SlideShare a Scribd company logo

An Integrated Information Security Framework from Tactical to Strategical Approach

Emyana Ruth
Emyana Ruth

credit to Prof. Zainal Hasibuan -DetikNas

TechnologyNews & Politics
1 of 36
An Integrated Information Security Framework: From Tactical to Strategical Approach Indonesia ICT Council Prof. Zainal A. Hasibuan, Ph.D Vice executive Chairman National ICT Council NGN Info Security & Intrusion Test Studio 2012 Singapore, 4-5 July 2012
Overview • Motivation • The Importance of Information Security • Information Security Profiles • Security Governing Structure • Uninterrupted Security Alert • Issues and Challenges on Information Security • Conclusions 2
Motivation: Why Information Security?
Cyber Space at Work and Daily Life • Daily Life – Digital activity – Online shopping – Online communication • Fix and Mobile Communication – Social Media – Etc. 4 • At Work – E-Business – E-Commerce – E-Education – E-Health – E-Government – G2C, G2B,B2G, G2E
Threats in Information Security 5 Computer Virus HackingWorm . . . . . Theft Cuts . . . . . Bomb Information Technology Logical/ Cyber Attack Physical Attack
The Context of Information Threat • The current threat for every country is not only come from physical threat, but also from cyber threat, because the cyber threat potentially destroying the economy and destabilize the country's security.
The Importance of Information Security
Why We Need Information Security? • Extremely rely on information technology • Unacceptable loss (Tangible and Intangible) • The existence of various threats 8
Secured Our Valuable Asset Integrity Asset ConfidentialityAvailability C I A 9
Secured Our Being… • Individual Security • Family Security • Community Security • Country Security • Country Sovereignty • Regional Security • Global Security 10
Information Security Profiles
Information Security Layers 12 Data Application Host Internal Network External Network Society Country Global
Information Security Approach 13 Information SecurityAdministrati ve Approach Technology Approach
Administrative Approach 14 Level/Document Policy Standard Procedure Strategic V Tactical V Operational V
Technology Approach • Data Technology • Application Technology • Host Technology • Internal Network Technology • External Network Technology 15
Security Governing Structure
Integrated Information Security Framework Administrative Approach Technology Approach 17 Security Strategic Level Security Operational Level control control Security Managerial Level Direct Direct Legal TechnicalandProcedural OrganizationStructures CapacityBuilding InternationalCooperation Execute Availability Integrity Confidentiality
Information Security: Administrative and Technology Approach External Network DMZ Penetration Testing VPN Logging Auditing Vulnerability Analysis Network Perimeter Firewalls Penetration Testing Proxy Logging Auditing Vulnerability Analysis Stateful Packet Inspection Internal Network IDS Penetration Testing IPS Logging Auditing Vulnerability Analysis Host Authentication Password Hashing Antivirus IDS IPS Logging Auditing Penetration Testing Vulnerability Analysis Application SSO Content Filtering Auditing Penetration Testing Data Validation Vulnerability Analysis Data Encryption Access Controls Penetration Testing Backup Vulnerability Analysis
Examples: Secured e-Government Development Phases Potential e-Government Programs/Projects Impact Analysis Classification level of e- Government security Secure e- Government Development • Tangible and Intangible national impact • Cost • Risk • etc • Level of control e- government • E-government security implementation
The Structure of National Security Organization 20 Steering Committee National Cybersecurity Board Executive Committee Public-CERT Goverment-CERT Defense-CERT ... - CERT Program Committee StrategicLevelTacticalleve Operational President and Ministers Practicioners, Academicians, etc
Uninterrupted Security Alert: Indonesian Case
Information Security Awareness • Information Security Education – It should be integrated in the school curricula • Information Security Socialization – Well targeted community – Well targeted government agency • Information Security Research & Development – Keep abreast with the ICT development • Information Security Capacity Building • Information Security Institutional Building 22
Policies and Regulations: ICT Security 23 Telecommunication Act Information Transaction Electronic Act Implementation Of Telecommunications Government Regulation Organizational structure of information security Ministerial Regulation IP-based network security Ministerial Regulation CA Supervisory Board ad hoc team Ministerial Decree Information security coordination team Ministerial Decree Web server security Wifi Security Guidelines for the use of ISO 2700 National Act Government Regulation Ministerial Regulation Ministerial Decree Ministerial Letter
