IND | ENG
BSSN: Time to Implement Cyber Security Standards for Indonesian Businesses

Illustration | Photo: Freepik.com

BSSN: Time to Implement Cyber Security Standards for Indonesian Businesses
Faisal Hafis Diposting : Rabu, 24 Juni 2020 - 15:00 WIB

 

Cyberthreat.id - Chair of the Cyber Communication Information System Security Research Center (CISSReC), Pratama Dahlian Persadha, said that Indonesia does not yet have cyber security standards that can be applied to technology-based business actors.

On the one hand, threats and cyber attacks targeting businesses are increasing. This is mirrored by the case of Tokopedia, Bukalapak and Bhinneka.com customer data sales.

Pratama said that cyber security standards must be made in detail, going above and beyond data centers, sophisticated computers, patched routines, or using antivirus software.

"It's not like that. It has to be tested. For example, there must be routine penetration testing. Then, who does the pentest. There is a bug bounty program that can be done to look for security holes in the system," Pratama told Cyberthreat.id on Tuesday.

Pratama also alluded to the need for surveillance of information security systems. The aim is to ensure that every institution, both government and private, that stores public data is really doing maximum security.

"Right now there isn’t any [supervision]," he said.

Cyber criminals are not pranksters or vandals who only want to deface systems or website appearance. Serious criminals can enter the information system secretly, retrieve data. 

Cyber criminals are capable of creating “backdoors” using trojans and various other malware allowing them to enter and leave a system as they please.

Role of BSSN

According to Pratama, actually the State Cyber and Code Agency (BSSN) has the KAMI (Information Security) Index. This index is an application that is used as a tool to assess and evaluate the level of preparedness, completeness and maturity of the application of information security in an organization based on ISO / IEC 27001 criteria.

"In fact, the KAMI Index is not intended to analyze the feasibility or effectiveness of existing forms of security," Pratama said.

"But rather, as a tool to provide an overview of the conditions of information security readiness. In short, it cannot be used as a safety standard for business people."

Pratama said the KAMI Index was limited to a survey to review an institution's information security. In fact, to see whether or not the security system is strong it requires a comprehensive system audit. "Actually, this is an ability that BSSN does not yet have," he said.

In addition to the KAMI Index, said Pratama, the government also has an Information Security Management System (SMPI) as stipulated in the Regulation of the Minister of Communication and Information RI Number 4 of 2016

Explained in the regulation, the organizers of electronic systems (PSE) are required to apply the information security standards of SNI ISO / IEC 27001. There are also sanctions if not implemented, in the form of written warning and temporary termination (contained in Article 25 paragraph 2).

Unfortunately, said Pratama, the provisions regarding information security standards are not well socialized and are only made in general. In fact, "Industries in this country are different. Therefore, comprehensive and detailed security standards are needed, "he said. []

#Tokopedia   #Leaks   #Cyber   #Security   #Cyber   #Security   #BSSN   #State   #Cyber   #and   #Code   #Agency   #Pratama   #Dahlian   #Persadha   #Pratama   #Persadha

Share:

BACA JUGA
Ruby Alamsyah: 500,000 Accounts in Tokopedia Hacking Case Had Weak Encryptions
Seven Implementations of AI in Cyber Security
BSSN: Small and Medium Businesses Need to Up Their Cybersecurity Awareness
Government Bodies to Start Implementing E-signatures
Millennials Are More Conscious of Online Security During Pandemic