Hasil Pencarian  ::  Simpan CSV :: Kembali

"Perkembangan zaman dan teknologi menyebabkan semakin banyak infrastruktur dan layanan vital yang menggunakan teknologi informasi. Sistem elektronik yang menunjang infrastruktur dan layanan vital tersebut dapat termasuk ke dalam infrastruktur informasi vital (IIV). Dengan ancaman yang hadir pada ruang siber, pelindungan terhadap IIV menjadi penting untuk menjamin keamanan dan ketahanan siber di Indonesia. Pelindungan tersebut direalisasikan melalui Peraturan Presiden Nomor 82 Tahun 2022 tentang Pelindungan Infrastruktur Informasi Vital. Peraturan ini mencakup aspek-aspek pelindungan IIV termasuk aspek identifikasi IIV yang merupakan langkah dalam pelindungan IIV di Indonesia.  Pelindungan IIV khususnya pada aspek identifikasi IIV harus dilakukan dengan metode dan kriteria yang sesuai untuk memastikan seluruh IIV yang ada dapat dilindungi dengan baik. Penelitian ini menggunakan metode kualitatif dan diapaparkan dalam bentuk deskriptif. Penelitian ini bertujuan untuk menjelaskan dan menganalisis pelindungan IIV di Indonesia khususnya pada aspek identifikasi IIV berdasarkan pada framework dari ASEAN CIIP Framework, European Union Agency for Cybersecurity (ENISA), konsep dependensi dan interdependensi serta konsep ketahanan siber unutk melihat bagaimana pelindungan IIV dapat mendukung ketahanan siber di Indonesia. Hasil penelitian menunjukkan bahwa aspek-aspek pelindungan IIV di Indonnesia khususnya pada aspek identifikasi IIV telah sesuai dengan framework yang ada serta konsep ketahanan siber yang digunakan dan dapat turut mendukung ketahanan siber di Indonesia.

---

The development of technology has led to an increasing number of infrastructure and vital services that rely on information technology. The electronic systems that support these infrastructure and vital services can be categorized as critical information infrastructure (CII). With the threats present in cyberspace, protecting CII has become crucial to ensure security and cyber resilience in Indonesia. This protection is realized through The Regulation of The President of The Republic of Indonesia Number 82 of 2022 on Critical Information Infrastructure Protection. This regulation covers various aspects of CII protection, including the identification of CII, which is a crucial step in protecting CII in Indonesia. The CII protection, particularly in the aspect of CII identification, must be carried out using appropriate methods and criteria to ensure that all existing CII can be well protected. This research uses a qualitative method and is presented in a descriptive format. This research aims to explain and analyze the protection of CII in Indonesia, particularly in the aspect of CII identification, based on the frameworks provided by the ASEAN CIIP Framework, the European Union Agency for Cybersecurity (ENISA), the concepts of dependency and interdependency, and the concept of cyber resilience to understand how the CII protection can support cyber resilience in Indonesia. The research findings indicate that the aspects of CII protection in Indonesia, particularly in the aspect of CII identification, are in line with the existing frameworks and the concept of cyber resilience used, and they can contribute in enhancing cyber resilience in Indonesia."

