Kebijakan dan Standar Keamanan Informasi

🟒 1. Pendahuluan

πŸ“Œ Pengertian Kebijakan Keamanan Informasi

Kebijakan Keamanan Informasi (Information Security Policy) adalah seperangkat aturan, prosedur, dan pedoman yang dibuat organisasi untuk melindungi:

  • Data
  • Sistem informasi
  • Infrastruktur TI
  • Jaringan
  • Pengguna

dari ancaman keamanan.

🟑 Pengertian Standar Keamanan Informasi

Standar Keamanan Informasi adalah framework atau acuan resmi yang digunakan organisasi untuk menerapkan keamanan informasi secara sistematis.

πŸ” Narasi

Keamanan informasi tidak cukup hanya menggunakan:

  • Firewall
  • Antivirus
  • Enkripsi

Tetapi juga membutuhkan:

  • Aturan
  • Prosedur
  • Standar
  • Tata kelola
  • Kepatuhan pengguna

Tanpa kebijakan keamanan:

  • Pengguna dapat menyalahgunakan sistem
  • Data mudah bocor
  • Hak akses tidak terkontrol
  • Organisasi sulit menangani insiden

πŸ–ΌοΈ Ilustrasi Kebijakan Keamanan Informasi

https://images.openai.com/static-rsc-4/c2Dbbl31QQs-9gXnW5lHibNCiUMBV8FLzUZWe8cSbqz-aQyoKC-iC_nMMBZ7gAjQKK4fOKx7EMBjgqNVZrRL7qHfV5nPpcWoJKVLpxaDyX2vICwgng6QsXpUvoYF090HMdmgB7q0ThP9oJmZYS1IqlVDddNEb-PpY3KD9k-79ry7USvAcSIcX2gfqnj5PvdU?purpose=fullsize
https://images.openai.com/static-rsc-4/IEOYlhqM3Hhy5lA3vtm3HtPFZfp8_QxxQrwez17xnlJPrNSBMtcIWIvvvo1xidlxWTCRPMk0LmakUYJtUDMGTwjx7SF-QodZ2XHRPHgxQLUCq9uPilBJe6ZlK8VR4XjjdCEmweUooDvdxpCdV-rLeRzKPsgkjr8JQeRvV7uTCcnzrPHkfEFcL5HwRaoaE_5Q?purpose=fullsize
https://images.openai.com/static-rsc-4/THy4JlihYrDB-onnDKhi3rkpQZmSvDORpZlnNcrgco7ATbrWfmLNMA9YjyN-W8WfXOpB_1vmnBxy5a-OGEMFMwdSxnyMvLbh4GMSAriqrvaWD2bs9FbiaxnZaiZCNdgzNzkcAsjgnpy39Q7Rta3KP6PvZ3HF-opANolf-jaZNmHofY-GUw1qKGmGy-msNx_4?purpose=fullsize

4

🟒 2. Tujuan Kebijakan Keamanan Informasi

🟑 Tujuan Utama

πŸ“Œ Melindungi aset informasi

πŸ“Œ Mengurangi risiko keamanan

πŸ“Œ Menentukan aturan penggunaan sistem

πŸ“Œ Menjamin kepatuhan regulasi

πŸ“Œ Meningkatkan awareness pengguna

πŸ“Š Manfaat Kebijakan Keamanan

ManfaatPenjelasan
Kontrol keamananAturan jelas
KepatuhanSesuai regulasi
Mitigasi risikoMengurangi ancaman
AwarenessEdukasi pengguna

πŸ” Narasi

Kebijakan keamanan membantu organisasi:

  • Menentukan siapa boleh mengakses data
  • Menentukan prosedur keamanan
  • Menetapkan sanksi pelanggaran
  • Mengurangi human error

🟒 3. Komponen Kebijakan Keamanan Informasi

🟑 A. Acceptable Use Policy (AUP)

