This document discusses cybersecurity and is presented by Sarwono Sutikno from the Institut Teknologi Bandung. It provides Sarwono's credentials and experience in cybersecurity including certifications and roles. It then outlines the topics to be covered in the discussion, including governance, risk management, threat landscape, organizational and social risks, and applying frameworks like COBIT 5 to cybersecurity.
Bahan presentasi utama Track 1C pada Seminar Nasional Internal Audit 2015 di Solo 14-16 April 2015 Hotel Sunan Solo. Bahan dikembangkan dari hasil studi CSX ISACA dan intinya pernah dipresentasikan pada Cyber Resilience in Financial Institution di Singapur 9-11 Maret 2015 di Hilton Hotel Singapur. Tautan video berisi demo hacking oleh Yoko Acc ada di slide presentasi. Inti presentasi adalah semua jaringan data dapat ditembus selanjutnya CSX ISACA memperkenalkan PIRT (Prepare, Investigate, Respond dan Transform) dalam kajian berjudul Transforming Cybersecurity using COBIT 5. Konsep Three lines of defence diterangkan dalam beberapa konteks dari studi ISACA, a.l. Securing Mobile Devices, Transforming Cybersecurity using COBIT 5 dan Cobit 5 for Risk. Conoth tersebut memberikan ilustrasi untuk Komite Audit, Komisaris, para direktur dan Tim Manajemen Risiko untuk memahami dan menerakan risiko dan kontrol dalam kontek perusahaan atau instansi masing-masing.
Bahan presentasi utama Track 1C pada Seminar Nasional Internal Audit 2015 di Solo 14-16 April 2015 Hotel Sunan Solo. Bahan dikembangkan dari hasil studi CSX ISACA dan intinya pernah dipresentasikan pada Cyber Resilience in Financial Institution di Singapur 9-11 Maret 2015 di Hilton Hotel Singapur. Tautan video berisi demo hacking oleh Yoko Acc ada di slide presentasi. Inti presentasi adalah semua jaringan data dapat ditembus selanjutnya CSX ISACA memperkenalkan PIRT (Prepare, Investigate, Respond dan Transform) dalam kajian berjudul Transforming Cybersecurity using COBIT 5. Konsep Three lines of defence diterangkan dalam beberapa konteks dari studi ISACA, a.l. Securing Mobile Devices, Transforming Cybersecurity using COBIT 5 dan Cobit 5 for Risk. Conoth tersebut memberikan ilustrasi untuk Komite Audit, Komisaris, para direktur dan Tim Manajemen Risiko untuk memahami dan menerakan risiko dan kontrol dalam kontek perusahaan atau instansi masing-masing.
We live in a digital world in which our happiness, health, and even our lives can depend on the performance of technology. From medical equipment to cars, and home security systems to smartphones, computerized equipment plays a greater role in the human experience with each passing year.
Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
This presentation is an attempt to present the complex Subject of Cybersecurity in a concise format with main focus to present the core of Cybersecurity and best practises and standards to protect an enterprise Network.Comments of readers welcomed.Thank You (Wajahat Iqbal)
Email: Wajahat_Iqbal@yahoo.com
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
- Master the tools & techniques for effective information & network security.
- Discover how to create a complete & sustainable IT security architecture.
- Gain knowledge on how to develop sound security policy together with your security architecture.
- Learn how to perform an IT governance assessment using CoBIT 4.0
- Learn how to perform smart security risk assessment within your organization.
- Gain valuable insights on implementing a proactive & robust security management system.
- Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
- Master the tools & techniques for effective information & network security.
- Discover how to create a complete & sustainable IT security architecture.
- Gain knowledge on how to develop sound security policy together with your security architecture.
- Learn how to perform an IT governance assessment using CoBIT 4.0
- Learn how to perform smart security risk assessment within your organization.
- Gain valuable insights on implementing a proactive & robust security management system.
- Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
Network Infrastructure Security Management Solution can continuously provide network visualisation and identify critical attack risk. It provide security network and risk team with a firm understanding of Where the investment is needed, and Where greatest cyber attack risks lie. This understanding enable organizations to allocate resouces and take prioritized actions.
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
What a year 2014 has been for cybercriminals! It’s time to take a look back at 2014 and learn what’s in store for 2015. How much further will cybercriminals go? What new techniques will we see? What are the main threats we should be wary of in 2015?
From new malware families to PC grade mobile malware, from persistent PC Trojans to cloud based criminal services –cybercriminals have been keeping busy with new and advanced techniques.
In this session, IBM Security’s Senior Fraud Prevention Strategist, Etay Maor, will take you through the top stories that made waves in in 2014’s cybercrime threat environment and review at the upcoming cybercrime trends for 2015.
We will look some of the biggest (and baddest) in cybercrime innovation, showcasing specific attacks that highlight the ingenuity observed in 2014 and discuss what we can expect in terms of PC and mobile fraud in 2015.
