Hasil Pencarian  ::  Simpan CSV :: Kembali

"Keamanan informasi adalah terjaganya kerahasiaan, keutuhan, dan ketersediaan informasi. Ancaman keamanan informasi dapat berupa serangan terhadap perangkat lunak dan pencurian kekayaan intelektual, identitas, atau informasi. Aspek manusia memegang peranan penting dalam keamanan informasi. Menurut Ogutcu et al., teknik terbaik yang dapat digunakan untuk mengatasi masalah keamanan informasi tidak dapat berhasil kecuali orang-orang dalam organisasi melakukan hal yang benar. Untuk meningkatkan kesadaran pegawai tentang pentingnya pengelolaan keamanan informasi, setiap tahunnya Otoritas Jasa Keuangan (OJK) melaksanakan sosialisasi mengenai Ketentuan Keamanan Informasi. Namun, hingga tahun 2017, belum pernah dilaksanakan evaluasi terkait kesadaran keamanan informasi di OJK, sehingga tidak dapat diketahui kondisi kesadaran keamanan informasi saat ini, dampak dari sosialisasi, dan strategi untuk mengurangi risiko keamanan informasi. Penelitian ini bertujuan untuk mengevaluasi kondisi keamanan informasi dari aspek manusia dengan menggunakan model Knowledge, Attitude, Behavior (KAB).Hasil penelitian menunjukkan bahwa variabel pengetahuan mengenai kebijakan dan prosedur keamanan informasi memiliki pengaruh, baik secara langsung maupun tidak langsung, terhadap perilaku pegawai saat menggunakan peralatan kerja. Secara parsial, pengetahuan mengenai kebijakan dan prosedur keamanan informasi hanya memiliki pengaruh sebesar 23,6% terhadap perilaku pegawai. Namun, apabila dikombinasikan dengan sikap pegawai terhadap prosedur dan kebijakan keamanan informasi, pengetahuan dan sikap memiliki pengaruh sebesar 50,2% terhadap perilaku pegawai. Hal ini menunjukkan bahwa penambahan pengetahuan dan perubahan sikap memiliki pengaruh yang cukup besar terhadap perubahan perilaku pegawai saat menggunakan peralatan kerja. Model KAB terbukti dapat digunakan untuk melakukan pengukuran kesadaran keamanan informasi. Di OJK kesadaran keamanan informasi berada pada tingkat yang cukup baik, meskipun terdapat tiga aspek yang perlu diperbaiki, yaitu dalam hal penggunaan internet, pelaporan insiden, dan bekerja jarak jauh.

---

Information Security is the preserved of confidentiality, integrity, and availability of information. Threats to information security can appear in several different forms, such as software attacks, theft of intellectual property, identity theft, and theft of equipment or information. The human aspect plays an important role in information security. According to Ogutcu et al., The best techniques that can be used to solve the SI security problem can't succeed unless the people in the organization do the right thing. To increase employees' awareness of the importance of information security management, each year the Financial Services Authority of Indonesia (OJK) conducts socialization on Information Security Provisions. However, until 2017, no evaluation of information security awareness in OJK has been conducted, so it can't be known how the current state of information security awareness, the impact of socialization, and the strategies to reduce the risk of information security. This study aims to evaluate the condition of information security from human aspect by using Knowledge, Attitude, Behavior (KAB) model.The result of the research shows that employee's knowledge about information security policy and procedure have influence, either directly or indirectly, to employee's behavior when using work equipment. Partially, knowledge of information security policies and procedures has only 23.6% effect on employee's behavior. However, when combined with employee's attitudes towards information security procedures and policies, it has 50.2% effect on employee's behavior. This indicates that the addition of knowledge and changes in attitude have a considerable influence on changes in employee's behavior when using work equipment. In conclusion, The KAB model has been proven to be used for measuring information security awareness. In OJK, information security awareness is at a fairly good level, although there are three aspects that need to be improved, namely in terms of internet use, incident reporting, and working remotely."

