INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X)
Risk represents the likelihood of an undesirable event that may cause negative impacts. In the context of information security management, the complexity of a dynamic business environment necessitates the adoption of a systematic approach to managing risks. Failure to anticipate risks can lead to...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/85272 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Risk represents the likelihood of an undesirable event that may cause negative
impacts. In the context of information security management, the complexity of a
dynamic business environment necessitates the adoption of a systematic approach to
managing risks. Failure to anticipate risks can lead to significant financial losses and
data privacy breaches. Additionally, obligations and regulations governing data
protection, such as those from the Badan Siber dan Sandi Negara (BSSN), emphasize
the importance of implementing effective information security management system
(ISMS) practices.
PT X is a company with a business model that has not yet implemented an ISMS,
despite its intensive interactions with business partners in its operations. This thesis
aims to design an ISMS tailored to the context and scope of PT X to enhance
information security. The ISMS design will be based on the ISO/IEC 27001 standard
and will include risk assessment processes and risk control plans. Interviews and
questionnaires are the primary methods used for data collection in designing the
ISMS at PT X. The risk assessment results reveal gaps in PT X’s information
security governance. The ISMS design produces supporting risk management
documents and proposed risk control plans. These proposed controls include the
establishment of information security policies, allocation of information security
roles and responsibilities, and the strengthening of security measures.
The success of the ISMS design is evaluated using Indeks Keamanan Informasi
(KAMI) from BSSN. The Indeks KAMI assessment shows improved information
security scores if the ISMS is implemented. Thus, the ISMS design based on the
ISO/IEC 27001 standard provides a systematic and structured approach to enhancing
information security at PT X. |
|---|