πŸ“Œ Aturan penggunaan sistem dan internet

🟑 B. Password Policy

πŸ“Œ Aturan password aman

🟑 C. Access Control Policy

πŸ“Œ Pengaturan hak akses

🟑 D. Data Protection Policy

πŸ“Œ Perlindungan data organisasi

🟑 E. Incident Response Policy

πŸ“Œ Penanganan insiden keamanan

πŸ“Š Komponen Kebijakan

KebijakanFungsi
AUPPenggunaan sistem
Password PolicyKeamanan akun
Access ControlHak akses
Backup PolicyRecovery data
Incident ResponsePenanganan insiden

πŸ–ΌοΈ Security Policy Components

https://images.openai.com/static-rsc-4/bWrzciUDYY3YwtwU1Kk4oy0y9fu3BA88o9s8SnlZBTHtSrYhz_XsurBBQ5Vl6s9QN4t66uK-wxD0YA6fj5accJxhuaNs1iBFL0fpLrQyW_nKXzAixaxEF7Z42uKhD3vKF2I-YX-cekIuQTFeswvcHNh3ozqPxUVdMs5Kh7up4QrWBJmzC8Ap1BPtifZXbt1h?purpose=fullsize
https://images.openai.com/static-rsc-4/iAhB0fEU--mY_ywhOUAzkmOlO7AwdAWS5YE0Ef2OLD3gFZqC4opk5emTLQEuhbHo3_yE6iLeUg8kP9lEbWXKF-jIzpgPZihjUedNxxdhL8VIuNYZoH8GRIFkWOEn1KqlXi-4bFB0hWm2Vqxj4_PCkITe1yzYvW0hjpe8MSf8pdapWgTfPBlqIEJlp7gSS0OG?purpose=fullsize
https://images.openai.com/static-rsc-4/ycb0ZHrO1nJ1BfyHEifSPPlELm5wP8SA1c-_arEGdSXECihaTXX8vHnZqHNUL155JyFkGXxfDkgCSGjeGUYTZzJcThLisXd5KnWm021g1LTAqeantk8LWeUg7EO1sfCwGbuQ7Y5Eo-SKOMSo98zq3PYiQ9iJfRfUu91CFKHWJr0faLfqfHWFQdALHUTm-F2i?purpose=fullsize

9

🟒 4. Prinsip Dasar Keamanan Informasi

🟑 CIA Triad

πŸ“Œ Confidentiality

Menjaga kerahasiaan data.

πŸ“Œ Integrity

Menjaga keutuhan data.

πŸ“Œ Availability

Menjamin ketersediaan data.

πŸ–ΌοΈ CIA Triad

https://images.openai.com/static-rsc-4/TboYpEI-mFjxXYG6Z4fWUWpQaFUaM0m_qhtm0mb8c48E0O89ttYmSIWT4Md-u7aNubdXkUzk5ADPKgaFo3E8BJERqKGe8qB8AjJRAZ9C7hkWlizyBElI9A_UJxAgWysEQz-ec4qF4OEB8k-p8FUKKXDcpZng62Be3x9hPbdpBdWIBue4_tPLcBOmROrHNCoF?purpose=fullsize
https://images.openai.com/static-rsc-4/-CE1kv0LogGJ4Mlth8aLdmaEz4u2NCTVXMDMZnALLOp8pRsm-N7lkY3R-XHI3aBgB1shoNuGWdvyssupKqXgC6v_xbKe8efTj32AIV7d707wJzDwg27Z1qA8D-z0ahZqQM9aBIk1Rik0VSezGaOMLRvmz1Sr6wk9JlMq2cuGt5VDQNYUYX_iaUL90ZrKNOrL?purpose=fullsize
https://images.openai.com/static-rsc-4/nABR1HQNmy2qLYV7VJlBjUhU08d2CqTNMNr4GwjNElV-QhMKsmAqxpOZAZWodwnnTR-Of0nni6KB2ovTFezBRRRSe4rYvC7U1dB45aYv-j-WWPLupmHSRw_TKb0SgHjwfYpUfoTx8Z8dPszLaQTDRf6bDHc4zCy6iraYm3OtiyzT6eyoBo_yY5lxIjy9f5N8?purpose=fullsize

