Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei...
-
Upload
sarwono-sutikno-drengcisacisspcismcsx-f -
Category
Education
-
view
202 -
download
0
Transcript of Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei...
![Page 1: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/1.jpg)
ANCAMAN CYBER TERHADAP KEAMANAN NASIONALCYBERSECURITY, RISK AND CONTROL
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Cybersecurity Nexus LiaisonISACA, Indonesia
Presentasi di DAS BINBatan Bandung, 19 Mei 2016
![Page 2: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/2.jpg)
KESEPAKATAN DISKUSI• Mohon maaf jika gaya/kebiasaan saya di ITB muncul dalam diskusi ini• Niatnya agar Indonesia lebih berdaulat• Boleh buka laptop dan akses internet• Seluruh peserta harus bicara, bertanya, berpendapat, guyon sebagai
pembuka kreatifitas• Sarwono Sutikno hanya fasilitator dan sedang belajar• Semoga saya dan semua insan Indonesia menjadi orang merdeka !!!• Semoga setiap insan Indonesia menjadi khalifah dalam arti tidak ada
yang dapat membatasi potensi seorang insan kecuali impian dirinya dan tuhannya.
Agar efektif berdiskusi
![Page 3: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/3.jpg)
BLOOM’S TAXONOMY OF EDUCATIONAL OBJECTIVES
Apply
ComprehendRememberlist, recite
explain, paraphrase
calculate, solve,determine, apply
Analyzecompare, contrast, classify, categorize,
derive, model
Synthesizecreate, construct,
design, improve, produce,
propose
Evaluatejudge, critique, justify,
verify, assess, recommend
![Page 4: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/4.jpg)
4
Current:• Cybersecurity Nexus Liaison, ISACA Indonesia Chapter• ISACA Academic Advocate at ITB• SME for Information Security Standard for ISO at ISACA HQ• Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung• Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01 Program Nasional
Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo. Past:• Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008)• Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April 2009 – May 2011
Professional Certification:• Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of Engineering, the University of
Texas at Austin. 2000• IRCA Information Security Management System Lead Auditor Course, 2004• ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005• Brainbench Computer Forensic, 2006• (ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007• ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007Award:• (ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior Information
Security Professional. http://isc2.org/ISLA
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
![Page 5: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/5.jpg)
DISKUSI1. Menganalisis perkembangan ancaman cyber saat ini dan lima tahun
kedepan.2. Melihat bagaimana kondisi strategi Pemerintah saat ini dalam
menghadapi ancaman cyber.3. Menganalisis bagaimana kebijakan Pemerintah yang ideal dalam
menghadapi ancaman cyber saat ini dan di masa mendatang.4. Melihat sejauh mana koordinasi dan kerjasama antar instansi
Pemerintah dalam menghadapi ancaman cyber 5. Menganalisis aktor-aktor terkait ancaman cyber terhadap
keamanan nasional.
Ancaman cyber terhadap keamanan nasional
![Page 6: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/6.jpg)
“DISKUSI”1. Menganalisis perkembangan risiko cyber saat ini dan lima tahun
kedepan.2. Melihat bagaimana kondisi strategi Pemerintah saat ini dalam
menghadapi risiko cyber.3. Menganalisis bagaimana kebijakan Pemerintah yang ideal dalam
menghadapi risiko cyber saat ini dan di masa mendatang.4. Melihat sejauh mana koordinasi dan kerjasama antar instansi
Pemerintah dalam menghadapi risiko cyber 5. Menganalisis aktor-aktor terkait risiko cyber terhadap keamanan
nasional.
