SlideShare a Scribd company logo

Usulan untuk wg1 dan wg2 pada pnps2015 rapat awal pt35-01 - 9 april 2015

Download as PPTX, PDF
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

Usulan SNI pada Komisi Teknik 35-01 Teknologi Informasi, bagian Kelompok Kerja Keamanan Informasi WG1 dan bagian Kelompok Kerja Manajemen Layanan dan Tata Kelola Teknologi Informasi WG2, Program Nasional Penetapan Standar BSN Kemkominfo

Education
1 of 15
1 Usulan Keamanan Informasi dan Sistem Manajemen Layanan Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM Anggota PT35-01 Teknologi Informasi Ciputat 9 April 2015
Current: • Cybersecurity Nexus Liaison, ISACA Indonesia Chapter • ISACA Academic Advocate at ITB • SME for Information Security Standard for ISO at ISACA HQ • Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung • Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01 Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo. Past: • Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008) • Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April 2009 – May 2011 Professional Certification: • Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of Engineering, the University of Texas at Austin. 2000 • IRCA Information Security Management System Lead Auditor Course, 2004 • ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005 • Brainbench Computer Forensic, 2006 • (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007 • ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007 Award: • (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior Information Security Professional. http://isc2.org/ISLA 2 Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
Kategori Kontrol berbasis Risiko 3 Source: Transforming Cybersecurity: Using COBIT 5, ISACA, 2013
Kerangka dan Standar – tinjauan SNI ISO 38500 COSO PP60/ 2008 COBIT ITIL v2 ITIL v3 SNI ISO 20000 SNI ISO 2700x SNI ISO 900x Common Criteria SNI ISO 15408 boardlevelmanagementtechnical SNI ISO 27013
ISO/IEC JTC 1/SC 40 - IT Service Management and IT Governance ISO/IEC 20000-1:2011 SNI ISO/IEC 20000-1:2013 Teknologi Informasi - Manajemen Layanan - Bagian 1: Persyaratan sistem manajemen layanan IEEE Std 20000-1-2013 ISO/IEC 20000-2:2012 SNI ISO/IEC 20000-2:2013 Teknologi informasi - Manajemen layanan - Bagian 2: Pedoman penerapan sistem manajemen layanan IEEE Std 20000-2-2013 ISO/IEC TR 20000-3:2012 SNI ISO/IEC TR 20000-3:2013 Teknologi informasi - Manajemen layanan - Bagian 3: Pedoman pendefinisian lingkup dan kesesuaian dari SNI ISO/IEC 20000-1 ISO/IEC TR 20000-4:2010 SNI ISO/IEC TR 20000-4:2013 Teknologi informasi - Manajemen layanan - Bagian 4: Model referensi proses ISO/IEC TR 20000-5:2010 – replaced by ISO/IEC TR 20000-5:2013 SNI ISO/IEC TR 20000-5:2013 Teknologi informasi - Manajemen layanan - Bagian 5: Contoh acuan perencanaan implementasi SNI ISO/IEC 20000-1 ISO/IEC TR 20000-9:2015 Information technology -- Service management -- Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services ISO/IEC TR 20000-10:2013 Information technology -- Service management -- Part 10: Concepts and terminology ISO/IEC 30121:2015 Information technology -- Governance of digital forensic risk framework ISO/IEC 38500:2015 Information technology -- Governance of IT for the organization ISO/IEC TS 38501:2015 Information technology -- Governance of IT -- Implementation guide ISO/IEC TR 38502:2014 Information technology -- Governance of IT -- Framework and model 5
Customers (and other interested parties) Service Requirements Services Customers (and other interested parties) 5. Design and transition of new or changed services 8. Resolution processes 7. Relationship processes 8.1 Incident and service request management 8.2 Problem management 7.1 Business relationship management 7.2 Supplier management 6. Service delivery processes 6.5 Capacity management 6.3 Service continuity & availability management 6.1 Service level management 6.2 Service reporting 6.6 Information security management 6.4 Budgeting & accounting for services 4.1 Management responsibility 4.2 Governance of processes operated by other parties 4.5 Establish the SMS 4.3 Documentation management 4.4 Resource management 4. Service Management System (SMS) 9. Control processes 9.1 Configuration management 9.2 Change management 9.3 Release and deployment management
Usulan pengganti seri SNI ISO 15504 Information technology -- Process assessment ISO/IEC 33001:2015 Information technology -- Process assessment -- Concepts and terminology 60.60 35.080 ISO/IEC 33002:2015 Information technology -- Process assessment -- Requirements for performing process assessment 60.60 35.080 ISO/IEC 33003:2015 Information technology -- Process assessment -- Requirements for process measurement frameworks 60.60 35.080 ISO/IEC 33004:2015 Information technology -- Process assessment -- Requirements for process reference, process assessment and maturity models 60.60 35.080 ISO/IEC TR 33014:2013 Information technology -- Process assessment -- Guide for process improvement 60.60 35.080 ISO/IEC NP 33016 Information technology -- Process assessment -- Process assessment body of knowledge 10.99 ISO/IEC 33020:2015 Information technology -- Process assessment -- Process measurement framework for assessment of process capability 60.60 35.080 ISO/IEC CD 33050-4 Information technology -- Process assessment -- Part 4: A process reference model for information security management 30.20 35.080 ISO/IEC FDIS 33063 Information technology -- Process assessment -- Process assessment model for software testing 50.00 35.080 ISO/IEC CD 33070-4 Information technology -- Process assessment -- Part 4: A process assessment model for information security management 7
8
