DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE)
The Indonesian National Police Human Resources Staff is an element of the supervisor and assistant to the National Police leadership in the field of HR management. To organize a career development for INP's human resources that is clean, transparent, accountable, and humanist, supporting...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Subjects: | |
| Online Access: | https://digilib.itb.ac.id/gdl/view/53636 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | The Indonesian National Police Human Resources Staff is an element of the supervisor and
assistant to the National Police leadership in the field of HR management. To organize a career
development for INP's human resources that is clean, transparent, accountable, and humanist,
supporting facilities are needed in the form of personnel data that is accurate, precise, and
available at any time through the Police Personnel Information System which is managed by the
Personnel Information Unit Human Resource Staff of INP. SSDM Polri currently has not
implemented a comprehensive information security management system (ISMS) so that threats to
organizational information assets are still possible and threaten the institution's operations. Based
on the Ministry of Communication Regulation No. 4 of 2016, which requires strategic electronic
systems to implement information security, it is obliging administrators of strategic and high
electronic systems to apply SNI ISO 27001:2013 concerning ISMS.
Information Security Risk Management (ISRM) is one of the essential elements of the ISMS
process, so ISRM deals with potential threats that may occur that will have a significant impact
on operational disruption. In implementing the ISRM, this thesis uses the OCTAVE Allegro
framework, which assesses a risk-based organization's information needs. The results of risk
analysis are managed based on the SNI ISO 27001: 2013 control. In this study, the design of
security controls for Police Personnel Information System is based on SNI's ISO 27001: 2013
control in clauses 4 to 10 and controls based on risk assessment results using OCTAVE Allegro.
Meanwhile, the selected control is based on the control risk assessment results in the attachment
of Annex A to SNI ISO 27001: 2013. Based on the research results, there are 12 risk scenarios
from 3 critical assets of SIPP Online managed by SSDM Polri, including three low-risk categories,
five medium risk categories, and four high-risk categories. With the number of information security
controls totaling 46 control recommendations. Based on the validation of the results of research
on information security control based on the ISMS equipped with the MRKI by the organization's
needs, it can become a comprehensive recommendation for the institution.
|
|---|