Escolar Documentos
Profissional Documentos
Cultura Documentos
14/10/2014
Page - 1
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Table of contenct
Security Policy............................................................................................................................................................................................5
Information security policy......................................................................................................................................................................5
Organization of information security......................................................................................................................................................6
Internal Organization...............................................................................................................................................................................6
External Parties........................................................................................................................................................................................8
Asset Management.....................................................................................................................................................................................9
Responsibility for assets..........................................................................................................................................................................9
Information classification........................................................................................................................................................................9
Human resources security.......................................................................................................................................................................10
Prior to employment..............................................................................................................................................................................10
During employment...............................................................................................................................................................................11
Termination or change of employment..................................................................................................................................................11
Physical and Environmental Security....................................................................................................................................................12
Secure Areas..........................................................................................................................................................................................12
Equipment Security...............................................................................................................................................................................13
Communications and Operations Management...................................................................................................................................15
Operational Procedures and responsibilities..........................................................................................................................................15
Third party service delivery management.............................................................................................................................................16
System planning and acceptance...........................................................................................................................................................17
Protection against malicious and mobile code.......................................................................................................................................18
Backup...................................................................................................................................................................................................18
Network Security Management.............................................................................................................................................................19
Media handling......................................................................................................................................................................................19
Exchange of Information.......................................................................................................................................................................20
Electronic Commerce Services..............................................................................................................................................................21
Monitoring.............................................................................................................................................................................................22
Access Control..........................................................................................................................................................................................24
Business Requirement for Access Control............................................................................................................................................24
User Access Management......................................................................................................................................................................24
Magister Sistem Informasi Universitas Kristen Satya Wacana
Page - 2
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
User Responsibilities.............................................................................................................................................................................25
Network Access Control........................................................................................................................................................................26
Operating system access control............................................................................................................................................................27
Application and Information Access Control........................................................................................................................................29
Mobile Computing and teleworking......................................................................................................................................................29
Information systems acquisition, development and maintenance.......................................................................................................30
Security requirements of information systems......................................................................................................................................30
Correct processing in applications.........................................................................................................................................................30
Cryptographic controls..........................................................................................................................................................................32
Security of system files..........................................................................................................................................................................33
Security in development and support processes....................................................................................................................................33
Technical Vulnerability Management....................................................................................................................................................35
Information security incident management..........................................................................................................................................35
Reporting information security events and weaknesses........................................................................................................................35
Management of information security incidents and improvements......................................................................................................36
Business Continuity Management..........................................................................................................................................................37
Information security aspects of business continuity management........................................................................................................37
Compliance...............................................................................................................................................................................................39
Compliance with legal requirements.....................................................................................................................................................39
Compliance with security policies and standards, and technical compliance.......................................................................................41
Information Systems audit considerations.............................................................................................................................................41
References.................................................................................................................................................................................................42
Page - 3
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Information Security Management BS ISO IEC 17799:2005 SANS Audit Check List
Auditor Name:__________________________
Audit Date:___________________________
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
Security Policy
1.1
5.1
1.1.1
1.1.2
5.1.1
5.1.2
Dokumen
Kebijakan
Keamanan
Informasi
Review
(Kajian)
Page - 4
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Kebijakan
Keamanan
Informasi
Audit Question
kelangsungannya, kehandalannya, dan keefektifannya?
Apakah kebijakan keamanan informasi dimiliki oleh
instansi? siapa yang menyetujui tanggung jawab
manajemen untuk pengembangan review dan evaluasi
kebijakan keamanan ?
Apakah terdapat prosedur review kebijakan keamanan
dan apakah mereka mencakup persyaratan untuk
review manajemen?
Apakah hasil review manajemen digunakan dalam
kebijakan ini ?
Apakah persetujuan manajemen diperoleh untuk
merevisi kebijakan
6.1
Organisasi Internal
Sasaran : untuk mengelola keamanan informasi dalam organisasi
2.1.1
6.1.1
Komitmen
Manajemen
Terhadap
Keamanan
Informasi
Page - 5
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
2.1.2
6.1.2
2.1.3
6.1.3
2.1.4
6.1.4
2.1.5
6.1.5
Koordinasi
Keamanan
Informasi
Alokasi
Tanggung
Jawab
Keamanan
Informasi
Audit Question
Perjanjian
Kerahasiaan
Page - 6
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
dengan teratur?