Month 200X Page 9 Process assessment  Action plan •Assessment of the audited processes and Actions plan to reach level . •Extend assessment througth the overall organisation to be able to compare same referential with same objectives and continuity of processes Lvl 5 : Value Lvl 4 : Service Lvl 3 : Proactiv Lvl 2 : Reactiv Lvl 1 : Chaos Incident Management Change Management Problem Management Service Level Management Service Desk Problem Management Implementation Knowledge Improvement Communications Process RFC Process OLAs Implementation Catalogues of Services Improvement
Trying to Run Before Walking Reactive Proactive  Analyze trends  Set thresholds  Predict problems  Measure appli- cation availability  Automate  Mature problem, configuration, change, asset and performance mgt processes  Fight fires  Inventory  Desktop SW distribution  Initiate problem mgt process  Alert and event mgt  Measure component availability (up/down)  IT as a service provider  Define services, classes, pricing  Understand costs  Guarantee SLAs  Measure & report service availability  Integrate processes  Capacity mgt Service Value  IT as strategic business partner  IT and business metric linkage  IT/business collaboration improves business process  Real-time infrastructure  Business planning Level 2 Level 3 Level 4 Chaotic  Ad hoc  Undocumented  Unpredictable  Multiple help desks  Minimal IT operations  User call notification Level 1 Tool Leverage Manage IT as a Business Service Delivery Process Engineering Operational Process Engineering Service and Account Management Level 5
Usulan seri SNI ISO 27k Information technology – Security technique (1/2) ISO/IEC 27000:2014 Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements 60.6035.040 ISO/IEC 27001:2013/Cor 1:2014 60.60 35.040 ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controls 60.6035.040 ISO/IEC 27002:2013/Cor 1:2014 60.60 35.040 ISO/IEC 27003:2010 Information technology -- Security techniques -- Information security management system implementation guidance 90.9235.040 ISO/IEC 27004:2009 Information technology -- Security techniques -- Information security management -- Measurement 90.9235.040 ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management 90.9235.040 ISO/IEC 27006:2011 Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems ISO/IEC 27007:2011 Information technology -- Security techniques -- Guidelines for information security management systems auditing 90.9235.040 ISO/IEC TR 27008:2011 Information technology -- Security techniques -- Guidelines for auditors on information security controls 90.9235.040 ISO/IEC 27010:2012 Information technology -- Security techniques -- Information security management for inter-sector and inter-organizational communications 90.9235.040 ISO/IEC 27011:2008 Information technology -- Security techniques -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 ISO/IEC 27013:2012 Information technology -- Security techniques -- Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 ISO/IEC 27014:2013 Information technology -- Security techniques -- Governance of information security 60.6035.040 ISO/IEC TR 27015:2012 Information technology -- Security techniques -- Information security management guidelines for financial services 60.6003.060 35.040 ISO/IEC TR 27016:2014 Information technology -- Security techniques -- Information security management -- Organizational economics 60.6035.040 11
Usulan seri SNI ISO 27k Information technology – Security technique (2/2) ISO/IEC 27018:2014 Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors 60.60 35.040 ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry 90.92 35.040 35.240.99 ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity 60.60 35.040 ISO/IEC 27032:2012 Information technology -- Security techniques -- Guidelines for cybersecurity 60.60 35.040 ISO/IEC 27033-1:2009 Information technology -- Security techniques -- Network security -- Part 1: Overview and concepts 90.92 35.040 ISO/IEC 27033-2:2012 Information technology -- Security techniques -- Network security -- Part 2: Guidelines for the design and implementation of network security 60.60 35.040 ISO/IEC 27033-3:2010 Information technology -- Security techniques -- Network security -- Part 3: Reference networking scenarios -- Threats, design techniques and control issues 90.93 35.040 ISO/IEC 27033-4:2014 Information technology -- Security techniques -- Network security -- Part 4: Securing communications between networks using security gateways 60.60 35.040 ISO/IEC 27033-5:2013 Information technology -- Security techniques -- Network security -- Part 5: Securing communications across networks using Virtual Private Networks (VPNs) 60.60 35.040 ISO/IEC 27034-1:2011 Information technology -- Security techniques -- Application security -- Part 1: Overview and concepts 60.60 35.040 ISO/IEC 27034-1:2011/Cor 1:2014 60.60 35.040 ISO/IEC 27035:2011 Information technology -- Security techniques -- Information security incident management ISO/IEC 27036-1:2014 Information technology -- Security techniques -- Information security for supplier relationships -- Part 1: Overview and concepts 60.60 35.040 ISO/IEC 27036-2:2014 Information technology -- Security techniques -- Information security for supplier relationships -- Part 2: Requirements 60.60 35.040 ISO/IEC 27036-3:2013 Information technology -- Security techniques -- Information security for supplier relationships -- Part 3: Guidelines for information and communication technology supply chain security ISO/IEC 27037:2012 Information technology -- Security techniques -- Guidelines for identification, collection, acquisition and preservation of digital evidence 60.60 35.040 ISO/IEC 27038:2014 Information technology -- Security techniques -- Specification for digital redaction ISO/IEC 27039:2015 Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems (IDPS) 60.60 35.040 ISO/IEC 27040:2015 Information technology -- Security techniques -- Storage security 60.60 35.040 ISO/IEC 27043:2015 Information technology -- Security techniques -- Incident investigation principles and processes 60.60 35.040 12
Network is Compromised
threat
Diskusi 15

