• No results found

IT Governance

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IT Governance"

Copied!
19
0
0

Loading.... (view fulltext now)

Download now ( 19 Page )

Full text

(1)c IT GOVERNANCE : IT AUDIT ROLE ccccccccccccccc. Definisi IT Governance c c  c

(2)

(3)  c  c c c c    c c  c c  c c  c c c c  c   c c  !c c c  c c c   c   cc  c c c "c c c c c c   !c #c  c c c c c c c   c  c  c c c  c c c c   c c "c   c c c  c   c c c c !c $%c c c c c c c %c  c %c c c c c c &&c c "&c c c  ccc"%c  ccccc cc'c cc!c (c  c %c !c c

(4)

(5) )c  c ?   c %c  c c c c c c  c c c "&c c c c c  c c c  !c *c c c c +c

(6)

(7) )c"c  c ?   c%c  c "c c c c  c c c c c  cc c   c" cc  c  c %!c #c c ?   c c  %c  c c c c  c c c  c c"c %cc   !cc c c c c  c  c c c !c ?  c c c "&c c #&c #c c ,"c - c !c ? .

(8)  c %c c c %c c c c  %c c c c c c c   c c     c c "c "c c   ccc c cc"c  !c cccc%cccccc % ccc cc   cc  cc  c c c   c %c  %!c *  c c c % c c c   c c   c "c  c c  c cc %c  c!c (c c c c c c c c c   c  cccc  ccccc  c   c"c c c   c c  !c,c. . c

(9)

(10) /

(11)  c. c c c c c %c c c "&c c c  ccc c å  c c c % c c c  c  c c"cccc0c c (c c % c c   c c c c 0c c c  cccc0c 1c cc   cc  c  cc "c cccc%ccc /!c ,ccccc c  c !c 1c c c c c c c    c c   c % c %c c   c c  c c c   c  !c.

(12) *!c åc c c c   c c  c "c c %c c c c c %c 2c c  c c c c   c  c c %c  c % c  cc c   c %c c   c c  c c !c (c %c c c c  c  c c c c %c c %c  c c c  c c   c cc!c !c % c c c c   c c c c c c c c c    c c % c %c c    c c "c c c   3c c c %c%c c cc!c c c  %c c c  c c %c c c  cccccccccc"cc !c c   c c c c c c c c  %!c $%c -4c 5 c $-5  c $%c 5c 5 c $55  c $%c 6c 5 c $65  c $%c c 5 c $5  c c $%c %c 5 c $5 c "c %&c %c  c c c c  %cccccc% !cc c c c c c c % c c  c  c c   c  c c c c c c !c-c c c cc c%c   c   c c c c %cccc  !cc *c   c c c c c c  c c %&c c c c c   c c  c c c !c  c c c %c.

(13) c %c   c  c cc c   !c(c  c c c %cc%cc ccc %!c. est Practise for IT Governance c c c c %c c c c c    c c c $c !c c c  c c  c c   c c   c   c  %c c c c c c c "c c %c "c  c  %!c c c c  c c   c  c  c  c   c c& c"c cc ccccc  c  %!c #c c   c %c  %c c c ccc %ccc c ccc  c  ccc"c%c!cc #c c  c   c   c "c %c   c c "&c c  c c  c c c c " !c #c  c c c   cc  c c  c  c c  c  c  cc%c   cc ccc!ccc c %c c c  c c "!c # c c   c c c "&c%c  ccc c % c%c%ccc % c c%&c %ccc!c c. å c   c c c % c  c c %c c  c. c  c c  c %  c c c &!c  c c c % c %c  c  c c %c  c c  c   c %  c  c   c %c %c c c  c c.

(14) c  c c % c . 

(15)   .

(16)

(17)   

(18) 

(19) 

(20) 

(21)  

(22) 

(23) 

(24) 

(25)  

(26)  cc

(27) 

(28) 

(29) !c (c  ccc   c ccc cc  c  c c c c %c %c c c  c.  c    c %  c  c   c %c c  c c ccc  c  c c  cc cccc%cc  c  c %!c. åerangka IT Governance #&%cc%c%ccccc ´c Control Objectives for Information and related Technology (CoIT)c c %c c c  c ,c c c c cccc"cc c%&cc  c c   c c c c   c c   cc"&c c ccc c c c ccccc ´c % ISOIIEC 27001 (ISO 27001) Series of Standardsc %c c cccccc  ccc c%ccc !c ´c % IT Infrastructure Library (ITIL)c c %c  c 5c c c $c 5$ c c c c 6c ,"c c ( c c c c c "c c  c c ccc   c"cc c!c ´c % IT aseline Protection Catalogs, or IT-Grundschutz Catalogsc &c cc

(30)

(31) 7c c%cc c*c,c%ccc c c 6c 5c c (c c c %c 6(!c.