6

πŸ“Š CIA Triad

PrinsipPenjelasan
ConfidentialityKerahasiaan
IntegrityKeutuhan
AvailabilityKetersediaan

🟒 5. Standar Keamanan Informasi

🟑 A. ISO/IEC 27001

πŸ“Œ Standar internasional ISMS

🟑 B. ISO/IEC 27002

πŸ“Œ Panduan kontrol keamanan

🟑 C. NIST Cybersecurity Framework

πŸ“Œ Framework keamanan siber

🟑 D. COBIT

πŸ“Œ Tata kelola TI

🟑 E. PCI-DSS

πŸ“Œ Keamanan data kartu pembayaran

πŸ“Š Standar Internasional

StandarFokus
ISO 27001ISMS
ISO 27002Kontrol keamanan
NISTCybersecurity
COBITGovernance
PCI-DSSData pembayaran

πŸ–ΌοΈ Information Security Standards

https://images.openai.com/static-rsc-4/Lo-T3rJbbYxgItXUKF07l0gd93--hZ-DcWdIvt2tr1ZU9hCqiJQYySG73pIO712HD7RCUNKKd9Yi0Gq8ag2RLtuD0O1LYBqMgHAuh2OK25WCsSQuZI300JPS8iwoYL8gznbY3NZVy-DcQaKpxfNXi-qXPIM0-5rosX6rouBicEz66lI_0pzZFzkZCXe9skV2?purpose=fullsize
https://images.openai.com/static-rsc-4/-HFh5FYcCQyJyfywdZd_ZYEbhVu34ibB1WDhS5jZnHL4TMdn_itEpncJYm4ZigdjCRenx6t75Am3sfL2oxQFoQYy2m_xEDfdEFhnXaNtpUmq9m1DlzLj89njvw2u6DOxfTjxbJRCJ823yBTKkAdrLQncrLVkXzd6KFkk8hv7HVCamQ1K2C8GtAYwYnYZ1vz2?purpose=fullsize
https://images.openai.com/static-rsc-4/xCz9L_xb1s305YI32548sDrBwpQNY9Y4EqbV2tTFGIjndexIAOBZAR4ZOQ1LqB-xKXxFalU13dB0ofw4z8PvS7ByupttEh2RSLgJ69-CPxHssbX5SKHNcL7gYwsQ2nd1IDueJfTRguK8kGNbtmWcL5dMnZWLWLT7Tw3Lynw_aD22uwZzkghEzAVI42yN6Y-K?purpose=fullsize

7

🟒 6. Information Security Management System (ISMS)

🟑 Pengertian ISMS

Sistem manajemen keamanan informasi berbasis kebijakan dan kontrol keamanan.