Recommended

Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sosialisasi sni iso iec 20000 - sistem manajemen layanan
Sosialisasi sni iso iec 20000 - sistem manajemen layananSosialisasi sni iso iec 20000 - sistem manajemen layanan
Sosialisasi sni iso iec 20000 - sistem manajemen layanan
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Get iso 27000 certification in 7 steps
Get iso 27000 certification in 7 stepsGet iso 27000 certification in 7 steps
Get iso 27000 certification in 7 steps
Ben Pournader
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 

Recommended

Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Usulan untuk wg1 dan wg2 serta kualitas data pada pnps2015 rapat ke-2 pt35-...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Usulan untuk wg1 dan wg2 serta kualitas data pada kaminfo 12 agustus 2015
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Tata Kelola Keamanan Informasi
Tata Kelola Keamanan InformasiTata Kelola Keamanan Informasi
Tata Kelola Keamanan Informasi
Directorate of Information Security | Ditjen Aptika
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Usulan utk PT35-01 Teknologi Informasi dan Kualitas Data 19 okt2016
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sosialisasi sni iso iec 20000 - sistem manajemen layanan
Sosialisasi sni iso iec 20000 - sistem manajemen layananSosialisasi sni iso iec 20000 - sistem manajemen layanan
Sosialisasi sni iso iec 20000 - sistem manajemen layanan
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Get iso 27000 certification in 7 steps
Get iso 27000 certification in 7 stepsGet iso 27000 certification in 7 steps
Get iso 27000 certification in 7 steps
Ben Pournader
 
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesCMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and Differences
PECB
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
ISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and recordsISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and records
Manoj Vakekattil
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
27001 2015(+a1)
27001 2015(+a1)27001 2015(+a1)
27001 2015(+a1)
Carlos Ayil
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
VISTA InfoSec
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
ISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An IntorductionISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An Intorduction
n|u - The Open Security Community
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
Ramana K V
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
Schellman & Company
 
6 steps how to get iso 27000 certification?
6 steps how to get iso 27000 certification?6 steps how to get iso 27000 certification?
6 steps how to get iso 27000 certification?
Puneet sharma
 
ISO/IEC 27001:2005
ISO/IEC 27001:2005ISO/IEC 27001:2005
ISO/IEC 27001:2005
Fuangwith Sopharath
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
 
AUDITING DATABASE SYSTEMS
AUDITING DATABASE SYSTEMSAUDITING DATABASE SYSTEMS
AUDITING DATABASE SYSTEMS
Dhina Pohan
 
Android membuat-aplikasi-sederhana
Android membuat-aplikasi-sederhanaAndroid membuat-aplikasi-sederhana
Android membuat-aplikasi-sederhana
Robby Febrian
 
AUDITING IT GOVERNANCE CONTROLS
AUDITING IT GOVERNANCE CONTROLSAUDITING IT GOVERNANCE CONTROLS
AUDITING IT GOVERNANCE CONTROLS
Dhina Pohan
 
Pemrograman Android
Pemrograman AndroidPemrograman Android
Pemrograman Android
Sayyidah Poetrii
 
Yuk Bikin Aplikasi Android
Yuk Bikin Aplikasi AndroidYuk Bikin Aplikasi Android
Yuk Bikin Aplikasi Android
Eko Kurniawan Khannedy
 
510690 manajemen servis kel.1_2_ka07
510690 manajemen servis kel.1_2_ka07510690 manajemen servis kel.1_2_ka07
510690 manajemen servis kel.1_2_ka07
Auzan Fasya
 
ITIL Service Design dan Service Operation
ITIL Service Design dan Service OperationITIL Service Design dan Service Operation
ITIL Service Design dan Service Operation
Muh Husain noor Hidayat
 
Manajemen servis kel.1 2_ka07
Manajemen servis kel.1 2_ka07Manajemen servis kel.1 2_ka07
Manajemen servis kel.1 2_ka07
Muchammad Susanto
 
Service Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiService Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi Informasi
Muhammad Idil Haq Amir
 
Tata kelola teknologi informasi
Tata kelola teknologi informasiTata kelola teknologi informasi
Tata kelola teknologi informasi
Faith Posumah
 