Risiko cyber terhadap keamanan nasional
![Page 7: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/7.jpg)
RISK VS CONTROL
![Page 8: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/8.jpg)
![Page 9: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/9.jpg)
![Page 10: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/10.jpg)
![Page 11: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/11.jpg)
![Page 12: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/12.jpg)
![Page 13: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/13.jpg)
![Page 14: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/14.jpg)
![Page 15: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/15.jpg)
![Page 16: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/16.jpg)
![Page 17: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/17.jpg)
![Page 18: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/18.jpg)
Presentation: KamInfo.ID1818
KEAMANAN INFORMASI VERSI ISACA
Information security is a business enabler that is strictly bound to stakeholder trust, either by addressing business risk or by creating value for an enterprise, such as competitive advantage. At a time when the significance of information and related technologies is increasing in every aspect of business and public life, the need to mitigate information risk, which includes protecting information and related IT assets from ever-changing threats, is constantly intensifying.
ISACA defines information security as something that:Ensures that information is readily available (availability), when required, and protected against disclosure to unauthorised users (confidentiality) and improper modification (integrity).
![Page 19: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/19.jpg)
Presentation: KamInfo.ID1919
KEAMANAN INFORMASI
......... pemerintah negara Indonesia yang melindungi segenap bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk memajukan kesejahteraan umum, mencerdaskan kehidupan bangsa, dan ikut melaksanakan ketertiban dunia yang berdasarkan kemerdekaan, perdamaian abadi dan keadilan sosial........
Pemanfaatan INFORMASI sebagai darah nadi kehidupan bangsa dalam perspektif Pertumbuhan Ekonomi untuk Kesejahteraan Rakyat
![Page 20: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/20.jpg)
Presentation: KamInfo.ID2020
KEAMANAN NASIONAL
......... pemerintah negara Indonesia yang melindungi segenap bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk memajukan kesejahteraan umum, mencerdaskan kehidupan bangsa, dan ikut melaksanakan ketertiban dunia yang berdasarkan kemerdekaan, perdamaian abadi dan keadilan sosial........
Pemanfaatan INFORMASI sebagai darah nadi kehidupan bangsa dalam perspektif Pertumbuhan Ekonomi untuk Kesejahteraan Rakyat
![Page 21: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/21.jpg)
21
![Page 22: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/22.jpg)
NETWORK IS COMPROMISED
![Page 23: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/23.jpg)
APT LIFE CYCLE
![Page 24: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/24.jpg)
HOW FAST
![Page 25: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/25.jpg)
THREAT
![Page 26: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/26.jpg)
RISK-BASED CATEGORIZATION CONTROL
![Page 27: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/27.jpg)
![Page 28: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/28.jpg)
PIRT
![Page 29: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/29.jpg)
![Page 30: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/30.jpg)
![Page 31: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/31.jpg)
The CSX Liaison reports to the chapter president.
![Page 32: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/32.jpg)
Presentation: KamInfo.ID32
IMPLEMENTINGFRAMEWORKS TO POPULATE BMIS
ISO 27031
COBIT 5 Enabling Process
![Page 33: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/33.jpg)
![Page 34: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/34.jpg)
COBIT 5SNI ISO 38500
Internal Control Framework COSO
HUBUNGAN ANTAR KERANGKA
PP60/2008 Sistem Pengendalian
Intern PemerintahTata
Kel
ola
Tata
Kel
ola
TIM
anaj
emen
TI
Panduan Umum Tata Kelola TIK Nas+
Kuesioner Evaluasi Pengendalian Intern TIK
SNI ISO 27001SNI ISO 20000
SNI ISO 15408
![Page 35: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/35.jpg)
SARAN
•Strategis dan Kebijakan•Kaji manfaat dan risiko cyber•Sumber daya manusia diutamakan
•Kaji risiko dan manfaat perangkat teknologi, manusia, process dan organisasi
![Page 36: Ancaman cyber terhadap keamanan nasional cybersecurityy risk and control - batan bandung 19 mei 2016 ver01](https://reader036.fdocument.pub/reader036/viewer/2022062523/58876bf51a28ab22358b575b/html5/thumbnails/36.jpg)
Q&AISACA.ORG/CYBERISACA CYBERSECURITY TEACHING MATERIALS