Apakah ada pemenuhan persyaratan untuk
melindungi informasi konfidensial dengan
menggunakan hal-hal yang dapat dipaksanakan
secara legal ?
2.1.6
6.1.6
2.1.7
6.1.7
2.1.8
6.1.8
2.2
6.2
Kontak Dengan
Otoritas (Pihak
Berwenang)
Kontak Dengan
Kelompok
Khusus
Review (Kajian)
Independen
Terhadap
Keamanan
Informasi
Page - 7
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
Sasaran : untuk memlihara keamanan informasi organisasi dan fasilitas pengolaan informasi yang diakses,
diolah, dikomunikasikan kepada atau dikelola oleh pihak eksternal
2.2.1
6.2.1
2.2.2
6.2.2
2.2.3
6.2.3
Identifikasi
Resiko Terkait
Dengan Pihak
Eksternal
Penekanan
Keamanan
Ketika
Berhubungan
Dengan
Pelanggan
Penekanan
Keamanan
Perjanjian
Dengan Pihak
Ketiga
Page - 8
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Pengelolaan Aset
3.1
7.1
3.1.1
7.1.1
3.1.2
7.1.2
3.1.3
7.1.3
3.2
7.2
Inventaris Aset
Kepemilikan
Aset
Penggunaan
Aset yang
Dapat
Diterima
Klasifikasi Informasi
Sasaran : untuk memastikan bahwa informasi menerima tingkat perlindungan yang tepat
3.2.1
7.2.1
Pedoman
Klasifikasi
Page - 9
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
3.2.2
7.2.2
Audit Question
Pelabelan dan
Penanganan
Informasi
Compliance
8.1
Sebelum diperkerjakan
Sasaran : untuk memastikan bahwa pegawai, kontraktor dan pengguna pihak ketiga memahami tanggung
jawab sesuai dengan perannya, dan untuk mengurangi resiko pencurian, kecurangan atau penyalahgunaan
fasilitas
4.1.1
8.1.1
Peran dan
Tanggung
Jawab
4.1.2
8.1.2
Penyaringan
(Screening)
Page - 10
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
4.1.3
8.1.3
Syarat dan
Aturan
Kepegawaian
4.2
8.2
Selama Bekerja
Sasaran : untuk memasikan bahwa semua pegawai, kontraktor dan pengguna pihak ketiga telah peduli
terhadap ancaman dan masalah keamanan informasi, tanggung jawab dan pertanggung-gugatan mereka, dan
disediakan perlengkapan yang memadai untuk mendukung kebijakan keamanan organisasi selama berkerja
dan untuk mengurangi risiko kesalahan manusia
4.2.1
8.2.1
4.2.2
8.2.2
Tanggung
Jawab
Manajemen
Kepedulian,
Pendidikan
Dan Pelatihan
Keamanan
Page - 11
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
mereka ?
Informasi
4.2.3
8.2.3
4.3
8.3
Compliance
Proses
Pendisiplinan
4.3.1
8.3.1
4.3.2
8.3.2
4.3.3
8.3.3
Tanggung
Jawab
Pengakhiran
Pekerjaan
Pengembalian
Aset
Penghapusan
Hak Akses
Page - 12
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
9.1
Keamanan Area
Sasaran : untuk mencegah aksses fisik oleh pihak luar yang tidak berwenang, kerusakan dan interfensi
terhadap lokasi dan informasi organisasi.
5.1.1
9.1.1
5.1.2
9.1.2
5.1.3
9.1.3
5.1.4
9.1.4
Perimeter
Keamanan
Fisik
Pengendalian
Entri yang
Bersifat Fisik
Mengamankan
Kantor,
ruangan dan
fasilitas.
Perlindungan
terhadap
Page - 13
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Ancaman
Eksternal Dan
Lingkungan
5.1.5
9.1.5
5.1.6
9.1.6
5.2
9.2
Bekerja Pada
Area Aman
Pengiriman
Akses Publik
dan Bongkar
Muat
Compliance
Keamanan Peralatan
Sasaran : untuk mencegah kehilangan, kerusakan, pencurian atau gangguan aset dan interupsi terhadap
kegiatan organisasi.