"Secara umum, kebijakan pengamanan infrastruktur informasi vital (IIV) di Indonesia mengacu pada undang-undang informasi dan transaksi elektronik, undang-undang keterbukaan informasi publik, undang-undang Pelindungan data pribadi dan peraturan Pelindungan IIV. Berdasarkan peraturan Pelindungan IIV, program pengamanan IIV setidaknya membutuhkan kerangka kerja pengamanan layanan IIV dan metode identifikasi layanan vital sesuai model pengamanan IIV. Dalam rangka memberikan panduan praktis serta memenuhi kebutuhan strategis, diusulkan rancangan kerangka kerja pengamanan IIV sesuai kebutuhan di Indonesia. Memperhatikan keterbatasan waktu penelitian, rancangan kerangka kerja dibangun mengacu kepada kebutuhan sektor administrasi pemerintahan sebagai sektor yang banyak terhubung dengan sektor strategis lain.Penelitian kerangka kerja pengamanan IIV sektor administrasi pemerintahan dilakukan dengan pendekatan sosioteknikal mengacu metode predicting malfunctions in socio-technical systems (PreMiSTS). pada akhir penelitian dibuat sistem pendukung keputusan sebagai implementasi dari kerangka kerja yang dihasilkan. Keseluruhan tahapan penelitian didesain sebagai penelitian mixed method dengan kombinasi metode analisis data tematik, fuzzy delhphi method (FDM), partial least squares structural equation model (PLS SEM), teori desain visual, focus group discussion (FGD), dan content validity indeks (CVI).Kerangka kerja yang dihasilkan memiliki 6 elemen penentu pengamanan IIV dengan total 20 sub elemen dan 36 indikator. Berdasarkan hasil FDM dan PLS SEM, semua elemen dan sub elemen berpengaruh, namun ada 5 indikator yang harus dihilangkan karena tidak berpengaruh. Berdasarkan nilai CVI, desain kerangka kerja dinyatakan oleh 7 narasumber memenuhi 7 kriteria kerangka kerja, yaitu simplicity, coverage, compliance, dynamics, capabilities, usefulness, dan trustworthiness. Implementasi kerangka kerja dalam bentuk sistem pendukung keputusan memberikan rekomendasi kendali pengamanan untuk setiap fungsi. Kebermanfaatan ini dapat diterima dengan Baik oleh respondenPenelitian ini memberikan kerangka kerja praktis untuk melindungi IIV di sektor pemerintahan Indonesia. Secara teoritis, penelitian ini memberikan kontribusi dalam identifikasi elemen keamanan dengan pendekatan sosioteknikal, serta metode validasi dan evaluasi kerangka kerja di bidang keamanan siber.

---

In general, the policy for securing critical information infrastructure (CII) in Indonesia refers to the information and electronic transactions law, the public information disclosure law, the personal data protection law and the CII protection regulations. Based on the CII Protection regulations, the CII security program requires at least an CII service security framework and vital service identification methods according to the CII security model. In order to provide practical guidance and meet strategic needs, a draft CII security framework is proposed according to needs in Indonesia. Taking into account the limited research time, the framework design was built referring to the needs of the government administration sector as a sector that is widely connected with other strategic sectors.

Research on the CII protection framework for the government administration sector was carried out using a sociotechnical approach referring to the predicting malfunctions in socio-technical systems (PreMiSTS) method. At the end of the research a decision support system was created as an implementation of the resulting framework. The entire research stage was designed as mixed method research with a combination of thematic data analysis methods, fuzzy Delphi method (FDM), partial least squares structural equation model (PLS SEM), visual design theory, focus group discussion (FGD), and content validity index (CVI).

The resulting framework has 6 elements determining IIV security with a total of 20 sub-elements and 36 indicators. Based on the results of FDM and PLS SEM, all elements and sub-elements have an influence, but there are 5 indicators that must be removed because they have no effect. Based on the CVI scores, the framework design was stated by 7 sources as meeting 7 framework criteria, namely simplicity, coverage, compliance, dynamics, capabilities, usefulness and trustworthiness. Implementation of the framework in the form of a decision support system provides security control recommendations for each function. This usefulness was well received by respondents

This research provides a practical framework for protecting CII in the Indonesian government sector. Theoretically, this research contributes to the identification of security elements using a sociotechnical approach, as well as validation and evaluation methods for frameworks in the field of cyber security."

