Upload
emasbedjo
View
25
Download
11
Embed Size (px)
DESCRIPTION
CYBERSECURITY, RISK AND CONTROL
Citation preview
CYBERSECURITY, RISK AND CONTROL
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
Cybersecurity Nexus Liaison
ISACA, Indonesia
Simposium Nasional CyberSecurity (SNCS) 2015 Jakarta, 3-4 Juni 2015
2
Current: Cybersecurity Nexus Liaison, ISACA Indonesia Chapter ISACA Academic Advocate at ITB SME for Informa@on Security Standard for ISO at ISACA HQ Associate Professor at School of Electrical Engineering and Informa@cs, Ins@tut Teknologi Bandung Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Pani@a Teknis 35-01 Program
Nasional Penetapan Standar bidang Teknologi Informasi, BSN Kominfo. Past: Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008) Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transac@on Reports and Analysis Center, INTRAC), April 2009
May 2011 Professional Cer0ca0on: Professional Engineering (PE), the Principles and Prac@ce of Electrical Engineering, College of Engineering, the University
of Texas at Aus@n. 2000 IRCA Informa@on Security Management System Lead Auditor Course, 2004 ISACA Cer@ed Informa@on System Auditor (CISA). CISA Number: 0540859, 2005 Brainbench Computer Forensic, 2006 (ISC)2 Cer@ed Informa@on Systems Security Professional (CISSP), No: 118113, 2007 ISACA Cer@ed Informa@on Security Manager (CISM). CISM Number: 0707414, 2007 Award: (ISC)2 Asia Pacic Informa0on Security Leadership Achievements (ISLA) 2011 award in category Senior Informa0on
Security Professional. hbp://isc2.org/ISLA
2
Sarwono Su0kno, Dr.Eng.,CISA,CISSP,CISM
SARAN UNTUK BADAN CYBER NASIONAL
Strategis dan Kebijakan Kaji manfaat dan risiko cyber Sumber daya manusia diutamakan Kaji risiko dan manfaat perangkat teknologi, manusia, process dan organisasi
4
NETWORK IS COMPROMISED
APT LIFE CYCLE
HOW FAST
THREAT
PIRT
The CSX Liaison reports to the chapter president.
Presentation: KamInfo.ID 13
IMPLEMENTING FRAMEWORKS TO POPULATE BMIS
ISO 27031
COBIT 5 Enabling Process
RISK-BASED CATEGORIZATION CONTROL
COBIT 5 SNI ISO 38500
Internal Control Framework COSO
HUBUNGAN ANTAR KERANGKA
PP60/2008 Sistem Pengendalian Intern
Pemerintah
Tata
Kel
ola
Tata
Kel
ola
TI
Man
ajem
en T
I
Panduan Umum Tata Kelola TIK Nas +
Kuesioner Evaluasi Pengendalian Intern TIK
SNI ISO 27001 SNI ISO 20000 SNI ISO 15408
SARAN UNTUK BADAN CYBER NASIONAL
Strategis dan Kebijakan Kaji manfaat dan risiko cyber Sumber daya manusia diutamakan Kaji risiko dan manfaat perangkat teknologi, manusia, process dan organisasi
Q&A isaca.org/cyber ISACA Cybersecurity Teaching Materials