Technical and Procedural • Indonesia National Standard (SNI ISO/IEC 27001:2009: Information Security Management System): National Standardization Agency (BSN) has established an identical adoption of ISO 27001 become SNI ISO/IEC 27001, This standard covers all types of organizations such as commercial enterprises, government, & nonprofit organization. This standard specifies requirements for establishing, implementing, operating, monitoring, assessment, improving & maintenance of Information Security. • Health and Safe Internet Program: This program contains educational and public awareness about the importance of information security. It is hoped that through this program, community in ICT sector participate in maintaining security in cyberspace. • Trust+: Trust Positive (Trust+) is negative content filtering technology based which is developed by models and the workings of this system is to perform filtering of the top level domain, URL and Content, Keyword, Expression. Implementation Trust+ is performed in MCIT, telcooperators and ISPs. 24
Security: Organizational Structures 25 MCIT Infromation Security Coordination Team Directorate General of Applications Informatics Directorate General of Postal Devices and Informatics Goverment Agencies Directorate of Information Security Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) ID-CERT ID-ACAD-CSIRT Community Structural Adhoc
Security: Organizational Structures 26 Information Security Coordination Team Directorate of Information Security Indonesia Security Incident Response Team on Internet Infrastructure Legal Basis Decree of the Minister of MCIT Number: 133/KEP/M/KOMINFO/ 04/2010 Regulation of the Minister of MCIT Number:17/PER/M.K OMINFO/10/2010 Regulation of the Minister of MCIT Number: 26/PER/M.KOMINFO/5/2007 Tasks and Functions To coordinate, develop policy, develop technical guidelines, conducting awareness campaigns, and conduct monitoring and submit reports on the implementation of information security in Indonesia. To formulate and implement policies, preparation of norms, standards, procedures and criteria, providing technical guidance and evaluation in the field of information security. Internet traffic monitoring for incident handling purposes;Managing log files to support law enforcement;Educating public for security awareness;Assisting institutions in managing security;Providing training to constituency and stakeholders;Running laboratory for simulation practices;Establishing external and international collaborations.
Capacitiy Building • Indonesia's National Work Competence Standards (SKKNI) Sector Information Security: This standard is used to provide guidance in identify and categorize the positions and certification of personnel who perform information security functions that support the organization's which implementing information security. • Information Security Index (KAMI Index): The purpose of this activity to map the maturity level of information security in the public service providers in accordance with SNI 27001. 27
International Cooperation • Indonesia has become a Full Member of the Asia Pacific and APCERT FIRST (Forum for Incident Response and Security Team) of the world. • Indonesia also has become a Full Member and founder of the OIC-CERT (Organisation of the Islamic Conference-CERT). 28
Issues and Challenges on Information Security: Indonesian Case
30 The Indonesian Archipelago 17,548 islands - 33 states - 497 districts – 5,263 municipalities – 62,806 villages 237 million population - 2 million km2 area – 80,000 km coastline length 583 dialects – 127 million labor force - 50 million students 1,000 trillion USD GDP - 6.4% annual growth rate
Geographical Issues • Thousands of island • Many way-in and way-out – Land – Sea – Air – Telecommunication • Unequal development areas 31
Indonesia Society • Consists of hundreds of ethnic and sub-ethnic • Consists of various cultures and local languages • Human resources development 32
Government Organization • Very complex government structure • Central government • Local government with degree of autonomy – Provincial government – Regency government – City government 33
ICT Infrastructure Development: Indonesia Connected 34
Conclusions • Harmonize policies and regulations • Strengthening institutions and organizations • Develop human resources • Funding Commitment 35
An Integrated Information Security Framework from Tactical to Strategical Approach