"Keamanan dan ketahanan siber suatu negara saat ini telah menjadi elemen penting karena memiliki keterkaitan dengan keamanan nasional. Serangan siber yang pernah terjadi di berbagai belahan dunia khususnya pada infrastruktur informasi kritis nasional menunjukkan bahwa dampak yang dihasilkan bisa mengganggu stabilitas keamanan nasional. Berdasarkan data Global Cybersecurity Index (GCI) tahun 2018, saat ini Indonesia menempati urutan 41 dari 194 negara di dunia. Indeks tersebut menilai tingkat kesiapan dan komitmen suatu negara terhadap keamanan dan ketahanan sibernya. Oleh karena itu masih terdapat hal-hal yang harusdiperbaiki untuk memperkuat keamanan dan ketahanan siber Indonesia. Penelitianini bertujuan untuk (1) menjelaskan dan menganalisis ancaman siber pada infrastruktur informasi kritis nasional yang dapat mengganggu kedaulatan negara atas ruang siber, (2) menjelaskan dan menganalisis sejauh mana kesiapan Indonesia dalam menghadapi serangan siber pada infrastruktur informasi kritis serta (3) menganalisis strategi untuk mengatasi ancaman siber pada infrastruktur informasikritis dalam mewujudkan kedaulatan negara atas ruang siber. Metodologi yang digunakan pada penelitian ini adalah deskriptif analitis dimana sumber data didapatkan melalui studi literatur dan wawancara terhadap perwakilan dari pihak pemerintah, operator infrastruktur informasi kritis nasional serta lembaga penelitian keamanan siber. Penelitian ini berfokus pada konsep keamanan dan ketahanan siber berdasarkan indikator yang digunakan pada GCI dan akan membandingkan kondisi Indonesia saat ini dengan negara dengan peringkat tiga teratas pada regional Asia Tenggara. Hasil yang didapat adalah kondisi keamanan dan ketahanan siber Indonesia sudah cukup baik. Namun demikian masih terdapat beberapa area yangperlu diperbaiki untuk mengatasi ancaman siber pada infrastruktur informasi kritis nasional sehingga dapat mewujudkan kedaulatan negara atas ruang siber.

---

Nowadays cybersecurity and cyber resilience of a country has become an important

element because it's impact on national security. Cyber attacks that have occurred

in various parts of the world, especially on national critical information infrastructure, show that the resulting impact could disrupt national security stability. Based on data from the Global Cybersecurity Index (GCI) in 2018,

Indonesia currently ranks 41 out of 194 countries in the world. The index assesses

the level of readiness and commitment of a country to its cybersecurity and resilience. Therefore there are still things that need to be improved to strengthen the security and resilience of Indonesia's cyberspace. This study aims to (1) explain and analyze cyber threats to the national critical information infrastructure that can disrupt the country's sovereignty over cyber space, (2) explain and analyze the extent of Indonesia's readiness in facing cyber attacks on critical information

infrastructure and (3) analyze strategies to overcome cyber threats to critical information infrastructure in realizing state sovereignty over cyber space. The methodology used in this research is analytical descriptive where data sources are obtained through literature studies and interviews with representatives from the

government, operators of the national critical information infrastructure and cyber security research institutions. This research focuses on the concept of cyber security and resilience based on indicators used in GCI and will compare the current condition of Indonesia with countries ranked in the top three in Southeast

Asia Region. The results are the conditions of Indonesia's cyber security and resilience is quite good. However, there are still some areas that need to be improved to overcome cyber threat on the national critical information

infrastructure to realize state sovereignty over cyber space."

"ABSTRAKTeknologi informasi dan komunikasi dimanfaatkan secara signifikan dalam kegiatan sehari-hari, sehingga infrastruktur kritis Inggris kini bergantung pada kondisi dalam lingkungan cyberspace. Hal ini tidak hanya memberikan manfaat, tetapi juga dapat menimbulkan ancaman yang dapat mempengaruhi stabilitas keamanan nasional. Oleh karena itu cyber security menjadi salah satu prioritas tertinggi dalam kebijakan keamanan nasional Inggris. Namun regulasi cyber security di Inggris sering kali mengundang perdebatan dan tentangan dari berbagai pihak. Penelitian ini bertujuan untuk mengkonstruksi pro dan kontra masyarakat terhadap regulasi tersebut serta menganalisis penyebab regulasi cyber security di Inggris bertentangan dengan prinsip HAM. Analisis dalam penelitian ini menggunakan teori keamanan dan teori masyarakat informasi dengan metode penelitian hukum normatif dan pendekatan kualitatif. Hasil dari penelitian ini menunjukkan bahwa regulasi cyber security di Inggris tidak mencerminkan nilai kebebasan individu serta dapat bersifat positif dan negatif di saat yang bersamaan. Di satu sisi bertujuan untuk melindungi kemanan seluruh warganya dari kejahatan serius dan di sisi lain tujuan tersebut diwujudkan melalui peraturan yang mencederai hak fundamental individu.

