Audit Sistem Keamanan Jaringan Pada PT Trias Sentosa Tbk

PT Trias Sentosa was founded in 1979. The company is dealing with manufacturing and production of plastics, During the last year to date, PT. Trias Sentosa Tbk has used a security system that is highly controlled and has been tested kelayakanya communication between each warehouse to a central server. However, sometimes the data from BOPPET that go into servers sometimes experience an error or what is often called "bugs" this causes their data and data terduplikat less valid, but each day PT Trias itself made of plastic with a large number. Therefore, the Information Systems Audit and ISO (International Organization for Standardization) to a solution to measure whether the security of application systems that exist within the company in accordance with the standards that have been Internationally recognized that IT governance contained in the COBIT (Control Objectives for Information and Related Technology). COBIT is a framework for information technology published by ISACA (Information Systems Audit and Control Association) and is used because it has a high level of complexity and coverage. As well, in this analysis, the domain used is based on COBIT Deliver and Support. Then from that domain, the discussion is limited to the level DS5 (Ensure Security Systems). And to ISO itself is limited by ISO 27002 (Information Security Management System.

Medical Virtual Public Services

The healthcare enterprises are very disconnected. This paper intends to propose a solution that will provide citizens, businesses and medical enterprises with improved access to medical virtual public services. Referred medical services are based on existing national medical Web services and which support medically required services provided by physicians and supplementary health care practitioners, laboratory services and diagnostic procedures, clinics and hospitals’ services. Requirements and specific rules of these medical services are considered, and personalization of user preferences will to be supported. The architecture is based on adaptable process management technologies, allowing for virtual services which are dynamically combined from existing national medical services. In this way, a comprehensive workflow process is set up, allowing for service-level agreements, an audit trail and explanation of the process to the end user. The process engine operates on top of a virtual repository, providing a high-level semantic view of information retrieved from heterogeneous information sources, such as national sources of medical services. The system relies on a security framework to ensure all high-level security requirements are met. System’s architecture is business oriented: it focuses on Service Oriented Architecture - SOA concepts, asynchronously combining Web services, Business Process Management – BPM rules and BPEL standards.Business Process Management, Service Oriented Architecture, Application Integration, Web services, information technologies, virtual repository, database.

CybeRisk Management in Banks: An Italian Case Study

The financial sector is exposed to the risk of cyber-attacks like any other industrial sector. Furthermore, the topic of CybeRisk (cyber risk) has become particularly relevant given that Information Technology (IT) attacks have increased drastically in recent years, and cannot be stopped by single organizations requiring a response at international and national level. IT risk is never a matter purely for the IT manager, although he clearly plays a key role. A bank's risk management function requires a thorough understanding of the evolving risks as well as the tools and practical techniques available to address them. Upon the request of European and national legislation regarding CybeRisk in the financial system, banks are therefore called upon to strengthen the operational model for CybeRisk management. This will require an important change with a more intense collaboration with the structures that deal with information security for the development of an ad hoc system for the evaluation and control of this type of risk. The aim of the work is to propose a framework for the management and control of CybeRisk that will bridge the gap in the literature regarding the understanding and consideration of CybeRisk as an integral part of business management. The IT function has a strong relevance in the management of CybeRisk, which is perceived mainly as operational risk, but with a positive tendency on the part of risk management to the identification of CybeRisk assessment methods that are increasingly complete, quantitative and able to better describe the possible impacts on the business. The paper provides answers to the research questions: Is it possible to define a CybeRisk governance structure able to support the comparison between risk and security? How can the relationships between IT assets be integrated into a cyberisk assessment framework to guarantee a system of protection and risks control? From a methodological point of view, this research uses a case study approach. The choice of “Monte dei Paschi di Siena” was determined by the specific features of one of Italy’s biggest lenders. It is chosen to use an intensive research strategy: an in-depth study of reality. The case study methodology is an empirical approach to explore a complex and current phenomenon that develops over time. The use of cases has also the advantage of allowing the deepening of aspects concerning the "how" and "why" of contemporary events, on which the scholar has little control. The research bases on quantitative data and qualitative information obtained through semi-structured interviews of an open-ended nature and questionnaires to directors, members of the audit committee, risk, IT and compliance managers, and those responsible for internal audit function and anti-money laundering. The added value of the paper can be seen in the development of a framework based on a mapping of IT assets from which it is possible to identify their relationships for purposes of a more effective management and control of cyber risk

CamFlow: Managed Data-sharing for Cloud Services

A model of cloud services is emerging whereby a few trusted providers manage the underlying hardware and communications whereas many companies build on this infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS applications. From the start, strong isolation between cloud tenants was seen to be of paramount importance, provided first by virtual machines (VM) and later by containers, which share the operating system (OS) kernel. Increasingly it is the case that applications also require facilities to effect isolation and protection of data managed by those applications. They also require flexible data sharing with other applications, often across the traditional cloud-isolation boundaries; for example, when government provides many related services for its citizens on a common platform. Similar considerations apply to the end-users of applications. But in particular, the incorporation of cloud services within `Internet of Things' architectures is driving the requirements for both protection and cross-application data sharing. These concerns relate to the management of data. Traditional access control is application and principal/role specific, applied at policy enforcement points, after which there is no subsequent control over where data flows; a crucial issue once data has left its owner's control by cloud-hosted applications and within cloud-services. Information Flow Control (IFC), in addition, offers system-wide, end-to-end, flow control based on the properties of the data. We discuss the potential of cloud-deployed IFC for enforcing owners' dataflow policy with regard to protection and sharing, as well as safeguarding against malicious or buggy software. In addition, the audit log associated with IFC provides transparency, giving configurable system-wide visibility over data flows. [...]Comment: 14 pages, 8 figure