Recommended

Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyDirectorate of Information Security | Ditjen Aptika
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and SecurityIMT CDL
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 

Recommended

Cyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalCyber defence sebagai garda terdepan ketahanan nasional
Cyber defence sebagai garda terdepan ketahanan nasionalEdi Suryadi
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyDirectorate of Information Security | Ditjen Aptika
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy finalIndian Air Force
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
Fundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest TechnologyFundamental Areas of Cyber Security on Latest Technology
Fundamental Areas of Cyber Security on Latest Technologyijtsrd
 
Cyber Law and Security
Cyber Law and SecurityCyber Law and Security
Cyber Law and SecurityIMT CDL
 
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...National Critical Information Infrastructure Protection Centre (NCIIPC): Role...
National Critical Information Infrastructure Protection Centre (NCIIPC): Role...Cybersecurity Education and Research Centre
 
Improved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationImproved-Cybersecurity-cooperation
Improved-Cybersecurity-cooperationrrepko
 
cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018Chiranjit Adhikary
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Cybersecurity
CybersecurityCybersecurity
CybersecurityAurobindo Nayak
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Benjamin Ang
 
Cyber-Security in Education
Cyber-Security in EducationCyber-Security in Education
Cyber-Security in EducationTyrone Grandison
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURDr. Sushma H.B
 
Nigerian students, technology education and cyber crime
Nigerian students, technology education and cyber crimeNigerian students, technology education and cyber crime
Nigerian students, technology education and cyber crimeRemmy Nweke, mNGE, mNUJ, mGOCOP
 
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaManaging High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaYudhistira Nugraha
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Tech
 
Adapting to changing cyber security threats in South East Asia (IFRI 2020)
Adapting to changing cyber security threats in South East Asia (IFRI 2020)Adapting to changing cyber security threats in South East Asia (IFRI 2020)
Adapting to changing cyber security threats in South East Asia (IFRI 2020)Benjamin Ang
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb GhallabFahmi Albaheth
 
Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...
Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...
Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...Dicoding
 
7 inspirasi- perusahaan-berbasis-it
7 inspirasi- perusahaan-berbasis-it7 inspirasi- perusahaan-berbasis-it
7 inspirasi- perusahaan-berbasis-itArif Huda
 
Anatomy and embryology of crystalline lens DrBP
Anatomy and embryology of crystalline lens DrBPAnatomy and embryology of crystalline lens DrBP
Anatomy and embryology of crystalline lens DrBPdrbhushan17
 

More Related Content

What's hot

cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.AbutalebFahmi Albaheth
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligenceijtsrd
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Benjamin Ang
 
Cyber-Security in Education
Cyber-Security in EducationCyber-Security in Education
Cyber-Security in EducationTyrone Grandison
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURDr. Sushma H.B
 
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaManaging High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaYudhistira Nugraha
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...at MicroFocus Italy ❖✔
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Tech
 
Adapting to changing cyber security threats in South East Asia (IFRI 2020)
Adapting to changing cyber security threats in South East Asia (IFRI 2020)Adapting to changing cyber security threats in South East Asia (IFRI 2020)
Adapting to changing cyber security threats in South East Asia (IFRI 2020)Benjamin Ang
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb GhallabFahmi Albaheth
 

What's hot (19)

cybersecurity- A.Abutaleb
cybersecurity- A.Abutalebcybersecurity- A.Abutaleb
cybersecurity- A.Abutaleb
 
Cyber Security in 2018
Cyber Security in 2018Cyber Security in 2018
Cyber Security in 2018
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
 
Cyber-Security in Education
Cyber-Security in EducationCyber-Security in Education
Cyber-Security in Education
 
CYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOURCYBER SECURITY : NEED OF THE HOUR
CYBER SECURITY : NEED OF THE HOUR
 
Nigerian students, technology education and cyber crime
Nigerian students, technology education and cyber crimeNigerian students, technology education and cyber crime
Nigerian students, technology education and cyber crime
 
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in IndonesiaManaging High-Volume Cyber Attacks Through Effective Strategies in Indonesia
Managing High-Volume Cyber Attacks Through Effective Strategies in Indonesia
 
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
The National Cyber Security Strategy 2016 to 2021 sets out the government's p...
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
 
Lucideus Company Profile 2014
Lucideus Company Profile 2014Lucideus Company Profile 2014
Lucideus Company Profile 2014
 
Adapting to changing cyber security threats in South East Asia (IFRI 2020)
Adapting to changing cyber security threats in South East Asia (IFRI 2020)Adapting to changing cyber security threats in South East Asia (IFRI 2020)
Adapting to changing cyber security threats in South East Asia (IFRI 2020)
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network Infrastructure
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb Ghallab
 

Viewers also liked

Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...
Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...
Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...Dicoding
 
7 inspirasi- perusahaan-berbasis-it
7 inspirasi- perusahaan-berbasis-it7 inspirasi- perusahaan-berbasis-it
7 inspirasi- perusahaan-berbasis-itArif Huda
 
Anatomy and embryology of crystalline lens DrBP
Anatomy and embryology of crystalline lens DrBPAnatomy and embryology of crystalline lens DrBP
Anatomy and embryology of crystalline lens DrBPdrbhushan17
 
