Hasil Pencarian  ::  Simpan CSV :: Kembali

"Abstract:"Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply these concepts to their own efforts. The book examines the elements of computer security, employee roles and responsibilities, and common threats. It examines the need for management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a typical information protection program.The volume discusses organizationwide policies and their documentation, and legal and business requirements. It explains policy format, focusing on global, topic-specific, and application-specific policies. Following a review of asset classification, the book explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management. Information Security Fundamentals concludes by describing business continuity planning, including preventive controls, recovery strategies, and ways to conduct a business impact analysis""

"PT XYZ bergerak pada bisnis jasa pialang asuransi. Pada pelaksanaan proses bisnisnya telah terjadi beberapa kali pencurian data. Selain itu dari audit yang dilakukan oleh Departemen Keuangan menunjukan bahwa dibutuhkan evaluasi terhadap keamanan informasi perusahaan. Evaluasi kondisi Manajemen Keamanan Informasi pada penelitian ini dilakukan dari sisi tata kelola TI untuk melihat kondisi Manajemen Keamanan Informasi dari sisi strategis perusahaan.Penelitian ini menggunakan kerangka kerja ISO 27001 dan COBIT untuk mengevaluasi kondisi manajemen keamanan informasi perusahaan. Sementara itu untuk mengevaluasi kondisi strategis pencapaian manajemen keamanan informasi digunakan IT BSC. Hasil akhir yang didapatkan adalah kondisi terkini Manajemen Keamanan Informasi.

---

PT XYZ is a corporation that runs insurance brokerage business. On the implementation of business processes there was data fraud occured several times . In addition, from an audit conducted by the Ministry of Finance shows that it’s necessary to made an evaluation of coorporation’s information security. Evaluation of Information Security Management conditions in this research was carried out from the side of IT governance to evaluate the information security management of the company's strategic.

This research use the framework of ISO 27001 and COBIT to evaluate the condition of coorporation’s information security management. Meanwhile, to evaluate the condition of the achievement of the strategic information security management IT BSC was used. The final result that obtained is the current state of information security management."

"Risiko pemeriksaan mempengaruhi standar pekerjaan lapangan dan standar pelaporan dalam pemeriksaan laporan keuangan. Salah satu aspek yang dinilai paling mempengaruhi risiko pemeriksaan di era informasi sekarang ini adalah risiko keamanan informasi. Perlunya penilaian risiko keamanan informasi dari aspek TI kerana teknologi informasi sangat mempengaruhi berbagai macam aktivitas dalam organisasi diantaranya penyusunan laporan keuangan yang merupakan keluaran dari sebuah sistem yang menggunakan teknologi informasi, tidak terkecuali instansi pemerintah. Penelitian ini akan menyusun alat bantu dan kerangka kerja penilaian risiko keamanan informasi di instansi pemerintah yang berbasis ISO 27001. Narasumber yang terdiri dari pengendali teknis, auditor dan pejabat eselon I BPK RI diwawancara untuk memilih aktivitas pengendalian dalam ISO 27001 yang penting dalam penilaian risiko keamanan informasi. Hasil pemilihan aktivitas tersebut dijadikan input dalam perancangan model kerangka kerja, dimana kerangka kerja tersebut akan diuji publik di Pemerintah Kota Tangerang oleh beberapa auditor. Hasil penelitian ini dapat membentuk suatu alat bantu dan kerangka kerja untuk memudahkan para auditor di BPK dalam proses penilaian risiko keamanan informasi untuk menunjang perencanaan pemeriksaan laporan keuangan pemerintah daerah dimana terdiri dari unsur-unsur dalam program audit yakni ruang lingkup audit, tujuan audit, tahap perencanaan, tahap pelaksanaan, dan tahap penyelesaian yang dirumuskan dari aktivitas dan praktik pengendalian di ISO 27001 terpilih. Kerangka kerja dilengkapi dengan indikator dampak dan kecenderungan dari setiap risiko aktivitas yang didapat dari klausal-klausal ISO 27001.

---

Inspection risks affecting standard of field works and standards of examination report of financial statements. One aspect that is considered the most influencing risk in todays information age is a risk of information security covering aspects of IT and non IT aspects. The needs for information risk security assesment of IT aspects which due to the rapid information technology development, which greatly affects wide range of activities within organization including stated financial reports, is the output of a system that uses information technology, including government agencies. This research develop tools and frameworks in the information security risk assesment at government agencies based on ISO 27001. Resource persons consisting of technical controllers, auditor and BPK echelon I are interviewed to select the ISO 27001 control activities which are important in the information security risk assesment.

Election results will serve as input in designing the model framework, which then some auditors will perform public test in Tangerang city government. The results of this study can form a frameowkrs and tools to facilitate the BPK auditors in the process of information security risk assesment to support inspection planning of local government financial reports, which consist of the elements in the audit program such as audit scope, audit objectives, planning phase, stages of implementation, and completion stages of activities and practices defined in the selected ISO 27001. The framework comes with indicators of the impact and trends of each risk activity derived from ISO 27001 clauses."