(32) #c  c c c  c c c c c %ccc!cc ´c % Information Security Management Maturity Model (ISM3)c %c   c  c(,cc!c ´c AS8015-2005c %c c 8 c c c c c  c c !c ´c ISOIIEC 38500:2008 Corporate Governance of Information Technologyc. c  c  c c 8()

(33) c /7

(34)

(35) 7c c c "c c c c c !c (5c 9c -$c *)7

(36)

(37) c c c c c c c   c c %c c %c &"c %c  c c c c c %c c c c c   c!c(5-$c*)7

(38)

(39) c%ccc  cc c  c c c c  %c &  cc %c c c c  !c. 6 ccccccc%c 'c Strategic alignment c cc c%c  ccc 3c   c %c c  c   c c  c c  c ccc c %!c 'c Value deliveryc c %c c "c   c c %c  c  c  c %&c c c c c ""c %c  c   c c c c c cc c!c 'c Risk managementc c %c  c  c c "c  %c  c%cc" cc cc %c c%c c  c % c   c c  c c c.

(40) c  %c c c c "&c "c  c c c  !c 'c Resource managementc c %c c   c c  c c c c c  c c c c c  c c c c   c   c  c c !c   c c c c c%cc !c 'c Performance measurementc c "c cc  c c  c  c  c c c  c "c   c c c cc c  cc cc "%c c c c c c c "c c %!c. 

(41)    ?  R c %&cc 7c%c c c c % c%ccccc /!c ?  Principles c c  c c c c c  cccc  !c !c ?  Drchitecture c c c %c c c c c cc  c%c%c  !c *!c ? ?nfrastructure cc" ccc cc c cc c c cccc c %c !c usiness Dpplication 7!c ? †ailurec. IT AUDIT ROLE 8ccccc% c ccc c %c   !c 8c %c   c c c c c.

(42)  c c c %c c "c c c c c cc c cc!c (c cc c cc c  c c c cccc c  !c*c   c   c c  c c c c  c c c c ccccc !cc *ccccccccc  c ccc c  c cc c!c(cc% c  c c rc" c c cc" cc c%cc   ccc% !c c rc c c c  c c c  %c c c  cccc  !c c +c (c c c   c  c c c c   c c c cc%c!c c. 8 ccccccccc c *""c c(cc c   c  c c"cc !c c *c "c "c c c %c   c   c  c c  cc c(!c c + c  c  c c  c   c  c c  c c c rcc  c c %c ccc(cccccccccccccccc ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc.

(43) INFORMATION SYSTEM STRATEGY. c c. Perencanaan Strategis *c  c c c c (c %c c %c "c "c c  %c c c c c  cc c c   c   !c #c c c  c c c &c c c c % c  %c % c c %&c c  c  c c   c c  %c  c c "c  %!c ,"c c  c   c  c c c c 

(44)  

(45) c c c  c c c  c  c c %c c   c c c c ccc cc !c *c  cccccc c%c  %c c  c c c c   c c   c c   c c % c   c c c c c c c !c #c c c  c c c  c c c % c "c c %c c   c c c  !c #c c   c c  c c "c  c  c c  c   c c     c c c %c "c  c c c %c & c c  cc" c cccc%c c cc!cc *  c c  c c %c c % c  c c c  c c "c c c c %c c   ccccc%c  c c!cc  cc% c.

(46) c c %c  c  c c c c c c  cccc c  !c 8c (c % c c %c %c %c c c  c  c  c c c "c c !c #c c  c "c c c %c c  c c c c   c c  %c c   !c 8c (c % c  c c c  ccccc  !c8c(c% c %c c $5c c "c c c c c c %c c   !c åc c c c c c   c  c %&c c  c %&c c c c c c  cc c  !c. åomite Pengendalian (¢teering ommittee) ,"c  %c c "c c c c c cc& c c(c c !cåccc c c c c c  c c c c c  c%&cc(c  cc cc"c %!cåc c c c &c c "c  c "c c %c cc   ccc(!cc  c cc "&c c cc cc !c 8ccc% c%c" c cccc(!c (c c c c &&c c c  c c cc&%cc  !c.