In this presentation, you will learn about:
– Latest malware attacks and evasion techniques
– How organizations failed to prevent attacks in 2014
– Forecast of how recent attacks will affect attacks in 2015
View the full on-demand webcast: https://attendee.gotowebinar.com/recording/4171628843485100290
We live in a digital world in which our happiness, health, and even our lives can depend on the performance of technology. From medical equipment to cars, and home security systems to smartphones, computerized equipment plays a greater role in the human experience with each passing year.
Cyber security refers to the ability to defend against cyber-attacks, protect resources, and prevent cyber-attacks while information assurance is to ensure the confidentiality, possession or control, integrity, authenticity, availability and utility of information and information systems.
Cybersecurity concepts & Defense best practisesWAJAHAT IQBAL
This presentation is an attempt to present the complex Subject of Cybersecurity in a concise format with main focus to present the core of Cybersecurity and best practises and standards to protect an enterprise Network.Comments of readers welcomed.Thank You (Wajahat Iqbal)
Email: Wajahat_Iqbal@yahoo.com
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
This Edureka tutorial on "Cybersecurity Frameworks" will help you understand why and how the organizations are using the cybersecurity framework to Identify, Protect and Recover from cyber attacks.
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
IT Information Security Management Principles, 28 February - 02 March 2016 Du...360 BSI
This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
- Master the tools & techniques for effective information & network security.
- Discover how to create a complete & sustainable IT security architecture.
- Gain knowledge on how to develop sound security policy together with your security architecture.
- Learn how to perform an IT governance assessment using CoBIT 4.0
- Learn how to perform smart security risk assessment within your organization.
- Gain valuable insights on implementing a proactive & robust security management system.
- Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
IT Information Security Management Principles, 15 - 18 May 2016 Dubai UAE360 BSI
This 4 day training program combines advanced technology and relevant practical experience to develop your IT security policies & create a robust IT infrastructure.
Information security is critical for modern business models today.
Organizations must be prepared to take crucial steps to strengthen their IT infrastructure from both internal & external threats.
Organizations must look to develop a security network that enhances business operations while improving its security position. Successful security architecture combines a mix of the latest policies & practices, technology, and a robust awareness program.
This 4 day intensive training workshop addresses the latest concerns on IT infrastructure and security. Participants will develop key skills and core competencies that will allow them to meet the ever-changing security demands of the 21st century.
Course Participants will:
- Master the tools & techniques for effective information & network security.
- Discover how to create a complete & sustainable IT security architecture.
- Gain knowledge on how to develop sound security policy together with your security architecture.
- Learn how to perform an IT governance assessment using CoBIT 4.0
- Learn how to perform smart security risk assessment within your organization.
- Gain valuable insights on implementing a proactive & robust security management system.
- Learn how to detect & prevent information security breaches due to inadequate IT security awareness within the organization.
Who should attend:
Vice Presidents, Directors, General Managers
Chief Information Officers
Chief Security Officers
Chief Information Security Officers
Chief Technology Officers
Contact Kris at kris@360bsi.com for further information.
When identifying the most useful best-practice standards and guidance for implementing effective cyber security, it is important to establish the role that each fulfils, its scope and how it interacts (or will interact) with other standards and guidance.
Cybersecurity standards are generally applicable to all organisations regardless of their size or the industry and sector in which they operate. This page provides generic information on each of the standards that is usually recognised as an essential component of any cyber security strategy.
Network infrastructure security management solution - A holistic approach in ...Twinkle Sebastian
Network Infrastructure Security Management Solution can continuously provide network visualisation and identify critical attack risk. It provide security network and risk team with a firm understanding of Where the investment is needed, and Where greatest cyber attack risks lie. This understanding enable organizations to allocate resouces and take prioritized actions.
2015 Cybercrime Trends – Things are Going to Get InterestingIBM Security
What a year 2014 has been for cybercriminals! It’s time to take a look back at 2014 and learn what’s in store for 2015. How much further will cybercriminals go? What new techniques will we see? What are the main threats we should be wary of in 2015?
From new malware families to PC grade mobile malware, from persistent PC Trojans to cloud based criminal services –cybercriminals have been keeping busy with new and advanced techniques.
In this session, IBM Security’s Senior Fraud Prevention Strategist, Etay Maor, will take you through the top stories that made waves in in 2014’s cybercrime threat environment and review at the upcoming cybercrime trends for 2015.
We will look some of the biggest (and baddest) in cybercrime innovation, showcasing specific attacks that highlight the ingenuity observed in 2014 and discuss what we can expect in terms of PC and mobile fraud in 2015.
