Usulan SNI pada Komisi Teknik 35-01 Teknologi Informasi, bagian Kelompok Kerja Keamanan Informasi WG1 dan bagian Kelompok Kerja Manajemen Layanan dan Tata Kelola Teknologi Informasi WG2, Program Nasional Penetapan Standar BSN Kemkominfo
Kualitas Data adalah inti dasar informasi sebagai lifeline selain keuangan dalam jaman cyber. Seri ISO 8000 akan sebanding dengan seri ISO 9000 Sistem Manajemen Kualitas (QMS). Seri ISO 8000 baru berkembang dan akan menjadi arus utama dalam waktu dekat dan akan menjadi dasar pengolahan informasi untuk pengambilan keputusan.
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
Kualitas Data adalah inti dasar informasi sebagai lifeline selain keuangan dalam jaman cyber. Seri ISO 8000 akan sebanding dengan seri ISO 9000 Sistem Manajemen Kualitas (QMS). Seri ISO 8000 baru berkembang dan akan menjadi arus utama dalam waktu dekat dan akan menjadi dasar pengolahan informasi untuk pengambilan keputusan.
CMMC, ISO/IEC 27701, and ISO/IEC 27001 — Best Practices and DifferencesPECB
After the last 2020 Global Leading voices webinar, comparing ISO27001 with CCPA and NYC Shield Act, we're taking a look at the next level of information and cybersecurity management.
How can you assess your security management? The CMMI model (using the 1 to 5 grading) is a well-known system. Early 2020 the US DOD launched the CMMC, Cybersecurity Maturity Model Certification which matches the same levels for cybersecurity. This session we'll discuss the maturity evaluation principles for information security, cybersecurity and application security and how you can use it in practice.
The webinar covers:
- What's the CMMI?
- What's the CMMC?
- Maturity in security governance (ISMS, cyber, application)
- Security maturity vs audit cycles
Recorded Webinar: https://youtu.be/9BpETh_nAOw
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
Just a few days ago NIST published a complete refresh of the SP800-53, which provides a catalog of security measure to protect an organization against a variety of risks and threats.
How might NIST guidance fit in an information security management system like ISO/IEC 27001 and its privacy extension ISO/IEC 27701?
In this session, we will make a quick walk-through the standards and best practices, compare them, and find out how they map and differ from one another.
The webinar will cover:
• A quick recap of the topics covered in ISO27001/ISO27701
• Discovering the NIST guidelines for Information & cyber Security (SP800-SP1800)
• Main differences and mappings between NIST guidance and ISO27001
• About the latest publication (sep/2020) on NIST SP800-53 (Security and Privacy Controls for Information Systems and Organizations)
• Implementing information & cyber-security best practices
Date: October 14, 2020
YouTube presentation: https://youtu.be/zfsxSaaErqg
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
ISO 27001 or ISO/IEC 27001:2013 is an international standard created to help organizations manage the security processes of their information assets. This standard provides a solid framework for implementing an Information Security Management System also known as an ISMS.
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
Privacy is a growing concern in today’s compliance environment.
Existing and new requirements continue to push for organizations to properly address their privacy risk.
As a cloud provider, there is no better way to help ensure that an organization is serious about their customers and their customers’ data than to include the control requirements from ISO 27018 into their compliance stack.
6 steps how to get iso 27000 certification?Puneet sharma
Are You looking for ISO 27001 certification in India?
If yes! Then You are at the right place, we will provide you ISO 27001 certification India
Here you the 6 Steps of How To Get ISO 27000 Certification?
ControlCase Discussed:
•What is ISO 27001
•How can companies get ready for ISO 27701 privacy standard
•What is the certification process to ISO 27701
•Common challenges
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowPECB
Just a few days ago NIST published a complete refresh of the SP800-53, which provides a catalog of security measure to protect an organization against a variety of risks and threats.
How might NIST guidance fit in an information security management system like ISO/IEC 27001 and its privacy extension ISO/IEC 27701?
In this session, we will make a quick walk-through the standards and best practices, compare them, and find out how they map and differ from one another.
