Professional Documents
Culture Documents
Oliva Regina
19940816 201712 2 001
10/23/18
1
10/23/18
ISO 27002
•Menggunakan kata “SHOULD” =
Code of Practice of compliance is NOT MANDATORY
ISMS
2
10/23/18
3
10/23/18
Internal
organization
Mobile device
policy
During employment
4
10/23/18
Asset management
Inventory of assets
Acceptable use of assets Media handling
Responsibility for Return of assets Management of
assets removable media
Disposal of media
Physical media transfer
Classification of information
Information Labelling of information
classification
Handling of assets
Direktori telepon
(web, buku) Tour pabrik oleh
pesaing bisnis
Internal buku
alamat
External (privasi)
Critical information
5
10/23/18
Klasifikasi Informasi
Klasifikasi Kriteria
Informasi strategis organisasi dan berisiko “Tinggi/Sangat Tinggi” jika bocor ke pihak
yang tidak berhak karena dapat menyebabkan terhentinya layanan publik dalam
jangka lama, atau bisa menyebabkan akibat hukum. Informasi ini hanya bisa diakses
secara sangat terbatas oleh pihak ketiga, untuk kepentingan, atau karena kewajiban
Rahasia dan kebutuhan organisasi, dengan syarat-syarat tertentu yang ketat. Misal: Pihak
ketiga dan personil pihak ketiga menandatangani Persetujuan Kerahasiaan / Non
Disclosure Agreement (NDA).
Contoh: rencana strategis organisasi, rencana pengembangan produk baru (product
development plan), data keuangan yang sensitif, password akses server, dsb.
Informasi yang didistribusikan untuk kebutuhan internal dan risiko akibat
kebocorannya: Sedang/Menengah.
Internal
Contoh: panduan kerja, prosedur kerja, instruksi kerja, memo / publikasi internal,
informasi di portal, dsb
Informasi yang secara sengaja disediakan untuk dapat diketahui publik. Risiko
terhadap informasi “Publik” umumnya Kecil dan menyagkut aspek “Keutuhan”
Publik
(integrity).
Contoh: Brosur marketing, situs publik, promo layanan produk, dsb
12
Bagaimana mengelola informasi “Sangat Rahasia”
Strictly
Confidential
Term: Permanently
6
10/23/18
13
Bagaimana mengelola informasi “Rahasia”
14
Pengamanan terhadap aset pendukung
【Server】
•Server harus memenuhi “Standard Hardware Server.”
【PC】
•Kondisi berikut harus dipenuhi jika tidak memungkinkan informasi disimpan
pada PC:
- PC harus diletakkan di Zona Aman
- PC harus sesuai standard keamanan seperti antiviru, patch, firewall
- HDD harus dienkripsi
【Media Penyimpan】
•Media penyimpan seperti (USB memory sticks or SD cards) harus disimpan
pada file cabinet yang terkunci.
•Files harus dienkrip.
【Dokumen kertas】
• Dokumen kertas harus disimpan pada file cabintet yang terkunci.
7
10/23/18
Access control
Access control
policy
User access
management
User registration and
de-registration
Management of secret
authentication information of
users
User Review of user access rights
responsibilities Removal or adjustment of
access rights
Use of secret authentication information
Password management system
Secure areas
Physical security perimeter
Physical entry controls
Equipment
Securing offices, rooms and facilities Equipment siting and protection Security of equipment
Protecting against external and Supporting utilities and assets off-premises
Environmental threats
Cabling security Secure disposal or reuse
of equipment
Equipment maintenance
Unattended user
Removal of assets
equipment
8
10/23/18
9
10/23/18
Ruang Server
407
Operations security
Operational
Backup
procedures and
responsibilities
Documented
operating
procedures
Protection
from
malware
Control of
operational software
10
10/23/18
Communications security
Network
security
manageme
nt
Information
transfer
Agreements on information transfer
Electronic messaging
Confidentiality or nondisclosure
agreements
Supplier relationships
Information
security in supplier
relationships
Supplier service
delivery
management
11
10/23/18
Response to
Management of IS information
incidents & security incidents
improvements
Learning from
Reporting information information security
security events & Weakness incidents
Information security
continuity
Availability of information
Processing facilities
12
10/23/18
Compliance
Protection of records
Terima Kasih
13