1 Pertemuan 19 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Slides:



Advertisements
Similar presentations
Module N° 7 – SSP training programme
Advertisements

Community engagement Implementing NICE guidance 2008 NICE public health guidance 9.
YOUR ROLE IN REALISING THE AUSTRALIAN CHARTER OF HEALTHCARE RIGHTS A TRAINING GUIDE FOR HEALTHCARE PROFESSIONALS.
Head Teacher Forum 23 June 2010 Managing your business! Code of Conduct Update Tina Renshaw – Regional Human Resources Manager.
PP4SD & Science Council Workshop 27th November 2006 Skills for Sustainability. Skills Needs: An Employers perspective Richard Howell Sustainable Development.
Child Safeguarding Standards
1 Pertemuan > > Matakuliah: >/ > Tahun: > Versi: >
1 Pertemuan 25 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Health and Safety - an update Ian Gillett Safety Director.
Customer Service & Customer Protection in MANSELL
HAVING TROUBLE UNDERSTANDING NZS ? 2001–2008 The four previous standards were reviewed with the aim of: Reducing duplication between standards.
1 Pertemuan 11 Personnel, Administration and Recruiting Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
1 Pertemuan 21 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
1 Pertemuan 23 Managing The Effectiveness of The Audit Department Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 13 Understanding Interactive Communication Matakuliah: J0324/Sistem e-Bisnis Tahun: 2005 Versi: 02/02.
1 Pertemuan 9 Making an outline Matakuliah: G1072 – Reading 1 Tahun: 2005 Versi: revisi 0.
1 Pertemuan 21 Audit Reporting Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 3 Information at Risk Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
1 Pertemuan 16 Audit Performance Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 4 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 3 Auditing Standards and Responsibilities Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 9 Department Organization Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Understand your role 1 Standard.
1 Pertemuan 19 Audit Reporting Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 17 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
1 Pertemuan 5 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Workplace Safety and Health Program
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Session 3 – Information Security Policies
IT Job Roles Task 20. Software Engineer Job Description Software engineers are responsible for creating and maintaining software of various different.
Control environment and control activities. Day II Session III and IV.
1 CHCOHS312A Follow safety procedures for direct care work.
Self Assessment Feedback Logistics R Us GOLD Member.
 This presentation looks at: › What is risk management › How to identify risks › How to implement an effective risk management policy to increase your.
Future Aspirations Dr Maire Shelly Associate Postgraduate Dean North Western Deanery.
Topic 4 How organisations promote quality care Codes of Practice
1 Pertemuan 15 Audit Performance Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
1 Pertemuan 4 Information at Risk Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
EQARF Applying EQARF Framework and Guidelines to the Development and Testing of Eduplan.
Quality Management.  Quality management is becoming increasingly important to the leadership and management of all organisations. I  t is necessary.
1 Pertemuan 18 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
1 Pertemuan 14 Security Policies Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
LEARNING INTENTION Students will be able to: Respond to task/action words in exam questions We know we can do this when: Students address exam questions.
© 2001 Change Function Ltd USER ACCEPTANCE TESTING Is user acceptance testing of technology and / or processes a task within the project? If ‘Yes’: Will.
1 Pertemuan 10 Software Protection Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Copyright  2005 McGraw-Hill Australia Pty Ltd PPTs t/a Australian Human Resources Management by Jeremy Seward and Tim Dein Slides prepared by Michelle.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
Sample Codes of Ethics in Adventure Tourism
POLICIES = CONTROL Simply stated, a policy lays out what management wants employees to do and a procedure describes how it should be done.
Ruth Martin The SII Perspective on T&C Development Developments APCIMS Conference 26 th June 2008.
1 Pertemuan 22 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Assessment Validation. MORE THAN YOU IMAGINE ASQA (Australian Skills Quality Authority) New National Regulator ASQA as of 1 July, 2011.
Shaping Solihull – Everything We Do, Everyone’s Business Meeting Core Objectives for Information, Advice, Advocacy and Support Services in Solihull Partners'
? Moral principles of right and wrong Used by individuals/organisations To guide behaviour.
Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.
1 Pertemuan 16 The Business Owner’s View Matakuliah: A0194/Pengendalian Rekayasa Ulang Informasi Tahun: 2005 Versi: 1/5.
1 Pertemuan 9 Software Protection Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
VICTORIAN CHARTER OF HUMAN RIGHTS AND RESPONSIBILITIES.
Governance, risk and ethics. 2 Section A: Governance and responsibility Section B: Internal control and review Section C: Identifying and assessing risk.
P3 Business Analysis. 2 Section D: Business Process Change D1. The role of process and process change initiatives D2. Improving the process of the organisation.
Pertemuan 16 Security Policies
Competence Pack Guide to Assessment.
Competence Pack Guide to Assessment.
Chapter 8 Developing an Effective Ethics Program
DMCS Data Ethics Framework principles
CEng progression through the IOM3
Presentation transcript:

1 Pertemuan 19 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1

2 Learning Outcomes Pada akhir pertemuan ini, diharapkan mahasiswa akan mampu : Mahasiswa dapat menunjukkan Organisational back up

3 Outline Materi Information Security Training –Why Is Security Training Important? –Security Training and Security Awareness – What Is The Difference? –Who Should Be Trained, How, and What Should They Be Trained In? Who Needs To Be Trained? How Should The Training Be Conducted? What Training Is Required?