5.2.1
9.2.1
Penempatan
dan
Perlindungan
Peralatan
Page - 14
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Audit Question
Findings
Sarana
Pendukung
5.2.2
9.2.2
5.2.3
9.2.3
Keamanan
Kabel
5.2.4
9.2.4
Pemeliharaan
Peralatan
Page - 15
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
dan korektif?
Apakah kontrol yang tepat diimplementasikan saat
mengirim peralatan dari lokasi?
Apakah peralatan diasuransikan dan persyaratan
asuransi terpenuhi?
5.2.5
9.2.5
Keamanan
Peralatan di
Luar Lokasi
5.2.6
9.2.6
5.2.7
9.2.7
Penggunaan
Kembali
Peralatan
Pemindahan
Property
Page - 16
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
10.1
6.1.1
10.1.1
6.1.2
10.1.2
6.1.3
10.1.3
6.1.4
10.1.4
Prosedur
Operasi yang
Terdokumenta
si
Manajemen
Perubahan
Pemisahan
Tugas
Pemisahan
Fasilitas
Pengembangan
Page - 17
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
dari satu sama lain.
, Pengujian
dan
Operasional
6.2
10.2
Compliance
6.2.1
10.2.1
6.2.2
6.2.3
10.2.2
10.2.3
Monitoring
Dan Review
Pada Layanan
Pihak Ketiga
Pengelolaan
Perubahan
Terhadap Jasa
Pihak Ketiga
Page - 18
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
6.3
10.3
Audit Question
6.3.1
10.3.1
Manajemen
Kapasitas
6.3.2
6.4
10.3.2
10.4
Penerimaan
Sistem
6.4.1
10.4.1
Pengendalian
Terhadap
Page - 19
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Malicious Code
6.4.2
10.4.2
Pengendalian
Terhadap
Mobile Code
Compliance
6.5
10.5
Back-up
Sasaran : untuk memelihara integritas dan ketersediaan informasi dan fasilitas pengolaan informasi
6.5.1
10.5.1
Back-up
Informasi
Page - 20
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
6.6
10.6
6.6.1
10.6.1
6.6.2
10.6.2
Kontrol
Jaringan
Keamanan
Layanan
Jaringan
6.7
10.7
Penanganan Media
Sasaran : untuk mencegah pengunkapan, modifikasi, pemindahan atau pemusnahan aset yang tidak sah, dan
gangguan kegiatan bisnis.
Page - 21
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
6.7.1
10.7.1
6.7.2
10.7.2
6.7.3
10.7.3
6.7.4
10.7.4
6.8
10.8
Manajemen
Media Yang
Removable
(dapat
dipindahkan)
Pemusnahan
Media
Prosedur
Penanganan
Informasi
Keamanan
Dokumentasi
Sistem
Audit Question
Compliance
Pertukaran Informasi
Sasaran : untuk memelihara keamanan informasi dan software yang diperlukan dalam suatu organisasi dan
dengan setiap entitas eksternal
Magister Sistem Informasi Universitas Kristen Satya Wacana
Page - 22
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
6.8.1
10.8.1
6.8.2
10.8.2
Audit Question
Apakah terdapat kebijakan prosedu dan pengendalian
Perjanjian
Pertukaran
6.8.3
10.8.3
6.8.4
10.8.4
6.8.5
10.8.5
6.9
10.9
Media Fisik
Dalam Transit
Pesan
Elektronik
Sistem
Informasi
Bisnis
Page - 23
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
Sasaran : untuk memastikan keamanan layanan electronic commenrce dan keamanan penggunaannya.
6.9.1
10.9.1
E-Commerce
6.9.2
10.9.2
6.9.3
10.9.3
6.10
10.10
6.10.1
10.10.1
Transaksi
Online
Informasi Yang
Tersedia
Secara Umum
Monitoring (Pemantauan)
Sasaran : untuk mendeteksi kegiatan pengolahan informasi yang tidak sah
Log Audit
Page - 24
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
dihasilakn dan disimpan selama periode yang disetujui
untuk membantu dalam penyelidikan masa depan dan
pemantauan kontrol akses?
