Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM
Current:
Director of Certification CRISC & CGEIT, ISACA Indonesia Chapter
ISACA Academic Advocate at ITB
SME for Information Security Standard for ISO at ISACA HQ
Associate Professor at School of Electrical Engineering and Informatics, Institut Teknologi Bandung
Ketua WG Layanan dan Tata Kelola TI, anggota WG Keamanan Informasi serta Anggota Panitia Teknis 35-01
Program Nasional Penetapan Standar bidang Teknologi Informasi, BSN Kominfo.
Past:
Ketua Kelompok Kerja Evaluasi TIK Nasional, Dewan TIK Nasional (2007-2008)
Plt Direktur Operasi Sistem PPATK (Indonesia Financial Transaction Reports and Analysis Center, INTRAC), April
2009 May 2011
Professional Certification:
Professional Engineering (PE), the Principles and Practice of Electrical Engineering, College of
Engineering, the University of Texas at Austin. 2000
IRCA Information Security Management System Lead Auditor Course, 2004
ISACA Certified Information System Auditor (CISA). CISA Number: 0540859, 2005
Brainbench Computer Forensic, 2006
(ISC)2 Certified Information Systems Security Professional (CISSP), No: 118113, 2007
ISACA Certified Information Security Manager (CISM). CISM Number: 0707414, 2007
Award:
(ISC)2 Asia Pacific Information Security Leadership Achievements (ISLA) 2011 award in category Senior
Information Security Professional. http://isc2.org/ISLA
2
Blooms Taxonomy of Educational Objectives
Evaluate
judge, critique, justify, Synthesize
verify, assess, recommend
create, construct, design,
improve, produce, propose
Analyze
compare, contrast, classify, Apply
categorize, derive, model
calculate, solve,
determine, apply
Comprehend
explain, paraphrase Remember
list, recite
Kategori Kontrol berbasis Risiko
4
Source: Transforming Cybersecurity: Using COBIT 5, ISACA, 2013
Kerangka dan Standar tinjauan
COSO
SNI ISO PP60/ ITIL v2 ITIL v3 SNI SNI Common
38500 2008 COBIT SNI ISO ISO ISO Criteria
board level
SNI ISO
27013
technical
Seri SNI 20000 - Sistem Manajemen Layanan
ISO/IEC 20000-1:2011
SNI ISO/IEC 20000-1:2013 Teknologi Informasi - Manajemen Layanan - Bagian 1:
Persyaratan sistem manajemen layanan IEEE Std 20000-1-2013
ISO/IEC 20000-2:2012
SNI ISO/IEC 20000-2:2013 Teknologi informasi - Manajemen layanan - Bagian 2: Pedoman
penerapan sistem manajemen layanan IEEE Std 20000-2-2013
ISO/IEC TR 20000-3:2012
SNI ISO/IEC TR 20000-3:2013 Teknologi informasi - Manajemen layanan - Bagian 3: Pedoman
pendefinisian lingkup dan kesesuaian dari SNI ISO/IEC 20000-1
ISO/IEC TR 20000-4:2010
SNI ISO/IEC TR 20000-4:2013 Teknologi informasi - Manajemen layanan - Bagian 4: Model
referensi proses
Lvl 5 : Value
Lvl 4 : Service
Communications Process
RFC Process
Problem Management OLAs Implementation
Implementation
Lvl 3 : Proactiv
Catalogues of Services
Knowledge Improvement
Improvement
Lvl 2 : Reactiv
Lvl 1 : Chaos
Tool Leverage
Diskusi
10