SlideShare a Scribd company logo

Cybersecurity Risk from User Perspective

A
AvinantaTarigan

1. The document discusses cybersecurity risks from the consumer perspective based on lessons learned during the COVID-19 pandemic. 2. It outlines increased internet usage and cyber threats during the pandemic such as ransomware, malware, and phishing scams. 3. The document recommends cybersecurity best practices for organizations like user training, latest antivirus and patches, cloud security, digital signatures, and network security investments to mitigate risks from remote work and increased online activity.

Technology
1 of 28
Downloaded 12 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
CYBERSECURITY RISK FROM CONSUMER PERSPECTIVE LESSON LEARNED FROM THE COVID-19 PANDEMIC Avinanta Tarigan Research Center for Cryptography and System Security Gunadarma University
MY SELF • Education: • 1997 - Bachelor Degree in Computer Science – Gunadarma University • 2017 – PhD in Computer Science – Universitaet Bielefeld • Activities : • Lecturer in Computer Science department, Gunadarma University • Head of Research Center for Cryptography and System Security • AAMAI • Past work / research : • National roadmap for Security Incident Response Capabilities Development • First Certification Authority Systems (PKI) in Indonesia • Decentralized (Blockchain) Protocol Development and Decentralized Apps Development • Cryptographic Protocol development and formal verification • IT Audit & Penetration Testing
AGENDA Cyberspace during pandemic Cyber Threat Landscape Cybersecurity Concept Lesson Learned
INTERNET PENETRATION
INTERNET UTILIZATION IS INCREASED DURING PANDEMIC
CYBER ATTACK DURING PANDEMIC
WHAT ARE THE RISK Change Effect Risk Work From Home Personal mobile and computers allowed to access corporate networks Data breach (Key / Screen Logger, Direct attack by malware infected on user computer to corporate networks) Remote desktop compromise Cloud Utilization Important data are stored and exchanged in the cloud Data loss, data manipulation, data breach, malware infection Increased Vicon Utilization Important and confidential conversation or meeting are held and stored by third party unauthenticated users silently join the meeting Stolen recorded meeting from cloud Unauthorized access to user’s screen / desktop Vicon chat room can be used as code injection Digital Documents are used as legal document Users rely on integrity of documents Documents Forgery, Unauthorized modification Increased network demand More throughput is needed, increase bandwidth capacity Lack of Service Network is down
Cybersecurity Risk from User Perspective
LATEST THREAT FOUND DURING PANDEMIC • Ransomware combines encryption with stolen data • Light loader malware attack on every device, payload is downloadable, difficult to detect • Covid-19 domain registration increase significantly - > Phising • Large scale attack to health related sites by APT (Advanced Persistence Threat) • 150.000 new m-apps on playstore deliberately loaded with malware • Malware bypass 2 Factor Authentication (2FA) • Online Skimming (CC) • Compromised cloud service caused data breach • Malware : • Cryptomining • Mobile Fraud AdWare • Banking trojan • Spyware (SMS, 2FA, CC) • High profile global vulnerabilities • Exim Mail Agent (CVE-2020-10149) • Draytek Vigor Command Injection vulnerability (CVE-2020-8515) • Microsoft Windows SMBGhost RCE Exploit (CVE- 2020-0796)
CYBER ATTACK LANDSCAPE Increased Cyber Attack During Pandemic Online Skimming Malware Web Apps Attack Scam Phising Social Engineering Data Breach Client side attack DDoS Source: BSSN
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
DIGITAL SIGNATURE Digital signature is used to protect authenticity and integrity of a document and promote non-repudiation • Authentication of signer • Sign, confirm, and send various insurance documents and legal disclosure • On-time quality services to their customer • According to UU ITE, documents signed with digital signatures are legally valid
Cyber Security Threats Controls Cyber Space Assets Vulnerabilities Apps, Libraries, OS, Protocol, People, Policy Attacker Insider / Outsider Exploit Techniques Buffer Overflow, Injection, XSS, Sniffing, Social Engineering, Malware, etc Aspects Authentication Integrity Confidentiality Non-Repudiation Availability INCIDENT Reported or Keep Secret Security Management Continues Security Man, Tools, Method Secure System Dev Awareness & Skill Cryptography Incident Handling Threat Intelligence Digital Forensic People Software & Services Internet / Infrastructure Convention Tangible & Intangible Physical & Logical Locally Stored On Cloud Stored Identify Protection Detection Respond Recovery ISO/IEC 27001 PCI/DSS, NIST Fr Security Audit ISO 19001:2011 ISO 27035 ISO 27037 Security is a process not a product Security is chain of trust, the strength is the weakest link use to exploit resulting in that break Open & Underground explore KAMI