The webinar will cover:
• A quick recap of the topics covered in ISO27001/ISO27701
• Discovering the NIST guidelines for Information & cyber Security (SP800-SP1800)
• Main differences and mappings between NIST guidance and ISO27001
• About the latest publication (sep/2020) on NIST SP800-53 (Security and Privacy Controls for Information Systems and Organizations)
• Implementing information & cyber-security best practices
Date: October 14, 2020
YouTube presentation: https://youtu.be/zfsxSaaErqg
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
In this session, we have looked into the ISO/IEC 27701 standard that has been published in August 2019. This standard glues together the ISO/IEC 27001, ISO/IEC 27002, ISO 29100 and their sub-standards with the GDPR.
For certification and compliance, it's important to understand these standards and regulations, as the GDPR and other legislation have heated the discussion about certification. The ISO/IEC 27701 contains important requirements and implementation guidance for implementing a PIMS (Privacy Information Management System), which will set the baseline for the future of privacy and data protection.
The webinar covers:
• Walkthrough of the ISO/IEC 27701
• Links with ISO/IEC 2700x series standards, ISO 29100 series...
• ISO/IEC 2700x and GDPR mapping
• Audit & certification
Presenter:
Our presenter for this webinar, Peter Geelen is director and managing consultant at CyberMinute and Owner of Quest For Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms.
Peter is an accredited Lead Auditor for ISO/IEC 27001/ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified Sr. Lead Cybersecurity Manager, ISO/IEC 27001 Master, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, CDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more.
Date: December 04, 2019
The recorded webinar: https://www.youtube.com/watch?v=ilw4UmMSlU4&feature=emb_logo
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Google +: https://plus.google.com/+PECBGroup
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
ISO 27001 or ISO/IEC 27001:2013 is an international standard created to help organizations manage the security processes of their information assets. This standard provides a solid framework for implementing an Information Security Management System also known as an ISMS.
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
In this session, we will go through ISO/IEC 27701 and ISO/IEC 27001 key practical implementation steps and how they can help you to be compliant with the GDPR.
Our presenters, Peter Geelen and Stefan Mathuvis, will guide you through the implementer tasks with practical hints and tips and show you how an auditor will look at your implementation, searching for evidence and compliance.
In addition, we will match the ISO/IEC 27(7)01 requirements to complete the GDPR obligations as far as possible.
Starting from executive management to privacy policies, handling notifications, setting up awareness programs, controlling user access requests, over vendor management to incident management (data breaches) and continuous updates.
The webinar will cover:
• Quick recap on general ISO components and approach
• Implementing ISO/IEC 27001 with the ISO/IEC 27701 extension for GDPR compliance
• Do's and don’ts for implementation and audit
• The importance of evidence in the audit
• Managing audit expectations and the never ending audit cycle
Recorded webinar: https://youtu.be/HL-VUiCj4Ew
Privacy is a growing concern in today’s compliance environment.
Existing and new requirements continue to push for organizations to properly address their privacy risk.
As a cloud provider, there is no better way to help ensure that an organization is serious about their customers and their customers’ data than to include the control requirements from ISO 27018 into their compliance stack.
6 steps how to get iso 27000 certification?Puneet sharma
Are You looking for ISO 27001 certification in India?
If yes! Then You are at the right place, we will provide you ISO 27001 certification India
Here you the 6 Steps of How To Get ISO 27000 Certification?
ControlCase Discussed:
•What is ISO 27001
•How can companies get ready for ISO 27701 privacy standard
•What is the certification process to ISO 27701
•Common challenges
Belajar Android Studio CRUD Data MahasiswaAgus Haryanto
Belajar Android Studio yang berfokus pada operasi CRUD Insert, Select, Update dan Delete pada database SQLite Android dengan mengambil contoh data mahasiswa
Cara Membuat Aplikasi Android Resep Masakan Sederhana Android-SQLitecreatorb dev
Full Source Visit : http://creatorb-lab.blogspot.com/2014/12/cara-membuat-aplikasi-android-resep.html
How to Create Android Recipe App | Cara Membuat Aplikasi Android Resep Masakan | Tutorial Membuat Aplikasi Android
creatorb
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
This courseware was designed for the training entitled 'Governance and Management of Enterprise IT with COBIT 5 Framework' with the objective of understanding COBIT 5 Framework as well as achieving IT Governance effectiveness using the respective framework.
