DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE)
The Indonesian National Police Human Resources Staff is an element of the supervisor and assistant to the National Police leadership in the field of HR management. To organize a career development for INP's human resources that is clean, transparent, accountable, and humanist, supporting...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Subjects: | |
| Online Access: | https://digilib.itb.ac.id/gdl/view/53636 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:53636 |
|---|---|
| spelling |
id-itb.:536362021-03-08T12:17:26ZDESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE) Rizqi Prananda, Eriestu Teknik (Rekayasa, enjinering dan kegiatan berkaitan) Indonesia Theses Information Security Management System, Information Security Risk Management, Information Security Management System, OCTAVE Allegro, SNI ISO 27001: 2013 INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/53636 The Indonesian National Police Human Resources Staff is an element of the supervisor and assistant to the National Police leadership in the field of HR management. To organize a career development for INP's human resources that is clean, transparent, accountable, and humanist, supporting facilities are needed in the form of personnel data that is accurate, precise, and available at any time through the Police Personnel Information System which is managed by the Personnel Information Unit Human Resource Staff of INP. SSDM Polri currently has not implemented a comprehensive information security management system (ISMS) so that threats to organizational information assets are still possible and threaten the institution's operations. Based on the Ministry of Communication Regulation No. 4 of 2016, which requires strategic electronic systems to implement information security, it is obliging administrators of strategic and high electronic systems to apply SNI ISO 27001:2013 concerning ISMS. Information Security Risk Management (ISRM) is one of the essential elements of the ISMS process, so ISRM deals with potential threats that may occur that will have a significant impact on operational disruption. In implementing the ISRM, this thesis uses the OCTAVE Allegro framework, which assesses a risk-based organization's information needs. The results of risk analysis are managed based on the SNI ISO 27001: 2013 control. In this study, the design of security controls for Police Personnel Information System is based on SNI's ISO 27001: 2013 control in clauses 4 to 10 and controls based on risk assessment results using OCTAVE Allegro. Meanwhile, the selected control is based on the control risk assessment results in the attachment of Annex A to SNI ISO 27001: 2013. Based on the research results, there are 12 risk scenarios from 3 critical assets of SIPP Online managed by SSDM Polri, including three low-risk categories, five medium risk categories, and four high-risk categories. With the number of information security controls totaling 46 control recommendations. Based on the validation of the results of research on information security control based on the ISMS equipped with the MRKI by the organization's needs, it can become a comprehensive recommendation for the institution. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| topic |
Teknik (Rekayasa, enjinering dan kegiatan berkaitan) |
| spellingShingle |
Teknik (Rekayasa, enjinering dan kegiatan berkaitan) Rizqi Prananda, Eriestu DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE) |
| description |
The Indonesian National Police Human Resources Staff is an element of the supervisor and
assistant to the National Police leadership in the field of HR management. To organize a career
development for INP's human resources that is clean, transparent, accountable, and humanist,
supporting facilities are needed in the form of personnel data that is accurate, precise, and
available at any time through the Police Personnel Information System which is managed by the
Personnel Information Unit Human Resource Staff of INP. SSDM Polri currently has not
implemented a comprehensive information security management system (ISMS) so that threats to
organizational information assets are still possible and threaten the institution's operations. Based
on the Ministry of Communication Regulation No. 4 of 2016, which requires strategic electronic
systems to implement information security, it is obliging administrators of strategic and high
electronic systems to apply SNI ISO 27001:2013 concerning ISMS.
Information Security Risk Management (ISRM) is one of the essential elements of the ISMS
process, so ISRM deals with potential threats that may occur that will have a significant impact
on operational disruption. In implementing the ISRM, this thesis uses the OCTAVE Allegro
framework, which assesses a risk-based organization's information needs. The results of risk
analysis are managed based on the SNI ISO 27001: 2013 control. In this study, the design of
security controls for Police Personnel Information System is based on SNI's ISO 27001: 2013
control in clauses 4 to 10 and controls based on risk assessment results using OCTAVE Allegro.
Meanwhile, the selected control is based on the control risk assessment results in the attachment
of Annex A to SNI ISO 27001: 2013. Based on the research results, there are 12 risk scenarios
from 3 critical assets of SIPP Online managed by SSDM Polri, including three low-risk categories,
five medium risk categories, and four high-risk categories. With the number of information security
controls totaling 46 control recommendations. Based on the validation of the results of research
on information security control based on the ISMS equipped with the MRKI by the organization's
needs, it can become a comprehensive recommendation for the institution.
|
| format |
Theses |
| author |
Rizqi Prananda, Eriestu |
| author_facet |
Rizqi Prananda, Eriestu |
| author_sort |
Rizqi Prananda, Eriestu |
| title |
DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE) |
| title_short |
DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE) |
| title_full |
DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE) |
| title_fullStr |
DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE) |
| title_full_unstemmed |
DESIGN OF INFORMATION SECURITY CONTROL BASED ON INFORMATION SECURITY RISK MANAGEMENT USING THE INTEGRATION OF OCTAVE ALLEGRO AND SNI ISO 27001:2013 (CASE STUDY: HUMAN RESOURCE STAFF ORGANIZATION OF INDONESIA NATIONAL POLICE) |
| title_sort |
design of information security control based on information security risk management using the integration of octave allegro and sni iso 27001:2013 (case study: human resource staff organization of indonesia national police) |
| url |
https://digilib.itb.ac.id/gdl/view/53636 |
| _version_ |
1822929382152339456 |