🟑 Tujuan ISMS

πŸ“Œ Melindungi aset informasi

πŸ“Œ Mengelola risiko

πŸ“Œ Meningkatkan keamanan berkelanjutan

🟑 Siklus PDCA

πŸ“Œ Plan

πŸ“Œ Do

πŸ“Œ Check

πŸ“Œ Act

πŸ–ΌοΈ ISMS PDCA Cycle

https://images.openai.com/static-rsc-4/2tCfalgMiW40EYG7tJF2eW6nOgw3LgaPLVBeMZuy9X4x2Do_f7M0Z4QvfT1Ysw_kWUeFsiuKwEioUe5YwMCARjPXD5vSSGDzOV6bVsQ4ir5-iNSOPs0qm6lFjPKJonvdlmjyDw_Y9D_JR7r9Z3vLeM7E_r0Qorf9VoRoCKHM2QZeSo3LWRDTHnxoRo7Y7NRh?purpose=fullsize
https://images.openai.com/static-rsc-4/2_G7yS7KBPXsBRN2pH5DQLCcGkIWDWAZELUN9lJgLlwjbEJFq9hkrpAjejAereakIr5rSxGKE9cyILia1lOSoAz7ZxY9wNkQfS_SlylQ0-FoJLD5KHDZU5vEosds8xc021OoN3Btj8WXQ_sKMexjSvRKQxECPh3888MjcpqwBNPax64YwoV47d4cgzCFn_OO?purpose=fullsize
https://images.openai.com/static-rsc-4/I1z8LH9Ajj1yURCLTrGOgpU3NU0kVR_BNVZylxqs8X5xQCbXLmyqDMu2HBRWBaWFswUCqZNcWaw5yI4Yrtw09Ik0884ZD2tDKcd8fu9kh_6RS2HpbFQBmg2-C7BaBZKtfagG53PvJ50piyIQom-sk1F4S_d_se9haUOrlQxLuAdO3ltjoq57RzKefx_tpI1Y?purpose=fullsize

6

🟒 7. Access Control Policy

🟑 Pengertian

Aturan pengelolaan hak akses pengguna.

🟑 Prinsip Least Privilege

πŸ“Œ User hanya mendapat akses sesuai kebutuhan

🟑 Multi Factor Authentication (MFA)

πŸ“Œ Keamanan login tambahan

πŸ“Š Access Control

KontrolFungsi
Username & PasswordLogin
MFAVerifikasi tambahan
RBACHak akses berdasarkan role

πŸ–ΌοΈ Access Control Security

https://images.openai.com/static-rsc-4/pQisUkod_3T5CGzWkUxrdd9ews_Txuzl19PAUgjYBhuU0cHgg3Hb3Thi7rqPjzZToSKt3sdQQoMXvv2V7qf6jV95cQ2clfBivPHA2Dt4CCB87mDuy3BhZ__IXtadn9KHQvKJDt0wjj5EHtYJupBPx5mgVa1Ma3u80zaxVL5Qjio8elag9OUtobZ3hFl_4jnq?purpose=fullsize
https://images.openai.com/static-rsc-4/SttyW_0nRh0Zw7DGb15a_8FElyvaT7gHI8wBHjh9YjhRLP7_Y2wPZoRXxdRFEvgmvgeDKskF6FegfJEbOEaPG6dcBF4TSK_r9hn3ZknCet2gWRy62j-QXKJ49CGxFY82c9zpDIMgObvflAou84aEz9gwzEtDnVauupHl8Jr6kW1qFRTiD0cDuMmorz7Iy6jK?purpose=fullsize
https://images.openai.com/static-rsc-4/di84QVNTmsxPWf7BEknwA-1jqMJT4ZsjWV54mbTR2U8Pot0e6RvCEMa-2zJoAYUrZSbfN0hhLbYC13BB82daNcCaAQqhPzY-n3SN45U5ZN-2YGdK9jT4ta7lq7GxJ-aTp-7dDv24CtPINLMwqcZZqllA6nQ14lhzLyLFc1RHLPOVh1pMK7hqjXtj9ioZk9c0?purpose=fullsize

