ILP Center Building 2nd Floor Suite 219 Jl. Raya Pasar Minggu No. 39A Jakarta Selatan

IT Series

Understanding Payment Card Industry – Data Security Standard (PCI-DSS)

PROGRAM DESCRIPTION

Every organization storing, transmitting or processing cardholder data must comply with Payment Card Industry – Data Security Standard (PCI-DSS) standard. This compliance to the standard is required, regulated and enforced by payment service corporations, such as VISA, MasterCard and American Express, both directly and through their partnershipswith acquirer banks.

The standard itself is administered by PCI Security Standards Council (PCI SCC) aiming to decrease payment card fraud across the Internet and increase the security of confidential payment card information.

This two-day training course builds a clear understanding of the PCI-DSS and empowers attendees to plan and deploy a cost-effective, time-efficient compliance project.

PROGRAM OBJECTIVES

When the training ends, the participants are expected to:

  • Understand PCI-DSS requirements
  • Recognize how to protect cardholder data at work
  • Familiarize with common back office scenarios
  • Securely work with vendors
  • Securely process payment card transactions on the phone and online
  • Value best practices for handling payment card information
  • Comprehend how to report an incident
  • Know how to securely process payment card in person
  • Understand how to respond to payment card fraud

PROGRAM CONTENT

NO

TOPICS

HOURS

1

Understanding PCI-DSS Requirements, Objectives and Goals

1

2

Comprehending Other PCI Standards and Programs

1

3

Valuing Different Level of Compliance Needs for Merchants and Service Providers

1

4

Identifying Common Fraudulent Practices

1.5

5

Assessing Payment Card Security Features

1.5

6

Identifying Card Security Features

1.5

7

Identifying Payment Card Transaction Processes

2

8

Knowing How to Protect Cardholder Data at Work and Point-of-Sale

1

9

Knowing How Compliance and Incident Shall be Reported

1

10

Identifying Retention, Access, and Distribution

1.5

11

Valuing Work with Vendors

1

12

Mastering 12 Standard Requirements

2

  TOTAL HOURS

16

TRAINING METHODOLOGY

The course will be delivered with 30% of the time devoted to important concepts and other theory topics and 70% allotted for case studies, role-playing, and group discussion. Training lead will be assisted by presentation slides and actual demonstrations for clear understanding and smooth follow-through during the sessions.

TARGETED PARTICIPANTS

Individuals, professionals and organizations who are interested, involved or responsible for ensuring their organisations deployment and compliance to PCI-DSS standard technical and business requirements.

WORKSHOP LEADER :

Goutama Bachtiar

Goutama Bachtiar adalah : Advisor, Auditor, Konsultan, Trainer, Courseware Designer dan Penulis bidang Teknologi dan Sistem Informasi selama 17 tahun terakhir dengan spesialisasi di ranah IT Governance, Risk, Security, Assurance, Audit dan IT Management.

Saat ini beliau menjabat sebagai advisor beberapa perusahaan dan organisasi, Subject Matter Expert, Program Mentor, Editorial Journal Reviewer, Certification Exam (CISA, CGEIT, CISM, CRISC) dan Study Materials Developer di ISACA International Chapter, Subject Matter Expert dan Program Evaluator di PMI International Chapter, IASA, SABSA dan Open Group Global Working Group Member, Reviewer Panel di International Institute of Business Analysis (IIBA), Dosen Tamu di program pasca sarjana beberapa universitas di AS dan Indonesia (UTB, UI, IPB dan Binus), serta moderator, panelis dan pembicara di sejumlah konferensi, workshop dan seminar.

Sebagai auditor dan konsultan, telah memberikan layanan tersebut kepada 35 perusahaan dan organisasi. Puluhan sertifikasi internasional sudah diperolehnya sampai dengan saat ini.

Selain itu, beliau juga telah mengadakan dan memberikan pelatihan, perkuliahan, seminar, konferensi dan workshop sebanyak lebih dari 230 sesi dan 5500 jam lebih kepada sekitar 7500 peserta di Indonesia maupun luar negeri kepada lebih dari 70 perusahaan dan organisasi.

