Presentasi sedang didownload. Silahkan tunggu

Presentasi sedang didownload. Silahkan tunggu

Keamanan Komputer Security Policy -Aurelio Rahmadian-

Presentasi serupa

Presentasi berjudul: "Keamanan Komputer Security Policy -Aurelio Rahmadian-"— Transcript presentasi:

1 Keamanan Komputer Security Policy -Aurelio Rahmadian-

2 Objektif Tingkat Keamanan yang Dibutuhkan Acceptable Use Policy Authentication Security Policy Disaster Recovery Plan



5 Tingkat Keamanan yang Dibutuhkan Tergantung… ◦ jenis bisnis/usaha yang dijalankan oleh perusahaan ◦ jenis data yang disimpan di jaringan ◦ filosofi manajemen dari perusahaan

6 Tingkat Keamanan yang Dibutuhkan

7 Acceptable Use Policy Acceptable Use/Usage Policy (AUP) Fair Use Policy Terms of Service (ToS) Terms of Use Terms and Conditions

8 Acceptable Use Policy Merupakan sejumlah aturan yang diterapkan oleh pemilik atau manajer dari jaringan, website, atau sistem komputer yang fungsinya untuk membatasi bagaimana objek tersebut digunakan User harus menyetujui untuk mematuhi aturan tersebut untuk menggunakan layanan

9 Acceptable Use Policy “AUP documents are written for corporations, businesses, universities, schools, internet service providers, and website owners, often to reduce the potential for legal action that may be taken by a user, and often with little prospect of enforcement.” -wikipedia-

10 Acceptable Use Policy -use-policy ptable_use.html utos-173.html ms/

11 Acceptable Use Policy Using our Services ◦ Don’t misuse our Services. For example, don’t interfere with our Services or try to access them using a method other than the interface and the instructions that we provide. You may use our Services only as permitted by law, including applicable export and re-export control laws and regulations. We may suspend or stop providing our Services to you if you do not comply with our terms or policies or if we are investigating suspected misconduct. ◦ Using our Services does not give you ownership of any intellectual property rights in our Services or the content you access. You may not use content from our Services unless you obtain permission from its owner or are otherwise permitted by law. These terms do not grant you the right to use any branding or logos used in our Services. Don’t remove, obscure, or alter any legal notices displayed in or along with our Services. -Google Terms-

12 Authentication Username

13 Authentication ◦ Use your life as a template ◦ Use your pastime ◦ Keep it succinct ◦ Use compound words ◦ Use your favorite TV show ◦ Try leetspeak ◦ Make your pet's name your user name ◦ Play with your name ◦ Use unique characters ◦ Use a name generator ◦ Jumble it Up

14 Authentication Username ◦ Avoid using names that could be a problem or a risk  Your full or last name  Obscene words—somebody could become offended  Your street address  Do not make an excessively long username  Do not use your email name as a user name

15 Authentication Password ◦ Contain both upper and lower case characters (e.g., a-z, A-Z) ◦ Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~- =\`{}[]:";'<>?,./) ◦ Are at least eight alphanumeric characters long ◦ Are not a word in any language, slang, dialect, jargon, etc. ◦ Are not based on personal information, names of family, etc.

16 Authentication Password ◦ Passwords should never be written down or stored on-line ◦ Try to create passwords that can be easily remembered, one way to do this is create a password based on a song title, affirmation, or other phrase ◦ For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation

17 25 password yang paling mudah ditebak dan terburuk di internet (2013) -SplashData (Software company, CA)-

18 Security Policy Inti dari pengamanan sebuah sistem, organisasi, ataupun objek lainnya yang berbentuk tujuan pengamanan dan prioritas yang tertulis Mencakup pembatasan perilaku anggota, pembatasan akses fungsi, program, data, serta pembatasan yang berhubungan dengan mekanisme seperti pintu, kunci, dll. Perlu dibentuk sebelum kebutuhan teknis

19 Security Policy Menulis security policy merupakan langkah pertama, implementasinya merupakan langkah yang lebih besar ◦ Conduct Security Awareness Seminars, workshops, quizzes ◦ Prepare Do's & Don'ts of Security Policy, distribute and display them ◦ Create posters, stickers, t-shirts, mugs, mouse pads, all with security messages ◦ Run slogan competitions ◦ Give wide publicity to any security breaches in (other) companies ◦ And of course, perform security audits