6

🟒 8. Password dan Authentication Policy

🟑 Password Policy

πŸ“Œ Password minimal 8 karakter

πŸ“Œ Kombinasi huruf, angka, simbol

πŸ“Œ Tidak menggunakan data pribadi

πŸ“Œ Pergantian password berkala

🟑 Authentication Policy

πŸ“Œ Verifikasi identitas pengguna

πŸ“Š Password Security

PasswordStatus
123456Sangat lemah
admin123Lemah
P@ssw0rd2026!Kuat

πŸ–ΌοΈ Password Security

https://images.openai.com/static-rsc-4/PLLeYlcwvmzkIek9TfJ6Wlhgn0kL38ZEVVvbzrtGN3Kzbw8ltI2pdjI66C7QfLexGeMtAq3lzxfeZuFIgSf09282sKK673bsWDZCS7KjSzZZeb2TQHSEzsBtnJEbWP8ZMCEYcv4IGJNnYwwRLpxnX4U1DL4-nRTqSClcOBFGNKurBmc0k98CZ_-0SCS2S4P-?purpose=fullsize
https://images.openai.com/static-rsc-4/oPleb_-GM_xb_lVHDZDtBr4g_oFwogistWED1jlh48Bt_NAiI3yaCXL_hWn49ZcHMpyWfLRiuOPx-ht1zeWmjCXQGX5MNTik-UeuCts3VVOmqndhgtcYlvz6W9-f8DJ4p1QGpI_ggDT5A1Sw-hi-ZRzD3WCem1Xf0rtjwGWjDYGVvC92lNug6UiTuWL1bKsr?purpose=fullsize
https://images.openai.com/static-rsc-4/kosZKC4KIoxqdq9Cz-m44-fa4N9aLgOWQfU6GI70592_800SpwV4OLnRLI5pwhpXFA7a6VAqo4aNo93UNHUNLXBHkQdi7_-QyeQmL_ApkWqMH1FfHqOa4V4C0yWOrjzaZ5STN8-jAN_I3n3bAuSObL_m4hHffTI-bX6-XYRPJfg4h7M1taT6DjnluC0SoRxF?purpose=fullsize

7

🟒 9. Data Protection dan Privacy Policy

🟑 Data Protection

πŸ“Œ Perlindungan data organisasi

🟑 Privacy Policy

πŸ“Œ Perlindungan privasi pengguna

🟑 Regulasi Data

πŸ“Š Regulasi

RegulasiFokus
GDPRData pribadi
UU PDP IndonesiaPerlindungan data
HIPAAData kesehatan

πŸ–ΌοΈ Data Privacy Protection

https://images.openai.com/static-rsc-4/09hgnJ3vhiK4lMB26JIMSMlvqaMwF0U0NPwC-Nr24PbXiNftLcrBw8VTGKZ4chrI3p7umrB7wiJew0T-9crIcI4pB9gtQO_hAWY0vnOqdVYYTbYDdb94wRIBfLMlTsNAQnLZUGwPRPFPfLTdZKibhJznOJyDG_LPKF5pLLPUXGETC4ySmH5h40Wc_62k1RaN?purpose=fullsize
https://images.openai.com/static-rsc-4/t0WP-ohhgscDpv5854LxmOyS331g9EnQ--e4t96GCs_PgSMJQUKp_-KCN97r2FMObXCQVYpgQ6e4eyVyulRzzZq7Vbx5Zy_nMX7tKQadptDELq982m30piCGTOmJJsuaswUig3TEydtawjDnSww84dkAODehcB2lFgcnbSJ4poPtPxivrMrcIbADLP3pD1rc?purpose=fullsize
https://images.openai.com/static-rsc-4/EkQ6hQEz8u61yFxE1jCa10tfNO5mx713pbaJgDnivaM5tG5gZ74zpCTpaBt6frnKAtu5bBpr2RUbXPK0twYXD_7G1mkYf9PIOOAsb6_pzhaCTaWIGC_DV7TitciRqAqgWbWdj6biF_Z97t80d7SUjv-kjNSl16F3byy1fLQx1Wx2Qk0D1sb6e8IrD3GhP_Sh?purpose=fullsize

6

🟒 10. Security Awareness dan Training

🟑 Pengertian

Edukasi keamanan informasi kepada pengguna.

🟑 Materi Awareness

πŸ“Œ Phishing

πŸ“Œ Password security

πŸ“Œ Social engineering

πŸ“Œ Safe internet usage

πŸ“Š Human Error Statistics

PenyebabDampak
Password lemahAkun diretas
Klik phishingMalware masuk
Salah konfigurasiData bocor

