Cybersecurity, Risk Management & Financial

Crime
Systems of Information Technology
Jogiyanto Hartono, M.B.A., C.M.A., Ph.D., Prof.

Antonius Hernanda
375998
Ari Haryadi
376764
Bagus Mayang Seto
376007

The Reason for data

Breaches
The main cause of data breach is hacking.
Negligence : Management not doing enough to defend against cyberthreats
Disregard the value of the confidential data they store
Data security must be treated as a key business issue
and not simply the responsibility of the IT department

Data records breached worldwide

2009-2013

Why are cybercriminals so

successful ?
Negligence that is management not doing enough to
defend against cyberthreats.
Even high tech companies and market leader seem to
disregards the value of the confidential data the store
and the threat posed by profit minded hackers.
Data security must be treated as a key business issue
and not simply the responsibility of the IT department
Hacking is a business and hackers are too well funded
and motivated. Protecting data and network against
cyber threats demands diligence, commitment and
investment in the latest defense tools and technique

DDoS ( Distributed denial-ofservice )

Attack bombards a network or

websites with traffic to crash it
and leave it vulnerable to other
threats

APT ( Advanced Persistent

Threat )

A stealth network attack in which

an authorized entity ( hacker or
malware ) gains access to a
network and remains undetected
for a long time

Social Engineering ( Human

Hacking )

Tricked into revealing their log-in

credentials access to corporate
network accounts as authorized
users

BYOD ( Bring our own devices )

Employees using their personal

smartphones, tablets or other
computing devices in the

What are the objectives of cyber

security ?
Prepare, prevent and recover
1. Implement and enforce procedures and acceptable use
policies ( AUPs ) for data, networks, hardware and software
that are company or employee owned
2. Promote secure and legal sharing of information among
authorized persons and partners
3. Ensure compliance with government regulations and laws
4. Prevent attacks by having network intrusion defenses in place
5. Detect, diagnose and respond to incidents and attacks in real
time
6. Maintain internal controls to prevent unauthorized alteration
of data and records
7. Be able to recover from business disasters and disruptions
quickly

4 Steps IT Security Model

1. Senior management commitment
and support
2. Acceptable use policies and IT
security Training
3. IT Security procedures and
enforcement
4. Hardware and software
( keep up-to-date )

Three Essential Defenses

1. Antivirus software

Tools are designed to detect malicious codes and

prevent users from downloading them
Scan system from the presence of worms, trojan, etc

2. Intrusion detection system ( IDSs)

An IDS scans for unusual or suspicious traffic

Identify the start of a DoS attack, alerting the
network administrator to take defensive actions

3. Intrusion Prevention System ( IPSs )

Designed to take immediate action such as

blocking specific IP address.

Basic IT Security Concepts

Exploit

Risk
Probability of a threat exploiting
a vulnerability and the resulting
cost of the loss, damage,
disruption or destruction

A program ( code ) that allows

attackers to automatically break
into a system through a
vulnerability

Threat

Someone or
something that can
cause loss, damage
Vulnerabilityor destruction
Weakness or flaw in a system that
allows an attack to be successful
Company IT security defenses
influence how vulnerable they are
to threats

Asset

Something of value that needs to

protected
Customer data, trade secrets,
proprietary formulas and other
intellectual property

Three Objectives of data and

information System Security

Confidentiali
ty

No unauthorized data disclosure

Integrity

Data, documents, messages and

other files have not been altered in
any unauthorized way

Availability

Data is accessible when needed by

those authorized to do so

Factors that expose companies and

users to attacks
App and mobiles
create attack
vectors

Business operations are

controlled by apps,
systems and networks that
are so interconnected that
anyones mobile device is
an entry point for attacks

Cloud services
create
vulnerabilities

Cloud services have

created vulnerabilities in
system and apps that are
surprising even the experts

Minimum security defenses for Mobile

devices
1. Mobile biometrics ( voice & fingerprint
biometrics )
2. Rogue app monitoring ( to detect and
destroy malicious app in the wild )
3. Remote wipe capability ( remote erase
capability )
4. Encryption

Internet Technologies & Search Strategies

Systems of Information Technology
Jogiyanto Hartono, M.B.A., C.M.A., Ph.D., Prof.