---

ABSTRACTInformation and communication technology utilized significantly in daily activities, so that critical infrastructures in the UK now dependent on conditions in cyberspace. It rsquo s not only bring advantages, but also could pose threats that affect national security. Therefore cyber security becomes one of the highest priorities in national security policy of the UK. Cyber security regulations in the UK are often invite debate and opposition from various parties. This study aimed to construct the pros and cons of the regulation and analyze the causes of its contrary to the principles of Human Rights. The analysis in this study uses security theory and the theory of the information society with normative legal research methods and qualitative approaches. The results of this study indicate that the regulation of cyber security in the UK do not reflect the values of individual freedom and could be positive and negative at the same time. On the one hand aims to protect the security of all citizens from serious crime and on the other hand this objective is manifested through regulations that harm the fundamental rights of individuals."

"Pada era teknologi yang berkembang sangat cepat seperti sekarang ini, kebutuhanakan informasi yang akurat dan kredibel menjadi sangat penting bagi setiapperusahaan. Faktor sumber daya manusia SDM menjadi akar permasalahanterjadinya pelanggaran keamanan informasi, bila dibandingkan dengan kesalahandari sisi teknologi. Oleh karena itu, diperlukan pengukuran tingkat kesadarankeamanan informasi untuk mengetahui sejauh mana tingkat kesadarannya, yangpada akhirnya dapat menjadi dasar dalam menyusun tahapan yang tepat untukmeningkatkan kesadaran keamanan informasi. Penelitian ini dilakukan padaperusahaan swasta nasional yang bergerak pada industri media/televisi berbayar.Metode yang digunakan adalah kuantitatif dengan cara menyebar kuesioner modelHAIS-Q Human Aspects of Information Security Questionaire kepada seluruhkaryawan. Penelitian ini juga akan mengukur hubungan dan pengaruh dimensipengetahuan, sikap dan perilaku manusia terhadap tingkat kesadaran keamananinformasi. Hasil pengukuran menyatakan bahwa tingkat kesadaran keamananinformasi pada organisasi yang menjadi objek penelitian berada pada tingkat ratarata 74 dan memerlukan program peningkatan kesadaran keamanan informasiseperti penyuluhan, pengiriman surat elektronik secara berkala dan pada tingkatakhir adalah pelatihan.

---

Nowadays, in these fast growing of technology, needs of credible information isvital. It is increasingly acknowledged that many threats to an organization rsquo;scomputer systems can be attributed to the behavior of computer users human compared to failure of the technology. Hence, it is necessary to measure the levelof information security awareness in order to formulate the appropriate programto increase its level. This research is conducted on private company engaged inmedia / pay-tv industry. Method used is quantitative by distributing HAIS-Q Human Aspects of Information Security Questionnaire model to the employee.The research also identifies the correlation among knowledge, attitude andbehavior aspects as well as the influence of those three aspects to informationsecurity. The result of this research shows that the level of information securityawareness is at average level 74 and needs appropriate program likecounseling, send email and training about information security to improve itslevel."

"Peraturan Menteri Luar Negeri Nomor 02 Tahun 2016 tentang Organisasi dan Tata Kerja Kementerian Luar Negeri menyebutkan bahwa Pusat Teknologi Informasi dan Komunikasi Kementerian dan Perwakilan Pustekinfokom melaksanakan tugas penyusunan kebijakan teknis, pelaksanaan, pemantauan, evaluasi dan pelaporan dalam pengembangan dan pengelolaan sistem keamanan informasi dan persandian, teknologi informasi dan komunikasi, dan sistem komunikasi berita pada Kementerian Luar Negeri dan Perwakilan Republik Indonesia. Sistem komunikasi berita yang dikelola Pustekinfokom KP tidak mencakup prosedur pengamanan pada konsep berita dan penyimpanan berita yang sudah terdistribusi ke pejabat pengguna. Hal ini menimbulkan ancaman terhadap keamanan informasi berita seperti yang sudah terjadi dengan beredarnya draft berita rahasia di salah satu majalah nasional Indonesia. Berkaitan dengan hal tersebut, diperlukan suatu ketentuan baku seperti pembuatan Prosedur Operasional Standar POS pengelolaan berita. POS pengelolaan berita tersebut disusun menggunakan Soft System Methodology SSM yang telah dimodifikasi. Kebutuhan prosedur yang harus dirancang didapatkan dari hasil wawancara yang hasilnya dianalisis menggunakan thematic analysis. Penelitian ini menghasilkan 8 delapan rancangan prosedur pengelolaan berita yang terdiri dari pembuatan konsep berita, kirim berita biasa, kirim berita rahasia, terima berita biasa, terima berita rahasia, monitoring berita, pengarsipan berita, dan komunikasi darurat.

