Post on 16-Jan-2017
transcript
Towards National Cyber Security Framework“a brief overview”M.S. MANGGALANNY – DEPUTY NETWORK OPERATION AND SECURITY
CHAPTER #1
16/11/2016 ID-SIRTII/CC 1
Dilemmas• Data Protection vs. Information Sharing
• Freedom of Expression vs. Political Stability
• Private Sector vs. Public Sector (empowerment)
• Stimulate the Economy vs. Improve National Security
• Infrastructure Modernization vs. Critical Infrastructure Protection
16/11/2016 ID-SIRTII/CC 2
Cyber Security Agenda
• National
• Per Sector
• Critical (CIP)
Policy
• National
• Per Sector
• Critical (CIP)
Framework• National
• Per Sector
• Critical (CIP)
Strategy
16/11/2016 ID-SIRTII/CC 3
CHAPTER #2
16/11/2016 ID-SIRTII/CC 4
Cyber Security Policy• Presidential Decree and/or Executive Decree
• Executive mission, objectives and direction
• Legal basis for budgeting plan and operation
•Mandatory supervision, reward and punishment
• Definition, Criteria and Key Performance Indicator (KPI)
• Preemptive, preparation, escalation, criticality, contingency
• Determine Framework, Strategy and (limited) Road Map if needed
16/11/2016 ID-SIRTII/CC 5
Logical Model Elements
• Legal
• Stake Holders
•Resources
•Budget
Inputs
•New Legislation
•Mapping
• Spending Reviews
Activities•Mid Terms
• Framework
• Strategy
•Best Practices
Output
• Long Terms
• Improvement
• Transparencies
•Governance
Outcomes•Cost Efficient
•Maturity
•Readiness
•Resilience
Impacts
16/11/2016 ID-SIRTII/CC 6
CHAPTER #3
16/11/2016 ID-SIRTII/CC 7
Cyber Security Framework• Presidential Decree and/or Executive Decree
• Executive Cyber Security Implementation design
• Executive Cyber Security Operation standard reference
• Control, evaluation and improvement process guidance
•NATO CCDCOE (2012), NIST (2014), ENISA (2012, 2014)
16/11/2016 ID-SIRTII/CC 8
Framework Activity
•Asset Management
•Business Environment
•Governance
•Risk Assessment
•Risk Management Strategy
Identification
•Access Control
•Awareness and Training
•Data Security
•Information Protection Process and Procedures
•Maintenance
Protection•Anomalies and Events
•Security Continuous Monitoring
•Detection Processes
Detection
•Response Planning
•Communication
•Analysis
•Mitigation
•Improvements
Respond•Recovery Planning
•Improvements
•Communications
Recovery
16/11/2016 ID-SIRTII/CC 9
CHAPTER #4
16/11/2016 ID-SIRTII/CC 10
Cyber Security Strategy• Presidential Decree and/or Executive Decree
• Per Sector Policy and/or Executive Order
• Risk management, analysis and handling
• Capacity building, awareness, collaboration
• Developing maturity, readiness and resilience
16/11/2016 ID-SIRTII/CC 11
Strategy Life Cycle
• Development
• Planning and Education
Phase 1
• Execution
• Operation Collaboration
Phase 2• Evaluation
• Periodically Assessment
Phase 3
• Maintaining
• Continuous Improvement
Phase 4
16/11/2016 ID-SIRTII/CC 12
Thank You!•ID-SIRTII/CC• RAVINDO Tower 17th Floor
• KEBON SIRIH RAYA 75
• Central Jakarta, 10340
• Phone +62 21 3192 5551
• Facsimile +62 21 3193 5556
• info@idsirtii.or.id ; www.idsirtii.or.id
1316/11/2016 ID-SIRTII/CC