Bhadale group of companies quality standards catalogueVijayananda Mohire
This is our guidance on quality initiatives for various offerings and processes. We have these standards as part of our engineering offerings for various streams for regulated & unregulated services
IT Service Management System Measurement using ISO20000-1 and ISO15504-8: De...IJECEIAES
Information technology is about not only hardware, software, communication infrastructure and communication infrastructure but also how to manage services. Information technology plays an increasingly important role in developing the structure and functions of public and private sectors. Service measurement plays an important role in IT service management (ITSM) that is one of the subfields of Services Computing science. ITSM is a big part of service science, a science field that combines computer science, operation research engineering, business strategy, management science, and organizational theory. Performance measurement from each of IT services is absolutely needed and is important in the continuous development of ITSM. These research provide good technical knowledge about the measuring ITSM with some requirements. In this paper we suggest the metrics in each service processes enables organizations to predict a direction for active process enhancement and to identify if the goal of process can achieve. This objective process metrics based on ISO/IEC 15504-8 and PRM ISO/IEC 20000-4 refinement. The output of this research, in the form of metrics and tools for any type organizational use.
Extended version of PECB Webinar of 15/oct/2020
Base version here:
https://www.slideshare.net/PECBCERTIFICATION/isoiec-27701-vs-isoiec-27001-vs-nist-essential-things-you-need-to-know
Learn about Service Management System Foundation and Difference in Service Management Methodologies. More about Equivalent Service Management System Practices and Business Case for Implementing and Certification. Finally the Implementation Approach and a Sample Implementation Schedule
PECB Webinar: The alignment of Information Security in Service ManagementPECB
The webinar covers:
• Using ISO 27001 and/or COBIT as a framework
• Defining the proper KPI’s
• Information security in service management
Presenter:
This session was presented by Arthur Donkers, Managing Partner of ITSX and a PECB Certified Trainer with more than 30 years of experience.
Link of the recorded session published on YouTube: https://youtu.be/epYUd3mzKzo
Presented by Mr Chris Ng, Product Manager cum Lead Auditor, TÜV SÜD PSB at ITSM CoP 6: Why you and your organisation should consider ISO20000 for IT Service Management on 30 Sep.
Similar to Usulan untuk wg1 dan wg2 pada pnps2015 rapat awal pt35-01 - 9 april 2015 (20)
Pengembangan Kebijakan dan
Strategi Pengamanan Data
Digital dalam Perguruan Tinggi
Sarwono Sutikno
Webinar Keamanan Data Digital, SPI IT
Seri ISO 27001 SMKI
(Sistem Manajemen Keamanan Informasi)
Sarwono Sutikno
Webinar Keamanan Data Digital, SPI ITB
Rabu, 3 Agustus 2022
v2
Seri ISO 27001 Sistem Manajemen Keamanan Informasi
A. Sumber terbuka https://www.iso27001security.com/
B. ISO/IEC 27000:2018 Information technology — Security techniques
— Information security management systems — Overview and
vocabulary
C. ISO/IEC FDIS 27001 Information security, cybersecurity and privacy
protection — Information security management systems —
Requirements
D. ISO/IEC 27002:2022 Information security, cybersecurity and privacy
protection — Information security controls
Rangkuman
• Indeks KAMI (KeAManan Informasi) adalah ukuran untuk mencapai
batas dasar ISO 27001 Persyaratan SMKI;
• Seri ISO 27001 SMKI yang utama:
• ISO 27000 Gambaran umum dan kosakata
• ISO 27001 Persyaratan
• ISO 27002 Kendali Keamanan Informasi
• Wajib dijalankan:
• Plan: Klausul 4 Konteks organisasi s/d Klausul 7 Dukungan ISO 27001
• Do: Klausul 8 Operasi ISO 27001
• Check: Klausul 9 Evaluasi Kinerja ISO 27001
• Act: Klausul 10 Peningkatan ISO 27001
Perbandingan standar Sistem Manejemen Keamanan Informasi dgn Sistem Manajemen Anti Penyuapan dgn Sistem Manajemen Mutu dgn Sistem Manajemen Organisasi Pendidikan, Jika sudah menerapkan salah satu Sistem Manajemen maka untuk menerapkan yang lain sedikit sekali usaha tambahannya. Perubahan Manajemen Risiko adalah yang paling awal. Semoga bermanfaat.