Sebagai penulis, sudah mengarang 2 buku dan 22 courseware serta sudah menulis, melakukan review dan editing atas 300 artikel, manuskrip, paper dan white paper seputar Telematika dan Manajemen di lebih dari 20 media, publikasi, organisasi, jurnal dan konferensi.

Training-Understanding-Payment-Card-Industry-Data-Security-Standard-(PCI-DSS)-yogya

IT Risk Management

PENDAHULUAN

Peran Teknologi Informasi (TI) bagi kita semua sudah sedemikian penting baik untuk kebutuhan pribadi, personal, maupun bisnis. Oleh karena itu, insiden atau peristiwa penting dalam industri ini tentunya akan mempengaruhi aset maupun bisnis perusahaan, termasuk kehilangan penerimaan dan berakibat buruk bagi nama baik perusahaan.

Sehingga tata kelola teknologi (Technology Governance) dan program kepastian (Assurance Program) perlu dirancang melalui kerangka manajemen resiko untuk memastika manajemen pengendalian dan resiko berjalan efektif.

Sebagai catatan tambahan, kerangka diatas akan membuat departemen TI lebih memahami resiko operasional apa saja yang paling penting dan pengaruhnya terhadap kepentingan perusahaan secara umum.

DURASI

Training akan dilaksanakan dalam 2 (dua) hari penuh mulai 9 pagi sampai dengan 5 sore.

TUJUAN

Peserta akan menguasai berbagai cara untuk mengelola resiko terkait secara berhati-hati sehingga tata kelola dan proses kepastian audit TI dapat dilakukan secara menyeluruh di perusahaan menggunakan kerangka manajemen resiko TI bagi perusahaan (IT enterprise risk management (ERM) framework) dari ISACA yaitu Risk IT.

Setelah mengikuti training, peserta diharapkan mampu:

  1. Memahami prinsip – prinsip dasar manajemen resiko TI
  2. Mengerti komponen Risk IT framework dari ISACA
  3. Menggunakan konsep dan model dari kerangka tersebut untuk meningkatkan efisiensi dan efektivitas bisnis perusahaan
  4. Mengevaluasi implementasi dan kendala operasional
  5. Menciptakan dan memelihara ekspektasi atas resiko yang ada serta membuat keputusan yang matang
  6. Memelihara profil resiko (Risk Profile), pemetaan dan action plan atas resiko yang mungkin timbul
  7. Mengumpulkan data, mengawasi resiko dan melaporkan paparan serta kesempatan
  8. Memahami penggunaan kerangka Risk IT untuk mencapai best practice dalam manajemen resiko TI
  9. Membuat rencana resiko (Risk Plan) bagi perusahaan

TARGET PESERTA

Anggota tim komite manajemen resiko (Risk Management Committee), Auditor TI atau Sistem Informasi atau siapapun yang bertanggung jawab atas pengelolaan resiko dalam suatu perusahaan, yang ingin memahami kerangka Risk IT secara mendalam termasuk tata kelola resiko (Risk Governance), evaluasi resiko (Risk Evaluation) dan respons terhadap resiko (Risk Response).

SILABUS

  1. Menguasai Prinsip Manajemen Resiko TI
  2. Memahami Peran, Ruang Lingkup dan Tanggung Jawab Resiko TI
  3. Membangun Kesadaran di dalam Organisasi
  4. Mensosialisasikan Risk Scenario, Business Impact and Key Risk Indicators
  5. Memahami Risk IT Framework
  6. Mengerti seluk beluk Control Objective Framework (COF)
  7. Menguasai Keterkaitan antara Risk IT framework dengan COBIT
  8. Mengidentifikasi Faktor Penting dalam Pengelolaan dan Pengendalian Resiko
  9. Mengidentifikasi, Menciptakan dan Mengimplementasikan Proses Manajemen Resiko
  10. Mengintegrasikan Pengelolaan Resiko TI dengan ERM

METODOLOGI PELATIHAN

Agar pelatihan dapat berjalan efektif, maka 30% waktu akan dialokasikan untuk membahas konsep dan teori penting sementara 70% digunakan untuk praktek dan latihan. Training akan dipandu dengan slide presentasi dan demo. Partisipasi aktif peserta secara individual maupun berkelompok sangat diharapkan supaya training dapat berjalan dengan sukses.

