audit security

15
AUDIT SECURITY SERVICES AT PT. XYZ (Case Study PT. POS Indonesia Bandung) AULIA PRIMADANI 1106100047

Upload: josaphet

Post on 29-Sep-2015

230 views

Category:

Documents


6 download

TRANSCRIPT

Presentation Title

AUDIT SECURITY SERVICES AT PT. XYZ(Case Study PT. POS Indonesia Bandung)

AULIA PRIMADANI 1106100047Introduction

Formulation of the problemHow does the application of controls related to security services in PT. XYZ?How is the capability of security services in the PT. XYZ?How IT security improvement recommendations on security services at PT. XYZ

Research GoalMeasure the effectiveness of the control of the security services information system in PT. XYZ.Conduct an assessment capability of security services contained in the PT. XYZ.Develop recommendations for improvement of security services required by PT. XYZ

Benefit of researchIncrease IT security fixes on PT. XYZ.Improve the performance of the company

Scope of problemThe object of research only on security and Quality Assurance division in the directorate of information technology and financial services area headquarters of PT. XYZ.Asessment against the security services that are used only in the domain Deliver Service Support 05.01,05.02,05.03,05.04 and 05.05.Asessment Process during Assessment Capability level using Process Asessment Model (PAM) in the framework COBIT 5.The output of the assessment only an open recommendationsConceptual model

systematical research

Timeline of Research

Risk AssessmentProduct BFeature 1Feature 2Feature 3Feature 4

Capability Level

Conclusion

DSS 05.01PT. XYZ must be able to ensure that the training has been done can be implemented by a trainee.DSS 05.02PT. XYZ should implement only authorized devices can fit into the corporate network and the level of user access rights for all internal systems.All levels of network security should get updates version of the routine and periodic security.PT. XYZ must perform data encryption on all internal systems are contained in the company.PT. XYZ must perform tests on all devices contained in the protection of network and connectivity to ensure all devices support the maximum operational.

Conclusion [1]DSS 05.03PT. XYZ should implement encryption information in a storage mediumPT. XYZ must perform security management of endpoints based on the safety standards required for all devices support contained in the companyPT. XYZ must make improvements to the encryption informationPT. XYZ must update our security in an integrated system for the security of critical data on companiesDSS 05.04Care permissions conducted by PT. XYZ must be able to ensure that the information obtained by the user is in conformity with the functions of officePT. XYZ authenticate access to information assets must be used to protect the user's identity managementAll security functions on identity and access management should be handled by the party responsible for the PT. XYZPT. XYZ should use the standard in managing user identity and access logic

Conclusion [2]DSS 05.05PT. XYZ must perform updating information in determining which parties are allowed to enter the site ITCapability LevelPT. XYZ making process related documentation work has been donePT. XYZ has made the documentation related to the definition of the work done.PT. XYZ conduct regular monitoring of the process of work that has been donePT. XYZ perform tasks related documentation, the rights and obligations of each party is responsible in the process of work that has been done.

TERIMA KASIH