Manajemen Risiko Keamanan Informasi Menggunakan ISO 27005:2011 pada Sistem Informasi Akademik (SIAK) Universitas Muhammadiyah Sukabumi (UMMI)

asriyanik asriyanik, Prajoko Prajoko

Abstract


Information security is an important part of academic information system, including Muhammadiyah University of Sukabumi (UMMI). Information security is conducted to protect UMMI assets, especially data and information. Data and information has become an important asset in an organization, because it relates to the image of the organization. At this time academic information system at UMMI is built online, causing various threats that may occur. Threats can arise side in or outside. If the threat occurs then the information security aspect will be disrupted and enable the disruption of business process on academic information system of UMMI. The likelihood of this threat is called risk. To minimize losses from risks, risk management should be done well. The risk management method used in risk management in academic information system of UMMI is ISO 27005. The selection of this method to facilitate the development in the next stage of information security management system on UMMI Academic Information System using ISO 27000 series. Data collection is done by interview and discussion. The risk management process under ISO 27005 includes four main steps: scope determination, risk assessment, risk treatment and risk acceptance. The result of the risk assessment found 73 possible threat scenarios divided into 3 risk levels, ie 2 low risk, 64 medium risk and 7 high risk. Out of 73 threat scenarios, 47 are made to risk treatment planning. Results of the risk treatment plan, 19 modified risks, 1 risk transferred and 27 risks avoided. This risk treatment plan is a recommendation for the leadership of UMMI to conduct risk management.

Full Text:

PDF

References


H. Zaskuri, (2013) Headlines News homepage on CISO. [Online]. Tersedia: http://www.ciso.co.id/2013/10/cyber-security-awareness-perguruan-tinggi-dan-ancaman-digital/.

C. Chazar, “Standar Manajemen Keamanan Sistem Informasi Berbasis ISO/IEC 27001:2005,” Jurnal Informasi, vol. VII, no. 2, pp. 48-57, 2015.

Asriyanik and M. Hendayun, "Tata Kelola Teknologi Informasi Menggunakan COBIT 5," Jurnal Teknik Informatika dan Sistem Informasi (JuTISI), vol. III, no. 1, pp. 206-216, 2017.

N. A. N. Dewi and I. G. P. H. Yudana, "Analisa Manajemen Risiko pada Sistem Akademik di STMIK STIKOM Bali," Seminar Nasional Teknologi Informasi dan Multimedia, 2016, paper 1.5, p. 7

S. Ritchie, Security Risk Management, Atlanta, Atlanta: HA&W, 2013.

Kementrian Komunikasi dan Informatika RI, Peraturan Menteri Komunikasi dan Informatika Republik Indonesia No. 4 Tahun 2016 tentang Sistem Manajemen Pengamanan Informasi, Jakarta: Kemkominfo RI, 2016.

R. Sarno and I. Iffano, Sistem Manajemen Keamanan Informasi Berbasis ISO 27001, Surabaya: ITSPress, 2009.

W. Syafitri, "Penilaian Risiko Keamanan Informasi menggunakan Metode NIST 800-30 (Studi Kasus: Sistem Informasi Akademik Universitas XYZ)," Jurnal CorelIT, vol. II, no. 2, pp. 8-13, 2016.

M. P. Mokodompit and Nurlaela, "Evaluasi Keamanan Sistem Informasi Akademik Menggunakan ISO 17799:2000," Jurnal Sistem Informasi Bisnis, vol. II, no. 2, pp. 94-104, 2016.

Badan Standarisasi Nasional, Manajemen Risiko Keamanan Informasi (ISO/ IEC 27005:2011), Jakarta: BSN, 2013.

Tim Direktorat Keamanan Informasi, Panduan Penerapan Tata Kelola Keamanan Informasi Bagi Penyelenggara Pelayanan Publik, Jakarta, Jakarta: Kementrian Komunikasi dan Informatika RI, 2011.

A. Saut and K. Surendro, "Perancangan Model Penilaian Kapabilitas Proses Manajemen Resiko Keamanan Informasi Menggunakan ISO 27005 Dan ISO 33020 Studi Kasus: Pusat Komunikasi Kementerian Luar Negeri," Seminar Nasional Teknologi Informasi, 2016, paper B.6, p. 26.

Sugiyono, Metode Penelitian Pendekatan Kuantitatif, Kualitatif dan R&D, Bandung: Alfa Beta, 2014




DOI: http://dx.doi.org/10.28932/jutisi.v4i2.792

Refbacks

  • There are currently no refbacks.


Copyright (c) 2018 Jurnal Teknik Informatika dan Sistem Informasi