Antonius Hernanda
375998
Ari Haryadi
376764
Bagus Mayang Seto
376007

How search engine work

Crawler search
engines

Web Directories

Rely on sophisticated computer programs called

spiders or bots that crawl the internet to locate
webpages, links and other content, which are stored
in the engines page repository. Ex : Google, Bing
Typically organized by category. Webpage content is
usually reviewed by directory editors prior to its
listing in a category to make sure it is appropriate. .
Ex : Looksmart.com, Best of the Web ( botw.org )

Hybrid search
engines

Combine the search results of a directory created by

humans and results from a crawler search engine,
with the goal of providing both accuracy and broad
coverage of the internet. Ex : yahoo.com

Meta Search
engines

Compile result from other search engines. Ex :

Dogpile.com combining result from Google, Yandex
and Yahoo

Semantic search
engines

Designed to locate information based on the nature

and meaning of web content , not simple keyword
matches

Search Engine Marketing

arch engine Marketing ( SEM ) has become an integral business strategy

ople much more likely to be interested to the topic they are searching fo
ort to reach this targeted audience are much more likely to produce sale
Navigation
al search
Informatio
n search

Transactio
nal Search

SAL
ES

nsist of designing and advertising a webpage, with the goal of increasing

anic listing on SERPs ( Search engine Results Pages ) and traffic to their w

How to optimize website

design
Reputation or
Popularity

Relevancy

User
Satisfaction

Website with good content will be more

popular than sites with poor quality content
Social media indicator, site traffic, Reputation
on review sites, SERP click-through rate

Keyword, page titles, relevant phrases in

text, amount of txt on page that appears
relevant, SERP click-through rate

Dwell time, site speed, reading level, Hacked

sites, malware, website satisfaction survey

Paid search advertising campaigns in order

to increase awareness that lead to sales
METRICS
Click-Through
rates ( CTRs )
Keyword
Conversion

CTRs dont measure the financial performance of

an campaign. They are useful for evaluating many
of the decisions that go into campaign, such as
keyword selection and ad copy
Monitor which keyboards lead to sales and focus
on those in future campaign

Cost of customer Represent the amount of money spent to attract a

acquisition
paying customer. Formula : Total budget divide by
( CoCA )
number of customers who purchase
Return on
advertising
spend ( ROAS )

To evaluated overall financial effectiveness.

Formula : Revenue divided by cost

Three Evolutionary stages of the

Internet
EVOLUTION of THE WEB
Web 1.0 ( The initial Web )
A Web of pages

Web 2.0 ( The Social Web )

A Web of Application

Web 3.0 ( The Semantic

Web )
A Web of Data

Pages or documents are hyperlinked

making It easier than ever before to access
connected information.
Built using HTML ( Hypertext markup
language )
Ex : cnn.com, bhinneka.com
Applications are created that allow people
to easily create, share, and organize
information.
Built using language like XML ( eXtensible
Markup Language ) and JavaScript
Ex : youtube.com
Information within documents or pages is
tagged with metadata, allowing users to
access specific information across
platforms, regardless of the original
structure of the file, page or document that
contains it. It turn the Web into one giant
database.
Uses language developed by the W3C.
Ex :

How semantic Web technology enhances the

accuracy of search engine result

Semantic Web uses three languages to improve the quality and accuracy of sea
LANGUAGES

RDF Language

To represent information about resources on the

internet. It will describe these resources using
metadata uniform resource identifiers ( URIs ) like
title , author , copyright and license
information. It is one of the feature that allow
data to be used by multiple applications

OWL

Is the W3C language used to categorize and

accurately identify the nature of things found on
the internet

SPARQL

Is used to write programs that can retrieve and

manipulate data stored in RDF Format

how business can optimize their websites to

take advantage of this emerging technology

The need to optimize

their websites for
semantic search
Companies need to
take advantage of
semantic technologies
to remain visible to
prospective customers
Visually attractive and
produce greater CTRs

3 Widely used Approaches to creating useful

recommendation to enhance the user experience
and increase e-commerce sales

Content-based
filtering

Recommend products based on the product

features of items the customer has
interacted with it in the past
Include viewing an item, liking an item,
purchasing an item, saving an item in to wish
list

Collaborative
filtering

Makes recommendation based on a users

similarity to other people
Ex : recommendation based on the purchase
of other people, demographic system base
recommendation

Hybrid
Strategies

Develop recommendation based on a

combination of methodologies content base
filtering, collaborative filtering, knowledge
base and demographic system
Hybrid system are used to increase the
quality of recommendation and address
shortcomings of system that only use a
single methodology

Social Media Strategies and Metrics

Systems of Information Technology
Jogiyanto Hartono, M.B.A., C.M.A., Ph.D., Prof.