Workshop Leader :

   Goutama Bachtiar

Goutama Bachtiar adalah : Advisor, Auditor, Konsultan, Trainer, Courseware Designer dan Penulis bidang Teknologi dan Sistem Informasi selama 17 tahun terakhir dengan spesialisasi di ranah IT Governance, Risk, Security, Assurance, Audit dan IT Management.

Saat ini beliau menjabat sebagai advisor beberapa perusahaan dan organisasi, Subject Matter Expert, Program Mentor, Editorial Journal Reviewer, Certification Exam (CISA, CGEIT, CISM, CRISC) dan Study Materials Developer di ISACA International Chapter, Subject Matter Expert dan Program Evaluator di PMI International Chapter, IASA, SABSA dan Open Group Global Working Group Member, Reviewer Panel di International Institute of Business Analysis (IIBA), Dosen Tamu di program pasca sarjana beberapa universitas di AS dan Indonesia (UTB, UI, IPB dan Binus), serta moderator, panelis dan pembicara di sejumlah konferensi, workshop dan seminar.

Sebagai auditor dan konsultan, telah memberikan layanan tersebut kepada 35 perusahaan dan organisasi. Puluhan sertifikasi internasional sudah diperolehnya sampai dengan saat ini.

Selain itu, beliau juga telah mengadakan dan memberikan pelatihan, perkuliahan, seminar, konferensi dan workshop sebanyak lebih dari 230 sesi dan 5500 jam lebih kepada sekitar 7500 peserta di Indonesia maupun luar negeri kepada lebih dari 70 perusahaan dan organisasi.

Sebagai penulis, sudah mengarang 2 buku dan 22 courseware serta sudah menulis, melakukan review dan editing atas 300 artikel, manuskrip, paper dan white paper seputar Telematika dan Manajemen di lebih dari 20 media, publikasi, organisasi, jurnal dan konferensi.

Training-IT-Risk-Management-yogya

Utilizing Internet for Fraud Examination and Investigation

Program Description

As more and more information unveiled online, and the line between private and public domain is getting thinner nowadays, this course is designed for internal and external Fraud Examiners and Investigators on how to capitalize the internet in order to their jobs effectively.The rationale behind is, with better understanding of online information, they are expected to raise their chances to have their examinations and investigations getting more successful.

The topics of the training stress out some points like locating evidence online using search engines, databases, social media, social-networking sites, corporate records as well as numerous methods andtechniques for optimizing online searchesincluding advanced functions and alternative search enginesthat will improve search quality.

Program Objectives

  1. Conduct fraud examinations using internet efficiently and legally
  2. Create advanced searches on search engines
  3. Search public record sources and databases online
  4. Obtain information from corporate records
  5. Gather data from social media and social-networking sites
  6. Analyze evidence and close investigation activities

Program Content

  1. Introducing Internet Sites, Techniques and Legal Concerns
  2. Beginning an Internet Investigation
  3. Optimizing the Searches and Their Results
  4. Conducting Public Record and Database Searches
  5. Initiating, Planning and Starting Internet Investigation
  6. Searching and Obtaining Corporate Records
  7. Exploring Internet Further and Capitalizing it as Research Tool
  8. Mining Data from Social Media and Social Networks
  9. Identifying Advanced Tools for Internet Investigation
  10. 10. Closing Investigation Activities

Training Methodology

In order for effective learning and full appreciation of the course, the course will be delivered with 30% of the time devoted to important concepts and other theory topics and 70% allotted for exercise, group discussion, presentation and case studies. Training lead will be assisted by presentation slides and actual demonstrations for clear understanding and smooth follow-through during the sessions.

Targeted Participants

Staffs, officers, internal and external auditors, accountants, controllers, corporate managers, governance, government employees, risk and compliancesupervisors and managers, controllers, attorneys, legal professionals, fraud examiners, investigators and other professionals whose are interested to bringinternet further as a research tool to conduct fraud examination and investigation.

Facilitator

Goutama Bachtiar

A seasoned enterprise technologist and now budding entrepreneur with 14 years of experiences comprises 12 years of training and education,  7 years of strategic partnership, 8 years of IT Audit, 4 years of service delivery, 8 years of writing and courseware, as well as 6+ years of consulting, software development, project management and network administration.