πŸ–ΌοΈ Security Awareness Training

https://images.openai.com/static-rsc-4/UlYgXosvwr8N_Q_cxt8ZiEQmDYP2dt1KO3CuizU_cLNS4ztdjQpSNb61am32YkzaReEQjycJ3s89MIF7l_XHMWJzInpdCaMXOIJd8QIrBpew6dLeDhCpFBc2lqTbwpY7Ky77FV0p5XhxcnzL2ORu-t92Eb71NvSUnaLgh75BYUzDGozMn_9qQplEYrr5OXgw?purpose=fullsize
https://images.openai.com/static-rsc-4/1KZCMer4Ix27SrlW6nISL9Q8mM5YLkgQizbdqd6pIFdFYsCzLzSBDWWgblLCwqHsZ922r8lvpcOrH_gsQJCvn9b1XQM9VZS2qrClK-Z2BrReO0foH83EZFGssSmwdckzBHWJCt27JCMS-6up5-_DiXbAtMqcBUB4OHXMV5N0cetNgOowLoCKgU_IhTRRu0Im?purpose=fullsize
https://images.openai.com/static-rsc-4/squiNFxsVcpht8DqLWDetTdyCGYSJzKQDh4BxlWJdqKjs1LQNfB0CjNtZOG3VGxb_dExDM1LSYbG0cpmpZEDyIXEh14bYwznaPVsjklQpHa6FBjbJeZfps1pf_RN_hwsULXin7nWpksLa9dylhp_r2r6bicEE8x7bVDCh4yBOuNLMkb5CjrowjjbtfUYaWRH?purpose=fullsize

6

🟒 11. Audit dan Compliance

🟑 Audit Keamanan

πŸ“Œ Pemeriksaan penerapan kebijakan keamanan

🟑 Compliance

πŸ“Œ Kepatuhan terhadap standar dan regulasi

🟑 Jenis Audit

πŸ“Š Jenis Audit

AuditFungsi
Internal auditPemeriksaan internal
External auditAudit pihak luar
Compliance auditKepatuhan standar

πŸ–ΌοΈ Cybersecurity Audit

https://images.openai.com/static-rsc-4/UKgG8lq5XwYAEmyuEGmpUffWAhP6DQtql5PjvTk9s5LMxHOfYSguYncvjTQnKjBlgVFXzIsiEmJLT5QeGRFfkDXSwDgnrw00xsJOzNDQqweqHMm4xCLu8BskyNJq26saj-uSFDPrG-xpqARAGZJlUuTt2JuuzHMW4mrgVvEYgOFxkzAMXGNHsH213kLwsN2V?purpose=fullsize
https://images.openai.com/static-rsc-4/LrE4qkqNWcgOe93bGmneU8rL8LavTJ8VAfFehBa91XOjPkZYkiuARcTFsI7HA36Dp2JelqnVKOGvP3ICEmBA8pPpwWoG7zUnYK7xS0Jg_O8R_PlfJCMtMYZr6HTShWyhhzk6CDb9ray4biMEqzqyNTJXpnsyRh0ANubzpwqlxfzCZDg58DhpW6Y7DrMX4Fue?purpose=fullsize
https://images.openai.com/static-rsc-4/k5jBt_slMe_Nd3dQGrhHKgDZ93z4kXX9ujAHWQ3v_UREDC5BfAqw4PBLEe8lfwLBLemaQr2P5W0GDLk007a2NqzRrpYlks5hZY2CMFCKeWuXLLZidXJ8xfOeE6iAOY1ulk2clKhn75IerkfSNMdlvJ7ICvIfm6iUrSj4nAXGfEVR7mQnhQhhvOOtKz5teuTP?purpose=fullsize