20 Security Policy – E-mail Policy Confidentiality of information: ◦ E-mail should not be used for confidential information exchange ◦ Sender will be totally responsible for the content of the information ◦ Noe sensitive information like password, PIN, credit card details should ever be sent by e-mail Appropriate use: ◦ Use of e-mail will be restricted for business use only ◦ E-mail should not be used for sending spam mail ◦ E-mail should not be used to transmit chain mails, greetings, graphics, etc. ◦ E-mails should not be automatically forwarded to addresses outside the company ◦ Size of the e-mail should be restricted within approved limits

21 Security Policy – Email Policy Management authority: ◦ Management could use its right to monitor the e-mails ◦ Management could store the e-mails for retreival at a later date for any legal purpose ◦ Any encryption done to e-mail attachments should be with the company approval and the encryption key should be stored for retreival when necessary

22 Security Policy - Other Acceptable use policy Authentication standards Rules for network access Policy for disposal of materials Virus protection standards Online security resources Server room security Anti-theft devices for server hardware Securing removable media

23 Disaster Recovery Plan Merupakan sekumpulan proses atau prosedur yang terdokumentasi untuk memulihkan dan melindungi infrastruktur IT saat terjadi bencana Hal yang tertulis mencakup aksi-aksi yang perlu dilakukan sebelum bencana, saat bencana berlangsung, serta setelah terjadi bencana

24 Disaster Recovery Plan Bencana dapat berupa bencana alam maupun bencana yang diakibatkan manusia Bencana alamPerbuatan manusia LongsorTerorisme BadaiKecelakaan nuklir Sambaran petirPutusnya aliran listrik Kebakaran liarKebakaran (urban) TsunamiKebocoran bahan berbahaya Letusan gunung berapiKerusuhan

25 Disaster Recovery Plan Risk assessment ◦ Identifikasi bisnis proses dan resource yang berhubungan dengan infrastruktur IT ◦ Identifikasi ancaman yang ada terhadap bisnis proses dan resource IT ◦ Tentukan strategi untuk eliminasi atau mitigasi resiko yang disebabkan oleh ancaman

26 Disaster Recovery Plan Information asset management ◦ Apa saja aset yang dimiliki? ◦ Dimana aset tersebut? ◦ Siapa yang memiliki akses terhadap aset dan tahukah tanggung jawab mereka? ◦ Ketika terjadi masalah, apa yang perlu dilakukan? Inventaris






32 Disaster Recovery Plan How will you “reconnect” when nothing works?

33 Disaster Recovery Plan Basic Plan ◦ Provides general guidance ◦ Predicts Disasters ◦ Has defined simple crisis protocols ◦ Identifies leadership and authorities

34 Disaster Recovery Plan Developing a DRP: ◦ Conduct a Risk Assessment ◦ Identify Recovery Strategies ◦ Develop Recovery Procedures ◦ Purchase Products and Services ◦ Test the Plan and Train Users ◦ Maintain the Plan

35 Disaster Recovery Plan Identify processes & resources: ◦ Work procedures ◦ Applications supporting the procedures ◦ Where input comes from and output goes ◦ Alternate procedures when application unavailable ◦ Tolerance to interruption ◦ Supporting infrastructure hardware and software

36 Disaster Recovery Plan ◦ Determine risks that can be eliminated ◦ Determine maximum recovery response time ◦ Determine backup frequency ◦ Determine minimum emergency configurations

37 Disaster Recovery Plan

38 Contoh rencana pemulihan data (tahap pencegahan): ◦ Melakukan backup secara rutin ke magnetic tape yang disimpan off-site ◦ Melakukan backup secara rutin ke electronic “tape vault” melalui jaringan ◦ Remote mirroring data ke beberapa tempat penyimpanan melalui jaringan

39 Disaster Recovery Plan Some of DRP benefits: ◦ Providing a sense of security ◦ Minimizing risk of delays ◦ Guaranteeing the reliability of standby systems ◦ Providing a standard for testing the plan ◦ Minimizing decision-making during a disaster ◦ Reducing potential legal liabilities ◦ Lowering unnecessarily stressful work environment

Download ppt "Keamanan Komputer Security Policy -Aurelio Rahmadian-"

Presentasi serupa

Iklan oleh Google