DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE)
The application of information technology in government agencies is in line with Presidential Regulation 95/2018 concerning Electronic-Based Government Systems (EBGS). Information in the digital form generated from the application of EBGS is a very valuable asset. Assets that are owned must be pr...
Saved in:
Main Author: | |
---|---|
Format: | Theses |
Language: | Indonesia |
Online Access: | https://digilib.itb.ac.id/gdl/view/54514 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Institut Teknologi Bandung |
Language: | Indonesia |
Summary: | The application of information technology in government agencies is in line with
Presidential Regulation 95/2018 concerning Electronic-Based Government
Systems (EBGS). Information in the digital form generated from the application of
EBGS is a very valuable asset. Assets that are owned must be protected from risk.
This study aims to design information security risk management in a government
agency as a non-profit organization, especially in a Police Command Center. The
design is carried out by integrating two standards to manage information security
risks. ISO 27005: 2018 can be applied to all types of organizations, both
commercial, government organizations, and non-profit organizations that aim to
manage risks that can compromise the organization's information security,
suitable for implementation at the Police Command Center. However, the risk
assessment stage is not described clearly. So that the NIST SP 800-30 rev 1
standard is used, which provides guidance in conducting information risk
assessments of government organizations to complement the ISRM at the risk
assessment stage.
The design results are applied to the Police organization, in this case, the Bali
Regional Police Command Center. This is conducted because the Bali Regional
Police Command Center is a part of the Indonesian National Police organization
that carries out monitoring tasks, presenting public order and security data, and
has information regarding events and operational activities in all the jurisdictions
of the Bali Regional Police. However, yet it does not have a risk management
system to manage information security. So that this can have the impact of no risk
identified that could cause disruption of organizational operations even caused
the damage of the organization's reputation. Information security risk
management is carried out as a mitigation measure against the risks that can
occur to determine the appropriate security controls required by the organization.
From this research, an information security risk management design is produced
as well as the results of risk identification and recommendations for handling it.
There are 21 assets identified as having risks in the business process with 13
modification risks and 52 acceptable risk scenarios, along with recommendations
iv
for their control. In the end, based on the results of the validation, it can be
concluded that the results of the ISRM design for the Bali Regional Police
Command Center have been able to meet organizational needs in identifying and
managing risks so as to maintain the availabili |
---|