Académique Documents
Professionnel Documents
Culture Documents
Anwar Siregar
Senior Manager
Business Development
19 May 2016
Cisco)
The research is clear. Cybersecurity has evolved from critical topic into a public
safety issue
Source: ISACA
Source: EYs
DIGITAL WORD
Mobile devices
Social media
Cloud services
Security as a service
Community awareness
Non Standard
Tahun 2013
ISO 27001
Other Regulation
52%
15 %
pertumbuhan
88,1
Juta
Users
Social
Engineering
Interner vs TV
39%
Persistent
Threats
Aktif di media
sosial
40%
Insider
Threats
Source: ISACA
Source: Liputan 6
Source: kominfo.go.id
2006
2007
2008
2009
2010
2011
2012
2013
4210
5550
5807
7394
8788
9665
10422
10748
59
55
63
113
146
36
236
59
82
1
957
78
94
75
29
55
1
459
72
1219
99
1490
110
138
0
1710
124
12
13
15
159
256
702
934
1028
791
855
2
3790
3
4896
13
5508
50
18
77
23
7
4425
95
94
34
174
38
22
6237
1
166
60
29
6914
0
191
72
35
7199
1
230
100
1
5
47
41
34
5
1
5
38
43
39
21
5
59
68
76
36
5
66
65
96
44
861
1
48
7084
0
252
181
1
0
12
73
84
125
39
1
10
7
7
1
1
24
17
9
2
4
27
36
16
7
03
ISO 27001
Information?
Information asset
Knowledge or data that has value to
the organisation
10
Preservation of
Confidentiality: information is
Confidentiality
Availability
Annex A
114 controls
12
ISMS
Benefits of IMPLEMENTATION - SWOT
Strengths
Weaknesses
Requires resources:
-material
-time
Distracts personal from other important tasks
Otherto be added by the delegates
Opportunities
Threats
Asset in marketing
Improved security for client's and
partner's information
Opportunities for improvement identified
Otherto be added by the
delegates
14
Also relevant:
BS 7799-3:2006 Risk Management
BS 31100:2011 Risk Management Code of Practice
ISO 27001:2013
ACT
PLAN
Maintain
and improve
the ISMS
10
Establish
the ISMS
4,5,6,7
Progress
CHECK
DO
Monitor and
review the
ISMS
9
Implement
and operate
the ISMS
8
16
PLAN
4 Context of the organization
DO
8 Operation
Understanding of context.
Risk assessment.
Risk treatment.
5 Leadership
Management commitment.
CHECK
9 Performance and Evaluation
IS policy.
Internal audit.
6 Planning
Management review.
ACT
10 Improvement
7 Support
Resources.
Continual improvement.
Competence.
Awareness.
Communication.
Documented Information.
17
Auditor - Behaviour
18
Auditor - Behaviour
acting with fortitude, i.e. able to act responsibly and ethically, even though
these actions may not always be popular and may sometimes result in
disagreement or confrontation;
open to improvement, i.e. willing to learn from situations, and striving for
better audit results;
culturally sensitive, i.e. observant and respectful to the culture of the auditee;
collaborative, i.e. effectively interacting with others, including audit team
members and the auditees personnel.
19
END