1 pertemuan 10 membuat dan mengelola resiko dan kriminalitas sistem informasi matakuliah: h0472 /...
TRANSCRIPT
![Page 1: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/1.jpg)
1
Pertemuan 10Membuat dan mengelola resiko dan
kriminalitas sistem informasi
Matakuliah : H0472 / Konsep Sistem Informasi
Tahun : 2006
Versi : 1
![Page 2: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/2.jpg)
2
Learning Outcomes
Pada akhir pertemuan ini, diharapkan mahasiswa
akan mampu :
• Menjelaskan sistem keamanan dan kontrol pada Teknologi Informasi
![Page 3: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/3.jpg)
3
Outline Materi
• Ancaman terhadap kegagalan project
• Ancaman terhadap tidak berfungsinya sistem
• Ancaman terhadap kriminalitas komputer
![Page 4: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/4.jpg)
4
Information System Security and Control
• Threat of Project Failure
• Threat of Accidents and Malfunctions
• Threat of Computer Crime
• Factors That Increase the Risks
• Methods for Minimizing Risks
![Page 5: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/5.jpg)
5
Introductory Case: London Ambulance Service
• Wow, what a mess!
• What did they do wrong?
• Did they do anything right?
• Was this a system that should have even been attempted?
![Page 6: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/6.jpg)
6
Threat of Project Failure
• When can projects fail?INITIATION• The reasons for building the system have too little support.• The system seems too expensive.
DEVELOPMENT• It is too difficult to define the requirements.• The system is not technically feasible.• The project is too difficult is too difficult for technical staff assigned.
IMPLEMENTATION• The system requires too great a change from existing work practices.• Potential users dislike the system or resist using it.• Too little effort is put into the implementation.
OPERATION AND MAINTENANCE• System controls are insufficient.• Too little effort goes into supporting effective use.• The system is not updated as business needs change.
![Page 7: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/7.jpg)
7
Threat of Project Failure
• Remember this?
• What do you think the curve would look like for cost of failure?
![Page 8: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/8.jpg)
8
Threat of Accidents and Malfunctions
• Operator error• Hardware malfunction
– Intel Pentium bug– Was like the embedded chip issue for Y2K
• Software bugs• Data errors• Damage to physical facilities
– We’ll talk more about this for disaster recovery
• Inadequate system performance– London ambulance case
![Page 9: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/9.jpg)
9
Threat of Computer Crime
• Theft– Physical (esp. laptops)
• Case of a laptop taken from the Pentagon in a conference room…
• Recently heard about Silicon Valley exec who lost laptop• CCI insurance
– Logical• Unauthorized use• Fraudulent data entry• Unauthorized use/modification of data
• Sabotage and Vandalism– Trap door, Trojan Horse, Virus
![Page 10: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/10.jpg)
10
Factors that Increase Risk
• Nature of Complex Systems
• Human Limitations
• Pressures in the Business Environment
![Page 11: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/11.jpg)
11
Methods for Minimizing Risks
• Controlling System Development and Modifications
• Providing Security Training• Maintaining Physical Security• Controlling Access to Data, Computers, and
Networks• Controlling Transaction Processing• Motivating Efficient and Effective Operation• Auditing the Information System• Preparing for Disasters
![Page 12: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/12.jpg)
12
Minimize Risks…
![Page 13: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/13.jpg)
13
Build the system correctly…
• Software change control
![Page 14: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/14.jpg)
14
Train the users about security…
![Page 15: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/15.jpg)
15
Maintain physical security…
![Page 16: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/16.jpg)
16
Prevent unauthorized access to hardware and software…
• Manual data handling
• Access privileges
• Access control– What you know– What you have– Where you are– Who you are
![Page 17: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/17.jpg)
17
Prevent unauthorized access to hardware and software…
• Be aware of network issues– Encrypt if necessary
![Page 18: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/18.jpg)
18
Perform transactions correctly…
• Segregation of duties
• Data validation
• Error correction
• Backup & recovery
![Page 19: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/19.jpg)
19
Innovate for efficiency…
• Monitor systems
• Look for opportunities
• Look for incentives
• Look for disincentives
![Page 20: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/20.jpg)
20
Audit your system…
• Trust but verify…
![Page 21: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/21.jpg)
21
Prepare for disasters…
• Remember Murphy's Law
![Page 22: 1 Pertemuan 10 Membuat dan mengelola resiko dan kriminalitas sistem informasi Matakuliah: H0472 / Konsep Sistem Informasi Tahun: 2006 Versi: 1](https://reader036.vdocuments.pub/reader036/viewer/2022062407/56649c8b5503460f94945298/html5/thumbnails/22.jpg)
22
Closing
• Ancaman terhadap kegagalan project
• Ancaman terhadap tidak berfungsinya sistem
• Ancaman terhadap kriminalitas komputer