In this presentation, you will learn about:
– Latest malware attacks and evasion techniques
– How organizations failed to prevent attacks in 2014
– Forecast of how recent attacks will affect attacks in 2015
View the full on-demand webcast: https://attendee.gotowebinar.com/recording/4171628843485100290
Saiful Hidayat Pemanfaatan Certification authority (CA) Untuk Transaksi Elekt...Saiful Hidayat
Pada tanggal 28-29 Nopember 2009 saya adalah satu-satunya orang yang bukan Ahli Hukum namun diminta menjadi salah satu pembicara dalam Diskusi Ahli Hukum : Peluang & Tantangan Cybernotary di Indonesia, Grand Aquilla, Bandung, yang diselenggarakan oleh Staf Ahli Bidang Hukum DEPKOMINFO
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
Presented by Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM in Panel Uji Publik RPM Tata Kelola Keamanan Informasi Indonesia Information Security Forum, 10 Oktober 2012
Computer security - , cybersecurity or information technology security (IT security) is the protection of computer systems from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
The field is becoming more important due to increased reliance on computer systems, the Internet and wireless network standards such as Bluetooth and Wi-Fi, and due to the growth of "smart" devices, including smartphones, televisions, and the various devices that constitute the "Internet of things". Owing to its complexity, both in terms of politics and technology, cybersecurity is also one of the major challenges in the contemporary world.
Computer Security: protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications)
This primary focus of study was to investigate how cyber risks in ICT infrastructures of supply chains are managed. As its theoretical base, the study used the Adaptive Security Architecture framework that has been employed by most IT security specialists. Five experienced IT experts participated in a semi-structured interview to provide practical insights on the state of cybersecurity in supply chains operations from various industries. Their responses were analyzed based on the four stages of prediction, prevention, detection and response.
This study offers a new framework that suggests cybersecurity requires anticipatory vigilance, profiling malevolence, instantaneous response and uncompromised recovery to dealing with the cyber threats posing disruptions to supply chains.
Cybersecurity and Risk Management TechnologyMohammad Febri
The presentation will emphasize that cybersecurity is not merely an IT issue but a fundamental business concern that requires a holistic approach. It will gain a comprehensive understanding of how technology serves as the cornerstone of effective cybersecurity and risk management strategies in an increasingly digital world.
Through this presentation, organizations and individuals will be better equipped to navigate the complex cybersecurity landscape and harness technology to protect their digital assets, preserve their reputation, and safeguard sensitive information from evolving threats.
Transforming Cybersecurity, Risk and Control for Evolving Threats
• Analysing cybersecurity vulnerabilities, threats and risks and their associated risk based control categorisation
• Integrating cybersecurity governance with overall Information Security Governance, Risk and Assurance in line with life cycle approach of preparing, investigating, response and transforming cybersecurity (PIRT)
• Developing the cybersecurity paradigm by developing communication with the top management and all relevant stakeholders
• Transforming cybersecurity using COBIT 5 and real case study demonstrations
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
Cybersecurity Nexus Liaison
ISACA, Indonesia
I am Nihal Jani from ahmedabad, Sakar English School. I was searching for a good ppt on slideshare on cyber terrorism, but couldn't find one. So I made one instead and am posting it to benifit other people like me...
Information Technology Security ManagementMITSDEDistance
The PGDM in Information Technology at MITSDE follows the curriculum set by the IT Management Institute,
providing thorough instruction delivered by seasoned professionals.
Pengembangan Kebijakan dan
Strategi Pengamanan Data
Digital dalam Perguruan Tinggi
Sarwono Sutikno
Webinar Keamanan Data Digital, SPI IT
Seri ISO 27001 SMKI
(Sistem Manajemen Keamanan Informasi)
Sarwono Sutikno
Webinar Keamanan Data Digital, SPI ITB
Rabu, 3 Agustus 2022
v2
Seri ISO 27001 Sistem Manajemen Keamanan Informasi
A. Sumber terbuka https://www.iso27001security.com/
B. ISO/IEC 27000:2018 Information technology — Security techniques
— Information security management systems — Overview and
vocabulary
C. ISO/IEC FDIS 27001 Information security, cybersecurity and privacy
protection — Information security management systems —
Requirements
D. ISO/IEC 27002:2022 Information security, cybersecurity and privacy
protection — Information security controls
Rangkuman
• Indeks KAMI (KeAManan Informasi) adalah ukuran untuk mencapai
batas dasar ISO 27001 Persyaratan SMKI;
• Seri ISO 27001 SMKI yang utama:
• ISO 27000 Gambaran umum dan kosakata
• ISO 27001 Persyaratan
• ISO 27002 Kendali Keamanan Informasi
• Wajib dijalankan:
• Plan: Klausul 4 Konteks organisasi s/d Klausul 7 Dukungan ISO 27001
• Do: Klausul 8 Operasi ISO 27001
• Check: Klausul 9 Evaluasi Kinerja ISO 27001
• Act: Klausul 10 Peningkatan ISO 27001
Perbandingan standar Sistem Manejemen Keamanan Informasi dgn Sistem Manajemen Anti Penyuapan dgn Sistem Manajemen Mutu dgn Sistem Manajemen Organisasi Pendidikan, Jika sudah menerapkan salah satu Sistem Manajemen maka untuk menerapkan yang lain sedikit sekali usaha tambahannya. Perubahan Manajemen Risiko adalah yang paling awal. Semoga bermanfaat.