Membangun ekosistem ekonomi kreatif aplikasi dan game
Membangun ekosistem ekonomi kreatif aplikasi dan gameMembangun ekosistem ekonomi kreatif aplikasi dan game
Membangun ekosistem ekonomi kreatif aplikasi dan gameArif Huda
 
Vehicle Number Plate Recognition System
Vehicle Number Plate Recognition SystemVehicle Number Plate Recognition System
Vehicle Number Plate Recognition Systemprashantdahake
 
Number plate recognition system using matlab.
Number plate recognition system using matlab.Number plate recognition system using matlab.
Number plate recognition system using matlab.Namra Afzal
 
Fintech Uprising in Indonesia 2016 Preview
Fintech Uprising in Indonesia 2016 PreviewFintech Uprising in Indonesia 2016 Preview
Fintech Uprising in Indonesia 2016 PreviewSDI Lab
 
Future Social: 10 Key Trends in Social Media
Future Social: 10 Key Trends in Social MediaFuture Social: 10 Key Trends in Social Media
Future Social: 10 Key Trends in Social MediaWe Are Social Singapore
 

Viewers also liked (11)

Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...
Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...
Continuous Integration & Continuous Delivery on Android - Nur Rendra Toro Sin...
 
7 inspirasi- perusahaan-berbasis-it
7 inspirasi- perusahaan-berbasis-it7 inspirasi- perusahaan-berbasis-it
7 inspirasi- perusahaan-berbasis-it
 
Anatomy and embryology of crystalline lens DrBP
Anatomy and embryology of crystalline lens DrBPAnatomy and embryology of crystalline lens DrBP
Anatomy and embryology of crystalline lens DrBP
 
Membangun ekosistem ekonomi kreatif aplikasi dan game
Membangun ekosistem ekonomi kreatif aplikasi dan gameMembangun ekosistem ekonomi kreatif aplikasi dan game
Membangun ekosistem ekonomi kreatif aplikasi dan game
 
Vehicle Number Plate Recognition System
Vehicle Number Plate Recognition SystemVehicle Number Plate Recognition System
Vehicle Number Plate Recognition System
 
Social, Digital & Mobile in APAC
Social, Digital & Mobile in APACSocial, Digital & Mobile in APAC
Social, Digital & Mobile in APAC
 
Lens
Lens Lens
Lens
 
Number plate recognition system using matlab.
Number plate recognition system using matlab.Number plate recognition system using matlab.
Number plate recognition system using matlab.
 
Fintech Uprising in Indonesia 2016 Preview
Fintech Uprising in Indonesia 2016 PreviewFintech Uprising in Indonesia 2016 Preview
Fintech Uprising in Indonesia 2016 Preview
 
Digital in 2016
Digital in 2016Digital in 2016
Digital in 2016
 
Future Social: 10 Key Trends in Social Media
Future Social: 10 Key Trends in Social MediaFuture Social: 10 Key Trends in Social Media
Future Social: 10 Key Trends in Social Media
 

Similar to An Integrated Information Security Framework from Tactical to Strategical Approach

Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approachesvngundi
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber securityAurobindo Nayak
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexShivamSharma909
 
UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19consultancyss
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramGoogleNewsSubmit
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptx
Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptxGuarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptx
Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptxANA Cyber Security Forensic Pvt. Ltd.
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013Vidushi Singh
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptxrabeetkashif
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachITU
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security ManagementMITSDEDistance
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards ComplianceDr. Prashant Vats
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceCharles Lim
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prustyamarprusty
 

Similar to An Integrated Information Security Framework from Tactical to Strategical Approach (20)

Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...Building internet safety wall understanding the imperatives of national domai...
Building internet safety wall understanding the imperatives of national domai...
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Indian perspective of cyber security
Indian perspective of cyber securityIndian perspective of cyber security
Indian perspective of cyber security
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
The importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity indexThe importance of understanding the global cybersecurity index
The importance of understanding the global cybersecurity index
 
UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19UN Singapore Cyber Programme 15 july19
UN Singapore Cyber Programme 15 july19
 
A Major Revision of the CISRCP Program
A Major Revision of the CISRCP ProgramA Major Revision of the CISRCP Program
A Major Revision of the CISRCP Program
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 
Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptx
Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptxGuarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptx
Guarding Indias Digital Fortress The Vulnerability to Zero Day Attacks.pptx
 
