1. E-GOVERNMENT
INFORMATION SECURITY,
RISKAND CONTROL
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
Cybersecurity Nexus Liaison, ISACA Indonesia & Sekolah Teknik Elektro dan Informatika ITB
Presentasi di DAS BIN
Jayapura, 3 Oktober 2016

2. 2
Current:
• Cybersecurity Nexus Liaison, ISACA Indonesia Chapter
• ISACA Academic Advocate at ITB
• Anggota Pembina Yayasan Pendidikan Internal Audit
• SME for InformaEon Security Standard for ISO at ISACA HQ
• Associate Professor at School of Electrical Engineering and InformaEcs, InsEtut Teknologi Bandung
• Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota PaniEa Teknis 35-01 Program
Nasional Penetapan Standar bidang Teknologi Informasi, BSN – Kominfo.
Past:
• Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008)
• Plt Direktur Operasi Sistem PPATK (Indonesia Financial TransacEon Reports and Analysis Center, INTRAC), April 2009 –
May 2011
Professional Cer0fica0on:
• Professional Engineering (PE), the Principles and PracEce of Electrical Engineering, College of Engineering, the University
of Texas at AusEn. 2000
• IRCA InformaEon Security Management System Lead Auditor Course, 2004
• ISACA CerEfied InformaEon System Auditor (CISA). CISA Number: 0540859, 2005
• Brainbench Computer Forensic, 2006
• (ISC)2 CerEfied InformaEon Systems Security Professional (CISSP), No: 118113, 2007
• ISACA CerEfied InformaEon Security Manager (CISM). CISM Number: 0707414, 2007
Award:
• (ISC)2 Asia Pacific Informa0on Security Leadership Achievements (ISLA) 2011 award in category Senior Informa0on
Security Professional. hcp://isc2.org/ISLA
Sarwono Su0kno, Dr.Eng.,CISA,CISSP,CISM,CSX-F

3. KESEPAKATAN DISKUSI
• Mohon maaf jika gaya/kebiasaan saya di ITB muncul dalam diskusi ini
• Niatnya agar Indonesia lebih berdaulat
• Boleh buka laptop dan akses internet
• Seluruh peserta harus bicara, bertanya, berpendapat, guyon sebagai
pembuka kreatifitas
• Sarwono Sutikno hanya fasilitator dan sedang belajar
• Semoga saya dan semua insan Indonesia menjadi orang merdeka !!!
• Semoga setiap insan Indonesia menjadi khalifah dalam arti tidak ada yang
dapat membatasi potensi seorang insan kecuali impian dirinya dan
tuhannya.
Agar efektif berdiskusi

4. BLOOM’STAXONOMYOFEDUCATIONAL
OBJECTIVES
Apply
Comprehend
Remember
list, recite
explain, paraphrase
calculate, solve,
determine, apply
Analyze
compare, contrast, classify,
categorize, derive, model
Synthesize
create, construct, design,
improve, produce, propose
Evaluate
judge, critique, justify,
verify, assess, recommend

5. Presentation: KamInfo.ID5

6. Presentation: KamInfo.ID6

7. E-Government Summit – Jakarta 6 September 2016
http://www.menpan.go.id/berita-terkini/120-info-terkini/5590-paparan-e-government-summit-2016-hotel-bidakara-jakarta-6-september-2016
1. Arsip Nasional (ANRI),
2. Badan Kepegawaian Negara (BKN) | Best Practices e-Government Manajemen ASN,
3. Badan Kepegawaian Negara (BKN),
4. BPKP | Pengembangan SIMA HP menuju e-Government
5. Badan Pengawas Obat dan Makanan (BPOM),
6. Deputi Bidang Kelembagaan dan Tata Laksana - Kementerian PANRB,
7. Prof. Eko Prasojo | The Role of Leadership and Key Success Factors in E-government
8. KOICA | IT Capacity Building for Government Officials,
9. Kementerian Kesehatan (KEMENKES),
10. Kementerian Koordinator Bidang Pembangunan Manusia dan Kebudayaan (KEMENKOPMK),
11. Kementerian Pekerjaaan Umum dan Perumahana Rakyat (KEMENPUPR)
12. Kementerian Sekretariat Negara (KEMENSETNEG),
13. Lembaga Administrasi Negara (LAN),
14. Tae-Ho Youn KOICA | Indonesia Need Own Competitive e-Government Strategy,
15. Lembaga Kebijakan Pengadaan Barang/Jasa Pemerintah (LKPP),
16. Badan Kependudukan dan Keluarga Berencana Nasional (BKKBN),

8. Implementation Target of E-Government
1. Satisfaction: improving access; shorting interaction
2. Customization: services based on the needs of the
community Social development based on the expertise and
capabilities of ICT
3. Proactive interaction with the public and democratic
participation in decision-making
Public Service
Quality
1. Improve productivity and skills of civil servants
2. Improve collaboration and knowledge-sharing among all
levels of the government agencies
3. Sharpen the formulation of Standard Operating Procedure in
the government
Effective and
efficient
government
1. Bureaucratic reforms towards a better good governance
2. Increased transparency and accountability
3. Increased productivity performance
Bureaucracy
reform

9. COBIT 5
SNI ISO 38500
Internal Control
Framework COSO
HUBUNGANANTAR KERANGKA
PP60/2008
Sistem Pengendalian Intern
Pemerintah
TataKelola
TataKelolaTI
ManajemenTI
Panduan Umum Tata Kelola TIK Nas
+
Kuesioner Evaluasi Pengendalian Intern TIK
SNI ISO 27001SNI ISO 20000
SNI ISO 15408

