Download to read offline
Uploaded byUniversitas Teknokrat Indonesia
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
More Related Content
Similar to MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
More from Universitas Teknokrat Indonesia
MANAGEMEN RESIKO KEAMANAN INFORMASI (english).pptx
- 1. Information Security RiskManagement Information Security Presented by Muhammad Najib DS, S.Kom.,MT Sistem Pembelajaran Dalam Jaringan (Online) Universitas Teknokrat Indonesia najibmuhammadd MuhammadNajibDS
- 2. Information Security RiskManagement • Information security risk management is the process of identifying, prioritising, managing and monitoring cybersecurity risks. Risk management is the process of identifying, measuring, and financially controlling a risk that threatens assets and income. • The goal of information security risk management is to keep data safe, including the identification of risks, evaluation of their impact, and development of mitigation plans. In addition, the goal is to protect an organisation's information assets by identifying, assessing, and managing risks that could threaten the confidentiality, integrity, and availability of information. • The main components of risk management are Identification of assets, risks, threats, and vulnerabilities. najibmuhammadd MuhammadNajibDS
- 3. Basic Concepts ofInformation Security Risk • Risk Definition Information security risk is the potential threat or loss that can occur due to weaknesses in information systems, which can result in a breach of data confidentiality, integrity or availability. • Risk Components Assets, threats, vulnerabilities, impacts, and security controls. • Types of Risk Technology Risk, Operational Risk, Compliance Risk, Financial Risk, Reputational Risk, Physical Risk. najibmuhammadd MuhammadNajibDS
- 4. Risk Management Process Techniques:Brainstorming, interviews, surveys, and document analysis. Assess the likelihood and impact of the identified risks.Qualitative vs. Quantitative. Determine whether the risk is acceptable or needs to be addressed Strategies to address risk. Avoid, reduce, transfer or accept risk Risk Identification najibmuhammadd MuhammadNajibDS Risk Analysis Risk Evaluation Risk Management
- 5. Risk Management Methodsand Frameworks ISO/IEC 27005 • International standard that provides guidance for information security risk management. • Related to ISO/IEC 27001 (Information Security Management System). najibmuhammadd MuhammadNajibDS NIST Cybersecurity Framework • Framework used to manage cybersecurity risks. • Risk assessment and mitigation recommendations. COBIT (Control Objectives for Information and Related Technologies) • A framework for IT governance that includes risk management. OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) • A method that emphasises threat- and weakness- based risk management against an organisation's information assets. • A framework for IT governance that also includes risk management.
- 6. Security Controls forRisk Mitigation Administrative Controls Technical Control najibmuhammadd MuhammadNajibDS Administrative Controls Firewall, enkripsi, IDS/IPS, autentikasi multi- faktor Security policy, security awareness training, incident response procedures Physical security of data centre, CCTV, card- based access.
- 7. Information Security RiskMitigation Strategy Security training for employees: Provide an understanding of good security practices to avoid cyber threats najibmuhammadd MuhammadNajibDS Use of security software: Installation and updating of antivirus, antispyware, and firewalls. Data encryption: Protects data even if it falls into the wrong hands Two-factor authentication (2FA): Adds a layer of security to ensure only authorised users can access the system Regular backups: Enables quick recovery in the event of a ransomware attack or data corruption
- 8. Information System SecurityStandard ISO 27001 dan 17799 SNI ISO/IEC 27001 Information system security standards Criteria for information security readiness based on governance, risk management, framework, asset management, technology aspects, and supplements najibmuhammadd MuhammadNajibDS
- 9. Challenges in RiskManagement Compliance and Regulation Technology Change najibmuhammadd MuhammadNajibDS Security Culture How new technologies can create new risks? Challenges in meeting legal and regulatory requirements. The importance of building a culture of security within the organisation.
- 10.