Tata Kelola Informasi & Teknologi (I&T),
dan Aset Informasi
Webinar
Peran Teknologi Informasi dan Audit Internal dalam Akselerasi Inovasi di
Perguruan Tinggi
Sarwono Sutikno, Dr.Eng,CISA,CISSP,CISM,CSX-F
INSITUT TEKNOLOGI BANDUNG
Senin, 29 Juni 2020
• Become familiar with the internal audit profession and The Institute of
Internal Auditors (IIA).
• Understand the mandatory IPPF guidance:
• The Mission of Internal Audit,
• the Core Principles for the Professional Practice of Internal Auditing,
• the Definition of Internal Auditing,
• the Code of Ethics, and
• the International Standards for the Professional Practice of Internal
Auditing (Standards).
• Understand the strongly recommended IPPF guidance:
• Implementation Guidance and Supplemental Guidance.
• Understand the attributes of a well-executed risk management model
(process)
• COSO Internal Control Framework
• Describe internal auditors’ compliance and fraud-related responsibilities
related to protecting the organization from regulatory violations.
• Be familiar with selected computer-assisted audit techniques, including
generalized audit software.
• Understand the planning, fieldwork, and reporting processes of an audit
• Learn the elements of a finding and the proper presentation in an audit
report
• Understand quality assurance, how it operates, and why it is important to
the internal audit function.
Pemahaman Keamanan Informasi terkait Internal Control, konteks pencapaian tujuan organisasi. Jangan sampai karena tidak boleh diketahui oleh suatu unit maka unit lain tidak boleh akses, sehingga ketersediaan untuk Penambangan Data untuk mendapatkan insight terhambat. Aset Informasi tidak dapat dimanfaatkan untuk pencapaian tujuan
Segala bentuk pemberian kepada pegawai negeri atau penyelenggara negara dinamakan gratifikasi. Sejak disahkannya Undang-Undang Nomor 20 Tahun 2001 tentang Perubahan atas Undang-Undang Nomor 31 Tahun 1999 tentang Pemberantasan Tindak Pidana Korupsi, mereka berkewajiban untuk menolak setiap penerimaan gratifikasi yang berhubungan dengan jabatan dan berlawanan dengan tugas atau kewajiban penerima. Apabila karena kondisi tertentu tidak bisa menolak, maka melaporkan penerimaan tersebut kepada KPK merupakan upaya kedua untuk membebaskan dari ancaman hukuman.
§ Rancang bangun portable hacking station menggunakan Raspberry pi telah
berhasil dilakukan sehingga menghasilkan sebuah alat yang dapat dipergunakan untuk melakukan kegiatan etical hacking yang efektif dan efisien.
§ Pengujian dilakukan dengan melakukan simulasi hacking menggunakan portable hacking station sehingga dapat diverifikasi kesesuaiannya dengan kebutuhan spesifikasi yang telah ditetapkan. Alat ini berhasil melakukan wireless security testing, yaitu dengan mendapatkan password Wifi dengan skema MITM pada AP yang tidak terproteksi terhadap serangan deauthentication attack.
§ Tinjauan keamanan dari portable hacking station dibuat berdasarkan standar
ISO/IEC 15408 Common Criteria for IT Security Evaluation part 1 – 3 versi 3.1:2017, dan ISO/IEC TR 15446 Guide for the production of Protection Profiles and Security Targets dalam bentuk dokumen Security Target.
▷ Apa yang perlu diatur agar tata kelola dan manajemen Keamanan SPBE dapat mendukung pencapaian tujuan SPBE?
▷ Bagaimana cara menghitung efektivitas pengaturan untuk Sistem Tata Kelola
Keamanan SPBE?
▷ Kecukupan pengaturan tata kelola dan manajemen yang diperlukan untuk Keamanan SPBE.