"Pada era teknologi yang berkembang sangat cepat seperti sekarang ini, kebutuhanakan informasi yang akurat dan kredibel menjadi sangat penting bagi setiapperusahaan. Faktor sumber daya manusia SDM menjadi akar permasalahanterjadinya pelanggaran keamanan informasi, bila dibandingkan dengan kesalahandari sisi teknologi. Oleh karena itu, diperlukan pengukuran tingkat kesadarankeamanan informasi untuk mengetahui sejauh mana tingkat kesadarannya, yangpada akhirnya dapat menjadi dasar dalam menyusun tahapan yang tepat untukmeningkatkan kesadaran keamanan informasi. Penelitian ini dilakukan padaperusahaan swasta nasional yang bergerak pada industri media/televisi berbayar.Metode yang digunakan adalah kuantitatif dengan cara menyebar kuesioner modelHAIS-Q Human Aspects of Information Security Questionaire kepada seluruhkaryawan. Penelitian ini juga akan mengukur hubungan dan pengaruh dimensipengetahuan, sikap dan perilaku manusia terhadap tingkat kesadaran keamananinformasi. Hasil pengukuran menyatakan bahwa tingkat kesadaran keamananinformasi pada organisasi yang menjadi objek penelitian berada pada tingkat ratarata 74 dan memerlukan program peningkatan kesadaran keamanan informasiseperti penyuluhan, pengiriman surat elektronik secara berkala dan pada tingkatakhir adalah pelatihan.

---

Nowadays, in these fast growing of technology, needs of credible information isvital. It is increasingly acknowledged that many threats to an organization rsquo;scomputer systems can be attributed to the behavior of computer users human compared to failure of the technology. Hence, it is necessary to measure the levelof information security awareness in order to formulate the appropriate programto increase its level. This research is conducted on private company engaged inmedia / pay-tv industry. Method used is quantitative by distributing HAIS-Q Human Aspects of Information Security Questionnaire model to the employee.The research also identifies the correlation among knowledge, attitude andbehavior aspects as well as the influence of those three aspects to informationsecurity. The result of this research shows that the level of information securityawareness is at average level 74 and needs appropriate program likecounseling, send email and training about information security to improve itslevel."

"Peraturan Menteri Luar Negeri Nomor 02 Tahun 2016 tentang Organisasi dan Tata Kerja Kementerian Luar Negeri menyebutkan bahwa Pusat Teknologi Informasi dan Komunikasi Kementerian dan Perwakilan Pustekinfokom melaksanakan tugas penyusunan kebijakan teknis, pelaksanaan, pemantauan, evaluasi dan pelaporan dalam pengembangan dan pengelolaan sistem keamanan informasi dan persandian, teknologi informasi dan komunikasi, dan sistem komunikasi berita pada Kementerian Luar Negeri dan Perwakilan Republik Indonesia. Sistem komunikasi berita yang dikelola Pustekinfokom KP tidak mencakup prosedur pengamanan pada konsep berita dan penyimpanan berita yang sudah terdistribusi ke pejabat pengguna. Hal ini menimbulkan ancaman terhadap keamanan informasi berita seperti yang sudah terjadi dengan beredarnya draft berita rahasia di salah satu majalah nasional Indonesia. Berkaitan dengan hal tersebut, diperlukan suatu ketentuan baku seperti pembuatan Prosedur Operasional Standar POS pengelolaan berita. POS pengelolaan berita tersebut disusun menggunakan Soft System Methodology SSM yang telah dimodifikasi. Kebutuhan prosedur yang harus dirancang didapatkan dari hasil wawancara yang hasilnya dianalisis menggunakan thematic analysis. Penelitian ini menghasilkan 8 delapan rancangan prosedur pengelolaan berita yang terdiri dari pembuatan konsep berita, kirim berita biasa, kirim berita rahasia, terima berita biasa, terima berita rahasia, monitoring berita, pengarsipan berita, dan komunikasi darurat.

---

The regulation of the Minister of Foreign Affairs number 02 year 2016 about The Organization and Working Procedures of the Foreign Ministry, said that the Center of Information and Communication Technology for Ministry and Indonesia Representative ICT Center has the functions as a technical policy formulation, implementation, monitoring, evaluation, and reporting in the development and management of information security system and encryption, the information and communication technologies, and news communication systems on the Ministry of Foreign Affairs and representatives of the Republic of Indonesia. News communication systems of ICT Center not included procedural safeguards for the concept of news and the news that already distributed to official users. This conditions poses a threat to information security as there are already happened with the release of a draft of secret news in one of Indonesia 39;s national magazine. Related to it, ICT Center required a Standard Operating Procedures SOP for news management. SOP for news management was compiled using Soft Systems Methodology SSM that have been modified. The needs of the procedure must be designed from the results of the interview results that were analyzed using the thematic analysis. This research resulted in 8 eight draft procedures for news management that consists of the creation of the concept of news, submit regular news, submit secret news, received regular news, received secret news, news monitoring, archiving, and news emergency communications."