Apakah Langkah perlindungan privasi yang tepat
dipertimbangkan dalam Audit log pemeliharaan.
6.10.2
10.10.2
Pemantauan
Penggunaan
Sistem
6.10.3
10.10.3
6.10.4
10.10.4
Perlindungan
Pada Informasi
Log
Log
Administrator
Dan Operator
Page - 25
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
6.10.5
10.10.5
6.10.6
10.10.6
Audit Question
Apakah kesalahan login dicatat dalam log, dianalisis
Sinkronisasi
Penunjuk
Waktu
Pengendalian Akses
7.1
11.1
7.1.1
11.1.1
Kebijakan
Kontrol Akses
Page - 26
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
7.2
11.2
Audit Question
Compliance
7.2.1
11.2.1
7.2.2
11.2.2
7.2.3
11.2.3
7.2.4
11.2.4
Manajemen
Hak Khusus
Manajemen
Password
Pengguna
Review
Terhadap Hak
Akses User
Page - 27
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
7.3
11.3
Audit Question
Compliance
7.3.1
11.3.1
7.3.2
11.3.2
7.3.3
11.3.3
Penggunaan
Password
Peralatan yang
ditinggalkan
oleh
penggunanya
(unattended)
7.4
11.4
Page - 28
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
7.4.1
11.4.1
7.4.2
11.4.2
7.4.3
11.4.3
7.4.4
11.4.4
Audit Question
Apakah pengguna telah diberikan akses terhadap
layanan yang telah diberikan kewenangan
penggunaanya secara spesifik?
Kebijakan
Penggunaan
Layanan
Jaringan
Otentikasi
User Untuk
Koneksi
Eksternal
Identifikasi
Peralatan
Dalam
Jaringan
Perlindungan
terhadap
Remote
diagnostic dan
configuration
port
Page - 29
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
7.4.5
11.4.5
Audit Question
Segrasi Dalam
Jaringan
7.4.6
11.4.6
7.4.7
11.4.7
7.5
11.5
7.5.1
11.5.1
Kontrol
Koneksi
Jaringan
Pengendalian
Routing
Jaringan
Prosedur Log
Page - 30
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
On yang aman
7.5.2
11.5.2
Identifikasi
Dan Otentikasi
User
7.5.3
11.5.3
7.5.4
11.5.4
7.5.5
11.5.5
Sistem
Manajemen
Password
Penggunaan
Utilitas Sistem
Session TimeOut
Page - 31
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
7.5.6
11.5.6
7.6
11.6
7.6.1
11.6.1
7.6.2
11.6.2
7.7
11.7
Pembatasan
Akses
Informasi
Isolasi Sistem
yang Sensitif
7.7.1
11.7.1
Mobile
Computing
dan
Apakah kebijakan formal di tempat, dan langkahlangkah keamanan yang sesuai diadopsi untuk
melindungi terhadap risiko menggunakan komputasi
mobile dan fasilitas komunikasi?
Magister Sistem Informasi Universitas Kristen Satya Wacana
Page - 32
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Audit Question
Findings
Komunikasi
Compliance
7.7.2
11.7.2
Teleworking
12.1
8.1.1
12.1.1
Analisis Dan
Spesifikasi
Persyaratan
Keamanan
Page - 33
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
Keamanan?
Apakah persyaratan sistem untuk keamanan informasi
dan proses untuk implementasi keamanan terintegrasi
dalam tahap awal proyek sistem informasi.
8.2
12.2
8.2.1
12.2.1
Validasi Data
Input
8.2.2
8.2.3
12.2.2
12.2.3
Pengendalian
pengolahan
Internal
Integritas
Page - 34
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Pesan
8.2.4
12.2.4
8.3
12.3
Validasi
Output Data
Audit Question
Compliance
Control Cryptographic
Sasaran : untuk melindungi kerahasiaan, keaslian atau integritas informasi dengan cara kriptografi
8.3.1
8.3.2
12.3.1
12.3.2
Kebijakan
tentang
penggunaan
pengendalian
kriptografi
Manajemen
Kunci
Page - 35
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
modifikasi, kehilangan, dan kerusakan?
