DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE)
The application of information technology in government agencies is in line with Presidential Regulation 95/2018 concerning Electronic-Based Government Systems (EBGS). Information in the digital form generated from the application of EBGS is a very valuable asset. Assets that are owned must be pr...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/54514 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:54514 |
|---|---|
| spelling |
id-itb.:545142021-03-18T10:15:40ZDESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE) Made Martadi Putra, I Indonesia Theses Command Center, Information Security Management System, Information Security Risk Management, ISO 27005, NIST SP 800-30 Rev1. INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/54514 The application of information technology in government agencies is in line with Presidential Regulation 95/2018 concerning Electronic-Based Government Systems (EBGS). Information in the digital form generated from the application of EBGS is a very valuable asset. Assets that are owned must be protected from risk. This study aims to design information security risk management in a government agency as a non-profit organization, especially in a Police Command Center. The design is carried out by integrating two standards to manage information security risks. ISO 27005: 2018 can be applied to all types of organizations, both commercial, government organizations, and non-profit organizations that aim to manage risks that can compromise the organization's information security, suitable for implementation at the Police Command Center. However, the risk assessment stage is not described clearly. So that the NIST SP 800-30 rev 1 standard is used, which provides guidance in conducting information risk assessments of government organizations to complement the ISRM at the risk assessment stage. The design results are applied to the Police organization, in this case, the Bali Regional Police Command Center. This is conducted because the Bali Regional Police Command Center is a part of the Indonesian National Police organization that carries out monitoring tasks, presenting public order and security data, and has information regarding events and operational activities in all the jurisdictions of the Bali Regional Police. However, yet it does not have a risk management system to manage information security. So that this can have the impact of no risk identified that could cause disruption of organizational operations even caused the damage of the organization's reputation. Information security risk management is carried out as a mitigation measure against the risks that can occur to determine the appropriate security controls required by the organization. From this research, an information security risk management design is produced as well as the results of risk identification and recommendations for handling it. There are 21 assets identified as having risks in the business process with 13 modification risks and 52 acceptable risk scenarios, along with recommendations iv for their control. In the end, based on the results of the validation, it can be concluded that the results of the ISRM design for the Bali Regional Police Command Center have been able to meet organizational needs in identifying and managing risks so as to maintain the availabili text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
The application of information technology in government agencies is in line with
Presidential Regulation 95/2018 concerning Electronic-Based Government
Systems (EBGS). Information in the digital form generated from the application of
EBGS is a very valuable asset. Assets that are owned must be protected from risk.
This study aims to design information security risk management in a government
agency as a non-profit organization, especially in a Police Command Center. The
design is carried out by integrating two standards to manage information security
risks. ISO 27005: 2018 can be applied to all types of organizations, both
commercial, government organizations, and non-profit organizations that aim to
manage risks that can compromise the organization's information security,
suitable for implementation at the Police Command Center. However, the risk
assessment stage is not described clearly. So that the NIST SP 800-30 rev 1
standard is used, which provides guidance in conducting information risk
assessments of government organizations to complement the ISRM at the risk
assessment stage.
The design results are applied to the Police organization, in this case, the Bali
Regional Police Command Center. This is conducted because the Bali Regional
Police Command Center is a part of the Indonesian National Police organization
that carries out monitoring tasks, presenting public order and security data, and
has information regarding events and operational activities in all the jurisdictions
of the Bali Regional Police. However, yet it does not have a risk management
system to manage information security. So that this can have the impact of no risk
identified that could cause disruption of organizational operations even caused
the damage of the organization's reputation. Information security risk
management is carried out as a mitigation measure against the risks that can
occur to determine the appropriate security controls required by the organization.
From this research, an information security risk management design is produced
as well as the results of risk identification and recommendations for handling it.
There are 21 assets identified as having risks in the business process with 13
modification risks and 52 acceptable risk scenarios, along with recommendations
iv
for their control. In the end, based on the results of the validation, it can be
concluded that the results of the ISRM design for the Bali Regional Police
Command Center have been able to meet organizational needs in identifying and
managing risks so as to maintain the availabili |
| format |
Theses |
| author |
Made Martadi Putra, I |
| spellingShingle |
Made Martadi Putra, I DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE) |
| author_facet |
Made Martadi Putra, I |
| author_sort |
Made Martadi Putra, I |
| title |
DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE) |
| title_short |
DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE) |
| title_full |
DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE) |
| title_fullStr |
DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE) |
| title_full_unstemmed |
DESIGN OF INFORMATION SECURITY RISK MANAGEMENT IN INDONESIAN NATIONAL POLICE COMMAND CENTER BASED ON ISO 27005 (CASE STUDY: COMMAND CENTER OF BALI REGIONAL POLICE) |
| title_sort |
design of information security risk management in indonesian national police command center based on iso 27005 (case study: command center of bali regional police) |
| url |
https://digilib.itb.ac.id/gdl/view/54514 |
| _version_ |
1822929636876615680 |