"Polri merupakan alat negara yang menggunakan teknologi informasi guna menunjang keberhasilan pelaksanaan tugas, fungsi, serta perannya dalam pemerintahan Indonesia. Seiring dengan pertumbuhan pemanfaatan sistem informasi pada Polri, turut berimplikasi pada meningkatnya risiko keamanan informasi. Hal ini berimplikasi pada meningkatnya risiko keamanan informasi yang dapat dilihat dari berbagai laporan terkait upaya serangan siber yang ditujukan kepada Polri diantaranya laporan Id-SIRTII/CC, zone-h.org, hingga laporan internal Polri. Selain itu terdapat juga berbagai jenis serangan siber yang telah berhasil mengeksploitasi Polri diantaranya web defacement, phising, DDOS, hingga pencurian data personel. Manusia merupakan faktor yang perlu mendapatkan perhatian berkaitan dengan keamanan informasi. Oleh sebab itu tujuan dari penelitian ini adalah melakukan evaluasi keamanan informasi Polri dengan mengukur tingkat kesadaran keamanan informasi personel Polri. Penelitian ini dilakukan menggunakan pendekatan sequential explanatory mixed method yang mengkombinasikan pendekatan kuantitatif dan diikuti oleh pendekatan kualitatif guna mendapatkan hasil yang lebih optimal. Model penelitian dibangun berdasarkan model Knowledge, Attitude, dan Behavior (KAB) yang diperluas dengan penambahan dimensi budaya keamanan (security culture) dan karakteristik individual (individual characteristic) dalam organisasi. Pengukuran dilakukan menggunakan kuesioner The Human Aspects of Information Security Questionnaire (HAIS-Q) dan pernyataan dalam Organisational Security Culture Measure (OSCM) dengan total 54 pernyataan. Sampel penelitian adalah sebanyak 361 personel Polri yang tersebar di seluruh Indonesia dan dipilih secara kuota proporsional. Berdasarkan hasil pengukuran kuantitatif yang telah dilakukan diperoleh hasil tingkat kesadaran keamanan informasi personel Polri sebesar 96,02% dan termasuk pada pada kategori baik. Hasil tersebut turut dikonfirmasi dan divalidasi dari hasil wawancara bahwa responden mengetahui dengan baik setiap indikator pada masing-masing fokus area yang ditanyakan dalam kuesioner. Adapun dalam beberapa kasus dan kondisi tertentu memang masih ditemukan perilaku kebiasaan sharing password. Selain itu disebutkan juga bahwa saat ini email yang digunakan pada sistem bukan merupakan email dinas dan saat ini belum ada pelatihan khusus mengenai keamanan informasi. Namun hal tersebut tidak berpengaruh terhadap pengetahuan yang dimiliki oleh responden terkait kebijakan keamanan informasi yang menjadi indikator dalam penelitian ini. Berdasarkan hal tersebut, demi menjaga kondisi saat ini dapat disimpulkan bahwa perlu terus dilakukan sosialisasi keamanan informasi terhadap personel dengan implementasi program keamanan informasi seperti penyampaian pesan melalui media sosial, pelaksanaan seminar, dan penyertaan buku pedoman keamanan informasi.

---

The Indonesian National Police (INP) is a government institution that uses Information Technology in order to successfully implement its duty, purpose, and role within the Indonesian government. Along with the development of INP's Information System, the implied information security risk increases. This is evident based on the reports of cyber attack attempts towards INP such as ones by Id-SIRTII/CC, zone-h.org, and INP's internal reports. Various cyber-attacks on INP have also been successful, namely defacement, phishing, DDOS, and personnel data theft. One aspect of security that needs to be considered and requires attention regarding information security is the human factor. Accordingly, the purpose of this research is to evaluate the information security of INP by measuring the level of information security awareness of INP personnel. This research conducted using a sequential explanatory mixed-method approach that combines a quantitative approach followed by a qualitative approach in order to obtain optimal results. The research model is built based on the Knowledge, Attitude, and Behavior (KAB) model which is expanded by adding dimensions of security culture and individual characteristics within the organization. The questionnaire modeled based on the Human Aspects of Information Security Questionnaire (HAIS-Q) and Organizational Security Culture Measure (OSCM) questionnaire models with a total of 54 questions. The research sample consists of 361 INP’s personnel located throughout Indonesia and selected on a proportional quota. The result, based on the quantitative survey, shows that the information security awareness level of INP personnel are at 96.02% and are within the good category. These results were also confirmed and validated from the interview results that the respondents knew well each indicator in each focus area asked in the questionnaire. As for some cases and certain conditions, behavior in the habit of sharing passwords is still found. In addition, it was also stated that currently the email used in the system is non-official email and currently there is no special training on information security awareness. However, this did not affect the knowledge possessed by respondents regarding information security policy which is an indicator in this study. Based on these, in order to maintain current conditions it can be concluded that it is necessary to continue to disseminate information security to personnel by implementing information security programs such as sending messages through social media, hosting seminars, and providing information security guide."