National Cyber Security Policy-2013
National Cyber Security Policy-2013National Cyber Security Policy-2013
National Cyber Security Policy-2013
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approach
 
Information Technology Security Management
Information Technology Security ManagementInformation Technology Security Management
Information Technology Security Management
 
Cyber Security Standards Compliance
Cyber Security Standards ComplianceCyber Security Standards Compliance
Cyber Security Standards Compliance
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
ICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security GovernanceICION 2016 - Cyber Security Governance
ICION 2016 - Cyber Security Governance
 
Iot security amar prusty
Iot security amar prustyIot security amar prusty
Iot security amar prusty
 

Recently uploaded

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

An Integrated Information Security Framework from Tactical to Strategical Approach

  • 1. An Integrated Information Security Framework: From Tactical to Strategical Approach Indonesia ICT Council Prof. Zainal A. Hasibuan, Ph.D Vice executive Chairman National ICT Council NGN Info Security & Intrusion Test Studio 2012 Singapore, 4-5 July 2012
  • 2. Overview • Motivation • The Importance of Information Security • Information Security Profiles • Security Governing Structure • Uninterrupted Security Alert • Issues and Challenges on Information Security • Conclusions 2
  • 4. Cyber Space at Work and Daily Life • Daily Life – Digital activity – Online shopping – Online communication • Fix and Mobile Communication – Social Media – Etc. 4 • At Work – E-Business – E-Commerce – E-Education – E-Health – E-Government – G2C, G2B,B2G, G2E
  • 5. Threats in Information Security 5 Computer Virus HackingWorm . . . . . Theft Cuts . . . . . Bomb Information Technology Logical/ Cyber Attack Physical Attack
  • 6. The Context of Information Threat • The current threat for every country is not only come from physical threat, but also from cyber threat, because the cyber threat potentially destroying the economy and destabilize the country's security.
  • 8. Why We Need Information Security? • Extremely rely on information technology • Unacceptable loss (Tangible and Intangible) • The existence of various threats 8
  • 9. Secured Our Valuable Asset Integrity Asset ConfidentialityAvailability C I A 9
  • 10. Secured Our Being… • Individual Security • Family Security • Community Security • Country Security • Country Sovereignty • Regional Security • Global Security 10
  • 12. Information Security Layers 12 Data Application Host Internal Network External Network Society Country Global
  • 13. Information Security Approach 13 Information SecurityAdministrati ve Approach Technology Approach
  • 14. Administrative Approach 14 Level/Document Policy Standard Procedure Strategic V Tactical V Operational V
  • 15. Technology Approach • Data Technology • Application Technology • Host Technology • Internal Network Technology • External Network Technology 15
  • 17. Integrated Information Security Framework Administrative Approach Technology Approach 17 Security Strategic Level Security Operational Level control control Security Managerial Level Direct Direct Legal TechnicalandProcedural OrganizationStructures CapacityBuilding InternationalCooperation Execute Availability Integrity Confidentiality
  • 18. Information Security: Administrative and Technology Approach External Network DMZ Penetration Testing VPN Logging Auditing Vulnerability Analysis Network Perimeter Firewalls Penetration Testing Proxy Logging Auditing Vulnerability Analysis Stateful Packet Inspection Internal Network IDS Penetration Testing IPS Logging Auditing Vulnerability Analysis Host Authentication Password Hashing Antivirus IDS IPS Logging Auditing Penetration Testing Vulnerability Analysis Application SSO Content Filtering Auditing Penetration Testing Data Validation Vulnerability Analysis Data Encryption Access Controls Penetration Testing Backup Vulnerability Analysis
  • 19. Examples: Secured e-Government Development Phases Potential e-Government Programs/Projects Impact Analysis Classification level of e- Government security Secure e- Government Development • Tangible and Intangible national impact • Cost • Risk • etc • Level of control e- government • E-government security implementation
  • 20. The Structure of National Security Organization 20 Steering Committee National Cybersecurity Board Executive Committee Public-CERT Goverment-CERT Defense-CERT ... - CERT Program Committee StrategicLevelTacticalleve Operational President and Ministers Practicioners, Academicians, etc
  • 22. Information Security Awareness • Information Security Education – It should be integrated in the school curricula • Information Security Socialization – Well targeted community – Well targeted government agency • Information Security Research & Development – Keep abreast with the ICT development • Information Security Capacity Building • Information Security Institutional Building 22
