1.Kerangka untuk RPM Information Security Governance:COBIT 5 for Information Security Presented by Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM Panel Uji Publik RPM Tata Kelola Keamanan Informasi Indonesia Information Security Forum 10 Oktober 2012 Modifikasi dari bahan resmi ISACA 2012 ISACA. All Rights Reserved.

2. Sarwono Sutikno, Dr.Eng., CISA, CISSP, CISM2Lektor Kepala di Sekolah Teknik Elektro dan Informatika, ITBISACA Licensee Trainer for Introduction to COBIT 5, 31 May 2012(ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award - categorySenior Information Security ProfessionalISACA Academic Advocate sejak 2007Reviewer (atas nama ISACA):ISO/IEC WDTR 38502 Governance of IT - Framework and ModelISO/IEC WD 30120 IT Audit Audit guidelines for Governance of ITISO/IEC WD 27017 Information technology Security techniques Information security Management-- Guidelines on Information security controls for the use of cloud computing services based on ISO/IEC27002Anggota Panitia Teknis 35-01 BSN - KemKominfo:SNI ISO seri 27000 Keamanan InformasiSNI ISO seri 20000 Sistem Manajemen LayananSNI ISO 38500 Tata Kelola Teknologi Informasi - Corporate governance of information technologySedang membuat:Silabus m.k Cyber Warfare Dynamic dan m.k Cyber Deterrence di S2 Asimetrik Warfare UnHanKurikulum S2 Information Security Governance di STEI ITB, 2012 ISACA. All Rights Reserved. 3. Pertanyaan ? Prinsip Keamanan Informasi ? component vs service ? Accountable dan Responsible ? Konteks KamInfo di pencapaian tujuan ? 4. Information Security Defined4ISACA defines information security:Ensures that within the enterprise, information isprotected against disclosure to unauthorised users(confidentiality), improper modification (integrity) andnon-access when required (availability). Confidentiality means preserving authorised restrictions on access and disclosure, including means for protecting privacy and proprietary information. Integrity means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. Availability means ensuring timely and reliable access to and use of information. 5. COBIT 5 for Information Security - Benefits 5Reduced complexity and increased cost-effectiveness due toimproved and easier integration of information security standards,good practices and/or sector-specific guidelinesIncreased user satisfaction with information security arrangementsand outcomesImproved integration of information security in the enterpriseInformed risk decisions and risk awarenessImproved prevention, detection and recoveryReduced (impact of) information security incidentsEnhanced support for innovation and competitivenessImproved management of costs related to the information securityfunctionBetter understanding of information security 6. RACI Charts APO13 Manage Security 6 2012 ISACA. All Rights Reserved. 7. RACI Charts DSS05 Manage Security services 7 2012 ISACA. All Rights Reserved. 8. Principle 1:Meeting Stakeholder Needs 8Stakeholder needs have to betransformed into an enterprisesactionable strategyThe COBIT 5 goals cascade translatesstakeholder needs into specific,practical and customized goals 2012 ISACA. All Rights Reserved. 9. COBIT 5 Enabler: Systemic Model with Interacting Enablers 9Enablers:1. Principles, policies and frameworks2. Processes3. Organizational structures4. Culture, ethics and behavior5. Information6. Services, infrastructure and applications7. People, skills and competencies 2012 ISACA. All Rights Reserved. 10. Enabler: 1 Principles, Policies and Frameworks10 11. Policy Framework11 12. Information Security Principles (ISACA, (ISC)2, ISF) 12Support the business:Focus on the businessDeliver quality and value to stakeholdersComply with relevant legal and regulatory requirementsProvide timely and accurate informationEvaluate current and future information threatsPromote continuous improvement in information securityDefend the business:risk-Adopt a risk-based approachProtect classified informationConcentrate on critical business applicationsDevelop systems securelyPromote responsible information security behaviour:Act in a professional and ethical manner security-Foster an information security-positive culture 13. Enabler: 2. Processes 13 14. EDM01 15. ContohInfoSeccontextEDM01 16. Enabler: 6. Services, Infrastructure andApplications 17. Information Security Services, Infrastructureand ApplicationsProvide a security architecture.Provide security awareness.Provide secure development (development in line withsecurity standards).Provide security assessments.Provide adequately secured and configured systems, inline with security requirements and security architecture.Provide user access and access rights in line withbusiness requirements.Provide adequate protection against malware, externalattacks and intrusion attempts.Provide adequate incident response.Provide security testing.Provide monitoring and alert services for security-relatedevents. 18. Discussion 18 Email: ssarwono@gmail.comisaca- Milis: isaca-id@googlegroups.comLinkedIn group: ISACA-ID Indonesia 2012 ISACA. All Rights Reserved.