Cybersecurity Risk from User Perspective
KNOW WHERE YOU ARE (CS MATURITY LEVEL)
SOC & CSIRT • SOC ( Security Operation Center ) A Security Operations Center (SOC) is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents with the aid of both technology and well- defined processes and procedures. • CSIRT ( Computer Security Incident response Team ) is a group of IT professionals that provides an organization with services and support surrounding the prevention, management and coordination of potential cybersecurity related emergencies.
CYBER THREAT INTELLIGENCE • Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace[. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web.
CSIRT / CERT COOPERATION National CSIRT Gov CSIRT Province CSIRT Gov Org CSIRT Ministry CSIRT Public CSIRT Sectoral CSIRT Fin CSIRT Bank A CSIRT X Insurace CSIRT Y Insurance CSIRT Fintech Z CIRT Transportation CSIRT Critical Infra CSIRT • Computer Security Incident Response Team • Prepare and Strengthening • Response to Incidents • Recovery • Investigation • Capability Building through Networking, Simulation, Cyber Exercise, Cyberdrill • Incident / Vulnerability / Threat sharing information • Sectoral CSIRT has advantage of application / environment homogenity • BSSN agenda to develop network of CSIRT and capability building
MODERN CYBER SECURITY : THREAT HUNTING Proactive Rather Than Reactive 1. Assumption is system compromised 2. Proactive to search for threat 3. Iterative work to search on undiscover vulnerability 4. To be curious on the new attack techniques 5. Alert from protection system is just a tools to help to monitor 6. Improving automatic detection
CYBERSECURITY SKILL GAP
THE CHANGE, RISK, AND SOLUTION Change Effect Risk Tech WFH Personal mobile and computers allowed to access corporate networks Data breach (Key / Screen Logger, Direct attack by malware infected on user computer to corporate networks) • User training awareness (simulation, random check, continues alert) • Latest AV and patches on users’ comp • Access from home are limited and treated differently Cloud Utilization Important data are stored and exchanged in the cloud Data loss, data manipulation, data breach, malware infection • Invest in cloud security • Real time prevention of threats with IaaS security • Deploy on containers an serverless apps Vicon Utilization Important and confidential conversation or meeting are held and stored by third party unauthenticated users silently join the meeting Stolen recorded meeting from cloud unauthorized remote access to user’s screen/desktop • Invest on Vicon infrastructure • DRM and other cryptography measures • Security audit and testing Digital Documents are used as legal document Users rely on integrity of documents Documents Forgery, Unauthorized modification • Digital Signature and Public Key Infrastructure • Crypto Token Increased network demand More throughput is needed, increase bandwidth capacity Lack of Service Network is down • Invest in network security (IPS, AV, Firewall) • All network protection and scalability keeping business continuity
Cybersecurity Risk from User Perspective
Cybersecurity Risk from User Perspective
1. Proaktif, bukan reaktif. Artinya prinsip ini fokus pada antisipasi dan pencegahan. 2. Mengutamakan privasi pengguna. Prinsip ini memetakan pada upaya untuk memberikan perlindungan privasi secara maksimum dengan memastikan bahwa data pribadi secara otomatis dilindungi dalam sistem IT atau praktik bisnis tertentu. 3. Perlindungan privasi diintegrasikan ke dalam desain. Kewajiban menanamkan perlindungan data pribadi pada desain teknologi secara holistik. 4. Memiliki fungsi maksimal. Prinsip ini menekankan pada penyediaan standar mitigasi risiko untuk sistem elektronik yang kewajibannya tidak semata-mata demi keamanan perusahaan, tapi juga demi privasi dari pemilik data pribadi. 5. Sistem keamanan yang total. Prinsip ini terwujud dengan memperkuat sistem keamanan dari mula hingga akhir. 6. Transparansi. Prinsip ini memastikan praktik bisnis maupun teknologi yang ada beroperasi sesuai aturan yang sudah disepakati dan diungkap ke publik. Penyedia jasa juga harus tunduk pada proses verifikasi yang dilakukan oleh pihak independen. 7. Menghormati privasi pengguna. Prinsip paling vital yang diwujudkan dengan memberikan peran aktif bagi pemilik data pribadi untuk mengelola data mereka PRINSIP PERLINDUNGAN DATA PRIBADI
CYBERLAW IN INDONESIA • UU No 11 Tahun 2008, UU No 19 Tahun 2016 : Informasi dan Transaksi Elektronik • Permen No 20 Tahun 2016 (Kominfo) Tentang Perlindungan Data Pribadi dalam Sistem Elektronik • PPeraturan Otoritas Jasa Keuangan (OJK) Nomor 77/POJK.01/2016 tentang Layanan Pinjam Meminjam Uang Berbasis Teknologi Informasi • Peraturan Badan BSSN • RUU Perlindungan Data Pribadi • RUU Kamsiber
MITIGATION STRATEGIES