"The basics of IT audit : purposes, processes, and practical information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA.IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements."

"Proses bisnis Badan Pusat Statistik (BPS) menggunakan Teknologi Informasi dan Komunikasi (TIK) secara ekstensif terutama dalam pengolahan data dan diseminasi hasil kegiatan statistik. Hal tersebut membutuhkan sistem keamanan informasi yang andal sesuai harapan. Namun, masih ditemukan insiden-insiden yang diindikasikan karena kurangnya kesadaran pegawai terhadap keamanan informasi. Faktor manusia selalu menjadi titik terlemah dalam sistem keamanan informasi. Oleh sebab itu, penelitian ini fokus pada aspek manusia tersebut dengan melakukan evaluasi kesadaran keamanan informasi pegawai BPS. Evaluasi dilakukan dengan pendekatan survei menggunakan kuesioner pada dimensi pengetahuan dan perilaku pegawai dalam 8 area kesadaran keamanan informasi. Sampel survei diambil secara probalistik dengan metode acak sistematis. Hasilnya, dari 231 responden yang merespons disimpulkan bahwa tingkat kesadaran keamanan informasi pegawai BPS masih kurang baik. Terdapat area-area yang perlu mendapatkan prioritas perbaikan, tiga area paling butuh perbaikan yaitu: penggunaan internet, pelaporan insiden, dan keamanan komputer kerja. Hasil analisis juga mengungkapkan bahwa tidak ada perbedaan yang signifikan tingkat kesadaran keamanan informasi berdasarkan jenis kelamin, kelompok umur, maupun satuan kerja pegawai.

---

The business process of the Statistics Indonesia (BPS) uses Information and Communication Technology (ICT) extensively, especially in data processing and dissemination. This requires a reliable information security system as expected. However, incidents were still found that were indicated due to a lack of employees information security awareness (ISA). Human factors have always been the weakest point in information security systems. Therefore, this study focuses on the human aspect by conducting an evaluation of employees information security awareness. A survey approach using a questionnaire was used to evaluate on employees knowledge and behavior in 8 areas of information security awareness. Survey samples were taken with a systematic random sampling method. As a result of 231 response, concluded that the level of employees information security awareness at BPS is not good enought. There are areas that need to be prioritized for improvement, the top three areas that need for improvement are: internet usage, incident reporting, and workstation security. Analysis also revealed that there was no significant difference in the level of information security awareness based by gender, age group, or employee working unit."

"Proceedings of the International Conference on IT Convergence and Security 2011 approaches the subject matter with problems in technical convergence and convergences of security technology by looking at new issues that arise from techniques converging. The general scope is convergence security and the latest information technology with the following most important features and benefits : (1) introduction of the most recent information technology and its related ideas, (2) applications and problems related to technology convergence, and its case studies, and (3) introduction of converging existing security techniques through convergence security."

"As part of the syngress basics series, The basics of information security provides you with fundamental knowledge of information security in both theoretical and practical aspects. Author Jason Andress gives you the basic knowledge needed to understand the key concepts of confidentiality, integrity, and availability, and then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.The basics of information security gives you clear-non-technical explanations of how infosec works and how to apply these principles whether you're in the IT field or want to understand how it affects your career and business. The new Second Edition has been updated for the latest trends and threats, including new material on many infosec subjects."

" "Information Security & Ethics: Social & Organizational Issues comprises a reference for students, teachers and researchers working in the fields of information ethics. It provokes debate on a range of topical social and ethical issues related to the uses of information and communication technologies within societies."--Jacket."

"Collaboration with cloud computing discusses the risks associated with implementing these technologies across the enterprise and provides you with expert guidance on how to manage risk through policy changes and technical solutions.Drawing upon years of practical experience and using numerous examples and case studies, author Ric Messier discusses :- The evolving nature of information security- The risks, rewards, and security considerations when implementing SaaS, cloud computing and VoIP- Social media and security risks in the enterprise- The risks and rewards of allowing remote connectivity and accessibility to the enterprise network"