Antonius Hernanda
375998
Ari Haryadi
376764
Bagus Mayang Seto
376007

Social Media
Social Media refer to Internet-based platforms, applications and services.
Using social media, consumers talk about products, brands, customer service and
their experience. Companies need to participate in these conversations to build
relationships in new and different ways with customers, suppliers, the media and
others that influence public opinion.
A successful social strategy requires companies to to know the customers, their
expectations and preferences
For customer interactions, external social media platforms are used to engage
with existing and prospective customers, reinforce brand messaging, influence
customer opinions, provide targeted offers and service customers more efficiently.
Internal social media tools help drive greater employee engagement,
collaboration and productivity.
For new product development and launch, both internal and external social media
tools help idea generation and evaluation

cial Media Strategies

Social media mistakes decrease the value of social strategy for 2 reasons :
Social media does not align with and reinforce the rest of the marketing
program
Resources are wasted
Strategic approach for building social media programs :
1. Begin with a foundation define the goal and how to achieve it
2. Define and understand target audience who the target audience are,
which social media they use, how they use them
3. Build and execute the social media strategy
. Measurable objectives and social media channels to be used
. Metrics, KPIs and tools to measure success
. A content strategy of genuine interest to target audience
. Clearly define roles, ownership and responsibilities
. Governance the brands identity or personality
. Budgeted and dedicated resources
4. Track, measure and adapt assess data regularly againts objectives and
adapt strategies as necessary

ocial Communities
Social network analysis (SNA) the mapping and measuring of
relationships and flows between people, groups, organizations,
computers or other information or knowledge-processing entities.
Social Networking Services (SNSs) a special type of virtual
community and are now the dominant form of online community.
With social networking, individual users maintain an identity
through their profile and can be selective about which members of
the larger community they choose to interact with. Over time, users
build their network by adding contacts or friends.
Facebook.com

al Monitoring, Metrics and Analytics

Social monitoring services allow users to track conversations taking place on
social media sites. Four basic metrics used :
1.Strength the likelihood that a brand will be mentioned in social media
2.Reach an influence measure based on the number of unique people who
post or tweet about a brand
3.Passion measure of the likelihood people will post repeatedly about a
brand
4.Sentiment a ratio of positive to negative mentions about a brand
. Jay Baer identified four metric categories to measure the value of specific
content. These metrics build on each other to ultimately improve
performance :
1.Consumption metrics how many people viewed, downloaded or
listened ?
2.Sharing metrics how resonant is this content and how often it is
shared ?
3.Lead-generation metrics how often does content consumption result in
lead ?
4.Sales metrics did company actually make money from this content ?

ocial Media Failures

Important lessons learned from social media fails are the following :
Do not mix marketing efforts with corporate social responsibility,
humanitarian efforts or community engagements
What start as small mistakes or lapses in judgement can escalate
into big crisis via social media in minutes
Take full responsibility for mistakes because trying to shift blame
will backfire
Apologies must be sincere, without reservation, and without
perceived benefit to the company

Retail, Mobile and e-Commerce

Systems of Information Technology
Jogiyanto Hartono, M.B.A., C.M.A., Ph.D., Prof.

Antonius Hernanda
375998
Ari Haryadi
376764
Bagus Mayang Seto
376007

hat is e-Commerce ?

Video

source : https://www.youtube.com/watch?v=N_mfFi1jPZ8

ing Up Customer Demands & Behavior

Empowered Price Sensitivity Customers are more empowered to
find products, altenative products and prices from a variety of local
and online retailers
Nonlinear search and influence patterns the path by which
consumers pursue purchases if often varied and unpredictable
Channel hopping many combinations of shopping channel and
communication channel that retailers rely on data analysis to
distinguish patterns or trends in consumer shopping behavior
Digital Immigrants, Natives and Dependents
Digital natives 1st generation to have grown up surrounded by
digital devices and internet, move easily between various retail
channel
Digital immigrants older, fundamentally view retail channel as
separate and distinct
Need for Convenience consumers will be looking for products
and shopping channels that reduce impact on their time and
financial

Omni-Channel Retailing Concept

Business recognize the value of integrating their channels in
effect, blurring the distinction between the newer channel and
in-store retailing
Strategies integrating the customer experience across channel
will emerge resulting in omni-channel retailing

ness-to-Customer (B2C) E-Commerce

In B2C markets, the sellers are organizations, and the buyers are
individual end users Amazon.com , Lazada.co.id , tokopedia.com ,
Bhinneka.com , Mataharimall.com

ness-to-Customer (B2C) E-Commerce

Online banking / direct banking includes various banking activities
conducted via the Internet instead of at a physical bank location.
International and Multiple-Currency Banking. Electronic fund
transfer (EFT) and electronic letters of credit are important services in
international banking
B2C challenges :
Channel conflict between online selling channel and physical
selling channels
Conflicts within click-and-mortar organizations in pricing of
products and services, allocation of resources and logistics services
Order fulfillment and logistics
Competition low entry barriers intensify competition in an industry
Business model necessary to identify appropriate revenue models