More Related Content

PPTX
Cyber Security awareness of cyber security
BabaBoss5
 
PPTX
Cyber Security: A Hands on review
MiltonBiswas8
 
PDF
Presentation 10 (1).pdf
KARANSINGHD
 
PDF
What Is Network Security Definition, Types, and Best Practices in 2024
gabasakshi592
 
PPTX
ISACA ISSA Presentation
Marc Crudgington, MBA
 
PPTX
CYBER SECURITY.pptx
Malu704065
 
PDF
Cybersecurity
IndSightsResearchSG
 
PPTX
UNIT 1 - Introduction to Cyber Security - Prof_Jishnu_M_S
jishnums10
 
Cyber Security awareness of cyber security
BabaBoss5
 
Cyber Security: A Hands on review
MiltonBiswas8
 
Presentation 10 (1).pdf
KARANSINGHD
 
What Is Network Security Definition, Types, and Best Practices in 2024
gabasakshi592
 
ISACA ISSA Presentation
Marc Crudgington, MBA
 
CYBER SECURITY.pptx
Malu704065
 
Cybersecurity
IndSightsResearchSG
 
UNIT 1 - Introduction to Cyber Security - Prof_Jishnu_M_S
jishnums10
 

Similar to Cybersecurity Risk from User Perspective (20)

PPTX
cybersecurity and its importance in digital era
rohanbirsinhg4
 
PDF
What is Cyber Security_ The Different Types of Cybersecurity.pdf
APAC Entrepreneur
 
PDF
Cyber security general perspective a
marukanda
 
PDF
CyberSecurity.pdf
Suleiman55
 
PDF
CyberSecurity: A computer-misuse-and-cybercrimes-act.pdf
newtonaseri
 
DOCX
CyberCore – Security Essentials_ Protecting Your Digital World.docx
Oscp Training
 
PDF
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
PDF
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
PPTX
Cyber Security
Applied Forensic Research Sciences
 
PPTX
Cyber Security
rahulbhardwaj312501
 
PDF
empowering your business with top-notch cybersecurity services.pdf
basilmph
 
PPTX
CYBER SECURITY.pptx
ParthYadav89
 
PPTX
Information Security Management System in the Banking Sector
Samvel Gevorgyan
 
PPTX
CyberSecurity Services and Why Cybersecurity is required
RakeshSingh267520
 
PPTX
Research on AI using Cyber Security and Forensics
projob2412
 
PDF
Cybersecurity and continuous intelligence
NISIInstituut
 
PDF
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
PPTX
Topic – cyber security, Introduction,future scope
gauravnainwal2291
 
PPTX
ppt on cybersecurity and why its necessary
vaanimunjal2005
 
PPTX
What is Cyber & information security.pptx
amnamahfooz615
 
cybersecurity and its importance in digital era
rohanbirsinhg4
 
What is Cyber Security_ The Different Types of Cybersecurity.pdf
APAC Entrepreneur
 
Cyber security general perspective a
marukanda
 
CyberSecurity.pdf
Suleiman55
 
CyberSecurity: A computer-misuse-and-cybercrimes-act.pdf
newtonaseri
 
CyberCore – Security Essentials_ Protecting Your Digital World.docx
Oscp Training
 
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Cyber Security
Applied Forensic Research Sciences
 
Cyber Security
rahulbhardwaj312501
 
empowering your business with top-notch cybersecurity services.pdf
basilmph
 
CYBER SECURITY.pptx
ParthYadav89
 
Information Security Management System in the Banking Sector
Samvel Gevorgyan
 
CyberSecurity Services and Why Cybersecurity is required
RakeshSingh267520
 
Research on AI using Cyber Security and Forensics
projob2412
 
Cybersecurity and continuous intelligence
NISIInstituut
 
DSS ITSEC CONFERENCE - Lumension Security - Intelligent application whiteli...
Andris Soroka
 
Topic – cyber security, Introduction,future scope
gauravnainwal2291
 
ppt on cybersecurity and why its necessary
vaanimunjal2005
 
What is Cyber & information security.pptx
amnamahfooz615
 
Ad

Recently uploaded (20)

PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PPTX
A Presentation on Touch Screen Technology
memembruh336
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Heart disease approach using modified random forest and particle swarm optimi...
IAESIJAI
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
August Patch Tuesday
Ivanti
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
A Presentation on Touch Screen Technology
memembruh336
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Approach and Philosophy of On baking technology
30anthuong17
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Ad