▷ Ketersediaan sistem manajemen kinerja Keamanan SPBE untuk mengukur keefektifan pengaturan.
Indeks Presepsi Korupsi Indonesia 20 thn Reformasi - TII. Semoga IPK Indonesia tetap naik dengan usaha kita bersama rakyat termasuk mahasiswa dan STM serta semua pemuda-pemudi harapan bangsa. BERANI JUJUR HEBAT
Pemilihan Umum 2019 tinggal hitungan hari. sebelum nyoblos, yuk baca dulu laporan utama di majalah Integrito yang bertajuk "Menuju Catatatan Sejarah".
Silahkan unduh versi PDF di link ini :
https://www.kpk.go.id/id/publikasi/kajian-dan-penelitian/majalah-integrito/832-menuju-catatan-sejarah
Jangan lupa untuk pilih yang jujur :)
salam antikorupsi!
More from Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F (20)
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
2. Current:
• Cybersecurity Nexus Liaison, ISACA Indonesia Chapter
• ISACA Academic Advocate at ITB
• SME for Information Security Standard for ISO at ISACA HQ
• Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung
• Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01
Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo.
Past:
• Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008)
• Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April
2009 – May 2011
Professional Certification:
• Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of
Engineering, the University of Texas at Austin. 2000
• IRCA Information Security Management System Lead Auditor Course, 2004
• ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005
• Brainbench Computer Forensic, 2006
• (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007
• ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007
Award:
• (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior
Information Security Professional. http://isc2.org/ISLA
2
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
4. Kerangka dan Standar – tinjauan
SNI ISO
38500
COSO
PP60/
2008 COBIT
ITIL v2 ITIL v3
SNI ISO
20000
SNI
ISO
2700x
SNI
ISO
900x
Common
Criteria
SNI ISO
15408
boardlevelmanagementtechnical
SNI ISO
27013
5. ISO/IEC JTC 1/SC 40 - IT Service Management and IT Governance
ISO/IEC 20000-1:2011
SNI ISO/IEC 20000-1:2013 Teknologi Informasi - Manajemen Layanan - Bagian 1: Persyaratan
sistem manajemen layanan IEEE Std 20000-1-2013
ISO/IEC 20000-2:2012
SNI ISO/IEC 20000-2:2013 Teknologi informasi - Manajemen layanan - Bagian 2: Pedoman
penerapan sistem manajemen layanan IEEE Std 20000-2-2013
ISO/IEC TR 20000-3:2012
SNI ISO/IEC TR 20000-3:2013 Teknologi informasi - Manajemen layanan - Bagian 3: Pedoman
pendefinisian lingkup dan kesesuaian dari SNI ISO/IEC 20000-1
ISO/IEC TR 20000-4:2010
SNI ISO/IEC TR 20000-4:2013 Teknologi informasi - Manajemen layanan - Bagian 4: Model referensi
proses
ISO/IEC TR 20000-5:2010 – replaced by ISO/IEC TR 20000-5:2013
SNI ISO/IEC TR 20000-5:2013 Teknologi informasi - Manajemen layanan - Bagian 5: Contoh acuan
perencanaan implementasi SNI ISO/IEC 20000-1
ISO/IEC TR 20000-9:2015 Information technology -- Service management -- Part 9: Guidance on
the application of ISO/IEC 20000-1 to cloud services
ISO/IEC TR 20000-10:2013 Information technology -- Service management -- Part 10: Concepts
and terminology
ISO/IEC 30121:2015 Information technology -- Governance of digital forensic risk framework
ISO/IEC 38500:2015 Information technology -- Governance of IT for the organization
ISO/IEC TS 38501:2015 Information technology -- Governance of IT -- Implementation guide
ISO/IEC TR 38502:2014 Information technology -- Governance of IT -- Framework and model 5
6. Customers
(and other
interested
parties)
Service
Requirements Services
Customers
(and other
interested
parties)
5. Design and transition of new or changed services
8. Resolution processes 7. Relationship processes
8.1 Incident and service request
management
8.2 Problem management
7.1 Business relationship
management
7.2 Supplier management
6. Service delivery processes
6.5 Capacity management
6.3 Service continuity &
availability management
6.1 Service level
management
6.2 Service reporting
6.6 Information security
management
6.4 Budgeting &
accounting for services
4.1 Management responsibility 4.2 Governance of processes
operated by other parties
4.5 Establish the SMS 4.3 Documentation management