"Skripsi ini membahas mengenai penerapan pasal perlindungan data pribadi yang terdapat dalam Undang-undang No. 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik yang dikaitkan dengan praktik layanan komputasi awan yang saat ini sedang berkembang pesat. Kebutuhan komputasi awan diperkirakan akan mengalami peningkatan yang sangat besar di masa mendatang. Hal tersebut didorong makin banyaknya penggunaan perangkat yang terhubung ke internet dan membutuhkan akses layanan berbasis data secara real time. Sebagai sebuah jenis layanan yang masih tergolong baru di Indonesia, isu keamanan dan perlindungan data pribadi dinilai masih menjadi poin penting yang dikhawatirkan dalam adopsi komputasi awan di Indonesia, menyusul banyaknya kasus pembobolan data yang merugikan pengguna layanan berbasis media elektronik seperti telepon selular dan kartu kredit. Dalam penelitian ini akan dibahas mengenai konsep umum perlindungan data, peraturan perundang-undangan yang mengatur tentang perlindungan data baik di dalam maupun luar negeri, tinjauan umum dari komputasi awan, analisis pasal 26 UU ITE dan tanggung jawab dari penyedia layanan komputasi awan terhadap data pribadi pengguna layanannya.

---

This paper discusses around the application of article about personal data protection that contained in Law No. 11 Year 2008 on Information and Electronic Transaction associated with the practice of cloud computing service that is growing rapidly nowadays. The need of cloud computing are predicted to get a huge increase in the future. It is driven more and more use of the devices that connected to the internet and require access to data-based services in real time. As a kind of the new service in Indonesia, the issue of security and personal data protection is still considered to be an important point of concern in the adoption of cloud computing in Indonesia, following a number of data leaked cases that adverse subject data of electronic media-based services such as mobile phones and credit cards. In this study will be discussed on the general concept of data protection, laws and regulations governing data protection both inside and outside the country, an overview of cloud computing, analysis of article 26 of Law of Information and Electroninc Transactions and responsibilities of providers of cloud computing services to the user's personal data from its services."

"TI dinilai dapat membantu perusahaan untuk mendukung strategi bisnisnya untuk mencapai keunggulan kompetitif. IT juga memiliki peran yang sangat penting dalam meningkatkan tata kelola perusahaan secara keseluruhan.PT. XYZ Tbk (XYZ), sebuah perusahaan yang bergerak di bidang telekomunikasi, dan mencatatkan sahamnya di New York Stock Exchange (NYSE), berkewajiban untuk mematuhi Sarbanes-Oxley Act mengenai pengendalian internal dalam pelaporan keuangan. Khusus untuk IT – SOX Compliance, perusahaan mengacu pada kerangka kerja COBIT (Control Objectives for Information and related Technology).Pada tahun 2012, COBIT 5 yang merupakan COBIT versi terbaru diluncurkan sehingga mengakibatkan munculnya perbedaan antara risiko dan kontrol yang digunakan perusahaan dengan COBIT versi terbaru tersebut. Oleh karena itu, perusahaan perlu menerapkan COBIT versi terbaru dalam penentuan proses TI dan identifikasi risiko dan kontrol untuk diterapkan perusahaan.Dari penelitian ini, didapat kesimpulan bahwa terdapat 16 proses dalam COBIT 5 yang relevan terhadap penerapan Sarbanes-Oxley Act dan 7 proses diantaranya belum sepenuhnya diterapkan oleh perusahaan. Risiko dan rincian kontrol yang perlu diterapkan juga dijelaskan dalam penelitian ini.

---

IT is considered to help companies to support their business strategy to achieve competitive advantage. IT also has a very important role in enhancing the overall corporate governance.

PT. XYZ Tbk. (XYZ), a company engaged in telecommunications business, and listed on the New York Stock Exchange (NYSE), is obliged to comply with the Sarbanes-Oxley Act regarding internal controls in financial reporting. For its IT - SOX Compliance, the company refers to the framework COBIT (Control Objectives for Information and related Technology).

In 2012, the latest version of COBIT, COBIT 5, was released, resulting in the difference between risk and controls used by the company's with the latest version of COBIT. Therefore, companies need to reassess the latest version of COBIT in the determination current applicable processes and the identification of risks and controls to be applied to the company.

This study concluded that there are 16 processes in COBIT 5, which are relevant to the application of the Sarbanes-Oxley Act and 7 of them have not been fully implemented by the company. Risk and control the details that need to be applied also described in this study."

"This book constitutes the refereed proceedings of the 17th European Symposium on Computer Security, ESORICS 2012, held in Pisa, Italy, in September 2012. The 50 papers included in the book were carefully reviewed and selected from 248 papers. The articles are organized in topical sections on security and data protection in real systems, formal models for cryptography and access control, security and privacy in mobile and wireless networks, counteracting man-in-the-middle attacks, network security, users privacy and anonymity, location privacy, voting protocols and anonymous communication, private computation in cloud systems, formal security models, identity based encryption and group signature, authentication, encryption key and password security, malware and phishing, and software security."