Cybersecurity Risk from User Perspective

  • 1. CYBERSECURITY RISK FROM CONSUMER PERSPECTIVE LESSON LEARNED FROM THE COVID-19 PANDEMIC Avinanta Tarigan Research Center for Cryptography and System Security Gunadarma University
  • 2. MY SELF • Education: • 1997 - Bachelor Degree in Computer Science – Gunadarma University • 2017 – PhD in Computer Science – Universitaet Bielefeld • Activities : • Lecturer in Computer Science department, Gunadarma University • Head of Research Center for Cryptography and System Security • AAMAI • Past work / research : • National roadmap for Security Incident Response Capabilities Development • First Certification Authority Systems (PKI) in Indonesia • Decentralized (Blockchain) Protocol Development and Decentralized Apps Development • Cryptographic Protocol development and formal verification • IT Audit & Penetration Testing
  • 5. INTERNET UTILIZATION IS INCREASED DURING PANDEMIC
  • 7. WHAT ARE THE RISK Change Effect Risk Work From Home Personal mobile and computers allowed to access corporate networks Data breach (Key / Screen Logger, Direct attack by malware infected on user computer to corporate networks) Remote desktop compromise Cloud Utilization Important data are stored and exchanged in the cloud Data loss, data manipulation, data breach, malware infection Increased Vicon Utilization Important and confidential conversation or meeting are held and stored by third party unauthenticated users silently join the meeting Stolen recorded meeting from cloud Unauthorized access to user’s screen / desktop Vicon chat room can be used as code injection Digital Documents are used as legal document Users rely on integrity of documents Documents Forgery, Unauthorized modification Increased network demand More throughput is needed, increase bandwidth capacity Lack of Service Network is down
  • 9. LATEST THREAT FOUND DURING PANDEMIC • Ransomware combines encryption with stolen data • Light loader malware attack on every device, payload is downloadable, difficult to detect • Covid-19 domain registration increase significantly - > Phising • Large scale attack to health related sites by APT (Advanced Persistence Threat) • 150.000 new m-apps on playstore deliberately loaded with malware • Malware bypass 2 Factor Authentication (2FA) • Online Skimming (CC) • Compromised cloud service caused data breach • Malware : • Cryptomining • Mobile Fraud AdWare • Banking trojan • Spyware (SMS, 2FA, CC) • High profile global vulnerabilities • Exim Mail Agent (CVE-2020-10149) • Draytek Vigor Command Injection vulnerability (CVE-2020-8515) • Microsoft Windows SMBGhost RCE Exploit (CVE- 2020-0796)
  • 10. CYBER ATTACK LANDSCAPE Increased Cyber Attack During Pandemic Online Skimming Malware Web Apps Attack Scam Phising Social Engineering Data Breach Client side attack DDoS Source: BSSN
  • 14. DIGITAL SIGNATURE Digital signature is used to protect authenticity and integrity of a document and promote non-repudiation • Authentication of signer • Sign, confirm, and send various insurance documents and legal disclosure • On-time quality services to their customer • According to UU ITE, documents signed with digital signatures are legally valid
  • 15. Cyber Security Threats Controls Cyber Space Assets Vulnerabilities Apps, Libraries, OS, Protocol, People, Policy Attacker Insider / Outsider Exploit Techniques Buffer Overflow, Injection, XSS, Sniffing, Social Engineering, Malware, etc Aspects Authentication Integrity Confidentiality Non-Repudiation Availability INCIDENT Reported or Keep Secret Security Management Continues Security Man, Tools, Method Secure System Dev Awareness & Skill Cryptography Incident Handling Threat Intelligence Digital Forensic People Software & Services Internet / Infrastructure Convention Tangible & Intangible Physical & Logical Locally Stored On Cloud Stored Identify Protection Detection Respond Recovery ISO/IEC 27001 PCI/DSS, NIST Fr Security Audit ISO 19001:2011 ISO 27035 ISO 27037 Security is a process not a product Security is chain of trust, the strength is the weakest link use to exploit resulting in that break Open & Underground explore KAMI
  • 17. KNOW WHERE YOU ARE (CS MATURITY LEVEL)
  • 18. SOC & CSIRT • SOC ( Security Operation Center ) A Security Operations Center (SOC) is an organized and highly skilled team whose mission is to continuously monitor and improve an organization’s security posture while preventing, detecting, analyzing, and responding to cyber security incidents with the aid of both technology and well- defined processes and procedures. • CSIRT ( Computer Security Incident response Team ) is a group of IT professionals that provides an organization with services and support surrounding the prevention, management and coordination of potential cybersecurity related emergencies.