mple of B2C e-Commerce : Amazon.com

Video

Source : https://www.youtube.com/watch?v=UtBa9yVZBJM

ple of B2C e-Commerce : MatahariMall.co

ss-to-Business (B2B) e-Commerce and e-Procu

In B2B markets, both the sellers and the buyers are business
organizations. B2B comprises about 85 percent of e-commerce dollar
volume
Alibaba.com
B2B Business Models :
Sell-side marketplace model organizations sell their products or
services to other organizations from their own private e-marketplace
or from a third-party site. The two key mechanisms are forward
auctions and online catalogs
E-sourcing refers to electronic venues for trading partner
collaboration, contract evaluation & negotiation and supplier
selection. The primary methods are online auctions, RFQ processing,
and private exchanges.
Public and Private Exchanges sites where many buyers and sellers
conduct business transactions. They may be public or private,
depending on whether or not they are open to the public

Mobile Commerce
Mobile e-commerce emphasizes the use of mobile apps and
mobile websites for carrying out transactions and does not
necessarily involve interaction with a traditional retail store
Mobile retailing emphasizes in-store shopping using a mobile
device but could include situations where the customer ultimately
orders from website or mobile app
Mobile marketing promotional strategies and tactics that
encourage both mobile e-commerce and mobile retail. This overlap
is a reflection of the evolution toward the omni-channel retail
concept

ation : Competitive Advantage in Mobile Comm

In-store Tracking In-store shopping experiences can be optimized
through mobile technology that can track a customers movement through
a retail store. This can be extremely helpful for understanding individual
consumer preferences as well as creating optimal store layout.
Quick Response (QR) Codes let users scan a code using their
smartphone in order to enter contests, connect with brands, on social
media, buy products, etc.

Mobile Visual Search(MVS) technology is emerging as an alternative to

QR codes.

ther Mobile Commerce

Mobile entertainment is expanding on wireless devices. Most
notable are music, movies, videos, games, adult entertainment,
sports, and gambling apps.
Hotel services and travel go wireless. Smartphones and other
mobile devices have become essential travel aids. Most major
airlines, hotel chains, and Internet travel agencies have developed
mobile apps to help travelers manage their arrangements

obile Transactions
Mobile electronic payment systems
As mobile commerce grows, there is a greater demand for payment
systems that make transactions from smartphones and other
mobile devices convenient, safe, and secure
Mobile banking and financial services
Mobile banking is generally defined as carrying out banking
transactions and other related activities via mobile devices. The
services offered include bill payments and money transfers,
account administration and check book requests, balance inquiries
and statements of account, interest and exchange rates, and so on

Article 3 :
Business Impact of Web 2.0 Techologies

Systems of Information Technology

Jogiyanto Hartono, M.B.A., C.M.A., Ph.D., Prof.

Antonius Hernanda
375998
Ari Haryadi
376764
Bagus Mayang Seto
376007

Control
Perusahaan tidak bisa melakukan
kontrol sepenuhnya terhadap
teknologi ini
Terdapat perhatian / concern
terhadap intellectual property,
proprietary information, privacy,
security dan kontrol.

Impact
Ekspektasi secara umum positifdan
sebagian besar responden mengharapkan
teknologi Web 2.0 mempunyai dampak
yang significant bagi perusahaan
Sebagian besar responden mengharapkan
dampak terhadap knowledge management,
collaboration dan komunikasi ; sebagian
juga berharap dampak positif terhadap
customer relationship management,
innovation dan training.

Knowledge Management
Dari pengukuran dampak terhadap knowledge
management. Keempat metriksharing,
retrieving, organizing, and leveraging
knowledge mengindikasikan bahwa
teknologi Web 2.0 memberikan kontribusi yang
significant terhadap sharing, retrieving dan
organizing knowledge
Teknologi Web 2.0 technologies ( untuk
knowledge management) lebih cenderung
descriptive daripada prescriptive, lebih bersifat
operasional daripada strategis

Customer Relationship management

Teknologi Web 2.0 mempunyai dampak yang
masih kecil terhadap customer relationship
management, sementara teknologi ini mempunyai
potensi yang besar untuk mengembangkan
customer relationship management tersebut.
Wikis dan external customer blogs memberikan
kontribusi besar terbesar terhadap customer
relationship management
Secara keseluruhan customer relationship
management tidak dilihat sebagai dampak utama
dari teknologi Web 2.0