8

🟒 12. Incident Response Policy

🟑 Tujuan

πŸ“Œ Penanganan insiden keamanan secara cepat dan sistematis

🟑 Isi Incident Response Policy

πŸ“Œ Pelaporan insiden

πŸ“Œ Tim penanganan

πŸ“Œ Prosedur recovery

πŸ“Œ Dokumentasi insiden

πŸ–ΌοΈ Incident Response Policy

https://images.openai.com/static-rsc-4/YRMQXS1ZCDSSuGFPHYqlxlfLXz701oj53pdYK3bUlJsy3x1MzXBRLFea85woWE1J2e9XbYi0ovT1jgJbytVWbkYhgLTbpEQvRbSg3dOMs-k7D1qb5U-nZ_fpOY-2YZq-3oTXw9rLNoX-0FF6Lw2nhT2fnL8H4LYeeG4pR7EpgGuEjOlk_sVUTk6hzSFzkdLh?purpose=fullsize
https://images.openai.com/static-rsc-4/pQs9mVyGKc4vYKjeZBG4MEpIdPzK4Tg-VBMqdIcsouoQOPN_lN103h8g3DdjaBEC9HhNV5zcV5HOSTmcuaKcBMj-kADTWKoYQFxvojKeT1wTvAR1wWG-yUogOkaNefCsCD7ZyetzoL7Ion0XMqqC0H9gpIOt7syOX1xjM0u4xAsrGkLieKpwd2cV2ZXexRvu?purpose=fullsize
https://images.openai.com/static-rsc-4/wjiZskrsU00191GfTT5V204LvOqff2e1sFZmXfAO6kdpBhvUjFqhSPLxE6mYtJjiAVwdyRHQ80zK5o7Ed_hOuVYMjRo6OPpkyNBiRvqTWXxUXgPQ64Ngc_FK1f7tfR-qLsmEkMU9lcaVnGcrrHo7JoXrWWmRP8UR7oABGnSRZWSywH7HX1vJb33pryU-dvRQ?purpose=fullsize

6

🟒 13. Studi Kasus

🟑 Kasus Kebocoran Data Perusahaan

πŸ“Œ Penyebab

  • Tidak ada MFA
  • Password lemah
  • Hak akses berlebihan

πŸ” Dampak

  • Data pelanggan bocor
  • Kerugian finansial
  • Reputasi turun

πŸ–ΌοΈ Data Breach Incident

https://images.openai.com/static-rsc-4/6qiSCw4apmSg8i_ZObb62Mni2kGWuoqe-nwLCGJ9aB1eVkpgYDS8c7NHupclWSGG0tgxlQzMMIrjRKc-S-OIKmiLiI_exC6NClYzq29vboSiT-e_GJV0xBVNAkw2UCZF7pI9ViMwl1IPAZSU5eg8crXRX4kTC1JA_ZufUkAewes4aB3eV1OgfglclS-8n3Lh?purpose=fullsize
https://images.openai.com/static-rsc-4/VxYMe2E9M-Z79N7hVHHVmw0QeT53ILYWrcYrsLB4027_DxcA-GvwCMKeLMDdWkJnvyKxsBPijf788jD72JogOZ_MsJqnIpS-vtXDRLkI6IcqYTAJPkGiHFLZ9eLny6JaQaFHFRENr2lXSFK5EhRhwE8Oa2jCkIoIflhP-d8dhAZ-FCZU4JsPoPKNKFh1lnHU?purpose=fullsize
https://images.openai.com/static-rsc-4/ygUo2Xb74U_WsrGJRAhpHD13h6-kjZzdoIU2c3P9ikZ5xBJB7xTGNDSHGLVhFFrnHKsXbFfdWr4hGs_eo1ubjxEZzbI4z56yUTb0VJBQmIg9N7AEorGiyn2UuWkh0FG8oLQvcfvTmUIN71DGpgBgyOBjIojsn-JxC94dB2QsGzUuetZXddEWh4vBrQFLbM2g?purpose=fullsize

8

πŸ“Š Analisis Kasus

FaktorPenjelasan
Weak policyPassword lemah
ImpactKebocoran data
RiskReputasi rusak
MitigasiMFA & audit

🟒 14. Tutorial Praktikum

πŸ’» Praktikum 1 β€” Membuat Password Policy

Tugas:

Buat aturan:

  • Panjang password
  • Kompleksitas
  • Masa berlaku

πŸ’» Praktikum 2 β€” Simulasi Access Control

Langkah:

  1. Buat role:
    • Admin
    • Dosen
    • Mahasiswa
  2. Tentukan hak akses

πŸ’» Praktikum 3 β€” Audit Keamanan Sistem

Checklist:

  • MFA aktif
  • Backup rutin
  • Antivirus update
  • Firewall aktif

πŸ’» Praktikum 4 β€” Membuat Incident Response Plan

Isi:

  • Tim keamanan
  • Kontak darurat
  • Langkah recovery

πŸ’» Praktikum 5 β€” Simulasi Phishing Awareness

Tugas:

Identifikasi email phishing.