(47) åc cc c c c&c"ccc c  c (c c c c c c c  c !c 6 c cccc c c ,"c c "c "c c c c c (c c  c%&cc  cc"cc %!c c ,"c c "c %c c  c c c c c c  cc "c%c&c !c c ,"c c & c c c c c c c c c ( c c  c "c c c   c c & c %c"c(!c c ,"c c "c c 

(48) c c c c c (c  c  c

(49)  

(50) c c  

(51)  c c   c c c. 

(52) c c !c c ,"c c c c  c c c %c & c  c c!c c ,c  c %c c   c  !c    c c  cc"&!c c ,c c c  c c c c "c c c %c %!c c ,cc&c ccc(!c ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: $cc"&ccc cc %c cc %ccc c"&cc cc ccc"&ccccc !c (c  %c % c  c c c c "c c"cccccc(c c cc.

(53) c  c c c c c %c c "&c c c  c c c !c c  %c "c c c c c c !c 8c (c c c  c c c c   cc !c. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: åc c (c c c  c "c c c c c ( c c c c c c c c c c c  c c & c  c (c  %!c åc c & c "c c c c c  c c c % c c !crcc cccc(c ccc  ccc c!c c. c. POLICIES AND PROCEDURESc c å"c c  c c c c %c c "c c c c %c  c   c c c c c   c c  c !c. POLICIES c. 

(54)

(55)  c c "c %c c c c c   c.  c  %c c   c c c c c "c c c c   c   !c ,"c % c c c  c %c c c c c "&c c   c  c   c c c c "c c"ccc%!c.

(56) c. ,"c % c c %%c c c c.  c %&c &c %c %c "c  c c " c %c c "c c c %c  !c (c % c "cc"ccc%ccc  cccc "ccccc¢    c (5 !c c. (c "c  %c c c   c c  % c. %c  c c c   c % c   c c "c c  ccccc&cc cccccc  ccc !c c. (c c &c c c &c  c. c c   c c "c  c c "c !c ; c c   c c c  c c  c c  !c * % %c %c c c c c %c %c c "c "c c c  c c  c c % c c c c  c  !cc%cccc"c c c c "c c    c c c  !c *c c c c %c  c c c c c    cc  ccc"cc !c c. ,"c % c &c c "c c !c c. cc% ccc& ccc(cc % c  c !c å"c c %c c  c "c  c %c c c c %c c c   c  cc cc cc   cc  c c  c c c !c å"c c  c % c c c "c   c c  c c (!c  c.

(57) "c % c c %c %c c c %c "c c c %c  c c c c   c c c "c   !c *c c % c %c c % c c ccc&ccc!c(c c c c c c c %c "c  c  c "c c c c %c c c "c c c c c %c %c % c  c c"c  !c c. (c c % c %c %&c "c c c c   c. c c "c %c "!c åc (c % c c c "c  %c c (c c % c c "c c c c  c %!c ; c "c "c c c %c c "c  c"cc% c cccc!c c. (c c "c % c c "%c c "c  c. c%ccc  c  cc" cc%cc "ccc  cc"c %!c. INFORMATION SECURITY POLICY c. (%c "c c   

(58)  

(59) c  c c. c c %c c  c "c c c  !c (%c "c c c  c c c c %c %c c "c c  c c c c   c c   !c å"c c c %c c %c c c c  c c cc%c  !cå"cc% ccc ccc !c< cccc%c%cc.

(60) c %!c #c c c c "c  c c c   cccc!c c. å"c c % c  "c %c "c c c % c.  c c   c c  c c c & c cccc  c !cå"ccc% cc %c (c c c  c c "c c c c  c (c !cåcc  c"cc"c c"c%c c (c!cc c. å"c c  c c %c   c c.  cc cc  cc "&c c  c c ccccc!c c. å"c c  c c "c %c c c. cc c  cc c  c c%ccc c!c,"c% cc%c"cc" c "cc "c   c c "c c c c %c c  c c c c &c c "c c  c c   !c. INFORMATION SECURITY POLICY DOCUMENT c. #c "c c  c % c c c. "c c c c   c c c c  !c (c c (5c =

(61)

(62) c c c  c c c c c ccc ccccc"cc !c #c"cc% cc.