---

The regulation of the Minister of Foreign Affairs number 02 year 2016 about The Organization and Working Procedures of the Foreign Ministry, said that the Center of Information and Communication Technology for Ministry and Indonesia Representative ICT Center has the functions as a technical policy formulation, implementation, monitoring, evaluation, and reporting in the development and management of information security system and encryption, the information and communication technologies, and news communication systems on the Ministry of Foreign Affairs and representatives of the Republic of Indonesia. News communication systems of ICT Center not included procedural safeguards for the concept of news and the news that already distributed to official users. This conditions poses a threat to information security as there are already happened with the release of a draft of secret news in one of Indonesia 39;s national magazine. Related to it, ICT Center required a Standard Operating Procedures SOP for news management. SOP for news management was compiled using Soft Systems Methodology SSM that have been modified. The needs of the procedure must be designed from the results of the interview results that were analyzed using the thematic analysis. This research resulted in 8 eight draft procedures for news management that consists of the creation of the concept of news, submit regular news, submit secret news, received regular news, received secret news, news monitoring, archiving, and news emergency communications."

"The present volume aims to provide an overview of the current understanding of the so-called Critical Infrastructure (CI), and particularly the Critical Information Infrastructure (CII), which not only forms one of the constituent sectors of the overall CI, but also is unique in providing an element of interconnection between sectors as well as often also intra-sectoral control mechanisms. The 14 papers of this book present a collection of pieces of scientific work in the areas of critical infrastructure protection. In combining elementary concepts and models with policy-related issues on one hand and placing an emphasis on the timely area of control systems, the book aims to highlight some of the key issues facing the research community."

"Serangan siber yang meningkat dan bervariasi membutuhkan sebuah model yang mampu meningkatkan ketahanan dan kesadaran akan ancaman serangan bencana siber. Penelitian ini mengembangkan model cyberdisaster situation awareness yang mampu menggambarkan dua tahap proses yaitu penilaian tingkat risiko ancaman bencana siber dan kerangka pengujian kerentanan keamanan siber melalui metode audit, tabletop exercise dan penetration testing. Penelitian ini menggunakan metode risiko formal fuzzy FMEA dan temporal risk. Hasil penelitian pertama menunjukan bahwa model cyberdisaster situation awareness mampu meningkatkan ketahanan keamanan siber. Model ini menggambarkan bahwa dengan metode fuzzy FMEA didapatkan nilai tingkat risiko bencana tertinggi yaitu ancaman serangan ransomware dan gempa bumi. Dari dua nilai risiko yang tertinggi tersebut dilakukan validasi faktor-faktor yang mempengaruhi tingkat kesadaran dalam menghadapi ancaman ransomware dan gempa bumi melalui survey 152 responden. Hasil survey menunjukan bahwa keputusan respon bencana siber dipengaruhi oleh faktor kapabilitas sistem (p < 0,05), faktor pengetahuan (p < 0,05), dan faktor kesadaran akan situasi bencana (p < 0,05). Pada penelitian kedua menunjukan bahwa kerangka pengujian kerentanan keamanan siber dengan pendekatan temporal risk dapat membantu meningkatkan ketahanan dan keamanan siber. Metode pengujian audit, tabletop exercise dan penetration testing akan menghasilkan dua klasifikasi risiko yaitu risiko yang dapat diterima (tolerable risk) dan risiko yang tidak dapat diterima (intolerable risk). Penelitian ini juga menggunakan aplikasi untuk membantu mengukur tingkat risiko keamanan siber berdasarkan Annex ISO 27001:2013. Hasil pengujian penilaian risiko dengan metode audit berdasarkan annex ISO 27001:2013 ditemukan bahwa tingkat risiko yang dapat diterima adalah akuisisi, pengembangan dan pemeliharaan sistem, dengan nilai indeks kinerja pengamanan sebesar 38.29%. Untuk hasil pengujian metode tabletop exercise dihasilkan bahwa tidak ditemukan tingkat risiko tinggi atau yang tidak dapat diterima, dengan nilai indeks kinerja pengamanan sebesar 75%. Hasil pengujian dengan metode penetration testing menunjukan bahwa risiko yang tidak dapat diterima adalah pengendalian akses dan pengamanan komunikasi, dengan nilai indeks pengendalian pengamanan sebesar 16.66%. Dari temuan kerentanan ini dilakukan tindakan perbaikan melalui aplikasi untuk meningkatkan ketahanan dan keamanan siber. Tindakan perbaikan ini menghasilkan kinerja pengamanan 100% memenuhi annex ISO 2700:2013. Kebaruan dari penelitian ini adalah konsep model kerangka cybersituation awareness yang mampu menilai risiko ancaman keamanan siber dan pengujian kerentanan pengendalian keamanan siber.

