DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN DATA AND INFORMATION CENTER OF THE MINISTRY OF DEFENSE OF THE REPUBLIC OF INDONESIA BASED ON ISO 27005: 2018
The country's vital objects that provide data and information are vulnerable to threats. Information in the form of valuable assets needs to be protected from threats and vulnerabilities. Data and information must be guaranteed confidentiality, integrity, authenticity and availability. The vita...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/48234 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | The country's vital objects that provide data and information are vulnerable to threats. Information in the form of valuable assets needs to be protected from threats and vulnerabilities. Data and information must be guaranteed confidentiality, integrity, authenticity and availability. The vital object that is the focus of research in this thesis is the Center for Data and Information of the Ministry of Defense of the Republic of Indonesia, better known as Pusdatin Kemhan. Business processes owned by the Pusdatin Kemhan organization are very complex. Pusdatin Kemhan requires strengthening in the management of information security because the assets carried out are strategic, critical and high-value assets. Strategic information can cover all aspects of life, namely ideology, politics, economics, social culture, defense and security. Strategic information is not only confidential information, but also important public information that must be known to the public in order to improve themselves and their environment. The availability of information will ultimately strengthen national defense whose very existence is needed by leaders to assist in making decisions to support national defense and security. Therefore the application of information security must be carried out in accordance with the standards and cannot be separated from the existence of well-managed risk management.
Military organizations, in this case Pusdatin Kemhan, are expected to implement an information security management system (ISMS). In managing the information security of an organization, it is necessary to have risk management because an organization has risks from running business processes, vulnerabilities at any time in carrying out its duties and various threats from multidimensional. This is done in order to obtain the risk determination of an organization can run well. The guideline standard governing information security is ISO 27001: 2013, while the standard governing information security risk management is ISO 27005: 2018. In this study, combining two information security management standards which results in the form of an information security risk management design based on ISO 27005: 2018 that is used in the Pusdatin Kemhan.
|
|---|