Upload
polly-berry
View
227
Download
0
Tags:
Embed Size (px)
Citation preview
LOGO
A. BUDI SETIAWAN
INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION
The Center of Research and Development of Informatic Application. Agency of Human Resource Research and Development,Ministry of ICT Indonesia
Delivered at codeBALI International Conference 2015September, 21-23, 2015 in Denpasar-Bali, Indonesia
INTRODUCTION
• Internet usage is increasingInternet usage is increasing
• ICT is enablerICT is enabler
• The use of ICT in the public sectorThe use of ICT in the public sector
• Presidential Instruction No. 3/2003 about Policy & National Presidential Instruction No. 3/2003 about Policy & National Strategy on the Development of e-GovernmentStrategy on the Development of e-Government
• Vulnerability on ICT system…Vulnerability on ICT system…
Indonesia’s Statistics Internet users: 71,190,000 Internet users as of June.30, 2014, and 28.1% penetration.
(source : http://www.internetworldstats.com/asia.htm#id) The mobile broadband explosion has subscriber numbers at around 65 million (26%
penetration) by end-2014 -- Around 60% of fixed internet subscribers had broadband access
Increasing IT Risk in Indonesia
• Real incident reported such as phishing, identity theft, data (information resources) stealing, critical information resources hostages, information leakage, insider attack (i.e. virus spread)
• Cases: cyber war, fraud, web deface, hoax, etc
• Malicious code, common vulnerabilities/zero day attack -pirate software are widely used (not updated)
(source: Id-SIRTII/CC, 2012)
Recent Risk Report in Indonesia
Distributed Denial of Service attack on the system of Domain Name Service (DNS) ccTLD-ID that indicates the attack on the domain "go.id" is the most
(source: Zone-h, 2012)
(source: Id-SIRTII, 2012)
Number of attacks to domain “id” website on October 2012
THREAT
• Observe the readiness of Information Security Governance implementation in government agencies
• Analysis was performed by using index of e-Government Rank (PeGI) and Information Security Index (Index KAMI
The Study of IT Security Readiness in Government
Cyber Security Legal Framework in Indonesia
National Policy and Law on Internet Security
Indonesia’s Act
“Indonesia’s Telecommunication Act”
(UU Telekomunikasi)
“Information & Electronic Transaction Act”
(UU ITE)
No. 29/PER/M.KOMINFO/10 /2010 about Securing Telecommunication
Network Utilization based on Internet Protocol
Number: 133/KEP/M/KOMINFO/04/2010
Number: 01/SE/M.KOMINFO/02/2011
Regulation of Minister of CIT
Decree of Minister of CIT
Circular of Minister of CIT
The Index of Indonesian e-Government Rank
No. Dimensions
1 Policy
2 Institutional
3 Infrastructure
4 Application
5 Planning
5 Dimensions of Indonesian e-Government Rank:
• Provides a reference for the development and utilization of ICT in public sector
• Provide impetus for the development of ICT in the government through the evaluation of a large, balanced, and objective
• Provides map of the environment conditions of the use of ICT in the national government
Goals:
Information Security Index
Analysis of Indonesian e-Government Rank
Ministries
Analysis of Indonesian e-Government Rank
Local Government (Provinces)
Source: Directorate of Information Security
Information Security Index 2011
Source: Directorate of Information Security
Information Security Index 2012
Source: Directorate of Information Security
Information Security Index 2013
Source: Directorate of Information Security
Average Value of Information Security Index Area
1. In most agencies, both central and local governments are already implementing ICT Governance, but with different capacities and in accordance with the conditions of the available human resources and leadership support
2. A common obstacle in the application of ICT governance and information security governance within the government are: Human Resources, Leadership Commitment and funding.
3. In term of ICT security governance in Indonesia, It cause by coordination between government agencies is still weak in terms of cyber security
Cyber Security Readiness in Government
1. In applying the information security governance need strong commitment from all level management in government institution related to implement IT Security governance
2. It also need particular policy from the highest level government management which is mandate for all government institution to implement IT Security governance
3. Need particular policy from the highest level government management which is mandate for all government institution to implement IT Security governance
4. Information security should become the spirit for all ICT regulation and policy
Cyber Security Readiness in Government
THANK YOU
A. BUDI SETIAWANICT Researcher at Center of R&D of Informatic ApplicationHuman Resource R&D Agency, Ministry of ICT [email protected]