More Related Content

What's hot

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
ISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and recordsISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and records
Manoj Vakekattil
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
27001 2015(+a1)
27001 2015(+a1)27001 2015(+a1)
27001 2015(+a1)
Carlos Ayil
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
VISTA InfoSec
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
PECB
 
ISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An IntorductionISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An Intorduction
n|u - The Open Security Community
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
Ramana K V
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
Schellman & Company
 
6 steps how to get iso 27000 certification?
6 steps how to get iso 27000 certification?6 steps how to get iso 27000 certification?
6 steps how to get iso 27000 certification?
Puneet sharma
 
ISO/IEC 27001:2005
ISO/IEC 27001:2005ISO/IEC 27001:2005
ISO/IEC 27001:2005
Fuangwith Sopharath
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
 

What's hot (12)

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
ISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and recordsISO 27001:2013 Mandatory documents and records
ISO 27001:2013 Mandatory documents and records
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
27001 2015(+a1)
27001 2015(+a1)27001 2015(+a1)
27001 2015(+a1)
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
ISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An IntorductionISO / IEC 27001:2005 – An Intorduction
ISO / IEC 27001:2005 – An Intorduction
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
6 steps how to get iso 27000 certification?
6 steps how to get iso 27000 certification?6 steps how to get iso 27000 certification?
6 steps how to get iso 27000 certification?
 
ISO/IEC 27001:2005
ISO/IEC 27001:2005ISO/IEC 27001:2005
ISO/IEC 27001:2005
 
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of PrivacyISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
 

Viewers also liked

AUDITING DATABASE SYSTEMS
AUDITING DATABASE SYSTEMSAUDITING DATABASE SYSTEMS
AUDITING DATABASE SYSTEMS
Dhina Pohan
 
Android membuat-aplikasi-sederhana
Android membuat-aplikasi-sederhanaAndroid membuat-aplikasi-sederhana
Android membuat-aplikasi-sederhana
Robby Febrian
 
AUDITING IT GOVERNANCE CONTROLS
AUDITING IT GOVERNANCE CONTROLSAUDITING IT GOVERNANCE CONTROLS
AUDITING IT GOVERNANCE CONTROLS
Dhina Pohan
 
Pemrograman Android
Pemrograman AndroidPemrograman Android
Pemrograman Android
Sayyidah Poetrii
 
Yuk Bikin Aplikasi Android
Yuk Bikin Aplikasi AndroidYuk Bikin Aplikasi Android
Yuk Bikin Aplikasi Android
Eko Kurniawan Khannedy
 
510690 manajemen servis kel.1_2_ka07
510690 manajemen servis kel.1_2_ka07510690 manajemen servis kel.1_2_ka07
510690 manajemen servis kel.1_2_ka07
Auzan Fasya
 
ITIL Service Design dan Service Operation
ITIL Service Design dan Service OperationITIL Service Design dan Service Operation
ITIL Service Design dan Service Operation
Muh Husain noor Hidayat
 
Manajemen servis kel.1 2_ka07
Manajemen servis kel.1 2_ka07Manajemen servis kel.1 2_ka07
Manajemen servis kel.1 2_ka07
Muchammad Susanto
 
Service Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiService Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi Informasi
Muhammad Idil Haq Amir
 
Tata kelola teknologi informasi
Tata kelola teknologi informasiTata kelola teknologi informasi
Tata kelola teknologi informasi
Faith Posumah
 
Tata kelola teknologi informasi
Tata kelola teknologi informasiTata kelola teknologi informasi
Tata kelola teknologi informasi
Faith Posumah
 
Android Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySqlAndroid Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySql
Agus Haryanto
 
Bersaing Dengan Menggunakan Teknologi Informasi
Bersaing Dengan Menggunakan Teknologi InformasiBersaing Dengan Menggunakan Teknologi Informasi
Bersaing Dengan Menggunakan Teknologi Informasi
Wisnu Dewobroto
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Balasubramanian.C PMP®,ITIL®,PRINCE2®,COBIT®5
 
Belajar Android Studio CRUD Data Mahasiswa
Belajar Android Studio CRUD Data MahasiswaBelajar Android Studio CRUD Data Mahasiswa
Belajar Android Studio CRUD Data Mahasiswa
Agus Haryanto
 
Cara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLite
Cara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLiteCara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLite
Cara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLite
creatorb dev
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
Laddawan Rattanaruang
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
Goutama Bachtiar
 
ITIL v3 Foundation Presentation
ITIL v3 Foundation PresentationITIL v3 Foundation Presentation
ITIL v3 Foundation PresentationWajahat Rajab
 

Viewers also liked (19)

AUDITING DATABASE SYSTEMS
AUDITING DATABASE SYSTEMSAUDITING DATABASE SYSTEMS
AUDITING DATABASE SYSTEMS
 
Android membuat-aplikasi-sederhana
Android membuat-aplikasi-sederhanaAndroid membuat-aplikasi-sederhana
Android membuat-aplikasi-sederhana
 
AUDITING IT GOVERNANCE CONTROLS
AUDITING IT GOVERNANCE CONTROLSAUDITING IT GOVERNANCE CONTROLS
AUDITING IT GOVERNANCE CONTROLS
 