  • 19. CYBER THREAT INTELLIGENCE • Cyber threat intelligence is information about threats and threat actors that helps mitigate harmful events in cyberspace[. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence or intelligence from the deep and dark web.
  • 20. CSIRT / CERT COOPERATION National CSIRT Gov CSIRT Province CSIRT Gov Org CSIRT Ministry CSIRT Public CSIRT Sectoral CSIRT Fin CSIRT Bank A CSIRT X Insurace CSIRT Y Insurance CSIRT Fintech Z CIRT Transportation CSIRT Critical Infra CSIRT • Computer Security Incident Response Team • Prepare and Strengthening • Response to Incidents • Recovery • Investigation • Capability Building through Networking, Simulation, Cyber Exercise, Cyberdrill • Incident / Vulnerability / Threat sharing information • Sectoral CSIRT has advantage of application / environment homogenity • BSSN agenda to develop network of CSIRT and capability building
  • 21. MODERN CYBER SECURITY : THREAT HUNTING Proactive Rather Than Reactive 1. Assumption is system compromised 2. Proactive to search for threat 3. Iterative work to search on undiscover vulnerability 4. To be curious on the new attack techniques 5. Alert from protection system is just a tools to help to monitor 6. Improving automatic detection
  • 23. THE CHANGE, RISK, AND SOLUTION Change Effect Risk Tech WFH Personal mobile and computers allowed to access corporate networks Data breach (Key / Screen Logger, Direct attack by malware infected on user computer to corporate networks) • User training awareness (simulation, random check, continues alert) • Latest AV and patches on users’ comp • Access from home are limited and treated differently Cloud Utilization Important data are stored and exchanged in the cloud Data loss, data manipulation, data breach, malware infection • Invest in cloud security • Real time prevention of threats with IaaS security • Deploy on containers an serverless apps Vicon Utilization Important and confidential conversation or meeting are held and stored by third party unauthenticated users silently join the meeting Stolen recorded meeting from cloud unauthorized remote access to user’s screen/desktop • Invest on Vicon infrastructure • DRM and other cryptography measures • Security audit and testing Digital Documents are used as legal document Users rely on integrity of documents Documents Forgery, Unauthorized modification • Digital Signature and Public Key Infrastructure • Crypto Token Increased network demand More throughput is needed, increase bandwidth capacity Lack of Service Network is down • Invest in network security (IPS, AV, Firewall) • All network protection and scalability keeping business continuity
  • 26. 1. Proaktif, bukan reaktif. Artinya prinsip ini fokus pada antisipasi dan pencegahan. 2. Mengutamakan privasi pengguna. Prinsip ini memetakan pada upaya untuk memberikan perlindungan privasi secara maksimum dengan memastikan bahwa data pribadi secara otomatis dilindungi dalam sistem IT atau praktik bisnis tertentu. 3. Perlindungan privasi diintegrasikan ke dalam desain. Kewajiban menanamkan perlindungan data pribadi pada desain teknologi secara holistik. 4. Memiliki fungsi maksimal. Prinsip ini menekankan pada penyediaan standar mitigasi risiko untuk sistem elektronik yang kewajibannya tidak semata-mata demi keamanan perusahaan, tapi juga demi privasi dari pemilik data pribadi. 5. Sistem keamanan yang total. Prinsip ini terwujud dengan memperkuat sistem keamanan dari mula hingga akhir. 6. Transparansi. Prinsip ini memastikan praktik bisnis maupun teknologi yang ada beroperasi sesuai aturan yang sudah disepakati dan diungkap ke publik. Penyedia jasa juga harus tunduk pada proses verifikasi yang dilakukan oleh pihak independen. 7. Menghormati privasi pengguna. Prinsip paling vital yang diwujudkan dengan memberikan peran aktif bagi pemilik data pribadi untuk mengelola data mereka PRINSIP PERLINDUNGAN DATA PRIBADI
  • 27. CYBERLAW IN INDONESIA • UU No 11 Tahun 2008, UU No 19 Tahun 2016 : Informasi dan Transaksi Elektronik • Permen No 20 Tahun 2016 (Kominfo) Tentang Perlindungan Data Pribadi dalam Sistem Elektronik • PPeraturan Otoritas Jasa Keuangan (OJK) Nomor 77/POJK.01/2016 tentang Layanan Pinjam Meminjam Uang Berbasis Teknologi Informasi • Peraturan Badan BSSN • RUU Perlindungan Data Pribadi • RUU Kamsiber