Innovation
Meskipun tidak terlalu banyak
antusiasme, namun terdapat
perkembangan bahawa Web 2.0 bisa
memberikan kontribusi terhadap inovasi
yang dilakukan perusahaan
Dari tabel 15, hasil survey menyatakan
bahwa Web 2.0 juga belum di
maksimalkan untuk memberikan
kontribusi terhadap training dan
development karyawan

Security
Faktor keamanan menjadi isu utama dalam
penggunaan teknologi Web 2.0 Security remains a
major issue in the adoption of Web 2.0 technology.
Beberapa perusahaan melakukan pemblokiran
akses terhadap situs jejaring sosial dari jaringan
perusahaan, beberapa perusahaan membuat
jaringan internalnya sendiri.
Beberapa perusahaan tersebut juga mempunyai
perhatian terhadap waktu yang di gunakan oleh
karyawan untuk melakukan akses terhadap situs
jejaring sosial tersebut.

Case 4 :
LinkedIn Hack : Lessons Learned and Hidden
Dangers

Systems of Information Technology

Jogiyanto Hartono, M.B.A., C.M.A., Ph.D., Prof.

Antonius Hernanda
375998
Ari Haryadi
376764
Bagus Mayang Seto
376007

Case 4

dIn Hack : Lessons Learned and Hidden Dangers

Case 4

dIn Hack : Lessons Learned and Hidden Dangers

1. LinkedIn does not collect the credit card or other financial account
information of its members. Why then would profit-motivated hackers be
interested in stealing LinkedIns stored data? What data would they be
most interested in?
. Hackers bisa mendapatkan database telpon dan alamat email
pelanggan LinkedIn dan menjual database tersebut ke banyak
perusahaan marketing
. Biasanya alamat email dan password bersifat universal untuk
beberapa akun online sehingga dengan mengetahui informasi
tersebut, hackers bisa login ke social media ataupun cloud database
dan dapat menjual data-data berharga yang tersimpan, misalnya data
keuangan, list klien, rahasia perusahaan atau foto-foto
. Jika email yang digunakan adalah email kantor, hackers bisa masuk ke
database perusahaan dan mencuri data berharga
. Hackers bisa mengirim email kepada list klien menggunakan email
perusahaan dan meminta klien masuk ke web gadungan yang
meminta mereka memasukkan data login dan password

Case 4

dIn Hack : Lessons Learned and Hidden Dangers

2. Companies are often slow to self-detect data breaches so a cyberattack
can occur without a company even knowing it has a problem. What
effect do you think LinkedIns failure to self-detect its massive data
breach had on its popularity and credibility?
. Pembobolan tentu saja akan menurunkan reputasi LinkedIn dan
menurunkan kepercayaan pelanggan atau calon pelanggan dalam
menggunakan jasa LinkedIn
. Namun karena populasi data yang dibobol hanya sekitar 3.5% dari
keseluruhan jumlah pelanggan, maka pembobolan ini, meskipun
berbiaya besar, masih berdampak minim
3. Most corporate security incidents are uncovered by a third party, like a
security firm, that picks up on evidence of malicious activity. Why do you
think IT security experts and not LinkedIn discovered the data breach?
. Karena hacking sendiri sudah merupakan sebuah industri, maka IT
security firms berlomba untuk menunjukkan kompetensinya dalam
mendeteksi pembobolan data sehingga membuka kesempatan
dikontrak oleh perusahaan yang datanya dibobol.
4. LinkedIns lax approach to members information security and weak

Case 4

dIn Hack : Lessons Learned and Hidden Dangers

5. Identify and evaluate the actual and potential business risks and
damages from LinkedIns data breach.
. Hackers bisa membobol data berharga pelanggan di social media atau
cloud yang lain
. Pembobolan dapat menurunkan penghasilan LinkedIn dari iklan
. LinkedIn dapat terkena jeratan hukum dan harus membayar denda
. LinkedIn harus mengeluarkan biaya yang sangat besar untuk
membersihkan datanya
6. Why is data encryption an important information security defense?
. Karena password yang terenkripsi secara lemah akan gampang dibobol
oleh hackers
7. Discuss why information security is a concern of senior managers.
. Data Security sangat mempengaruhi sebuah perusahaan dalam aspek
operasi, reputasi dan kepercayaan konsumen, yang pada akhirnya
berengaruh pada revenue & profit
8. Explain why someone who used the same password for several sites

References

https://
www.youtube.com/watch?v=N_mfFi1
jPZ8
https://
www.youtube.com/watch?v=UtBa9y
VZBJM
https://
www.mataharimall.com/static/9/faqcara-pembayaran