INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

Transcription

1 LOGO INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION A. BUDI SETIAWAN The Center of Research and Development of Informatic Application. Agency of Human Resource Research and Development, Ministry of ICT Indonesia Delivered at codebali International Conference 2015 September, 21-23, 2015 in Denpasar-Bali, Indonesia

2 INTRODUCTION Internet usage is increasing ICT is enabler The use of ICT in the public sector Presidential Instruction No. 3/2003 about Policy & National Strategy on the Development of e-government Vulnerability on ICT system

3 Indonesia s Statistics Internet users: 71,190,000 Internet users as of June.30, 2014, and 28.1% penetration. (source : The mobile broadband explosion has subscriber numbers at around 65 million (26% penetration) by end Around 60% of fixed internet subscribers had broadband access

4 Increasing IT Risk in Indonesia Real incident reported such as phishing, identity theft, data (information resources) stealing, critical information resources hostages, information leakage, insider attack (i.e. virus spread) Cases: cyber war, fraud, web deface, hoax, etc Malicious code, common vulnerabilities/zero day attack -pirate software are widely used (not updated) (source: Id-SIRTII/CC, 2012)

5 Recent Risk Report in Indonesia Distributed Denial of Service attack on the system of Domain Name Service (DNS) cctld-id that indicates the attack on the domain "go.id" is the most (source: Zone-h, 2012) Number of attacks to domain id website on October 2012 THREAT (source: Id-SIRTII, 2012)

6 The Study of IT Security Readiness in Government Observe the readiness of Information Security Governance implementation in government agencies Analysis was performed by using index of e-government Rank (PeGI) and Information Security Index (Index KAMI PeGI Trianggulation: Expert judgemnet (FGD) Index KAMI

7 Cyber Security Legal Framework in Indonesia

8 National Policy and Law on Internet Security Indonesia s Act Regulation of Minister of CIT Decree of Minister of CIT Indonesia s Telecommunication Act (UU Telekomunikasi) Information & Electronic Transaction Act (UU ITE) No. 29/PER/M.KOMINFO/10 /2010 about Securing Telecommunication Network Utilization based on Internet Protocol Number: 133/KEP/M/KOMINFO/04/2010 Circular of Minister of CIT Number: 01/SE/M.KOMINFO/02/2011

9 The Index of Indonesian e-government Rank Goals: Provides a reference for the development and utilization of ICT in public sector Provide impetus for the development of ICT in the government through the evaluation of a large, balanced, and objective Provides map of the environment conditions of the use of ICT in the national government 5 Dimensions of Indonesian e-government Rank: No. 1 Policy Dimensions 2 Institutional 3 Infrastructure 4 Application 5 Planning

10 Information Security Index

11 Analysis of Indonesian e-government Rank Ministries Dimension: Policy Dimension: Institutional Dimension:Infrastructure 20.69% 31.03% 0% 3.45% 41.38% 58.62% 44.83% 51.72% 48.28% Good Poor Very Poor Good Poor Very Poor Good Poor Very Poor Dimension: Application Dimension: Planning 68.28% 0% 51.72% 20.69% 3.45% 34.48% 41.38% Good Poor Very Poor Very Good Poor Good Very Poor

12 Analysis of Indonesian e-government Rank Local Government (Provinces) Dimension: Policy Dimension: Institutional Dimension: Infrastructure 29.17% 25.00% 4% 37.50% 20.83% 29.17% 45.83% 58.33% 50.00% Good Poor Very Poor Good Poor Very Poor Good Poor Very Poor Dimension: Application Dimension: Planning 0% 20.83% 29.17% 0.00% 29.17% 79.17% 41.67% Good Poor Very Poor Very Good Good Poor Very Poor

13 Information Security Index 2011 Source: Directorate of Information Security

14 Information Security Index 2012 Source: Directorate of Information Security

15 Information Security Index 2013 Source: Directorate of Information Security

16 Average Value of Information Security Index Area Source: Directorate of Information Security

17 Cyber Security Readiness in Government 1. In most agencies, both central and local governments are already implementing ICT Governance, but with different capacities and in accordance with the conditions of the available human resources and leadership support 2. A common obstacle in the application of ICT governance and information security governance within the government are: Human Resources, Leadership Commitment and funding. 3. In term of ICT security governance in Indonesia, It cause by coordination between government agencies is still weak in terms of cyber security

18 Cyber Security Readiness in Government 1. In applying the information security governance need strong commitment from all level management in government institution related to implement IT Security governance 2. It also need particular policy from the highest level government management which is mandate for all government institution to implement IT Security governance 3. Need particular policy from the highest level government management which is mandate for all government institution to implement IT Security governance 4. Information security should become the spirit for all ICT regulation and policy

19 THANK YOU A. BUDI SETIAWAN ICT Researcher at Center of R&D of Informatic Application Human Resource R&D Agency, Ministry of ICT Indonesia