Kerangka untuk RPM Information Security Governance: COBIT 5 for Information Security
•
4 likes•3,150 views
Presented by Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM in Panel Uji Publik RPM Tata Kelola Keamanan Informasi Indonesia Information Security Forum, 10 Oktober 2012
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to Kerangka untuk RPM Information Security Governance: COBIT 5 for Information Security
Similar to Kerangka untuk RPM Information Security Governance: COBIT 5 for Information Security (20)
More from Directorate of Information Security | Ditjen Aptika
More from Directorate of Information Security | Ditjen Aptika (20)
Recently uploaded
Recently uploaded (20)
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information Security
- 1. Kerangka untuk RPM Information Security Governance: COBIT 5 for Information Security Presented by Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM Panel Uji Publik RPM Tata Kelola Keamanan Informasi Indonesia Information Security Forum 10 Oktober 2012 Modifikasi dari bahan resmi ISACA © 2012 ISACA. All Rights Reserved.
- 2. Sarwono Sutikno, Dr.Eng., CISA, CISSP, CISM 2 Lektor Kepala di Sekolah Teknik Elektro dan Informatika, ITB ISACA Licensee Trainer for Introduction to COBIT 5, 31 May 2012 (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award - category Senior Information Security Professional ISACA Academic Advocate sejak 2007 Reviewer (atas nama ISACA): ISO/IEC WDTR 38502 Governance of IT - Framework and Model ISO/IEC WD 30120 IT Audit – Audit guidelines for Governance of IT ISO/IEC WD 27017 – Information technology – Security techniques – Information security Management -- Guidelines on Information security controls for the use of cloud computing services based on ISO/IEC 27002 Anggota Panitia Teknis 35-01 BSN - KemKominfo: SNI ISO seri 27000 Keamanan Informasi SNI ISO seri 20000 Sistem Manajemen Layanan SNI ISO 38500 Tata Kelola Teknologi Informasi - Corporate governance of information technology Sedang membuat: Silabus m.k Cyber Warfare Dynamic dan m.k Cyber Deterrence di S2 Asimetrik Warfare UnHan Kurikulum S2 Information Security Governance di STEI ITB, © 2012 ISACA. All Rights Reserved.
- 3. Pertanyaan ? • Prinsip Keamanan Informasi ? • “component” vs “service” ? • Accountable dan Responsible ? • Konteks KamInfo di pencapaian tujuan ?
- 4. Information Security Defined 4 ISACA defines information security: Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability). Confidentiality means preserving authorised restrictions on access and disclosure, including means for protecting privacy and proprietary information. Integrity means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. Availability means ensuring timely and reliable access to and use of information.
- 5. COBIT 5 for Information Security - Benefits 5 Reduced complexity and increased cost-effectiveness due to improved and easier integration of information security standards, good practices and/or sector-specific guidelines Increased user satisfaction with information security arrangements and outcomes Improved integration of information security in the enterprise Informed risk decisions and risk awareness Improved prevention, detection and recovery Reduced (impact of) information security incidents Enhanced support for innovation and competitiveness Improved management of costs related to the information security function Better understanding of information security
- 6. RACI Charts APO13 Manage Security 6 © 2012 ISACA. All Rights Reserved.
- 7. RACI Charts DSS05 Manage Security services 7 © 2012 ISACA. All Rights Reserved.
- 8. Principle 1: Meeting Stakeholder Needs 8 Stakeholder needs have to be transformed into an enterprises’ actionable strategy The COBIT 5 goals cascade translates stakeholder needs into specific, practical and customized goals © 2012 ISACA. All Rights Reserved.
- 9. COBIT 5 Enabler: Systemic Model with Interacting Enablers 9 Enablers: 1. Principles, policies and frameworks 2. Processes 3. Organizational structures 4. Culture, ethics and behavior 5. Information 6. Services, infrastructure and applications 7. People, skills and competencies © 2012 ISACA. All Rights Reserved.
- 10. Enabler: 1 Principles, Policies and Frameworks 10
- 11. Policy Framework 11
- 12. Information Security Principles (ISACA, (ISC)2, ISF) 12 Support the business: Focus on the business Deliver quality and value to stakeholders Comply with relevant legal and regulatory requirements Provide timely and accurate information Evaluate current and future information threats Promote continuous improvement in information security Defend the business: risk- Adopt a risk-based approach Protect classified information Concentrate on critical business applications Develop systems securely Promote responsible information security behaviour: Act in a professional and ethical manner security- Foster an information security-positive culture
- 13. Enabler: 2. Processes 13
- 14. EDM01
- 16. Enabler: 6. Services, Infrastructure and Applications
- 17. Information Security Services, Infrastructure and Applications Provide a security architecture. Provide security awareness. Provide secure development (development in line with security standards). Provide security assessments. Provide adequately secured and configured systems, in line with security requirements and security architecture. Provide user access and access rights in line with business requirements. Provide adequate protection against malware, external attacks and intrusion attempts. Provide adequate incident response. Provide security testing. Provide monitoring and alert services for security-related events.
- 18. Discussion 18 Email: ssarwono@gmail.com isaca- Milis: isaca-id@googlegroups.com LinkedIn group: ISACA-ID Indonesia © 2012 ISACA. All Rights Reserved.