Showing posts from February 16, 2014

Mengapa kita harus punya Network Mapping ?

Beberapa tipe Policy

The Executive View Most textbooks on policy development focus on the technical side of matters.  For example, some go to great lengths about all the details of access control.  In doing so they achieve two ends: Firstly, and most obviously, this technology-focused approach results in a mass of technical details.  This often confuses what is policy, what is standards and what is procedure.Secondly, resulting from this, the overwhelming consequence is that the policies are obtuse and incomprehensible to much of the organization, not least of all the managers, the executive and the board. This problem usually comes about because the task of writing policy has been limited to that of IT security and has been therefore delegated to the IT department and written by a technician who does not have a crucial role in some other project.  Said technician is unlikely to have good writing skills or the necessary breath of experience.  But most importantly of all the technician will not have the vi…

Dibalik Policy

Beyond Policy The Policy process is just the start of a comprehensive security plan The policy defines the organization’s attitude towards security and makes clear that all members have a part to play in creating and enforcing a suitable culture of security. The best policy and security functions are to no avail if they are not observed or not used. Next is the task of converting the policy into practice, which requires an explicit plan. Identify the assets, tangible and intangible and estimate their criticality and value Assess the threat to those assets Determine the level of acceptable risk Make available the resources to deploy measures to address that level of risk Put in place the training and support necessary to make those measures effective Establish a timetable for a regular review of this process so as to keep up with changing needs in the internal and external environment. All this leads back into Risk Management and Audit & Assessment.

Membuat Policy

Developing Policy Policy can mean different things to different people and be structured in different ways according to the needs of the organization. This section looks at some of those ways. [ Back to top ] Effective Security Systems Require Explicit Policies Policies are an organization's most effective tool for good governance and the smooth running of operations.  They are management's instructions on how the organization is to be run. "Policy: Clarifying What is expected." Policies are essential to the effective, efficient and reliable operation of an organization.  They lead to smooth, consistent and efficient operations. "Guidelines: How to make decisions without perfect information" Properly structured, Policies are general statements that do not need to be revised as the details of technology and products change.  Policies are accompanied by guidelines as to how they are to be applied in new situations. "Standards: References, and documented agr…

Guna dari IS Awareness adalah utk merubah perilaku

Awareness The purpose of Information Security awareness is to change behaviour. Policy can only do so much,and no matter how well written and communicated, it will always have gaps. Awareness helps to bridge those gaps by bring people to understand aims and objectives of security. Hopefully with this understanding they will not only follow the letter of policy but the spirit as well. Awareness – and awareness training – is not the objective; it is just a a step on the way to changing the way people behave. The purpose of Information Security awareness is to change behaviour Security Awareness should be part of a coherent, ongoing plan of teaching staff about various aspects Information Security. In fact a well worked-out course will not only be more effective that a few disjointed episodes such as the occasional “lunch-and-learn” but will give the opportnnity to develop themes and explain not nly the corporate policies but also how Information Security affects our everyday life. Awar…

Keuntungan dari Policies & Procedures

Benefits Policies provide a framework within which to define roles and responsibilities, to formulate and justify any regulations and to make explicit the organization’s attitudes towards any actions that threaten its assets. They are sometimes described as “Management’s instructions as to how the organization is to be run”. Overall the policy must define the place that information security plays in supporting the mission and goals of the institution. Developing a security policy is the first step to improving your organization’s security stance. [ Back to top ] Specific Reasons & BenefitsDemonstrate Management SupportGive security staff the backing of management in further security activitiesDemonstrate a Commitment to SecurityShowing customers that your organization cares about protecting their information.Preventing the negative press that can result from security breaches,Protect InvestmentsReducing the number and extent of information security breaches. The sooner a breach i…

Policies & Procedures

Policies & Procedures Overall, Policies are an organization’s most effective tool for good governance and the smooth running of operations. They are management’s instructions on how the organization is to be run. Policies are essential to the effective, efficient and reliable operation of an organization. They lead to smooth, consistent and efficient operations. Properly structured, Policies are general statements that do not need to be revised as the details of technology and products change. Policies are accompanied by guidelines as to how they are to be applied in new situations. [ Back to top ] System Integrity is experienced in the development of Policies for Information Security, Privacy and Governance. We can guide and assist you and your staff to develop your own policies and procedures in a way that best suits the needs of your organization. [ Back to top ]

What Makes Policy Sucessful? For security policies to succeed they must meet these simple requirements: Management m…

Manajemen Resiko

Risk Management The need for effective IT Risk management has become significantly more important as organizations have become more dependent on their IT systems for their livelihood and success. While many organizations feel they have a solid grasp on their IT risk concerns, too often their IT risk management efforts have serious gaps and vulnerabilities due to a failure to take a holistic approach to IT risk. Effective IT risk management requires a comprehensive approach that addresses all four areas of IT risk: security, availability, performance, and compliance. It requires an IT risk management program that follows a proven model that takes into account an organization’s unique culture and attitudes toward risk. Risk is the chance of something happening that will have an impact on objectives. It is measured in terms of consequences and likelihood. Risk Management includes the culture, processes, and structures that are directed towards the effective management of potential opportu…