Pemrograman Android
Pemrograman AndroidPemrograman Android
Pemrograman Android
 
Yuk Bikin Aplikasi Android
Yuk Bikin Aplikasi AndroidYuk Bikin Aplikasi Android
Yuk Bikin Aplikasi Android
 
510690 manajemen servis kel.1_2_ka07
510690 manajemen servis kel.1_2_ka07510690 manajemen servis kel.1_2_ka07
510690 manajemen servis kel.1_2_ka07
 
ITIL Service Design dan Service Operation
ITIL Service Design dan Service OperationITIL Service Design dan Service Operation
ITIL Service Design dan Service Operation
 
Manajemen servis kel.1 2_ka07
Manajemen servis kel.1 2_ka07Manajemen servis kel.1 2_ka07
Manajemen servis kel.1 2_ka07
 
Service Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi InformasiService Operation - Manajemen Layanan Teknologi Informasi
Service Operation - Manajemen Layanan Teknologi Informasi
 
Tata kelola teknologi informasi
Tata kelola teknologi informasiTata kelola teknologi informasi
Tata kelola teknologi informasi
 
Tata kelola teknologi informasi
Tata kelola teknologi informasiTata kelola teknologi informasi
Tata kelola teknologi informasi
 
Android Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySqlAndroid Fast Track CRUD Android PHP MySql
Android Fast Track CRUD Android PHP MySql
 
Bersaing Dengan Menggunakan Teknologi Informasi
Bersaing Dengan Menggunakan Teknologi InformasiBersaing Dengan Menggunakan Teknologi Informasi
Bersaing Dengan Menggunakan Teknologi Informasi
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
 
Belajar Android Studio CRUD Data Mahasiswa
Belajar Android Studio CRUD Data MahasiswaBelajar Android Studio CRUD Data Mahasiswa
Belajar Android Studio CRUD Data Mahasiswa
 
Cara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLite
Cara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLiteCara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLite
Cara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLite
 
It governance & cobit 5
It governance & cobit 5It governance & cobit 5
It governance & cobit 5
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
ITIL v3 Foundation Presentation
ITIL v3 Foundation PresentationITIL v3 Foundation Presentation
ITIL v3 Foundation Presentation
 

Similar to Usulan untuk wg1 dan wg2 pada pnps2015 rapat awal pt35-01 - 9 april 2015

mm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Conceptsmm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Concepts
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Process
kadhar_masthan
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
Fahmi Albaheth
 
Standards and best practices
Standards and best practicesStandards and best practices
Standards and best practices
Ramiro Cid
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
DavidMorris296217
 
Bhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueBhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogue
Vijayananda Mohire
 
Ca service-desk-presentation
Ca service-desk-presentationCa service-desk-presentation
Ca service-desk-presentationBrett Lee
 
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IJECEIAES
 
Ca Service Desk Presentation
Ca Service Desk PresentationCa Service Desk Presentation
Ca Service Desk Presentation
Emirates Computers
 
20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)
Peter GEELEN ✔
 
IT OT Integration_Vishnu_Murali_05262016_UPDATED
IT OT Integration_Vishnu_Murali_05262016_UPDATEDIT OT Integration_Vishnu_Murali_05262016_UPDATED
IT OT Integration_Vishnu_Murali_05262016_UPDATEDVishnu Murali
 
Benefits of Integrating ISO and CMMI Service Management System Frameworks
Benefits of Integrating ISO and CMMI Service Management System FrameworksBenefits of Integrating ISO and CMMI Service Management System Frameworks
Benefits of Integrating ISO and CMMI Service Management System Frameworks
Integration Technologies Group Inc
 
S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Bml 303 past papers pack
Bml 303 past papers packBml 303 past papers pack
Bml 303 past papers pack
San King
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
PECB
 
Demystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 StandardDemystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 Standard
NUS-ISS
 

Similar to Usulan untuk wg1 dan wg2 pada pnps2015 rapat awal pt35-01 - 9 april 2015 (20)

mm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Conceptsmm CGEIT Best Practices and Concepts
mm CGEIT Best Practices and Concepts
 
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan tiSosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
Sosialisasi sni iso iec 15408 common criteria - evaluasi keamanan ti
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
 
Msp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery ProcessMsp It Goverance And Service Delivery Process
Msp It Goverance And Service Delivery Process
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Standards and best practices
Standards and best practicesStandards and best practices
Standards and best practices
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
 
Bhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogueBhadale group of companies quality standards catalogue
Bhadale group of companies quality standards catalogue
 
Process, People & Tools in ITILV3
Process, People & Tools in ITILV3Process, People & Tools in ITILV3
Process, People & Tools in ITILV3
 
Ca service-desk-presentation
Ca service-desk-presentationCa service-desk-presentation
Ca service-desk-presentation
 
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...
 