4.4 Resource management
4. Service Management System (SMS)
9. Control processes
9.1 Configuration management
9.2 Change management
9.3 Release and deployment
management
7. Usulan pengganti seri SNI ISO 15504 Information technology -- Process assessment
ISO/IEC 33001:2015 Information technology -- Process assessment -- Concepts and
terminology 60.60 35.080
ISO/IEC 33002:2015 Information technology -- Process assessment -- Requirements for
performing process assessment 60.60 35.080
ISO/IEC 33003:2015 Information technology -- Process assessment -- Requirements for
process measurement frameworks 60.60 35.080
ISO/IEC 33004:2015 Information technology -- Process assessment -- Requirements for
process reference, process assessment and maturity models 60.60 35.080
ISO/IEC TR 33014:2013 Information technology -- Process assessment -- Guide for
process improvement 60.60 35.080
ISO/IEC NP 33016 Information technology -- Process assessment -- Process assessment
body of knowledge 10.99
ISO/IEC 33020:2015 Information technology -- Process assessment -- Process
measurement framework for assessment of process capability 60.60 35.080
ISO/IEC CD 33050-4 Information technology -- Process assessment -- Part 4: A process
reference model for information security management 30.20 35.080
ISO/IEC FDIS 33063 Information technology -- Process assessment -- Process
assessment model for software testing 50.00 35.080
ISO/IEC CD 33070-4 Information technology -- Process assessment -- Part 4: A process
assessment model for information security management
7
9. Month 200X Page 9
Process assessment Action plan
•Assessment of the audited processes and Actions plan to reach level .
•Extend assessment througth the overall organisation to be able to
compare same referential with same objectives and continuity of
processes
Lvl 5 : Value
Lvl 4 : Service
Lvl 3 : Proactiv
Lvl 2 : Reactiv
Lvl 1 : Chaos
Incident
Management
Change
Management
Problem
Management
Service Level
Management
Service Desk
Problem Management
Implementation
Knowledge
Improvement
Communications Process
RFC Process
OLAs Implementation
Catalogues of Services
Improvement
10. Trying to Run Before Walking
Reactive
Proactive
Analyze trends
Set thresholds
Predict problems
Measure appli-
cation availability
Automate
Mature problem,
configuration,
change, asset
and performance
mgt processes
Fight fires
Inventory
Desktop SW
distribution
Initiate
problem mgt
process
Alert and
event mgt
Measure component
availability (up/down)
IT as a service
provider
Define services,
classes, pricing
Understand costs
Guarantee SLAs
Measure & report
service availability
Integrate processes
Capacity
mgt
Service
Value
IT as strategic
business partner
IT and business
metric linkage
IT/business
collaboration
improves business
process
Real-time
infrastructure
Business planning
Level 2
Level 3
Level 4
Chaotic
Ad hoc
Undocumented
Unpredictable
Multiple help
desks
Minimal IT
operations
User call
notification
Level 1
Tool Leverage
Manage IT as a Business
Service Delivery Process Engineering
Operational Process Engineering
Service and Account Management
Level 5
11. Usulan seri SNI ISO 27k Information technology – Security technique (1/2)
ISO/IEC 27000:2014 Information technology -- Security techniques -- Information security
management systems -- Overview and vocabulary
ISO/IEC 27001:2013 Information technology -- Security techniques -- Information security
management systems -- Requirements 60.6035.040
ISO/IEC 27001:2013/Cor 1:2014 60.60 35.040
ISO/IEC 27002:2013 Information technology -- Security techniques -- Code of practice for
information security controls 60.6035.040
ISO/IEC 27002:2013/Cor 1:2014 60.60 35.040
ISO/IEC 27003:2010 Information technology -- Security techniques -- Information security
management system implementation guidance 90.9235.040
ISO/IEC 27004:2009 Information technology -- Security techniques -- Information security
management -- Measurement 90.9235.040
ISO/IEC 27005:2011 Information technology -- Security techniques -- Information security risk
management 90.9235.040
ISO/IEC 27006:2011 Information technology -- Security techniques -- Requirements for bodies
providing audit and certification of information security management systems