Tata Kelola Informasi & Teknologi (I&T),
dan Aset Informasi
Webinar
Peran Teknologi Informasi dan Audit Internal dalam Akselerasi Inovasi di
Perguruan Tinggi
Sarwono Sutikno, Dr.Eng,CISA,CISSP,CISM,CSX-F
INSITUT TEKNOLOGI BANDUNG
Senin, 29 Juni 2020
• Become familiar with the internal audit profession and The Institute of
Internal Auditors (IIA).
• Understand the mandatory IPPF guidance:
• The Mission of Internal Audit,
• the Core Principles for the Professional Practice of Internal Auditing,
• the Definition of Internal Auditing,
• the Code of Ethics, and
• the International Standards for the Professional Practice of Internal
Auditing (Standards).
• Understand the strongly recommended IPPF guidance:
• Implementation Guidance and Supplemental Guidance.
• Understand the attributes of a well-executed risk management model
(process)
• COSO Internal Control Framework
• Describe internal auditors’ compliance and fraud-related responsibilities
related to protecting the organization from regulatory violations.
• Be familiar with selected computer-assisted audit techniques, including
generalized audit software.
• Understand the planning, fieldwork, and reporting processes of an audit
• Learn the elements of a finding and the proper presentation in an audit
report
• Understand quality assurance, how it operates, and why it is important to
the internal audit function.
Pemahaman Keamanan Informasi terkait Internal Control, konteks pencapaian tujuan organisasi. Jangan sampai karena tidak boleh diketahui oleh suatu unit maka unit lain tidak boleh akses, sehingga ketersediaan untuk Penambangan Data untuk mendapatkan insight terhambat. Aset Informasi tidak dapat dimanfaatkan untuk pencapaian tujuan
Segala bentuk pemberian kepada pegawai negeri atau penyelenggara negara dinamakan gratifikasi. Sejak disahkannya Undang-Undang Nomor 20 Tahun 2001 tentang Perubahan atas Undang-Undang Nomor 31 Tahun 1999 tentang Pemberantasan Tindak Pidana Korupsi, mereka berkewajiban untuk menolak setiap penerimaan gratifikasi yang berhubungan dengan jabatan dan berlawanan dengan tugas atau kewajiban penerima. Apabila karena kondisi tertentu tidak bisa menolak, maka melaporkan penerimaan tersebut kepada KPK merupakan upaya kedua untuk membebaskan dari ancaman hukuman.
§ Rancang bangun portable hacking station menggunakan Raspberry pi telah
berhasil dilakukan sehingga menghasilkan sebuah alat yang dapat dipergunakan untuk melakukan kegiatan etical hacking yang efektif dan efisien.
§ Pengujian dilakukan dengan melakukan simulasi hacking menggunakan portable hacking station sehingga dapat diverifikasi kesesuaiannya dengan kebutuhan spesifikasi yang telah ditetapkan. Alat ini berhasil melakukan wireless security testing, yaitu dengan mendapatkan password Wifi dengan skema MITM pada AP yang tidak terproteksi terhadap serangan deauthentication attack.
§ Tinjauan keamanan dari portable hacking station dibuat berdasarkan standar
ISO/IEC 15408 Common Criteria for IT Security Evaluation part 1 – 3 versi 3.1:2017, dan ISO/IEC TR 15446 Guide for the production of Protection Profiles and Security Targets dalam bentuk dokumen Security Target.
▷ Apa yang perlu diatur agar tata kelola dan manajemen Keamanan SPBE dapat mendukung pencapaian tujuan SPBE?
▷ Bagaimana cara menghitung efektivitas pengaturan untuk Sistem Tata Kelola
Keamanan SPBE?
▷ Kecukupan pengaturan tata kelola dan manajemen yang diperlukan untuk Keamanan SPBE.
▷ Ketersediaan sistem manajemen kinerja Keamanan SPBE untuk mengukur keefektifan pengaturan.
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII. Semoga IPK Indonesia tetap naik dengan usaha kita bersama rakyat termasuk mahasiswa dan STM serta semua pemuda-pemudi harapan bangsa. BERANI JUJUR HEBAT
Pemilihan Umum 2019 tinggal hitungan hari. sebelum nyoblos, yuk baca dulu laporan utama di majalah Integrito yang bertajuk "Menuju Catatatan Sejarah".
Silahkan unduh versi PDF di link ini :
https://www.kpk.go.id/id/publikasi/kajian-dan-penelitian/majalah-integrito/832-menuju-catatan-sejarah
Jangan lupa untuk pilih yang jujur :)
salam antikorupsi!