Ca Service Desk Presentation
Ca Service Desk PresentationCa Service Desk Presentation
Ca Service Desk Presentation
 
20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)
 
IT OT Integration_Vishnu_Murali_05262016_UPDATED
IT OT Integration_Vishnu_Murali_05262016_UPDATEDIT OT Integration_Vishnu_Murali_05262016_UPDATED
IT OT Integration_Vishnu_Murali_05262016_UPDATED
 
Benefits of Integrating ISO and CMMI Service Management System Frameworks
Benefits of Integrating ISO and CMMI Service Management System FrameworksBenefits of Integrating ISO and CMMI Service Management System Frameworks
Benefits of Integrating ISO and CMMI Service Management System Frameworks
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Bml 303 past papers pack
Bml 303 past papers packBml 303 past papers pack
Bml 303 past papers pack
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Demystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 StandardDemystifying ISO 20000-1 Standard
Demystifying ISO 20000-1 Standard
 

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdfKeamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset InformasiTata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Keamanan Informasi - batasan
Keamanan Informasi - batasanKeamanan Informasi - batasan
Keamanan Informasi - batasan
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPKBuku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019 Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TIIIndeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Materi wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 wonMateri wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 won
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Materi caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod wonMateri caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod won
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Antikorupsi mahasiswa
Antikorupsi mahasiswaAntikorupsi mahasiswa
Antikorupsi mahasiswa
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Perguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod wonPerguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod won
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 

More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)

TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdfKeamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
Keamanan Data Digital - SPI ITB - Rabu 3 Agustus 2022 -v2.pdf
 
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdfKeamanan Informasi Metaverse - 18 Juni 2022.pdf
Keamanan Informasi Metaverse - 18 Juni 2022.pdf
 
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
Webinar Sabtu 14 Mei 2022 - Digital Signature dan Keamanan Transaksi Keuangan...
 
SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06SMKI vs SMAP vs SMM vs SMOP v06
SMKI vs SMAP vs SMM vs SMOP v06
 
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset InformasiTata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
Tata Kelola Informasi & Teknologi (I&T), dan Aset Informasi
 
Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021Silabus el5213 internal auditing (audit internal) v021
Silabus el5213 internal auditing (audit internal) v021
 
Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020Kuliah tamu itb 11 maret 2020
Kuliah tamu itb 11 maret 2020
 
Keamanan Informasi - batasan
Keamanan Informasi - batasanKeamanan Informasi - batasan
Keamanan Informasi - batasan
 
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPKBuku gratifikasi dalam perspektif agama - Desember 2019 - KPK
Buku gratifikasi dalam perspektif agama - Desember 2019 - KPK
 
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
Rancang bangun portable hacking station menggunakan raspberry pi tesis-sath...
 
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019 Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
Sistem Tata Kelola Keamanan Informasi SPBE menggunakan COBIT 2019
 
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TIIIndeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII
 
Materi wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 wonMateri wisuda untag 7 sep2019 won
Materi wisuda untag 7 sep2019 won
 
Materi caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod wonMateri caleg road show bus nganjuk - mod won
Materi caleg road show bus nganjuk - mod won
 
Antikorupsi mahasiswa
Antikorupsi mahasiswaAntikorupsi mahasiswa
Antikorupsi mahasiswa
 
Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02Islam, pendidikan karakter & antikorupsi mod won v02
Islam, pendidikan karakter & antikorupsi mod won v02
 
SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04SMKI vs SMAP vs SMM vs SML v04
SMKI vs SMAP vs SMM vs SML v04
 
Perguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod wonPerguruan tinggi dan pencegahan korupsi mod won
Perguruan tinggi dan pencegahan korupsi mod won
 
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
Majalah Integrito, KPK, edisi 1-tahun-2019 #Pemilihan Umum 2019
 

Recently uploaded

Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
Kartik Tiwari
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
David Douglas School District
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
Krisztián Száraz
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 

Recently uploaded (20)

Chapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdfChapter -12, Antibiotics (One Page Notes).pdf
Chapter -12, Antibiotics (One Page Notes).pdf
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
Pride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School DistrictPride Month Slides 2024 David Douglas School District
Pride Month Slides 2024 David Douglas School District
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
Advantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO PerspectiveAdvantages and Disadvantages of CMS from an SEO Perspective
Advantages and Disadvantages of CMS from an SEO Perspective
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 