He has been actively serving as ISACA Subject Matter Expert and Exam Developer along with PMI Program Evaluator and Guest Lecturer in top-tier universities for Master and Undergraduate program, both physical and online, in Indonesia and the U.S.

Various strategic positions he has helmed are Vice Chairman and Acting Chairman, Executive Board Member, Co-Founder, Country Channel Manager, Project Lead and Group Leader. Thus far his project engagement involves broad activities of consultancy, training, content, courseware, copywriting, information systems, enterprise application, programs, web development, to translation.

Today he also has written triple digit articles concerning ICT, management and business in a variety of local and foreign, in leading media and companies. His areas of training are IT Audit, IT Project Management, IT Governance, IT Service Management, COBIT, PMBOK, SEO and Social Media.

Companies he has delivered his trainings are UMW Sdn Bhd, Malaysia Securities Commission, SME Bank, PLN, CIMB Niaga, Aero Systems, Newmont Nusa Tenggara, Artha Graha Bank, Artajasa, Prodia Widyahusada, Thiess, Boehringer Ingelheim, Hokinda Citralestari, DPLK, BPD Jabar Banten, Lintas Media Danawa, Cahaya Listrindo and Universitas Krida Wacana.

Training-Utilizing-Internet-for-Fraud-Examination-and-Investigation-yogya

Understanding and Implementing TOGAF

Program Description

As the foremost generic framework in the field of Information Systems (IS) and Information Technology (IT) Architecture, TOGAF constitutes of crucial and major guidance on what to do to establish an architecture process and practice, how to leveragethem in conjunction with planning longer-term transformation of the enterprise and strategic architecture and designing further capabilities further to bring it forward.

In high-level perspective, it looks at the respective framework as a whole, which includes several techniques to assist in describing, organising, adopting and governing the architecture particularly whenever dealing with issues such asSecurity and Service-oriented Architecture.

Program Objectives

At the end of this training, participants will be able to:

  • Understand solid processes in helping the organisation, governance and management of architecture teams and multiple architecture projects.
  • Identify and capitalize on the elements of sound architectural process and practice.
  • Value and attain a full appreciation of architecture practice.

Program Content

NO

TOPICS

HOURS

1

Comprehending Management Overview

1

2

Understanding TOGAF 9 Core Concepts and Components

2

3

Valuing Architecture Development Method (ADM)

1

4

Comprehending ADM Guidelines and Techniques

2

5

Describing Architecture Content Framework

1

6

Classifying architecture assets with Enterprise Continuum

2

7

Assessing Architecture Repository

2

8

Utilizing Architecture Governance and Capability

2

9

Capitalizing Architecture Views and Viewpoints

2

10

Identifying ADM Phases

1

11

Coordinating Building Blocks and ADM

2

12

Mastering ADM Guidelines and Techniques

2

13

Understanding Key ADM Deliverables

2

14

Valuing TOGAF Reference Models

2

  TOTAL HOURS

24

Training Methodology

In order for effective learning and full appreciation, the course will be delivered with 30% of the time devoted to important concepts and other theory topics and 70% allotted for case studies, role-playing, group discussion and presentation. Training lead will be assisted by presentation slides and actual demonstrations for clear understanding and smooth follow-through during the sessions. Active participation will be encouraged through individual work and collaborative effort.

Targeted Participants

Those experienced IT professionals ranging from architects, project managers, functional managers, consultants, IT managers, IS managers, IT Director, IS Director who wish to gain a full appreciation of architecture teams, projects, processes and practices in their organizations.

Facilitator

Goutama Bachtiar

A seasoned enterprise technologist and now budding entrepreneur with 14 years of experiences comprises 12 years of training and education,  7 years of strategic partnership, 8 years of IT Audit, 4 years of service delivery, 8 years of writing and courseware, as well as 6+ years of consulting, software development, project management and network administration.

He has been actively serving as ISACA Subject Matter Expert and Exam Developer along with PMI Program Evaluator and Guest Lecturer in top-tier universities for Master and Undergraduate program, both physical and online, in Indonesia and the U.S.