More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
2. Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
• Dosen Sekolah Teknik Elektro dan Informatika ITB (http://kuliah.itb.ac.id/app243)
• EL5216 Manajemen Risiko Keamanan Informasi (BoK CRISC ISACA)
• EL5007 Manajemen Keamanan Informasi (BoK CISM ISACA)
• II4033 Forensik Digital (BoK CHFI v8, EC-Council)
• KU1071-03 Pengantar Teknologi Informasi – untuk mhs SITH dan SF
• Dosen Universitas Pertahanan RI
• Prodi Asymetric Warfare, opsi Cyber Warfare, m.k. Cyber Warfare Dynamic
• Prodi Strategi dan Kampanye Perang
• ISACA : Academy Advocate for ITB, Government and Regulatory Advocate – Sub Area 1,
ISACA Indonesia Chapter – Director of Certification CRISC & CGEIT
• (ISC)2 Information Security Leadership Award 2011 - Senior Information Security
Professional
• Persiapan Cyber Security Center ITB – KOICA
• PT35-01 Teknologi Informasi PNPS BSN-Kominfo :
• Ketua Working Group Sistem Manajemen Layanan seri ISO20000 + ISO38500,
Health Information Service Architecture, ISO15504
• Anggota Working Group Tata Kelola Keamanan Informasi seri ISO27k 2
8. Hubungan antar Kerangka
COBIT 5
Panduan Umum Tata Kelola TIK Nas
+
Kuesioner Evaluasi Pengendalian Intern TIK
Internal Control
Framework COSO
SNI ISO 38500
PP60/2008
Sistem Pengendalian Intern
Pemerintah
TataKelolaTataKelolaTIManajemenTI
SNI ISO 27001SNI ISO 20000
8
9. PP 60/2008 Sistem Pengendalian Intern
Pemerintah
9
Pasal 3 (1) d. informasi dan
komunikasi (Information and
Communication Internal Control)
Psl 3 (1) c. kegiatan pengendalian
(Internal Control Activities)
Psl 3 (1) b. penilaian risiko
(Internal Control Risk Assessment)
Psl 3 (1) a. lingkungan pengendalian
(Internal Control Environment)
TuPokSiInstansi
BisnisProses,SPO,dll
Psl 3 (1) e. pemantauan
pengendalian intern (Internal
Control Monitoring)
PeraturanPerundangan
14. Cybervulnerabilities, Threats and Risk
Vulnerability Threat Risk and Impact
Spear phishing Attackers may gain access through phish payload or
combined social-technical follow-up.
Initial data loss or leakage leading to secondary financial and
operational impact
Water holing Attackers may gain control of attractive web sites and
subsequent control of visitors.
Initial behavioral errors leading to secondary financial and
operational impact
Wireless/mobile
APT
Attacks may compromise wireless channels and/or
mobile devices to enable temporary or permanent
control.
Partial or full control of one or more wireless installations
and/or mobile devices; direct or indirect impact on all critical
IT applications and services
Zero-day Attacks use zero-day exploits to circumvent existing
defenses
Partial or full control of applications and underlying
systems/infrastructure, leading to secondary operational
impact
Excessive
privilege
Inside attacks may happen using inappropriate
privileges and access rights.
Full and (technically) legitimate control outside the
boundaries of organizational GRC, secondary financial,
operational and reputational impacts
Social
engineering
Attackers exploit social vulnerabilities to gain access to
information and/or systems.
Partial or full control of human target(s), subsequent
compromise of IT side, secondary impacts on
personal/individual well-being
Home user APT Attacks use the fact that home environments may be
less well protected than organizational
environments.
Partial or full control of applications, systems and home
infrastructures, secondary financial, operational and reputational
impacts, including impacts on personal/individual well-being
Extended IT
infrastructure APT
Attacks may target the IT infrastructure underlying
critical organizational processes
Full control of infrastructure, risk of extended control,
including public infrastructures or business partners
Non-IT technical
infrastructure
APT
Attacks may tunnel the barrier between IT and other
critical infrastructures within the enterprise
Partial or full control of nonstandard IT and technical
infrastructure, e.g., supervisory control and data
acquisition (SCADA), secondary operational impact
Vendor/business
partner exploit
There are attacks on trusted business partners or
vendors, compromising key software or deliverables
Initial attack through organizational IT directed at third
parties, with financial, operational and reputational impact14
15. Organizational Risk
15
Risk Description Potential Consequences
Design and structure—silos
and knowledge
distribution
Cybersecurity is structured in silos,
preventing knowledge exchange
Exposure to attacks because the majority
of associates are unable to recognize
attacks, cybercrime and cyberwarfare
Design and structure—
Overconfidence
Management misperception of factual
state of cybersecurity
Underfunding, limited management
attention, resulting exposure to attacks
Design and structure—
interfaces
Deficiencies in cooperating to recognize
and respond to attacksand breaches
Managing cybersecurity is fragmented,
leaving gaps that may be exploited.
