Perencanaan kebijakan keamanan informasi berdasarkan information security management system (ISMS) ISO 27001 studi kasus: Bank XYZ
Daftar Isi:
- [Informasi merupakan aset yang paling bernilai bagi Bank. Sumberdaya yang memadai dan cukup, harus dialokasikan untuk melindungi aset informasi Bank melalui penyelenggaraan Kebijakan Keamanan Sistem Informasi yang terukur sesuai dengan standard yang ada. Direktorat Information & Technology Bank XYZ Sebagai bagian yang menangani informasi yang bersifat strategis dituntut untuk dapat menjamin keamanan aset yang terkait dengan informasi agar visi dan misi serta sasaran Bank dapat tercapai. Hal tersebut dapat dilakukan dengan membuat suatu kebijakan keamanan informasi. Kebijakan keamanan informasi dapat disusun berdasarkan standar sistem manajemen keamanan informasi (SMKI) atau yang lebih dikenal sebagai Information Security Management System (ISMS) - ISO 27001. Sistem manajemen keamanan informasi menyediakan pendekatan yang sistemik berupa kontrol obyektif dalam mengelola informasi yang bersifat sensitif dengan tujuan mengamankan informasi tersebut. Pendekatan yang dilakukan untuk mewujudkan hal tersebut adalah dengan menerapkan manajemen resiko berdasarkan kontrol dari ISO 27001yang bertujuan untuk menilai sejauh mana dampak keamanan informasi yang mungkin terjadi dapat ditangani.;In this era of digital age where considerable business activities are powered by digital and telecommunication technologies, deriving customer loyalty and satisfaction through delivering high quality services, driven by complex and sophisticated Information Technology (IT) systems, is one of the main services objectives of the Bank towards its customers. From customer services perspective, ?availability? is a degree of how closed the Bank is to its customers so that they can ?consume? the Bank?s services easily and in preference to its competitors. ?Reliability? is the degree of how adequate and responsive the Bank is in meeting its customers? needs. ?Confidentiality? is the trust the customers have in the Bank in that their confidential information will not fall into the wrong hands. Information Technology is one of the means that Bank uses to achieve quality service objectives. Reliance on IT requires an understanding of the importance of IT Security within the IT environments. As business advantages are derived from the use of IT to deliver quality services, critical IT security issues related to the use of IT should be understood and addressed. Safeguarding and protecting security Information systems and assets are prominent issues that all responsible IT users must address. Information is the most valuable assets of the Bank. Adequate resources must be allocated to carry out the safeguarding of Bank?s information assets through enforcing a defined IT Security Policies, Standards and Procedures. Compliance with international and national standards designed to facilitate the Interchange of data between Banks should be considered by the Bank?s management as part of the strategy for IT Security which helps to enforce and strengthen IT security within an organization, In this era of digital age where considerable business activities are powered by digital and telecommunication technologies, deriving customer loyalty and satisfaction through delivering high quality services, driven by complex and sophisticated Information Technology (IT) systems, is one of the main services objectives of the Bank towards its customers. From customer services perspective, “availability” is a degree of how closed the Bank is to its customers so that they can “consume” the Bank’s services easily and in preference to its competitors. “Reliability” is the degree of how adequate and responsive the Bank is in meeting its customers’ needs. “Confidentiality” is the trust the customers have in the Bank in that their confidential information will not fall into the wrong hands. Information Technology is one of the means that Bank uses to achieve quality service objectives. Reliance on IT requires an understanding of the importance of IT Security within the IT environments. As business advantages are derived from the use of IT to deliver quality services, critical IT security issues related to the use of IT should be understood and addressed. Safeguarding and protecting security Information systems and assets are prominent issues that all responsible IT users must address. Information is the most valuable assets of the Bank. Adequate resources must be allocated to carry out the safeguarding of Bank’s information assets through enforcing a defined IT Security Policies, Standards and Procedures. Compliance with international and national standards designed to facilitate the Interchange of data between Banks should be considered by the Bank’s management as part of the strategy for IT Security which helps to enforce and strengthen IT security within an organization]