ISO/IEC 27007:2011 Information technology -- Security techniques -- Guidelines for information
security management systems auditing 90.9235.040
ISO/IEC TR 27008:2011 Information technology -- Security techniques -- Guidelines for auditors
on information security controls 90.9235.040
ISO/IEC 27010:2012 Information technology -- Security techniques -- Information security
management for inter-sector and inter-organizational communications 90.9235.040
ISO/IEC 27011:2008 Information technology -- Security techniques -- Information security
management guidelines for telecommunications organizations based on ISO/IEC 27002
ISO/IEC 27013:2012 Information technology -- Security techniques -- Guidance on the
integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
ISO/IEC 27014:2013 Information technology -- Security techniques -- Governance of information
security 60.6035.040
ISO/IEC TR 27015:2012 Information technology -- Security techniques -- Information security
management guidelines for financial services 60.6003.060 35.040
ISO/IEC TR 27016:2014 Information technology -- Security techniques -- Information security
management -- Organizational economics 60.6035.040 11
12. Usulan seri SNI ISO 27k Information technology – Security technique (2/2)
ISO/IEC 27018:2014 Information technology -- Security techniques -- Code of practice for protection of
personally identifiable information (PII) in public clouds acting as PII processors 60.60 35.040
ISO/IEC TR 27019:2013 Information technology -- Security techniques -- Information security
management guidelines based on ISO/IEC 27002 for process control systems specific to the
energy utility industry 90.92 35.040 35.240.99
ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and
communication technology readiness for business continuity 60.60 35.040
ISO/IEC 27032:2012 Information technology -- Security techniques -- Guidelines for cybersecurity
60.60 35.040
ISO/IEC 27033-1:2009 Information technology -- Security techniques -- Network security -- Part 1:
Overview and concepts 90.92 35.040
ISO/IEC 27033-2:2012 Information technology -- Security techniques -- Network security -- Part 2:
Guidelines for the design and implementation of network security 60.60 35.040
ISO/IEC 27033-3:2010 Information technology -- Security techniques -- Network security -- Part 3:
Reference networking scenarios -- Threats, design techniques and control issues 90.93 35.040
ISO/IEC 27033-4:2014 Information technology -- Security techniques -- Network security -- Part 4:
Securing communications between networks using security gateways 60.60 35.040
ISO/IEC 27033-5:2013 Information technology -- Security techniques -- Network security -- Part 5:
Securing communications across networks using Virtual Private Networks (VPNs) 60.60 35.040
ISO/IEC 27034-1:2011 Information technology -- Security techniques -- Application security -- Part 1:
Overview and concepts 60.60 35.040
ISO/IEC 27034-1:2011/Cor 1:2014 60.60 35.040
ISO/IEC 27035:2011 Information technology -- Security techniques -- Information security incident
management
ISO/IEC 27036-1:2014 Information technology -- Security techniques -- Information security for
supplier relationships -- Part 1: Overview and concepts 60.60 35.040
ISO/IEC 27036-2:2014 Information technology -- Security techniques -- Information security for
supplier relationships -- Part 2: Requirements 60.60 35.040
ISO/IEC 27036-3:2013 Information technology -- Security techniques -- Information security for
supplier relationships -- Part 3: Guidelines for information and communication technology supply
chain security
ISO/IEC 27037:2012 Information technology -- Security techniques -- Guidelines for identification,
collection, acquisition and preservation of digital evidence 60.60 35.040
ISO/IEC 27038:2014 Information technology -- Security techniques -- Specification for digital redaction
ISO/IEC 27039:2015 Information technology -- Security techniques -- Selection, deployment and
operations of intrusion detection systems (IDPS) 60.60 35.040
ISO/IEC 27040:2015 Information technology -- Security techniques -- Storage security 60.60 35.040
ISO/IEC 27043:2015 Information technology -- Security techniques -- Incident investigation principles
and processes 60.60 35.040
12