Human Factors of XR: Using Human Factors to Design XR Systems
An Integrated Information Security Framework from Tactical to Strategical Approach
1. An Integrated Information Security Framework:
From Tactical to Strategical Approach
Indonesia ICT Council
Prof. Zainal A. Hasibuan, Ph.D
Vice executive Chairman National ICT Council
NGN Info Security & Intrusion Test Studio 2012
Singapore, 4-5 July 2012
2. Overview
• Motivation
• The Importance of Information Security
• Information Security Profiles
• Security Governing Structure
• Uninterrupted Security Alert
• Issues and Challenges on Information
Security
• Conclusions
2
4. Cyber Space at Work and Daily Life
• Daily Life
– Digital activity
– Online shopping
– Online
communication
• Fix and Mobile
Communication
– Social Media
– Etc.
4
• At Work
– E-Business
– E-Commerce
– E-Education
– E-Health
– E-Government
– G2C, G2B,B2G,
G2E
5. Threats in Information Security
5
Computer Virus HackingWorm . . . . .
Theft Cuts . . . . . Bomb
Information Technology
Logical/
Cyber
Attack
Physical
Attack
6. The Context of Information Threat
• The current threat for every country is not only come from
physical threat, but also from cyber threat, because the
cyber threat potentially destroying the economy and
destabilize the country's security.
8. Why We Need Information Security?
• Extremely rely on information technology
• Unacceptable loss (Tangible and
Intangible)
• The existence of various threats
8
19. Examples: Secured e-Government Development
Phases
Potential e-Government
Programs/Projects
Impact Analysis
Classification
level of e-
Government
security
Secure e-
Government
Development
• Tangible and
Intangible national
impact
• Cost
• Risk
• etc
• Level of control e-
government
• E-government
security
implementation
20. The Structure of National Security Organization
20
Steering Committee
National Cybersecurity Board
Executive Committee
Public-CERT Goverment-CERT Defense-CERT ... - CERT
Program Committee
StrategicLevelTacticalleve
Operational
President and
Ministers
Practicioners,
Academicians,
etc
22. Information Security Awareness
• Information Security Education
– It should be integrated in the school curricula
• Information Security Socialization
– Well targeted community
– Well targeted government agency
• Information Security Research & Development
– Keep abreast with the ICT development
• Information Security Capacity Building
• Information Security Institutional Building
22
23. Policies and Regulations: ICT Security
23
Telecommunication Act
Information Transaction Electronic Act
Implementation Of Telecommunications Government Regulation
Organizational structure of information security Ministerial Regulation
IP-based network security Ministerial Regulation
CA Supervisory Board ad hoc team Ministerial Decree
Information security coordination team Ministerial Decree
Web server security
Wifi Security
Guidelines for the use of ISO 2700
National Act
Government Regulation
Ministerial Regulation
Ministerial Decree
Ministerial Letter
24. Technical and Procedural
• Indonesia National Standard (SNI ISO/IEC 27001:2009: Information
Security Management System): National Standardization Agency (BSN)
has established an identical adoption of ISO 27001 become SNI ISO/IEC
27001, This standard covers all types of organizations such as commercial
enterprises, government, & nonprofit organization. This standard specifies
requirements for establishing, implementing, operating, monitoring,
assessment, improving & maintenance of Information Security.
• Health and Safe Internet Program: This program contains educational and
public awareness about the importance of information security. It is hoped
that through this program, community in ICT sector participate in
maintaining security in cyberspace.
• Trust+: Trust Positive (Trust+) is negative content filtering technology
based which is developed by models and the workings of this system is to
perform filtering of the top level domain, URL and Content, Keyword,
Expression. Implementation Trust+ is performed in MCIT, telcooperators
and ISPs.
24
25. Security: Organizational Structures
25
MCIT
Infromation Security
Coordination Team
Directorate General of
Applications Informatics
Directorate General of Postal
Devices and Informatics
Goverment
Agencies
Directorate of Information
Security
Indonesia Security Incident
Response Team on Internet
Infrastructure (ID-SIRTII)
ID-CERT ID-ACAD-CSIRT
Community
Structural Adhoc
26. Security: Organizational Structures
26
Information Security
Coordination Team
Directorate of
Information
Security
Indonesia Security Incident Response Team on
Internet Infrastructure
Legal
Basis
Decree of the Minister of
MCIT Number:
133/KEP/M/KOMINFO/
04/2010
Regulation of the
Minister of MCIT
Number:17/PER/M.K
OMINFO/10/2010
Regulation of the Minister of MCIT Number:
26/PER/M.KOMINFO/5/2007
Tasks and
Functions
To coordinate, develop
policy, develop technical
guidelines, conducting
awareness campaigns,
and conduct monitoring
and submit reports on the
implementation of
information security in
Indonesia.
To formulate and
implement policies,
preparation of norms,
standards, procedures
and criteria, providing
technical guidance
and evaluation in the
field of information
security.
Internet traffic monitoring for incident handling
purposes;Managing log files to support law
enforcement;Educating public for security
awareness;Assisting institutions in managing
security;Providing training to constituency and
stakeholders;Running laboratory for simulation
practices;Establishing external and international
collaborations.
27. Capacitiy Building
• Indonesia's National Work Competence
Standards (SKKNI) Sector Information
Security: This standard is used to
provide guidance in identify and
categorize the positions and certification
of personnel who perform information
security functions that support the
organization's which implementing
information security.
• Information Security Index (KAMI
Index): The purpose of this activity to
map the maturity level of information
security in the public service providers in
accordance with SNI 27001.
27
28. International Cooperation
• Indonesia has become a Full Member of the Asia
Pacific and APCERT FIRST (Forum for Incident
Response and Security Team) of the world.
• Indonesia also has become a Full Member and
founder of the OIC-CERT (Organisation of the Islamic
Conference-CERT).
28
30. 30
The Indonesian
Archipelago
17,548 islands - 33 states - 497 districts – 5,263 municipalities – 62,806 villages
237 million population - 2 million km2 area – 80,000 km coastline length
583 dialects – 127 million labor force - 50 million students
1,000 trillion USD GDP - 6.4% annual growth rate
31. Geographical Issues
• Thousands of island
• Many way-in and way-out
– Land
– Sea
– Air
– Telecommunication
• Unequal development areas
31
32. Indonesia Society
• Consists of hundreds of ethnic and sub-ethnic
• Consists of various cultures and local
languages
• Human resources development
32
33. Government Organization
• Very complex government structure
• Central government
• Local government with degree of autonomy
– Provincial government
– Regency government
– City government
33