DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE)

The application of information technology in government agencies is in line with Presidential Regulation 95/2018 concerning Electronic-Based Government Systems (EBGS). Information in the digital form generated from the application of EBGS is a very valuable asset. Assets that are owned must be pr...

Full description

Saved in:
Bibliographic Details
Main Author: Made Martadi Putra, I
Format: Theses
Language:Indonesia
Online Access:https://digilib.itb.ac.id/gdl/view/54514
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Institut Teknologi Bandung
Language: Indonesia
Description
Summary:The application of information technology in government agencies is in line with Presidential Regulation 95/2018 concerning Electronic-Based Government Systems (EBGS). Information in the digital form generated from the application of EBGS is a very valuable asset. Assets that are owned must be protected from risk. This study aims to design information security risk management in a government agency as a non-profit organization, especially in a Police Command Center. The design is carried out by integrating two standards to manage information security risks. ISO 27005: 2018 can be applied to all types of organizations, both commercial, government organizations, and non-profit organizations that aim to manage risks that can compromise the organization's information security, suitable for implementation at the Police Command Center. However, the risk assessment stage is not described clearly. So that the NIST SP 800-30 rev 1 standard is used, which provides guidance in conducting information risk assessments of government organizations to complement the ISRM at the risk assessment stage. The design results are applied to the Police organization, in this case, the Bali Regional Police Command Center. This is conducted because the Bali Regional Police Command Center is a part of the Indonesian National Police organization that carries out monitoring tasks, presenting public order and security data, and has information regarding events and operational activities in all the jurisdictions of the Bali Regional Police. However, yet it does not have a risk management system to manage information security. So that this can have the impact of no risk identified that could cause disruption of organizational operations even caused the damage of the organization's reputation. Information security risk management is carried out as a mitigation measure against the risks that can occur to determine the appropriate security controls required by the organization. From this research, an information security risk management design is produced as well as the results of risk identification and recommendations for handling it. There are 21 assets identified as having risks in the business process with 13 modification risks and 52 acceptable risk scenarios, along with recommendations iv for their control. In the end, based on the results of the validation, it can be concluded that the results of the ISRM design for the Bali Regional Police Command Center have been able to meet organizational needs in identifying and managing risks so as to maintain the availabili