10. RISK VS CONTROL

14. Figure 6—COBIT 5 Goals Cascade for the Enterprise
Stakeholder Needs
Supported by
Drivers (environment, technology evoluton,…) for the
Governance Objective of Value Creation
Supported by
Enterprise Goals
Supported by
Enterprise Value Chain (example representation of an enterprise)
Business information is managed
by the IT function enablers
Function Goals (to be defined for each enterprise)
Enablers for the Procurement Function
Enablers for the Human Resources Function
Enablers for the IT Function
See
figures 7 and 60
See examples in
figures 9 and 61
See examples in
figures 9 and 61
Inbound
Logistics
Principles,
Policies and
Frameworks
Organisational
Structures
Processes
People, Skills
and
Competencies
Culture,
Ethics and
Behaviour
Services,
Infrastructure
and Applications
Information
Principles,
Policies and
Frameworks
Organisational
Structures
Processes
People, Skills
and
Competencies
Culture,
Ethics and
Behaviour
Services,
Infrastructure
and Applications
Information
Principles,
Policies and
Frameworks
Organisational
Structures
Processes
People, Skills
and
Competencies
Culture,
Ethics and
Behaviour
Services,
Infrastructure
and Applications
Information
Operations
Outbound
Logistics
Marketing
and Sales Services
IT
Human
Resources Infrastructure Procurement
Step A
Step B
Step C
Supported
by
Supported
by
See examples in
figures 11 and 61
See
figure 10
Supported by
Enabling Information

15. 15

17. DEMO
Silakan masuk dengan android anda ke:
www.google.com/maps/timeline
Dimana android anda pada Sabtu yang
lalu?
Apa komentar anda?
(jika app maps perlu update, silakan)

18. SNI ISO/IEC 27001:2013
CATATAN Manajemen puncak juga dapat menetapkan tanggung jawab dan wewenang untuk
melaporkan kinerja SMKI dalam organisasi.
6 Perencanaan
6.1 Tindakan untuk menangani risiko dan peluang
6.1.1 Umum
Ketika merencanakan SMKI, organisasi harus mempertimbangkan permasalahan yang
dimaksud dalam 4.1 dan persyaratan yang dimaksud dalam 4.2 serta menentukan risiko dan
peluang yang perlu ditangani untuk:
a) memastikan SMKI dapat mencapai manfaat yang diharapkan;
b) mencegah, atau mengurangi, efek yang tidak diinginkan;
c) mencapai perbaikan yang berkelanjutan.
Organisasi harus merencanakan:
d) tindakan untuk menangani risiko dan peluang; dan
e) bagaimana cara:
1) mengintegrasikan dan menerapkan tindakan ke dalam proses SMKI; dan

21. Presentation: KamInfo.ID21
21
KEAMANAN INFORMASI VERSIISACA
Information security is a business enabler that is strictly bound to
stakeholder trust, either by addressing business risk or by creating value
for an enterprise, such as competitive advantage.
At a time when the significance of information and related technologies is
increasing in every aspect of business and public life, the need to mitigate
information risk, which includes protecting information and related IT
assets from ever-changing threats, is constantly intensifying.
ISACA defines information security as something that:
Ensures that information is readily available (availability), when
required, and protected against disclosure to unauthorised users
(confidentiality) and improper modification (integrity).

22. Presentation: KamInfo.ID22
22
KEAMANAN INFORMASI
......... pemerintah negara Indonesia yang melindungi segenap
bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk
memajukan kesejahteraan umum,
mencerdaskan kehidupan bangsa, dan ikut
melaksanakan ketertiban dunia yang berdasarkan kemerdekaan,
perdamaian abadi dan keadilan sosial........
Pemanfaatan INFORMASI sebagai darah nadi
kehidupan bangsa
dalam perspektif Pertumbuhan Ekonomi
untuk Kesejahteraan Rakyat

23. Presentation: KamInfo.ID23
23
KEAMANAN NASIONAL
......... pemerintah negara Indonesia yang melindungi segenap
bangsa Indonesia dan seluruh tumpah darah Indonesia dan untuk
memajukan kesejahteraan umum,
mencerdaskan kehidupan bangsa, dan ikut
melaksanakan ketertiban dunia yang berdasarkan kemerdekaan,
perdamaian abadi dan keadilan sosial........
Pemanfaatan INFORMASI sebagai darah nadi kehidupan bangsa
dalam perspektif Pertumbuhan Ekonomi
untuk Kesejahteraan Rakyat

24. RISK-BASED CATEGORIZATION CONTROL

28. The CSX Liaison reports to the chapter president.

29. Presentation: KamInfo.ID29
IMPLEMENTING
FRAMEWORKSTOPOPULATEBMIS
ISO
27031
COBIT 5
Enabling
Process
29

32. Presentation: KamInfo.ID32
PENDEKATAN KAMIPenyusunan Master Plan TI merupakan rangkaian tahapan assessment, visioning, design dan roadmap. Beberapa
framework dijadikan rujukan dalam assessment dan penyusunan cetak biru berbasis enterprise architecture.
32

33. SARAN
• Strategis dan Kebijakan
• Kaji manfaat dan risiko informasi
• Sumber daya manusia diutamakan
• Kaji risiko dan manfaat perangkat
teknologi, manusia, process dan
organisasi

34. • Q&A
• isaca.org/cyber
• ISACA Cybersecurity Teaching Materials