Usulan untuk wg1 dan wg2 pada pnps2015 rapat awal pt35-01 - 9 april 2015

  • 1. 1 Usulan Keamanan Informasi dan Sistem Manajemen Layanan Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM Anggota PT35-01 Teknologi Informasi Ciputat 9 April 2015
  • 2. Current: • Cybersecurity Nexus Liaison, ISACA Indonesia Chapter • ISACA Academic Advocate at ITB • SME for Information Security Standard for ISO at ISACA HQ • Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung • Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01 Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo. Past: • Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008) • Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April 2009 – May 2011 Professional Certification: • Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of Engineering, the University of Texas at Austin. 2000 • IRCA Information Security Management System Lead Auditor Course, 2004 • ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005 • Brainbench Computer Forensic, 2006 • (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007 • ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007 Award: • (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior Information Security Professional. http://isc2.org/ISLA 2 Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
  • 3. Kategori Kontrol berbasis Risiko 3 Source: Transforming Cybersecurity: Using COBIT 5, ISACA, 2013
  • 4. Kerangka dan Standar – tinjauan SNI ISO 38500 COSO PP60/ 2008 COBIT ITIL v2 ITIL v3 SNI ISO 20000 SNI ISO 2700x SNI ISO 900x Common Criteria SNI ISO 15408 boardlevelmanagementtechnical SNI ISO 27013
  • 5. ISO/IEC JTC 1/SC 40 - IT Service Management and IT Governance ISO/IEC 20000-1:2011 SNI ISO/IEC 20000-1:2013 Teknologi Informasi - Manajemen Layanan - Bagian 1: Persyaratan sistem manajemen layanan IEEE Std 20000-1-2013 ISO/IEC 20000-2:2012 SNI ISO/IEC 20000-2:2013 Teknologi informasi - Manajemen layanan - Bagian 2: Pedoman penerapan sistem manajemen layanan IEEE Std 20000-2-2013 ISO/IEC TR 20000-3:2012 SNI ISO/IEC TR 20000-3:2013 Teknologi informasi - Manajemen layanan - Bagian 3: Pedoman pendefinisian lingkup dan kesesuaian dari SNI ISO/IEC 20000-1 ISO/IEC TR 20000-4:2010 SNI ISO/IEC TR 20000-4:2013 Teknologi informasi - Manajemen layanan - Bagian 4: Model referensi proses ISO/IEC TR 20000-5:2010 – replaced by ISO/IEC TR 20000-5:2013 SNI ISO/IEC TR 20000-5:2013 Teknologi informasi - Manajemen layanan - Bagian 5: Contoh acuan perencanaan implementasi SNI ISO/IEC 20000-1 ISO/IEC TR 20000-9:2015 Information technology -- Service management -- Part 9: Guidance on the application of ISO/IEC 20000-1 to cloud services ISO/IEC TR 20000-10:2013 Information technology -- Service management -- Part 10: Concepts and terminology ISO/IEC 30121:2015 Information technology -- Governance of digital forensic risk framework ISO/IEC 38500:2015 Information technology -- Governance of IT for the organization ISO/IEC TS 38501:2015 Information technology -- Governance of IT -- Implementation guide ISO/IEC TR 38502:2014 Information technology -- Governance of IT -- Framework and model 5
  • 6. Customers (and other interested parties) Service Requirements Services Customers (and other interested parties) 5. Design and transition of new or changed services 8. Resolution processes 7. Relationship processes 8.1 Incident and service request management 8.2 Problem management 7.1 Business relationship management 7.2 Supplier management 6. Service delivery processes 6.5 Capacity management 6.3 Service continuity & availability management 6.1 Service level management 6.2 Service reporting 6.6 Information security management 6.4 Budgeting & accounting for services 4.1 Management responsibility 4.2 Governance of processes operated by other parties 4.5 Establish the SMS 4.3 Documentation management 4.4 Resource management 4. Service Management System (SMS) 9. Control processes 9.1 Configuration management 9.2 Change management 9.3 Release and deployment management
  • 7. Usulan pengganti seri SNI ISO 15504 Information technology -- Process assessment ISO/IEC 33001:2015 Information technology -- Process assessment -- Concepts and terminology 60.60 35.080 ISO/IEC 33002:2015 Information technology -- Process assessment -- Requirements for performing process assessment 60.60 35.080 ISO/IEC 33003:2015 Information technology -- Process assessment -- Requirements for process measurement frameworks 60.60 35.080 ISO/IEC 33004:2015 Information technology -- Process assessment -- Requirements for process reference, process assessment and maturity models 60.60 35.080 ISO/IEC TR 33014:2013 Information technology -- Process assessment -- Guide for process improvement 60.60 35.080 ISO/IEC NP 33016 Information technology -- Process assessment -- Process assessment body of knowledge 10.99 ISO/IEC 33020:2015 Information technology -- Process assessment -- Process measurement framework for assessment of process capability 60.60 35.080 ISO/IEC CD 33050-4 Information technology -- Process assessment -- Part 4: A process reference model for information security management 30.20 35.080 ISO/IEC FDIS 33063 Information technology -- Process assessment -- Process assessment model for software testing 50.00 35.080 ISO/IEC CD 33070-4 Information technology -- Process assessment -- Part 4: A process assessment model for information security management 7
  • 8. 8
  • 9. Month 200X Page 9 Process assessment  Action plan •Assessment of the audited processes and Actions plan to reach level . •Extend assessment througth the overall organisation to be able to compare same referential with same objectives and continuity of processes Lvl 5 : Value Lvl 4 : Service Lvl 3 : Proactiv Lvl 2 : Reactiv Lvl 1 : Chaos Incident Management Change Management Problem Management Service Level Management Service Desk Problem Management Implementation Knowledge Improvement Communications Process RFC Process OLAs Implementation Catalogues of Services Improvement