4 –What Training Structure Would Be The Most Effective in The Long Term? Principle 1 – Awareness Principle 2 – Responsibility Principle 3 – Response Principle 4 – Ethics Principle 5 – Democracy Principle 6 – Risk Assessment Principle 7 –Security Design and Implementation Principle 8 – Security Management Principle 9 – Reassessment –Conclusion

5 Information Security Training Why Is Security Training Important? Security Training and Security Awareness – What Is The Difference? –Who Should Be Trained, How, and What Should They Be Trained In? –Who Needs To Be Trained? –How Should The Training Be Conducted? –What Training Is Required?

6 What Training Structure Would Be The Most Effective in The Long Term? –Principle 1 – Awareness –Principle 2 – Responsibility –Principle 3 – Response –Principle 4 – Ethics –Principle 5 – Democracy –Principle 6 – Risk Assessment –Principle 7 –Security Design and Implementation –Principle 8 – Security Management –Principle 9 – Reassessment Conclusion

7 Why Is Security training Important? This may sound like an obvious question, but it is important to look at what problems security training is likely to address effectively. Training is a ‘people’ issue – again, an obvious statement, but so often we overlook the obvious.

8 Security Training and security Awareness – What Is The Difference? Information security is, above all, a business issue, which involves people, processes and technology. Security awareness can be thought of as creating the aspiration, whilst security training can be seen as one important means of achieving this aspiration. They are complementary and both are necessary for creating a security-aware culture by helping people move round the security learning cycle.

9 Who Should Be Trained, How, and What Should They Be Trained In? The answer to the ‘who’, ‘how’ and ‘what’ question will depend on the individual and on the needs of your business, but the following points are relevant.

10 Who Needs To Be Trained? It is glib to say that everyone in an organisation at some time or another should receive some sort of information security training. In some organisations it is not unusual for every employee to have a security-related item in their job description and, where appropriate, to have specific relevant personal objectives.

11 How Should The Training Be Conducted? One example of how to conduct the training has already been given where distance learning was used effectively. Training courses are also very effective, both external and in-house, and on some of the more technical training it is important to provide hands-on training facilities. There are many vendor-specific technical training courses, and counsulting firms can be employed to run courses on almost any aspect of information securities.

12 What Training Is Required? This question is perhaps the most complex to deal with, as what training is required depends on the individual, their role within an organisation and the aspirations of both the individual and the organisation. A good starting point, however, is to look at possible structures for determining what training is needed. A logical place to start would be to organise training around the ‘information security policy’ of the organisation, where, for example, all desktop users could be trained on the Internet usage policy.

13 What Training Structure Whould Be The Most Effective in The Long Term? This section proposes that an effective structure for security training should be one that is bases on the nine principles described in the OECD guidelines. The guidelines state that: ‘All participants will be aided by awareness, education, information sharing and training that can lead to adoption of better security understanding and practices.’

14 Principle 1 - Awareness The guidelines expand on the importance of risk awareness as the first line of defence and of people understanding the consequences arising from the abuse of information systems and networks. Training should therefore ensure that people in all roles clearly understand these risks, and what they need to do to mitigate them.

15 Principle 2 - Responsibility The guidelines promote good management practices in terms of ensuring that individuals are aware of their responsibility and are accountable. Training should therefore be provided to help ensure people have the necessary skills and knowledge for themto discharge this responsibility.

16 Principle 3 - Response This recognises that security incidents will occur and that it is important to respond to them in a co-operative and timely manner. This raises an important point in terms of co-operation, because ideally training would need to inform on other people’s misfortunes – that is, learning from other people’s mistakes. However, information sharing is recognised as being difficult due to the potential loss of reputation arising from the risk of unsympathetic media reporting.

17 Training should therefore attempt to include content from shared information on sensitive issues such as incidents.

18 Principle 4 - Ethics This is fundamental to changing the culture in terms of making people recognise that their action or inaction may harm others. Training should therefore be provided on codes such as these and delivered to all people in an organisation. A good place to start is induction training.

19 Principle 5 - Democracy This can often be taken for granted in the UK, but it addresses the need for information security to be compatible with the essential value of a democratic society. Training should therefore be provided to help people understand the relevant legislation, both in terms of their rights and what is illegal.

20 Principle 6 – Risk Assessment Participants are encourage to conduct risk assessments in this section of the guidelines. Risk is a term used by many but, arguably, understood by few. Training should be given on risk and how it relates to the individual’s role within the organisation.

21 Principle 7 – Security Design and Implementation I would argue that this is one of the most fundamental principles of the OECD guidelines where it states that systems, networks and policies need to be properly designed, implemented and co-ordinated to optimise security. Training should be provided on how security can be designed into IT systems and networks, as well as on implementing and maintaining them in a secure manner. Suppliers and users should teach their staff how to do it, and clients should teach their staff how to procure systems and services that will be secure.

22 Principle 8 – Security Management The guidelines state that participants should adopt a comprehensive approach to security management.

23 Principle 9 - Reassessment Security training should, therefore, not be a single event for any individual, but should be provided continuously to meet to needs of the changing environment. This also applies to security awareness, as important to continuously re-enforce the need for good security practice. Otherwise there is a risk of complacency, especially if no significant incidents occur.

24 Conclusion It is recognised that not all the points of advice provided above will apply to everyone,b ut it is hoped that with the right prioritisation the reader can go away and act on at least one price of advice or comment in this chapter.

25 The End