Apakah kunci rahasia dan kunci privat dilindungi
terhadap pengungkapan yang tidak sah?
Apakah sistem manajemen kunci didasarkan pada
kesepakatan mengenai standar, prosedur dan metode
yang aman?
8.4
12.4
8.4.1
12.4.1
8.4.2
12.4.2
8.4.3
12.4.3
Pengendalian
perangkat
lunak yang
operasional
Perlindungan
Data Uji
Sistem
Pengendalian
akses terhadap
kode sumber
Page - 36
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
program
8.5
12.5
8.5.1
12.5.1
8.5.2
12.5.2
8.5.3
12.5.3
Prosedur
pengendalian
perubahan
Review Teknis
Pada Aplikasi
Setelah
Perubahan
Sistem Operasi
Pembatasan
Atas
Perubahan
Apakah semua perubahan dikontrol secara ketat?
Terhadap
Paket Software
Page - 37
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
8.5.4
12.5.4
8.5.5
12.5.5
8.6
12.6
8.6.1
12.6.1
Audit Question
Compliance
Kebocoran
Informasi
Pengembangan
Software Yang
Outsource
13.1
Page - 38
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Audit Question
Findings
Pelaporan
Kejadian
Keamanan
Informasi
Pelaporan
Kelemahan
Keamanan
9.1.1
13.1.1
9.1.2
13.1.2
9.2
13.2
Compliance
9.2.1
13.2.1
9.2.2
13.2.2
Tanggung
Jawab Dan
Prosedur
Pemberlajaran
Dari Insiden
Page - 39
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Audit Question
Findings
Keamanan
Informasi
9.2.3
13.2.3
Pengumpulan
Bukti
Compliance
14.1
10.1.1
14.1.1
Memasukan
keamanan
informasi
dalam proses
manajemen
Page - 40
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Audit Question
Findings
keberlanjutan
bisnis
10.1.2
14.1.2
10.1.3
14.1.3
10.1.4
14.1.4
Keberlanjutan
bisnis dan
asesmen resiko
Pengembangan
dan Penerapan
rencana
Keberlanjutan
Termasuk
Keamanan
Informasi
Kerangka
Kerja
Perencanaan
Keberlanjutan
Page - 41
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
pemeliharaan?
Bisnis
10.1.5
14.1.5
Compliance
Pengujian,
pemeliharaan
dan asesmen
ulang rencana
keberlanjutan
bisnis
Kesesuaian
11.1
15.1
11.1.1
15.1.1
Identifikasi
peraturan
hokum yang
berlaku
Page - 42
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
dan didokumentasikan?
11.1.2
15.1.2
Hak Kekayaan
Intelektual
(HAKI)
11.1.3
15.1.3
Perlindungan
rekaman
Organisasi
11.1.4
15.1.4
Perlindungan
Data dan
Rahasia
Informasi
Pribadi
Page - 43
Compliance
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
11.1.5
15.1.5
Audit Question
Pencegahan
penyalahgunaa
n fasilitas
pengolahan
informasi
Compliance
11.1.6
15.1.6
11.2
15.2
Regulasi
Pengendalian
kriptografi
11.2.1
15.2.1
Pemenuhan
terhadap
kebijakan
keamanan dan
standar
Page - 44
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
11.2.2
11.3
15.2.2
15.3
Pengecekan
pemenuhan
teknis
11.3.1
15.3.1
Pengendalian
audit sistem
informasi
11.3.2
15.3.2
Page - 45
MSI-UKSW
BS ISO IEC 17799 2005 Audit Checklist
14/10/2014
Results
Checklist Standard
Section
Findings
Audit Question
Compliance
References
1. BS ISO/IEC 17799:2005 (BS 7799-1:2005) Information technology. Security techniques. Code of practice for information
security management
2. Draft BS 7799-2:2005 (ISO/IEC FDIS 27001:2005) Information technology. Security techniques. Information security
management systems. Requirements
3. Information technology Security techniques Information security management systems Requirement. BS ISO/ IEC
27001:2005 BS 7799-2:2005.
Page - 46