LOGO

A. BUDI SETIAWAN

INFORMATION SECURITY GOVERNANCE READINESS IN GOVERNMENT INSTITUTION

The Center of Research and Development of Informatic Application. Agency of Human Resource Research and Development,Ministry of ICT Indonesia

Delivered at codeBALI International Conference 2015September, 21-23, 2015 in Denpasar-Bali, Indonesia

INTRODUCTION

• Internet usage is increasingInternet usage is increasing

• ICT is enablerICT is enabler

• The use of ICT in the public sectorThe use of ICT in the public sector

• Presidential Instruction No. 3/2003 about Policy & National Presidential Instruction No. 3/2003 about Policy & National Strategy on the Development of e-GovernmentStrategy on the Development of e-Government

• Vulnerability on ICT system…Vulnerability on ICT system…

Indonesia’s Statistics Internet users: 71,190,000 Internet users as of June.30, 2014, and 28.1% penetration.

(source : http://www.internetworldstats.com/asia.htm#id) The mobile broadband explosion has subscriber numbers at around 65 million (26%

penetration) by end-2014 -- Around 60% of fixed internet subscribers had broadband access

Increasing IT Risk in Indonesia

• Real incident reported such as phishing, identity theft, data (information resources) stealing, critical information resources hostages, information leakage, insider attack (i.e. virus spread)

• Cases: cyber war, fraud, web deface, hoax, etc

• Malicious code, common vulnerabilities/zero day attack -pirate software are widely used (not updated)

(source: Id-SIRTII/CC, 2012)

Recent Risk Report in Indonesia

Distributed Denial of Service attack on the system of Domain Name Service (DNS) ccTLD-ID that indicates the attack on the domain "go.id" is the most

(source: Zone-h, 2012)

(source: Id-SIRTII, 2012)

Number of attacks to domain “id” website on October 2012

THREAT

• Observe the readiness of Information Security Governance implementation in government agencies

• Analysis was performed by using index of e-Government Rank (PeGI) and Information Security Index (Index KAMI

The Study of IT Security Readiness in Government

Cyber Security Legal Framework in Indonesia

National Policy and Law on Internet Security

Indonesia’s Act

“Indonesia’s Telecommunication Act”

(UU Telekomunikasi)

“Information & Electronic Transaction Act”

(UU ITE)

No. 29/PER/M.KOMINFO/10 /2010 about Securing Telecommunication

Network Utilization based on Internet Protocol

Number: 133/KEP/M/KOMINFO/04/2010

Number: 01/SE/M.KOMINFO/02/2011

Regulation of Minister of CIT

Decree of Minister of CIT

Circular of Minister of CIT

The Index of Indonesian e-Government Rank

No. Dimensions

1 Policy

2 Institutional

3 Infrastructure

4 Application

5 Planning

5 Dimensions of Indonesian e-Government Rank:

• Provides a reference for the development and utilization of ICT in public sector

• Provide impetus for the development of ICT in the government through the evaluation of a large, balanced, and objective

• Provides map of the environment conditions of the use of ICT in the national government

Goals:

Information Security Index

Analysis of Indonesian e-Government Rank

Ministries

Analysis of Indonesian e-Government Rank

Local Government (Provinces)

Source: Directorate of Information Security

Information Security Index 2011

Source: Directorate of Information Security

Information Security Index 2012

Source: Directorate of Information Security

Information Security Index 2013

Source: Directorate of Information Security

Average Value of Information Security Index Area

1. In most agencies, both central and local governments are already implementing ICT Governance, but with different capacities and in accordance with the conditions of the available human resources and leadership support

2. A common obstacle in the application of ICT governance and information security governance within the government are: Human Resources, Leadership Commitment and funding.

3. In term of ICT security governance in Indonesia, It cause by coordination between government agencies is still weak in terms of cyber security

Cyber Security Readiness in Government

1. In applying the information security governance need strong commitment from all level management in government institution related to implement IT Security governance

2. It also need particular policy from the highest level government management which is mandate for all government institution to implement IT Security governance

3. Need particular policy from the highest level government management which is mandate for all government institution to implement IT Security governance

4. Information security should become the spirit for all ICT regulation and policy

Cyber Security Readiness in Government

THANK YOU

A. BUDI SETIAWANICT Researcher at Center of R&D of Informatic ApplicationHuman Resource R&D Agency, Ministry of ICT Indonesiaahma003@kominfo.go.id