Various strategic positions he has helmed are Vice Chairman and Acting Chairman, Executive Board Member, Co-Founder, Country Channel Manager, Project Lead and Group Leader. Thus far his project engagement involves broad activities of consultancy, training, content, courseware, copywriting, information systems, enterprise application, programs, web development, to translation.

Today he also has written triple digit articles concerning ICT, management and business in a variety of local and foreign, in leading media and companies. His areas of training are IT Audit, IT Project Management, IT Governance, IT Service Management, COBIT, PMBOK, SEO and Social Media.

Companies he has delivered his trainings are UMW Sdn Bhd, Malaysia Securities Commission, SME Bank, PLN, CIMB Niaga, Aero Systems, Newmont Nusa Tenggara, Artha Graha Bank, Artajasa, Prodia Widyahusada, Thiess, Boehringer Ingelheim, Hokinda Citralestari, DPLK, BPD Jabar Banten, Lintas Media Danawa, Cahaya Listrindo and Universitas Krida Wacana.

Training-Understanding-and-Implementing-TOGAF-yogya

Understanding and Implementing Internal Control with Committee of Sponsoring Organizations of the Treadway Commission (COSO)

Program Description

Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control – Integrated Framework (IC-IF) is the widely used internal framework deployed in a number of countries across the globe. It examines how a principles-based approach is utilized to design, implement, and evaluate a system of internal controls. In addition to that, this course discusses the updated Framework implications and presented it to internal auditor as well as individual internal audit activities. Furthermore the training is also aimed to identify opportunities for utilizing the updated Framework for internal audit process and increase value of the assurance and consulting services.

Program Content

  1. Understanding COSO, COSOIC-IF Framework
  2. Comprehending Its Objectives, Goals, Requirements, Functionalities and Processes
  3. Valuing Risk Assessment
  4. Familiarizing Ourselves with Control Environment
  5. Identifying Internal Controls
  6. Mastering Control Activities
  7. Understanding Information and Communications
  8. Monitoring Activities
  9. Appreciating Implications and Opportunities for Internal Audit

Training Methodology

In order for effective learning and full appreciation of the course, the course will be delivered with 30% of the time devoted to important concepts and other theory topics and 70% allotted for hands-on lab exercise, group discussion, presentation and case studies. Training lead will be assisted by presentation slides and actual demonstrations for clear understanding and smooth follow-through during the sessions.

Targeted Participants

Staffs, officers, internal and external auditors, accounting managers, finance managers, governance, risk and compliancesupervisors and managers, controllers, corporate secretaries and those are interested and eager to have deep understanding and know-how to apply COSO IC-IF as well as apply it to assess controls in terms of COSO objectives.

Facilitator

Goutama Bachtiar

A seasoned enterprise technologist and now budding entrepreneur with 14 years of experiences comprises 12 years of training and education,  7 years of strategic partnership, 8 years of IT Audit, 4 years of service delivery, 8 years of writing and courseware, as well as 6+ years of consulting, software development, project management and network administration.

He has been actively serving as ISACA Subject Matter Expert and Exam Developer along with PMI Program Evaluator and Guest Lecturer in top-tier universities for Master and Undergraduate program, both physical and online, in Indonesia and the U.S.

Various strategic positions he has helmed are Vice Chairman and Acting Chairman, Executive Board Member, Co-Founder, Country Channel Manager, Project Lead and Group Leader. Thus far his project engagement involves broad activities of consultancy, training, content, courseware, copywriting, information systems, enterprise application, programs, web development, to translation.

Today he also has written triple digit articles concerning ICT, management and business in a variety of local and foreign, in leading media and companies. His areas of training are IT Audit, IT Project Management, IT Governance, IT Service Management, COBIT, PMBOK, SEO and Social Media.

Companies he has delivered his trainings are UMW Sdn Bhd, Malaysia Securities Commission, SME Bank, PLN, CIMB Niaga, Aero Systems, Newmont Nusa Tenggara, Artha Graha Bank, Artajasa, Prodia Widyahusada, Thiess, Boehringer Ingelheim, Hokinda Citralestari, DPLK, BPD Jabar Banten, Lintas Media Danawa, Cahaya Listrindo and Universitas Krida Wacana.

Training-Understanding-and-Implementing-Internal-Control-with-Committee-of-Sponsoring-Organizations-of-the-Treadway-Commission-(COSO)