Place :
Politeknik Statistika STIS
Speaker :
Dwidharma Priyasta, B.Eng., M.Sc.
Drs. Slamet Aji Pamungkas, M.Eng.
Description :Some of us may be unfamiliar with the term Smart Card. However, Smart Cards are actually very familiar in our daily lives, such as e-KTP (electronic ID card), SIM (driver's license) cards, busway cards, commuter train (KRL) cards, debit cards, and credit cards. Dwidharma Priyasta, B.Eng., M.Sc. from the Agency for the Assessment and Application of Technology (BPPT) explained Smart Cards in more detail in a public lecture held on Tuesday (October 29th). The lecture was attended by third and fourth-year students of the Statistical Computing Study Program in the Applied Undergraduate Program.
A Smart Card is a card with an integrated circuit chip containing a processor, memory, and I/O (input/output) for communication, and can be programmed according to the user's needs. There are four types of smart cards currently in use: Contact Smart Cards (require direct contact with a reader, usually a contact slot), Contactless Smart Cards (work by tapping a reader like NFC), Hybrid Smart Cards (containing two chips, one with a contact and one with a contactless interface), and Dual Inference Smart Cards.
A smart card is simply a piece of hardware without an operating system. Numerous operating systems can run on smart cards, such as NativeOS, Java Card Open Platform, BasicCard, and MULTOS. "This smart card system is very simple; you just add or withdraw funds from the card," explained Dharma when discussing the system used on busway and commuter train cards. Smart cards in Indonesia are standardized through the Indonesian National Standard (SNI) and have specific regulations, making them easily obtainable. Furthermore, smart cards have their own testing facilities accredited by the National Accreditation Committee (KAN).
The second speaker at the public lecture, which addressed the topic of Electronic Data Utilization and Data Security and Privacy, was Drs. Slamet Aji Pamungkas, M.Eng., from the National Standardization Agency (BSN). "We can't afford to be blind in this technological era; even if we blink, we're already behind the times," he said at the beginning of his presentation. Discussions about data security and privacy in this modern era are extremely complex. With technology constantly evolving, every technology has vulnerabilities that could be exploited by third parties.
User data security and privacy are increasingly vulnerable to theft and misuse. Therefore, an international standard, SNI ISO/IEC 27001:2013, has been developed and adapted to Indonesian conditions. This standard specifies the requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS) within an organizational context. Misuse of user data by third parties is inextricably linked to, among other things, user error, who lacks understanding and awareness of how to safeguard their data privacy.
SNI ISO/IEC 27001 teaches management how to prevent information breaches by third parties, not how to mitigate them. This is because user data security and privacy begin at the management level, from the smallest to the largest. The seven ISO management principles are Customer Service, Leadership, People Engagement, Process Approach, Improvement, Evidence-Based Decision Making, and Relationship Management.
