Scribd
Upload
32 views21 pages

MD-ISACA Surabaya 20191204 - Keamanan Informasi Di Perbankan

Uploaded by

Antonius Cahya Prihandoko
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
32 views21 pages

MD-ISACA Surabaya 20191204 - Keamanan Informasi Di Perbankan

Uploaded by

Antonius Cahya Prihandoko
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Online Security: Protecting Consumer

Identity and Assets in Banking Sector

Richi Aktorian, S.Si, MTI, CISA, CISM, CRISC, CCISO


Audit Director – ISACA Indonesia Desember 2019
CONTACT DETAILS:
Mobile: 081808202088
Email: [email protected]

WORK EXPERIENCE:
• More than 15 tahun experiences in banking IT Operation.
• Bank Mandiri, Department Head of various units (IT
Strategy & Architecture, Operational Risk & CISO Office
Group), Feb 2014-Aug 2019
• Rabobank International Indonesia, Head of Security Risk
Richi Aktorian Management, Feb 2011 – Oct 2012
• Bank Bukopin, Officer of IT Operations Division, Dec 2004
– Oct 2010
Video : Aspek kehidupan erat dengan penggunaan Teknologi….
Agenda
1. Food for Thought
2. Jenis dan Trend Cyber Attack
3. Framework & Key Initiatives
01 Food for thought ……..
1 Saat ini, transaksi perbankan beralih ke Digital….

Sumber: cnbcindonesia.com

Sumber: McKinsey & Company


2 Cara transaksi Bank pun Berevolusi ….

Sumber: PriceWaterhouse Cooper


3 Cara transaksi Bank pun Berevolusi ….

1.0 2.0 3.0 4.0


4 Mari kita lihat perangkat SmartPhone

Travel

Ride

Chat

eCommerce
02 Jenis & Trend Cyber Attacks
5 Indonesia menjadi TOP COUNTRY destinasi dari Network Attack …...
6 Cyber Security : Kenali Profile dari Cyber Threat Actors ………
7 Cyber Security : Skala Attack Impact berkembang YoY ….
8 Ancaman Online Security terus Bertambah…
Average financial losses in Information Security is high and increasing

ATM
Phishing ✓ Skimming
✓ Jackpotting
✓ Blackbox

Man in the
EDC
Middle
Skimming

Man in the
Browser
Vishing

Source: PwC – Key Findings from Global State of Information Security Survey 2017 (Indonesia Insights)
9 Fraudster cenderung melakukan serangan pada Titik Terlemah…

Easy
Retail/Business
Customer

Customer
Accounts

Easy

Difficult Sumber: IBM


Cyber
Criminals
03 Framework & Key Initiatives
10 Implementasi keamanan informasi mengacu pada Framework Cybersecurity…

• Identify: Identify Organization Cybersecurity risk related to systems,


data, people, and assets
• Protect: Develop & implement appropriate safeguard to protect
against cybersecurity risk & ensure delivery of critical services
• Detect: Develop & implement appropriate activities to identify
occurrence of cybersecurity event
• Respond: Develop & implement appropriate activities to take action
regarding a detected cybersecurity incident
• Recover: Develop & implement appropriate activities to maintain plan
for resilience and to restore

Sumber: National Institute of Standards & Technology


11 Implementasi keamanan informasi mengacu pada Framework Cybersecurity…
12 Implementasi Manajemen Keamanan Informasi dilihat dari 5 Dimensi

Information ▪ Strategi keamanan informasi guna mendukung kebutuhan bisnis dan


Security Strategy operasional

Policies & ▪ Keselarasan standar dan proses dengan Best Practices dan Regulasi
Standards

Technology ▪ Implementasi teknologi keamanan informasi guna mendukung


Architecture perlindungan informasi

Operations & ▪ Keamanan informasi merupakan proses yang tidak terpisah dengan
Processes operasional

Organization & ▪ Keamanan informasi merupakan tanggung seluruh karyawan dengan


Governance representasi implementasi struktur organisasi tersendiri
Implementasi Teknologi Keamanan Informasi mendukung kebutuhan bisnis dan
13 operasional

End Point Security


▪ Implementasi keamaman terhadap perangkat EndPoint, ex: Antivirus,
EndPoint Encryption, EndPoint Detection & Response, dll

Application Security
▪ Implementasi keamanan terhadap pengembangan dan operasional
aplikasi. Ex: Secure SDLC, Source Code Review, Web Application Firewall,
dll
IT Infrastructure Security
▪ Implementasi keamanan pada operasional infrastruktur TI, ex: Asset
Management, Patch Management, Data Loss Prevention, dll

Data Security
▪ Implementasi keamanan pada pengelolaan data, ex: Database Encryption,
Secure File Sharing, Data Access Governance, dll

Perimeter & Network Security


▪ Implementasi keamanan pada operasional jaringan komunikasi, ex:
Firewall, Intrussion Prevention, Anti DDOS, dll
Terima Kasih

21

You might also like