Beda Audit dan Assessment

Audit & Assessment What’s The Difference? So, what’s the difference between and Audit and an Assessment? Essentially it is in the degree of formalism involved. An Audit is usually against some formal definition or standard, which may be externally defined, such as ISO-27001 or PCI:DSS, or a law or regulation such as Sarbanes-Oxley in the US or the Canadian PIPEDA. Such audits will have a clearly defined methodology and a clear report of the degree of conformance. Management should think of the deficiencies reported in a formal audit as matters of grave concern that need to be addressed. This is especially so in the case of audits for regulatory compliance since there may be punitive measures for non-conformance. An Assessment is less formal and less severe. An assessment is usually observations by an experienced practitioner that compares the operations and practices of the client against that are generally considered Best Practices. Very often, an assessment can be of more use t…

Governance ?

Governance Simply put “governance” means: the process of decision-making and the process by which decisions are implemented (or not implemented). Governance can be used in several contexts such as corporate governance, international governance, national governance and local governance. And of course, out concern: IT Governance. Corporate governance has been a high profile topic in recent years principally because of public concern at a lack of control at the top of organisations. There is a perception that, in certain cases, senior managers appear to have been able to act without restraint and that inadequately designed systems have failed to prevent fraudulent, inefficient or inappropriate behaviour. A well-defined and enforced corporate governance provides a structure that, at least in theory, works for the benefit of everyone concerned by ensuring that the enterprise adheres to accepted ethical standards and best practices as well as to formal laws. To that end, organizations have…

Mana yang governance , dan mana yang tidak ?

What Governance Is ... and Is NOT There is a growing interest and awareness of IT Governance, but a new ISO standard (see sidebar) makes clear that the term is often misused. What we are really seeing is a rise in interest in IT Governance and Information Assurance – sometimes termed Information Security. These two, long with Service Management (ITIL) these will provide the three supports for business-IT alignment. But Governance is something distinct. It has a passive part and an active part – the ying and yang. The active part of Governance is setting policy, not issuing commands: setting a course not steering.The passive part of Governance is tracking the business against strategy objectives and policy: taking a navigational fix not weighing the cargo. Thus IT Governance is about understanding how right we do IT, and defining “how right” in terms of policy and strategy of the organisation. The four “hows” in the diagram of the header are what Governance is about. The “how well” is …

5 Domain dari IT Governance

The Five Domains of IT GovernanceStrategic AlignmentValue DeliveryPerformance ManagementRisk ManagementResource Management The essential components of IT governance can be expressed as follows: IT governance overall is about delivering value and managing risk.Value delivery, which embodies the concept of risk-related returns, is perhaps the most important.Value delivery is not possible without strategic alignment and resource management.It is impossible to provide transparency of success or failure without performance measurement. Strategic Alignment Strategic Alignment is concerned with how IT supports the enterprise strategy and how IT operations are aligned with current enterprise operations. Alignment involves: Understanding the needs of the businessDeveloping IT strategy and objectivesResource allocation – portfolio managementDemand managementCommunication Why Alignment is Important NEEDSREWRITE Whilst recognising the importance of IT for overall strategy delivery, prominent among…

Apa kah IT Governance itu ?

Over the past few years one of the most common topics with customers seeking to improve their overall performance of the IT groups was “governance”. It often showed up in the following statements: • “The key to our success is governance”
• “What we are really missing is good, solid governance”
• “We would be doing better if we only had good governance” After a while, this got me to thinking. What does ‘governance’ mean? Apparently, it is important to have it. However, when I started talking with people I started to get widely different answers as to what ‘governance’ was, what it consisted of, and why it was so important. What follows below is the outcome of these discussions and ideas. In this post, I will help the reader to better understand the components of governance and why it is important to a high-performing IT organization. I found the best place to start with this topic is with the definition. If one goes to the dictionary governance would be defined as ‘establishing chains of…

Menghubungkan PABX IP dan Analog

Salah satu tantangan adalah saat ini lebih banyak PABX yang masih menggunakan switching analog dibandingkan dengan IP atau Hybrid. Sedangkan untuk mengganti seluruh PABX dengan IP selalu pasti akan mendapat penolakan dari existing user bahkan manajemen.

Solusinya adalah dengan menggabungkan kemampuan PABX analog existing dengan tambahan IP PBX. Hal itu dapat dilakukan dengan cara ini.

Dengan cara di atas, maka PABX lama tetap dipertahankan, dan memungkinkan dipasangnya PABX baru dengan koneksi :
- FXO dari PABX masuk ke PABX IP sebagai FXS
  Cara ini umumnya dipakai untuk koneksi antar trunk

- FXS dari PABX (umumnya extension) masuk ke PABX IP sebagai FXO.
  Cara ini umumnya dipakai untuk koneksi ke PABX IP sebagai Extension dari PABX Analog

- FXO dari PABX masuk ke PSTN, dan dari PSTN masuk ke PABX IP sebagai FXO.
  Cara ini umumnya dipakai apabila koneksi tidak dalam satu lokasi, jadi menjadi 2 PABX berbeda.

Selamat mencoba. Dan hubungi kami apabila Anda tertarik mencoba.