

4 Phases of Cloud Optimization

DGIQ 2018 Presentation: How to be successful in the post GDPR landscape – bui...

Governance and management of IT.pptx

Cookie Consent was Only the Beginning of Your Privacy Journey

Privacy Enhancing Technologies: Exploring the Benefits and Recommendations

Cor concepts information governance-protection-of-personal-information-act-popi

Introdction to Cloud Regulation for Enterprise by 2Bsecure

EUCI Mapping Cybersecurity to CIP

Don’t Just Trust Cloud Providers - How To Audit Cloud Providers

Erkan kahraman Security, Trust, Assurance - 20131106 - nordic it security s...

A Global Info Sec Policy Strategy

Curlew Research Brussels 2014 Electronic Data & Knowledge Management

CIS14: NSTIC - Why the Identity Ecosystem Steering Group (IDESG)?

More from Directorate of Information Security | Ditjen Aptika

Sosialisasi Keamanan Informasi_Sektor Kesehatan

Directorate of Information Security | Ditjen Aptika

Dokumen ini membahas tentang pentingnya keamanan informasi di sektor kesehatan. Informasi dan sistem informasi sangat dibutuhkan untuk perencanaan kesehatan, layanan kesehatan, rantai pasok farmasi dan kebutuhan medis lainnya, serta monitoring dan evaluasi pembangunan kesehatan. Untuk itu, dokumen ini menyarankan penerapan manajemen keamanan sistem informasi berdasarkan standar ISO, peningkatan kapasitas SDM dan infrastrukt

Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi

Directorate of Information Security | Ditjen Aptika

Sosialisasi Keamanan Informasi_Sektor Tranportasi

Directorate of Information Security | Ditjen Aptika

Dokumen tersebut membahas kebijakan dan standar keamanan informasi di sektor transportasi Kemenhub. Dokumen menjelaskan pentingnya keamanan informasi, ancaman terhadap sistem informasi, pengendalian sistem informasi, tujuan keamanan sistem informasi, kebijakan terkait keamanan informasi, sektor-sektor strategis transportasi beserta sistem informasinya, serta peranan Pusdatin Kemenhub dalam menjamin keamanan sistem informasi.

Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara

Directorate of Information Security | Ditjen Aptika

Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara

Directorate of Information Security | Ditjen Aptika

Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan

Directorate of Information Security | Ditjen Aptika

Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...

Directorate of Information Security | Ditjen Aptika

Fetri Miftach_Uji publik rpm tata kelola

Directorate of Information Security | Ditjen Aptika

This document discusses IT governance and its importance for top-performing enterprises. It notes that successful enterprises understand both the risks and benefits of IT, and find ways to align IT strategy with business strategy. Top areas of focus for IT governance include strategic alignment, value delivery, resource management, risk management, and performance measurement. The goal of IT governance is to ensure IT is managed responsibly and supports business goals, enables new opportunities, and delivers services efficiently while risks are known and managed.

Hasyim Gautama_Tata kelola tik 20151118

Directorate of Information Security | Ditjen Aptika

Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi

Directorate of Information Security | Ditjen Aptika

Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan

Directorate of Information Security | Ditjen Aptika

Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi

Directorate of Information Security | Ditjen Aptika

Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama

Directorate of Information Security | Ditjen Aptika

Teguh arifiyadi ls skse

Directorate of Information Security | Ditjen Aptika

Konny sagala skema kelaikan se

Directorate of Information Security | Ditjen Aptika

Dokumen tersebut membahas tentang sistem akreditasi dan sertifikasi di Indonesia. Ia menjelaskan dasar hukum akreditasi nasional dan peran Komite Akreditasi Nasional (KAN) dalam mengakreditasikan lembaga-lembaga uji kesesuaian seperti laboratorium, lembaga inspeksi, dan lembaga sertifikasi untuk mendukung kebijakan dan perdagangan nasional. Dokumen ini juga menyinggung kerja sama internasional KAN dalam pengakuan timbal balik

Intan rahayu tata cara sertifikasi kelaikan sistem elektronik

Directorate of Information Security | Ditjen Aptika

Uji Publik RPM SMPI Fetri Miftah

Directorate of Information Security | Ditjen Aptika

RPM SMPI 20150805 Hasim Gautama

Directorate of Information Security | Ditjen Aptika

Rangkuman dokumen tersebut adalah: Peraturan Menteri ini mengatur penerapan sistem manajemen pengamanan informasi bagi penyelenggara sistem elektronik untuk pelayanan publik berdasarkan kategori risiko sistem. Sistem elektronik dikategorikan menjadi strategis, tinggi, dan rendah, dengan standar pengamanan yang berbeda. Penyelenggara sistem elektronik strategis dan tinggi wajib memiliki sertifikat, sedangkan rendah dapat

SNI ISO 27001 Anwar Siregar

Directorate of Information Security | Ditjen Aptika

Pengamanan Jaringan dengan Honeynet-Charles Lim

Directorate of Information Security | Ditjen Aptika

Ringkasan dokumen tersebut adalah: Honeynet adalah jaringan komputer yang dirancang untuk diserang oleh hacker guna mempelajari perilaku dan alat yang digunakan penyerang. Proyek Honeynet Indonesia telah memasang berbagai honeypot di berbagai lembaga pendidikan dan pemerintah untuk mendeteksi ancaman baru dan mengumpulkan malware. Mereka juga mengembangkan sistem pemantauan nasional untuk menyimpan malware yang terkumpul.