🟒 15. Diagram Tata Kelola Keamanan Informasi

https://images.openai.com/static-rsc-4/IEOYlhqM3Hhy5lA3vtm3HtPFZfp8_QxxQrwez17xnlJPrNSBMtcIWIvvvo1xidlxWTCRPMk0LmakUYJtUDMGTwjx7SF-QodZ2XHRPHgxQLUCq9uPilBJe6ZlK8VR4XjjdCEmweUooDvdxpCdV-rLeRzKPsgkjr8JQeRvV7uTCcnzrPHkfEFcL5HwRaoaE_5Q?purpose=fullsize
https://images.openai.com/static-rsc-4/EwUwtKm10y2xSHAxIZ9r_1DcgMlroovFQXr4oDL9DpmB06Bn49du0-vvTAB_uCbuF-RRy_uhESr8PsdjsQ6hd3jpxg5dQA2vUEThD-_nKiCYKXaBgKJ1VpBclDjK6r4U0pB-1nqBuyypOSO0GDBoEDKKr5GMeCBzakwZnendFtp6TuTYqoPytLQ8ZLjQX4vy?purpose=fullsize
https://images.openai.com/static-rsc-4/4cIxPCwRg2kGTPXXiYUZHt0ZJlYjaac9UgA5XrrGZyXhSQ8aNevAaT-_It87wHg9wYFkUeGCSCAfnpvkILrNcCf4HHi22mIpf9GnZ5HLXfp8FIMhfN5_AsaQyN8IE1d1_-WsGR30sQTrh3gqmoAt8HkdPJM5MQaCIDSvW_bNt2xTxhRHTRLcknKsmZ33gfN7?purpose=fullsize

8

🟒 16. Latihan Mahasiswa

🎯 Soal Latihan

  1. Jelaskan pengertian kebijakan keamanan informasi.
  2. Apa fungsi standar ISO 27001?
  3. Jelaskan prinsip CIA Triad.
  4. Apa tujuan security awareness?
  5. Mengapa audit keamanan penting?

🟒 17. Diskusi Kelas

πŸ“Œ Topik Diskusi

  1. Mengapa teknologi saja tidak cukup untuk keamanan?
  2. Bagaimana meningkatkan awareness pengguna?
  3. Apakah password policy efektif?
  4. Bagaimana kampus menerapkan kebijakan keamanan informasi?

🟒 18. Kesimpulan

πŸ“Œ Ringkasan Materi

Kebijakan dan standar keamanan informasi membantu organisasi:

  • Mengelola keamanan
  • Mengurangi risiko
  • Menjaga kepatuhan
  • Melindungi data

Mahasiswa perlu memahami:

  • Security policy
  • ISO 27001
  • NIST framework
  • Access control
  • Audit dan compliance
  • Security awareness

agar mampu menerapkan tata kelola keamanan informasi secara profesional dan terstruktur.

πŸ“š Referensi Pembelajaran

Buku

  1. Information Security Policies Made Easy β€” Charles Cresson Wood
  2. ISO/IEC 27001 Information Security Management
  3. NIST Cybersecurity Framework Guide

Website

You may have missed

image

β€œChatGPT Membantu atau Menghancurkan Pendidikan?”

agoen May 10, 2026
image

Terus dan Terus Belajar di Era Digital: Kunci Bertahan dan Berkembang di Tengah Perubahan

agoen April 15, 2026
image

πŸŽ“ MASA DEPAN PEMBELAJARAN

agoen April 1, 2026
image

Kecerdasan Buatan (AI) Membuat Manusia β€œTidak” Berharga

agoen April 1, 2026