(63) Ôc A definition of information security c  c c   c c "c c c c c c c  c c ccc !c Ôc A statement of management intent c (%c c "c " c c"c c   c c c  c c c c"c  !c Ôc A framework for setting control objectives and controls c(%cc"c c c "c c c  c  c c c  cc"c !c Ôc A brief explanation c *" c c c "c  c   c cc c%cccc  c c ´c å%c%c ccc c!c ´c (cc c c% cc !c ´c ,"c c  !c ´c å  cc"cc !c Ôc A definition of general and specific responsibilities c  c c c "&c c c  c c "c c  c  c c cc c Ôc References to documentation which may support the policy c  c  c c c c "3c  c "c c c %c  c  c c  c c  c  c c  c c ccccc% c%c.

(64) c.  c. c. %c. c.   c.   c. c.  c "c c  c c c "!c c"cccc"c c igh-Level Information Security Policc"ccccc c%  c cc !c c Data Classification Policyc "cc " c    cc c c c    c c c "&c c c c  c  cc & %cc c Acceptable Usage Policyc % c c "c % c c c  c c c c c  c " c  c c c " c "c   c c c c c c c  c !c c Access. Control. Policiesc å"c c " c c c.  c c c  c c c c c c c!cc. ACCEPTALE USE POLICY *c ccccc c%cc c c  % c c c c%c  c"cc"  c %c %!c c %c c c c %c c c c  %c c c %c c c c   c c  c  !c *c c  c c  c c 81*!c 81*c c c ccccc%c %cccc cc  c cc!.

(65) 81*c % c " c c c  %c c c c c c c c c "c c c &c c  %c c   c c c !c 1c  c  c 81*c % c  c c " c c c c c c c c c c c cc c ccccccc>c c c c c  c !c 81*c "c % c c c " c  cccc"cccc%c81*!cå%c %c"cc% cccc!. REVIEW OF TE INFORMATION SECURlTY POLICY c. å"c c  c % c &c c c c %c. ccc%cc c"cc c%c    c  c c  c  %c  !c å"c c  c % c c c c c  "c "c c "&c c " c c"c!c åc&c"cc(cccccc c # c "c c %c  c c  c c   c "c !c c åcc""c c  c"c c *cc" cc" ccccc"cc c  c c c   c "c  &c c c cc c%c c *  c "c"c c - cc c"c.

(66) c å cc%cc c &ccc  c%!cc. PROSEDUR c. * c%c%%ccc cc c. c  c "!c ,c % c  c c "c c c % c c c  c c c "c !c * c % c  c c " c c  c %c c c %c %c c c %c%cccc"!c* c c%cc  !c c. (%c c cccccc c%c8%c.  c % c %c %c %c c !c (c  c c c %c %c %c  c c c c  c %c !c5%cc c% cc%ccccc c c   c  ccc c!c c. (%c "c c c c  c %&c "c c.  c %c  c c  c %c c  !c *%c c &c % c "c  c c c c c %c %c c ccc&!cc"c cc% c c c c "c c c c %&c "c c  c c "c c  c c %c !c 1 c c c ccc c c c(&c-c  ? cc$c,c,c $,, cc%c c rc rcc(5c  !c.

(67)

References

Download now ( PDF - 19 Page - 129.16 KB )

Related documents

Information Governance Policy

• Working with Transformation &amp; Corporate Operations Directorate Information Governance team to ensure there is consistency of Information Governance across the organisation

INFORMATION GOVERNANCE POLICY

7.1 Information Governance training including awareness and understanding of Caldicott principles and confidentiality, information security, records management and data

Information Governance Policy

The post holder will ensure the establishment of corporate standards and a consistent CCG wide approach to Information Governance &amp; Information Security and will be

INFORMATION GOVERNANCE POLICY

In order to ensure that the organisation, and its employees comply with the Data Protection Act 1998 and the Records Management: NHS Code of Practice, the following procedure must

Information Governance Policy

Uttlesford Health will establish and maintain policies and procedures to ensure compliance with the Data Protection Act 1998, Human Rights Act, Freedom of Information Act 2000 and

Trust Informatics Policy. Information Governance. Information Governance Policy

 The Trust will establish and maintain policies and procedures to ensure the implementation of the Data Protection Act 1998, Freedom of Information Act 2000, The

INFORMATION GOVERNANCE POLICY

5.2 The Information Governance Working Group supports the Audit Committee, Board and EMT in monitoring and improving SCRA’s regulatory and statutory compliance for the

INFORMATION GOVERNANCE POLICY

Information Governance Policy 9 The Chair of the Committee is delegated with responsibility for ensuring the implementation of policies and procedures within the Trust that