Management Resiko Is - It PDF
Management Resiko Is - It PDF
Latar belakang
Tujuan dan Kegunaan
Metodologi Risk Management
Summary
Satrio Yudho 2
Pendahuluan
Satrio Yudho 3
Tujuan dan Kegunaan
Satrio Yudho 4
Tujuan dan Kegunaan
Satrio Yudho 5
Risk Asessment
Satrio Yudho 6
Risk Asessment
Satrio Yudho 7
Risk Asessment
System Characterization
Melakukan identifikasi batasan sistem yang ada,
sehingga dapat dengan jelas melihat batasan
fungsionalitas.
Batasan tersebut didapatkan dengan cara :
Mengumpulkan informasi mengenai sistem yang
berkaitan seperti
Hardware
Software
System interface ( internal and external connectivity)
Satrio Yudho 8
Risk Assesment
Satrio Yudho 9
Risk Asessment
Satrio Yudho 10
Risk Asessment
Satrio Yudho 11
Risk Asessment
Threat Identification
Threat merupakan potensi yang ditimbulkan akibat
adanya kelemahan (vulnerability)
Vulnerability merupakan kerawanan/kelemahan
yang dapat di eksploitasi sehingga menjadi threat.
Threat Source identification:
Natural Threats.
Human Threats
Evironmental Threats
Satrio Yudho 12
Risk Asessment
Satrio Yudho 13
Risk Asessments
Satrio Yudho 14
Risk Asessments
Satrio Yudho 15
Risk Asessments
Vulnerability identification
Vulnerability merupakan kelemahan sistem yang
mengakibatkan terjadinya pelanggaran keamanan.
Satrio Yudho 16
Risk Asessments
Vulnerability identification
Satrio Yudho 17
Risk Asessments
Vulnerability identification
Satrio Yudho 18
Risk Asessments
Vulnerability resource
Dokumen risk asessment yang pernah ada.
Vulnerability list
Temuan kelemahan keamanan sistem pada
dokumen audit.
Vendor advisories
Satrio Yudho 19
Risk Asessments
Satrio Yudho 20
Security Criteria
Satrio Yudho 21
Security Criteria
Satrio Yudho 22
Security Criteria
Satrio Yudho 23
Risk Asessment
Satrio Yudho 24
Risk Asessments
Likelihood determination
Satrio Yudho 25
Risk Asessments
Satrio Yudho 26
Risk Asessments
Satrio Yudho 27
Risk Asessments
Risk Level
Satrio Yudho 28
Risk Asessments
Control recommendation
Effectiveness of recommended options (e.g., system compatibility)
Legislation and regulation
Organizational policy
Operational impact
Safety and reliability.
Satrio Yudho 29
Risk Asessment
Satrio Yudho 30
Risk Asessments
Satrio Yudho 31
Risk Asessments
Satrio Yudho 32
Risk Asessments
Satrio Yudho 33
Risk Asessments
Protected Communications
Transaction Privacy
Detection and recovery
Audit.
Intrusion Detection and Containment
Proof of Wholeness.
Restore Secure State.
Virus Detection and Eradication
Satrio Yudho 34
Risk Asessments
Satrio Yudho 35
Risk Asessments
Satrio Yudho 36
Risk Asessments
Satrio Yudho 37
Risk Asessments
Satrio Yudho 38
Summary
Satrio Yudho 39