Governance, compliance
and control—control
deficiencies
Lack of governance and compliance
provisions, insufficient cybersecurity
controls
Insufficient preparation, recognition,
investigation and response to attacks and
breaches; increased rate of human error
Governance, compliance
and control—overcontrol
Overly complex governance and
compliance system, controls addressing
even minute details
Rigid control structure creates
opportunities for attacks
and breaches.
Culture—trust The culture of trust partially or
completely negates cybercrime and
cyberwarfare.
Implicit or explicit trust may be
exploited in social and
technical attacks
Culture—vigilance Individual vigilance is reduced in the
context of governance, compliance and
control.
Attacks and breaches may not be
recognized in a timely manner.
Culture—denial Attractiveness in terms of attacks is
denied a priori.
Factual attacks may not be
recognized or misinterpreted
16. Social Risk Overview
16
Risk Description Potential Consequences
People—skills People have insufficient skills to
understand and enact cybersecurity.
People have insufficient skills to understand and
enact cybersecurity. Cybersecurity concepts and
actions cannot be fully implemented, leading to
an increased risk of attacks and breaches.
People—rules People are reluctant to accept and
internalize cybersecurity rules.
Deficiencies, growing number of vulnerabilities
and threats, more attack opportunities
People—
compliance
People inadvertently or deliberately
commit or allow security breaches
Attacks induced by people-based weaknesses,
collusion or internal attacks; corrupt practices;
infiltration
Culture—
leadership
and responsibility
Personal responsibility may be diminished
(or exaggerated) as a function of the
prevailing style of leadership, e.g., quasi-
military vs. laissez-faire
The under- or overemphasis on personal
responsibility may lead to dysfunctional
behavior and a corresponding increase in the
risk of attacks or breaches
Culture—societal
context
Societal context adverse to, or largely
ignorant of, cybercrime and cyberwarfare
Society at large, or general culture is not
conducive to individual adoption of
cybersecurity thinking.
Culture—human
error
High error potential or frequency due to
various factors
Attacks or breaches are more frequent due to
human error.
Human factors —
complexity
Cybersecurity is too complex and
therefore dysfunctional.
Failures or flaws and increased attack/breach
potential
Human factors —
convenience
People disregard or abandon
cybersecurity in favor of convenience
Convenience-based misuse or inadequate use of
IT and systems, with resulting vulnerabilities
and threats
17. Technical Risk Overview
17
Risk Description Potential Consequences
Architecture—
de-perimeterization
Significant parts of the IT architecture are
de-perimeterized.
Decentralized, mobile and home environments
are more vulnerable and less amenable to
organizational control.
Architecture—
third party
Parts of the IT architecture are operated
by third parties (Platform as a Service
[PaaS], Infrastructure as a Service [IaaS])
Cybersecurity shifts to a contractual basis
(indirect control only), potentially increasing the
risk of attacks and breaches.
Architecture—
exposed areas
Parts of the overall architecture have a high
risk/exposure to attacks and breaches.
Attacks focus on exposed areas (e.g., legacy,
unpatched, dual persona use)
Application layer—
cloud /Software as
a Service (SaaS)
Critical applications are operated in the
cloud and/or contracted as SaaS
High risk of vendor side vulnerabilities and
related attacks (see also Infrastructure—
networks)
Application layer—
zero-day
Zero-day exploits exist for
critical applications
High risk of targeted attacks using zero-day
points of entry
Application layer—
Malware
Applications are altered or corrupted by
various types of malware.
High risk of temporary or permanent open
attack vectors and related impacts (see
previous)
Operating system
layer—legacy
Legacy versions of operating systems are
needed for certain applications
High risk of vulnerabilities arising from expired
support/lack of patches for legacy operating
systems, often favored as attack vector
Operating system
layer—zero-day
Zero-day exploits exist for operating
systems.
High risk of attacks using zero-day
points of entry
18. Technical Risk Overview (samb.)
18
Risk Description Potential Consequences
Operating system
layer—security
model
Operating system security model inadequate
for cybersecurity
Gaps or weaknesses in the security model prevent
secure configuration, high risk of known
weaknesses being exploited
Infrastructure—
networks
Topology (wide area network [WAN]
/LAN/metropolitan area network [MAN])
weaknesses and structural Vulnerabilities
Parts of the combined network topology are
susceptible to attacks and breaches; see also
components and firmware.