  • 10. Trying to Run Before Walking Reactive Proactive  Analyze trends  Set thresholds  Predict problems  Measure appli- cation availability  Automate  Mature problem, configuration, change, asset and performance mgt processes  Fight fires  Inventory  Desktop SW distribution  Initiate problem mgt process  Alert and event mgt  Measure component availability (up/down)  IT as a service provider  Define services, classes, pricing  Understand costs  Guarantee SLAs  Measure & report service availability  Integrate processes  Capacity mgt Service Value  IT as strategic business partner  IT and business metric linkage  IT/business collaboration improves business process  Real-time infrastructure  Business planning Level 2 Level 3 Level 4 Chaotic  Ad hoc  Undocumented  Unpredictable  Multiple help desks  Minimal IT operations  User call notification Level 1 Tool Leverage Manage IT as a Business Service Delivery Process Engineering Operational Process Engineering Service and Account Management Level 5
  • 11. Usulan seri SNI ISO 27k Information technology – Security technique (1/2) ISO/IEC 27000:2014 Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security management systems -- Requirements 60.6035.040 ISO/IEC 27001:2013/Cor 1:2014 60.60 35.040 ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for information security controls 60.6035.040 ISO/IEC 27002:2013/Cor 1:2014 60.60 35.040 ISO/IEC 27003:2010 Information technology -- Security techniques -- Information security management system implementation guidance 90.9235.040 ISO/IEC 27004:2009 Information technology -- Security techniques -- Information security management -- Measurement 90.9235.040 ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk management 90.9235.040 ISO/IEC 27006:2011 Information technology -- Security techniques -- Requirements for bodies providing audit and certification of information security management systems ISO/IEC 27007:2011 Information technology -- Security techniques -- Guidelines for information security management systems auditing 90.9235.040 ISO/IEC TR 27008:2011 Information technology -- Security techniques -- Guidelines for auditors on information security controls 90.9235.040 ISO/IEC 27010:2012 Information technology -- Security techniques -- Information security management for inter-sector and inter-organizational communications 90.9235.040 ISO/IEC 27011:2008 Information technology -- Security techniques -- Information security management guidelines for telecommunications organizations based on ISO/IEC 27002 ISO/IEC 27013:2012 Information technology -- Security techniques -- Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 ISO/IEC 27014:2013 Information technology -- Security techniques -- Governance of information security 60.6035.040 ISO/IEC TR 27015:2012 Information technology -- Security techniques -- Information security management guidelines for financial services 60.6003.060 35.040 ISO/IEC TR 27016:2014 Information technology -- Security techniques -- Information security management -- Organizational economics 60.6035.040 11
  • 12. Usulan seri SNI ISO 27k Information technology – Security technique (2/2) ISO/IEC 27018:2014 Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors 60.60 35.040 ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry 90.92 35.040 35.240.99 ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity 60.60 35.040 ISO/IEC 27032:2012 Information technology -- Security techniques -- Guidelines for cybersecurity 60.60 35.040 ISO/IEC 27033-1:2009 Information technology -- Security techniques -- Network security -- Part 1: Overview and concepts 90.92 35.040 ISO/IEC 27033-2:2012 Information technology -- Security techniques -- Network security -- Part 2: Guidelines for the design and implementation of network security 60.60 35.040 ISO/IEC 27033-3:2010 Information technology -- Security techniques -- Network security -- Part 3: Reference networking scenarios -- Threats, design techniques and control issues 90.93 35.040 ISO/IEC 27033-4:2014 Information technology -- Security techniques -- Network security -- Part 4: Securing communications between networks using security gateways 60.60 35.040 ISO/IEC 27033-5:2013 Information technology -- Security techniques -- Network security -- Part 5: Securing communications across networks using Virtual Private Networks (VPNs) 60.60 35.040 ISO/IEC 27034-1:2011 Information technology -- Security techniques -- Application security -- Part 1: Overview and concepts 60.60 35.040 ISO/IEC 27034-1:2011/Cor 1:2014 60.60 35.040 ISO/IEC 27035:2011 Information technology -- Security techniques -- Information security incident management ISO/IEC 27036-1:2014 Information technology -- Security techniques -- Information security for supplier relationships -- Part 1: Overview and concepts 60.60 35.040 ISO/IEC 27036-2:2014 Information technology -- Security techniques -- Information security for supplier relationships -- Part 2: Requirements 60.60 35.040 ISO/IEC 27036-3:2013 Information technology -- Security techniques -- Information security for supplier relationships -- Part 3: Guidelines for information and communication technology supply chain security ISO/IEC 27037:2012 Information technology -- Security techniques -- Guidelines for identification, collection, acquisition and preservation of digital evidence 60.60 35.040 ISO/IEC 27038:2014 Information technology -- Security techniques -- Specification for digital redaction ISO/IEC 27039:2015 Information technology -- Security techniques -- Selection, deployment and operations of intrusion detection systems (IDPS) 60.60 35.040 ISO/IEC 27040:2015 Information technology -- Security techniques -- Storage security 60.60 35.040 ISO/IEC 27043:2015 Information technology -- Security techniques -- Incident investigation principles and processes 60.60 35.040 12