  • 23. Policies and Regulations: ICT Security 23 Telecommunication Act Information Transaction Electronic Act Implementation Of Telecommunications Government Regulation Organizational structure of information security Ministerial Regulation IP-based network security Ministerial Regulation CA Supervisory Board ad hoc team Ministerial Decree Information security coordination team Ministerial Decree Web server security Wifi Security Guidelines for the use of ISO 2700 National Act Government Regulation Ministerial Regulation Ministerial Decree Ministerial Letter
  • 24. Technical and Procedural • Indonesia National Standard (SNI ISO/IEC 27001:2009: Information Security Management System): National Standardization Agency (BSN) has established an identical adoption of ISO 27001 become SNI ISO/IEC 27001, This standard covers all types of organizations such as commercial enterprises, government, & nonprofit organization. This standard specifies requirements for establishing, implementing, operating, monitoring, assessment, improving & maintenance of Information Security. • Health and Safe Internet Program: This program contains educational and public awareness about the importance of information security. It is hoped that through this program, community in ICT sector participate in maintaining security in cyberspace. • Trust+: Trust Positive (Trust+) is negative content filtering technology based which is developed by models and the workings of this system is to perform filtering of the top level domain, URL and Content, Keyword, Expression. Implementation Trust+ is performed in MCIT, telcooperators and ISPs. 24
  • 25. Security: Organizational Structures 25 MCIT Infromation Security Coordination Team Directorate General of Applications Informatics Directorate General of Postal Devices and Informatics Goverment Agencies Directorate of Information Security Indonesia Security Incident Response Team on Internet Infrastructure (ID-SIRTII) ID-CERT ID-ACAD-CSIRT Community Structural Adhoc
  • 26. Security: Organizational Structures 26 Information Security Coordination Team Directorate of Information Security Indonesia Security Incident Response Team on Internet Infrastructure Legal Basis Decree of the Minister of MCIT Number: 133/KEP/M/KOMINFO/ 04/2010 Regulation of the Minister of MCIT Number:17/PER/M.K OMINFO/10/2010 Regulation of the Minister of MCIT Number: 26/PER/M.KOMINFO/5/2007 Tasks and Functions To coordinate, develop policy, develop technical guidelines, conducting awareness campaigns, and conduct monitoring and submit reports on the implementation of information security in Indonesia. To formulate and implement policies, preparation of norms, standards, procedures and criteria, providing technical guidance and evaluation in the field of information security. Internet traffic monitoring for incident handling purposes;Managing log files to support law enforcement;Educating public for security awareness;Assisting institutions in managing security;Providing training to constituency and stakeholders;Running laboratory for simulation practices;Establishing external and international collaborations.
  • 27. Capacitiy Building • Indonesia's National Work Competence Standards (SKKNI) Sector Information Security: This standard is used to provide guidance in identify and categorize the positions and certification of personnel who perform information security functions that support the organization's which implementing information security. • Information Security Index (KAMI Index): The purpose of this activity to map the maturity level of information security in the public service providers in accordance with SNI 27001. 27
  • 28. International Cooperation • Indonesia has become a Full Member of the Asia Pacific and APCERT FIRST (Forum for Incident Response and Security Team) of the world. • Indonesia also has become a Full Member and founder of the OIC-CERT (Organisation of the Islamic Conference-CERT). 28
  • 29. Issues and Challenges on Information Security: Indonesian Case
  • 30. 30 The Indonesian Archipelago 17,548 islands - 33 states - 497 districts – 5,263 municipalities – 62,806 villages 237 million population - 2 million km2 area – 80,000 km coastline length 583 dialects – 127 million labor force - 50 million students 1,000 trillion USD GDP - 6.4% annual growth rate
  • 31. Geographical Issues • Thousands of island • Many way-in and way-out – Land – Sea – Air – Telecommunication • Unequal development areas 31
  • 32. Indonesia Society • Consists of hundreds of ethnic and sub-ethnic • Consists of various cultures and local languages • Human resources development 32
  • 33. Government Organization • Very complex government structure • Central government • Local government with degree of autonomy – Provincial government – Regency government – City government 33
  • 34. ICT Infrastructure Development: Indonesia Connected 34
  • 35. Conclusions • Harmonize policies and regulations • Strengthening institutions and organizations • Develop human resources • Funding Commitment 35