Infrastructure—
components and
firmware
Network components and firmware contain
vulnerabilities, patching may be infrequent,
legacy component use
High risk of attacks based on known weaknesses in
component firmware, often indirectly
Infrastructure—
hardware
Hardware modification (including vendor-
side)
Risk of attacks based on replaced or modified
hardware, including cyberwarfare
Technical
infrastructure—
embedded systems
Vulnerabilities in embedded systems,
hardware or software modification
High risk of attacks based on known weaknesses in
embedded systems; modified embedded
components may be used in cyberwarfare
Technical
infrastructure—
management ystems
Vulnerabilities in control and
management systems (e.g., SCADA)
High risk of attacks based on known weaknesses in
control and management systems; APTs may be
used in cyberwarfare
21. Dampak
• Immediate financial damage—For example, through
fraud or embezzlement, loss of equipment, data
corruption and restore
• Indirect financial damage—For example, through
credit card theft, legal and regulatory fines,
contractual penalties, revenue losses
• Operational impact—Disruption or permanent denial
of critical IT functions and processes, secondary
“ripple-through” damage to business processes
• Reputational impact—Negative media coverage,
targeted activism, customer complaints, competitive
disadvantage, etc.
• Legal impact—Individual or class actions against the
enterprise, criminal proceedings, individual and
organizational liability. etc. 21
22. Kerangka Kontrol Cybersecurity
• Cybersecurity, as defined in RSNI ISO 27032—Information
technology—Security techniques—Guidelines for
cybersecurity
• Information security, e.g., RSNI ISO 27001 or National
Institute of Standards and Technology (NIST) SP 800-53
• SANS Critical Controls (Top 20)
• Enterprise governance of IT, as defined through COBIT 5
or other frameworks
• Risk management frameworks and practices influencing
cybersecurity
• Business continuity, service continuity and
emergency/crisis handling provisions at the governance
level, e.g., ISO 22301, RSNI ISO 27031
• Organizational (corporate) governance provisions
influencing cybersecurity directly or indirectly
22
25. SNI ISO/IEC 38500:2013 –
Tata Kelola Teknologi Informasi
25
Tata Kelola
Korporasi dari TIK
Evaluasi
Arahkan Pantau
Proses Bisnis
Proyek TIK Operasi TIK
26. EDM 01
COBIT 5 COBIT 5 for Information Security Cybersecurity
EDM01 Ensure governance framework setting and maintenance.
EDM01.01
Evaluate the
governance
system.
Internal and external environmental
factors (legal, regulatory, contractual),
identify trends influencing
governance design
• Review legal and regulatory provisions in cybercrime and
cyberwarfare
• Identify and validate governance model for cybersecurity (“zero
tolerance” vs. “living with it”)
• Identify adaptability, responsiveness and resilience of
governance model in terms of cybersecurity attacks and breaches
• Identify any rigid/brittle governance elements that may
inadvertently be conducive to cybercrime and cyberwarfare (e.g.,
instances of over control)
Extent to which information
security meets
business/compliance/regulatory
needs
• Validate business needs (express and implied) with regard to
attacks and breaches
• Categorize attacks and breaches, including cybercrime, in terms
of compliance and regulatory needs—identify gaps and
deficiencies
• Document systemic weaknesses in cybersecurity as regards the
business and its profit drivers
Principles guiding the design of
information security enablers and
promoting a security-positive envmnt
• See chapter 7. Guiding Principles
for Transforming Cybersecurity
Determine optimal decision-making
model for information security
• Determine an optimal decisionmaking model for
cybersecurity—this may be distinct and different from “ordinary”
information security
• See Responding to Targeted Cyberattacks
26
27. EDM 01
COBIT 5 COBIT 5 for Information Security Cybersecurity
EDM01 Ensure governance framework setting and maintenance.
EDM01.02
Direct the
governanc
e system.
Obtain senior management
commitment to information
security and information risk
management.
• Identify the senior management tolerance level in relation to
attacks and breaches.
• Obtain management commitment for the selected governance
model.
• Obtain the formal management risk appetite in terms of cybercrime
and cyberwarfare.
Mandate an enterprise information
security function.
• Mandate an appropriate cybersecurity function, including incident
and attack response.
• Establish interfaces between the cybersecurity function and other
information security roles.
Mandate an information security
steering committee (ISSC).
• Ensure cybersecurity participation at the steering committee level.
• Embed cybersecurity transformation activities in the steering
committee agenda.
Implement hierarchical information
and decision escalation procedures.
• Establish escalation points for attacks, breaches and incidents
(information security, crisis management, etc.).
• Define escalation paths for cybersecurity activities and
transformational steps (e.g., new vulnerabilities and threats).
• Establish fast-track/crisis mode decision procedures with escalation
to senior management.
Align information security strategy
with business strategy.
• Align, to the appropriate extent, cybersecurity with generic
information security.
• Highlight areas of cybersecurity that are deliberately kept separate
and distinct.
Foster an information security-
positive culture and environment.
• Define the target culture for cybersecurity.
• Set the scene for cybercrime/cyberwarfare awareness.
• Develop appropriate guidance for associates.
27
28. EDM 01
COBIT 5 COBIT 5 for Information Security Cybersecurity
EDM01 Ensure governance framework setting and maintenance.