---

Cyber attacks that are increasing and varied require a model that is able to increase resilience and awareness of the threat of cyber-disaster attacks. This study develops a cyberdisaster situation awareness model that is able to describe two stages of the process, namely the assessment of the level of cyber disaster threat risk and a cybersecurity vulnerability testing framework through audit methods, tabletop exercise and penetration testing. This study uses a formal risk method fuzzy FMEA and temporal risk. The results of the first study showed that the cyberdisaster situation awareness model was able to increase cyber security resilience. This model illustrates that with the fuzzy FMEA method, the highest level score of disaster risk is the threat of ransomware attacks and earthquakes. From the two highest risk values, validation of the factors that affect the level of awareness in dealing with the threat of ransomware and earthquakes was carried out through a survey of 152 respondents. The survey results show that cyber disaster response decisions are influenced by factors such as system capability (p < 0.05), knowledge factor (p < 0.05), and awareness of disaster situations (p < 0.05). The second research shows that a cybersecurity vulnerability testing framework with a temporal risk approach can help improve cyber resilience and security. The audit testing method, tabletop exercise and penetration testing will produce two risk classifications, namely tolerable risk and intolerable risk. This study also uses an application to help measure the level of cybersecurity risk based on Annex ISO 27001: 2013. The results of risk assessment with testing the audit method based on annex ISO 27001:2013 found that the acceptable level of risk is the acquisition, development and maintenance of the system, with a security performance index value of 38.29%. For the results of the tabletop exercise test method, it was found that there was no high or unacceptable risk level, with a security performance index value of 75%. And for the test results using the penetration testing method, it shows that the unacceptable risk is access control and communication security, with a security control index value of 16.66%. From the findings of these vulnerabilities, corrective actions are taken through applications to increase cyber resilience and security. These corrective actions result in 100% security performance meeting the annex ISO 27001:2013. The novelty of this research is the concept of a cybersituation awareness framework model that is able to assess cybersecurity threat risks and test cybersecurity control vulnerabilities."

"Summary :The Basics of Information Security will provide the reader with a basic knowledge of information security in both theoretical and practical aspects. We will first cover the basic knowledge needed to understand the key concepts of information security, discussing many of the concepts that underpin the security world. We will then dive into practical applications of these ideas in the areas of operations, physical, network, operating system, and application security. Book Audience This book will provide a valuable resource to beginning security professionals, as well as to network and systems administrators. The information provided on can be used develop a better understanding on how we protect our information assets and defend against attacks, as well as how to apply these concepts practically"-- Provided by publisher.ContentsMachine generated contents note: Introduction What is Information Security? Identification and Authentication Authorization and Access Control Auditing and Accountability Cryptography Legal and Regulatory Issues Operations Security Human Element Security Physical Security Network Security Operating System Security Application Security."

"The basics of IT audit : purposes, processes, and practical information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA.IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements."