Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Week #1
Lecturer
Name : Yahya Peranginangin Email : yahya_pp@yahoo.fr Phone : 081320111556 (sms only) twitter: @jaqpopo
Aturan Kelas
Aturan Kelas
Learning Objectives
Threats Risks Policies & procedure Physical & logical control Assets Classification
How to prevent?
How to do it rights?
How to recover?
Silabus
Pertemuan Ke1 2 3 4 5 6 7 8 Pokok Bahasan
Information Security Overview Threats to Information Security and Logical Access The Structure of Information Security Information Security Policies and Procedures Information Security Policies and Procedures (Cont.) Asset Classifications Asset Classifications (Cont.)
UTS
Silabus
Pertemuan Ke9 10 11 12 13 14 15 16
Access Control Physical Security Risk Analysis and Risk Management Business Continuity and Disaster Recovery Business Continuity and Disaster Recovery (Cont.) Information Security Standard
Pokok Bahasan
Network Infrastructure Security
UAS
Referensi
Buku
Peltier, Thomas. R., Justin Peltier, and John Blackley. 2005. Information Security Fundamentals. Auerbach Publications. Publisher: CRC Press LLC. Calder, Alan, and Steve Watkins. 2008. IT Governance: A Managers Guide to Data Security and ISO 27001/ISO27002. Krause, Micki, and Harold F. Tipton. 2009. Handbook of Information Security Management. Auerbach Publications. Publisher: CRC Press LLC. CISA Review Manual 2009. ISACA. USA ISO 27000.
Artikel/Jurnal
Kasus dan selected readings yang akan ditentukan kemudian.
Sistem Penilaian
UTS : 30% UAS : 30% Tugas : 40%
QUIZ Tugas Mandiri Tugas Kelompok
Agenda
Why is Information Security Necessary? Elements of Information Protection Roles and Responsibilities Common threats Risk Management Information Protection Program
In 2004, 87% of Business is highly dependent on electronic information and the systems that process it (compared to 76% in 2002)
DTI Survey in UK
Confidentiality
Organizations Information
Integrity
Availability
Wireless technology makes information and internet available cheaply and easily The falling price of computers
Foxconn Case
Hacker: Swagger (Swag Securities) Target: Foxconn (BeiJing) Trading Co.,Ltd. Costumer private data revealed
Security
Flexibility
And/or Security Administrator Responsible for the day-to-day administration of the information protection program
Common Threats
Employee
Errors and omissions: users, data entry personnel, system operators, programmers Sabotage: destroying hardware, planing malicious code, entering data incorrectly, deleting or altering data
Risk Management
Risk Analysis Process
Determine the asset to be reviewed Identify the risk, issues, threats, or vulnerabilities Assess the probability of risk occuring and the impact to the asset Identify controls that would bring the impact to an acceptable level
Total Security = Zero Productivity
Tugas Kelompok
Setiap kelompok terdiri atas 4-5 orang Cari contoh kasus Information Security:
What did happen? Why did it happen? Who did the fraud? When did it happen? Where did it happen? How did it happen? How did it recover?
Tugas Kelompok
Tugas dikumpulkan pada pertemuan ke-3 dalam bentuk print-out, minimal 3 halaman A4, font Arial 11 spasi 1,5 Setiap kelompok akan mempresentasikan tugasnya pada awal perkuliahan (15 menit) mulai pertemuan ke-3. 1 pertemuan, 2 kelompok