EDM01.03
Monitor the
governance
system.
Monitor regular and
routine
mechanisms for
ensuring that the use
of information security
measurement
systems complies with
legislation
and regulation.
• Integrate cybersecurity measurements and metrics
into routine compliance check mechanisms.
• Monitor compliance of cybersecurity measurements
that do not form part of regular and routine
mechanisms.
Analyse overall
implications of the
changing threat
landscape.
• Evaluate threats and vulnerabilities relevant to
cybersecurity (see chapter 2).
• Incorporate the changing threat landscape into
cybersecurity transformation governance.
• Identify and articulate any game changers or
paradigm shifts in cybersecurity.
28
44. Goal and Audit Objectives
44
Cybersecurity Goal Audit Objective(s) Remarks
Cybersecurity policies,
standards and procedures
are adequate and
effective.
• Verify that documentation is complete and
up to date.
• Confirm that formal approval, release and
enforcement are in place.
• Verify that documentation covers all
cybersecurity requirements.
• Verify that subsidiary controls cover all
provisions made in policies, standards and
procedures.
This audit addresses the universe of documents
(governance side) and controls stipulated by
these documents. “Effective” in this sense
cannot audit more than the proper
approval/release/enforcement cycle, whereas
“adequate” can relate only to completeness,
adequacy and integrity of the policies, standards
and procedures.
Emerging risk is reliably
identified, appropriately
evaluated and adequately
treated.
• Confirm the reliability of the risk
identification process.
• Assess the risk evaluation process, including
tools, methods and techniques used.
• Confirm that all risk is treated in line with the
evaluation results.
• Verify that treatment is adequate or formal
risk acceptances exist for untreated risk.
This audit will usually span several years,
focusing on processes, tools and methods
in the first year. In subsequent years, auditors
will most likely take samples of risk areas and
drill down into the process. The
audit may include external data to qualify the
full coverage of “emerging” risk.
Cybersecurity
transformation processes
are defined, deployed
and measured.
• Verify the existence and completeness of the
transformation process and
related guidance.
• Verify that the transformation process is
implemented and followed by all parts of the
enterprise.
• Confirm controls, metrics and measurements
relating to transformation goals, risk and
performance.
This audit, which will transpire over several
years, is designed to cover the processes for
transforming cybersecurity.
Attacks and breaches are • Confirm monitoring and specific technical This is an in-depth technical audit that looks at
45. Goal and Audit Objectives (samb.)
45
Cybersecurity Goal Audit Objective(s) Remarks
Emerging risk is reliably
identified, appropriately
evaluated and adequately
treated.
• Confirm the reliability of the risk
identification process.
• Assess the risk evaluation process, including
tools, methods and techniques used.
• Confirm that all risk is treated in line with the
evaluation results.
• Verify that treatment is adequate or formal
risk acceptances exist for untreated risk.
This audit will usually span several years,
focusing on processes, tools and methods
in the first year. In subsequent years, auditors
will most likely take samples of risk areas and
drill down into the process. The
audit may include external data to qualify the
full coverage of “emerging” risk.
Cybersecurity
transformation processes
are defined, deployed
and measured.
• Verify the existence and completeness of the
transformation process and
related guidance.
• Verify that the transformation process is
implemented and followed by all parts of the
enterprise.
• Confirm controls, metrics and measurements
relating to transformation goals, risk and
performance.
This audit, which will transpire over several
years, is designed to cover the processes for
transforming cybersecurity.
Attacks and breaches are
identified and treated in a
timely and appropriate
manner.
• Confirm monitoring and specific technical
attack recognition solutions.
• Assess interfaces to security incident
management and crisis management processes
and plans.
• Evaluate (on the basis of past attacks) the
timeliness and adequacy of attack response.
This is an in-depth technical audit that looks at
the technology for early recognition and
identification of attack, then at the subsequent
steps for escalating and managing incidents.
“Timely” and “appropriate” are defined as
specified in relevant policies, standards and
procedures (no subjective audit judgment).
46. Outline
1. Introduction : Risk vs Control
2. Threat, Vulnerabilties and Associated Risk
3. Security Governance
4. Cybersecurity Management
5. Cybersecurity Assurance
6. Establishing and Evolving Systemic Security
7. Principles Transforming Cybersecurity
46
51. 7. Guiding Principles for Transforming Cybersecurity
Principle 1. Know the potential impact of cybercrime and cyberwarfare.
Principle 2. Understand end users, their cultural values and their
behavior patterns.
Principle 3. Clearly state the business case for cybersecurity, and the risk
appetite of the enterprise.
Principle 4. Establish cybersecurity governance.
Principle 5. Manage cybersecurity using principles and enablers.
Principle 6. Know the cybersecurity assurance universe and objectives.
Principle 7. Provide reasonable assurance over cybersecurity.
Principle 8. Establish and evolve systemic cybersecurity.
51