More from Directorate of Information Security | Ditjen Aptika (20)

Sosialisasi Keamanan Informasi_Sektor Kesehatan

Sosialisasi Keamanan Informasi_Penyelenggaraan Telekomunikasi

Sosialisasi Keamanan Informasi_Sektor Tranportasi

Sosialisasi Keamanan Informasi_Bidang Perhubungan Udara

Sosialisasi Keamanan Informasi_Bidang Mineral dan Batubara

Sosialisasi Keamanan Informasi_Bidang Ketenagalistrikan

Sosialisasi Keamanan Informasi_Bidang Energi Baru, Terbarukan dan Konservasi ...

Fetri Miftach_Uji publik rpm tata kelola

Hasyim Gautama_Tata kelola tik 20151118

Standar rujukan keamanan informasi sub sektor perangkat telekomunikasi

Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_I Made Wiryawan

Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_Junior Lazuardi

Diskusi Publik RPM Perangkat Lunak Sistem Elektronik_DR Hasyim Gautama

Teguh arifiyadi ls skse

Konny sagala skema kelaikan se

Intan rahayu tata cara sertifikasi kelaikan sistem elektronik

Uji Publik RPM SMPI Fetri Miftah

RPM SMPI 20150805 Hasim Gautama

SNI ISO 27001 Anwar Siregar

Pengamanan Jaringan dengan Honeynet-Charles Lim

Recently uploaded

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

Neo4j

Dr. Sean Tan, Head of Data Science, Changi Airport Group Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

Alex Pruden

This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second). Paper: https://eprint.iacr.org/2023/1886

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

“I’m still / I’m still / Chaining from the Block”

Claudio Di Ciccio

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Data structures and Algorithms in Python.pdf

TIPNGVN2

GridMate - End to end testing is a critical piece to ensure quality and avoid...

ThomasParaiso2

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

Removing Uninteresting Bytes in Software Fuzzing

Aftab Hussain

Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process. In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds. - These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Recently uploaded (20)

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...

20240605 QFM017 Machine Intelligence Reading List May 2024

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Climate Impact of Software Testing at Nordic Testing Days

Essentials of Automations: The Art of Triggers and Actions in FME

zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs

UiPath Test Automation using UiPath Test Suite series, part 6

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

20240609 QFM020 Irresponsible AI Reading List May 2024

Monitoring Java Application Security with JDK Tools and JFR Events

“I’m still / I’m still / Chaining from the Block”

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Data structures and Algorithms in Python.pdf

GridMate - End to end testing is a critical piece to ensure quality and avoid...

Pushing the limits of ePRTC: 100ns holdover for 100 days

Introduction to CHERI technology - Cybersecurity

20240607 QFM018 Elixir Reading List May 2024

Removing Uninteresting Bytes in Software Fuzzing

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Developing a Legal Framework for Privacy

1. Developing a Legal Framework for Privacy Claro Parlade Senior Privacy Counsel, Asia-Pacific Google Confidential and Proprietary

2. APAC Privacy Law Revising Privacy Laws •Australia •New Zealand •Hong Kong New and pending Privacy Laws •Korea •Malaysia •Philippines •Taiwan •Singapore •India •Thailand Google Confidential and Proprietary

3. Considerations • Public Policy Goals • Economic Impact of Privacy Regulation o Cost-benefit analysis • Need for Capacity-building • Developing Public awareness o Shared responsibility Google Confidential and Proprietary

4. Characteristics • Principles-based • Technology and Device Neutral • Clarity in scope • Focused on outcomes, not on procedure • Innovation-Friendly Google Confidential and Proprietary

5. APEC Privacy Framework • APEC’s 21 member economies outpaced the rest of the world in 2011 with a growth rate of 4.1%. APEC’s estimated growth in 2012 4.3% (vs. rest of the world at 3.5%) [see http://publications.apec.org/publication-detail.php?pub_id=1284] • The Data Privacy Subgroup developed the APEC Privacy Framework in 2004 • The Framework is a set of nine principles to assist APEC economies in developing privacy approaches that maximize privacy protection and the continuity of cross- border information flows Google Confidential and Proprietary

6. APEC Privacy Principles 1)Preventing Harm 2)Notice 3)Use 4)Collection Limitation 5)Choice 6)Security Safeguards 7)Integrity 8)Access and Correction 9)Accountability Google Confidential and Proprietary

7. APEC CBPR • The Framework states that international implementation of these principles may be achieved through Cross Border Privacy Rules (CBPRs) • CBPRs are a set of voluntary rules developed by an organization based upon the APEC Privacy Principles • The organization then commits to apply these rules to its activities involving transfers of personal information across borders Source: APEC-DPS Google Confidential and Proprietary

8. Questions? cparlade@google.com Google Confidential and Proprietary

Developing a Legal Framework for Privacy

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (20)

Similar to Developing a Legal Framework for Privacy

Similar to Developing a Legal Framework for Privacy (20)

More from Directorate of Information Security | Ditjen Aptika

More from Directorate of Information Security | Ditjen Aptika (20)

Recently uploaded

Recently uploaded (20)

Developing a Legal Framework for Privacy