INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X)
Risk represents the likelihood of an undesirable event that may cause negative impacts. In the context of information security management, the complexity of a dynamic business environment necessitates the adoption of a systematic approach to managing risks. Failure to anticipate risks can lead to...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/85272 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:85272 |
|---|---|
| spelling |
id-itb.:852722024-08-20T09:26:32ZINFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X) Febryananta Arifinsyah, Daffa Indonesia Final Project information security management system, ISO/IEC 27001, risk management INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/85272 Risk represents the likelihood of an undesirable event that may cause negative impacts. In the context of information security management, the complexity of a dynamic business environment necessitates the adoption of a systematic approach to managing risks. Failure to anticipate risks can lead to significant financial losses and data privacy breaches. Additionally, obligations and regulations governing data protection, such as those from the Badan Siber dan Sandi Negara (BSSN), emphasize the importance of implementing effective information security management system (ISMS) practices. PT X is a company with a business model that has not yet implemented an ISMS, despite its intensive interactions with business partners in its operations. This thesis aims to design an ISMS tailored to the context and scope of PT X to enhance information security. The ISMS design will be based on the ISO/IEC 27001 standard and will include risk assessment processes and risk control plans. Interviews and questionnaires are the primary methods used for data collection in designing the ISMS at PT X. The risk assessment results reveal gaps in PT X’s information security governance. The ISMS design produces supporting risk management documents and proposed risk control plans. These proposed controls include the establishment of information security policies, allocation of information security roles and responsibilities, and the strengthening of security measures. The success of the ISMS design is evaluated using Indeks Keamanan Informasi (KAMI) from BSSN. The Indeks KAMI assessment shows improved information security scores if the ISMS is implemented. Thus, the ISMS design based on the ISO/IEC 27001 standard provides a systematic and structured approach to enhancing information security at PT X. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Risk represents the likelihood of an undesirable event that may cause negative
impacts. In the context of information security management, the complexity of a
dynamic business environment necessitates the adoption of a systematic approach to
managing risks. Failure to anticipate risks can lead to significant financial losses and
data privacy breaches. Additionally, obligations and regulations governing data
protection, such as those from the Badan Siber dan Sandi Negara (BSSN), emphasize
the importance of implementing effective information security management system
(ISMS) practices.
PT X is a company with a business model that has not yet implemented an ISMS,
despite its intensive interactions with business partners in its operations. This thesis
aims to design an ISMS tailored to the context and scope of PT X to enhance
information security. The ISMS design will be based on the ISO/IEC 27001 standard
and will include risk assessment processes and risk control plans. Interviews and
questionnaires are the primary methods used for data collection in designing the
ISMS at PT X. The risk assessment results reveal gaps in PT X’s information
security governance. The ISMS design produces supporting risk management
documents and proposed risk control plans. These proposed controls include the
establishment of information security policies, allocation of information security
roles and responsibilities, and the strengthening of security measures.
The success of the ISMS design is evaluated using Indeks Keamanan Informasi
(KAMI) from BSSN. The Indeks KAMI assessment shows improved information
security scores if the ISMS is implemented. Thus, the ISMS design based on the
ISO/IEC 27001 standard provides a systematic and structured approach to enhancing
information security at PT X. |
| format |
Final Project |
| author |
Febryananta Arifinsyah, Daffa |
| spellingShingle |
Febryananta Arifinsyah, Daffa INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X) |
| author_facet |
Febryananta Arifinsyah, Daffa |
| author_sort |
Febryananta Arifinsyah, Daffa |
| title |
INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X) |
| title_short |
INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X) |
| title_full |
INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X) |
| title_fullStr |
INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X) |
| title_full_unstemmed |
INFORMATION SECURITY MANAGEMENT SYSTEM DESIGN ON STARTUP (CASE STUDY OF PT X) |
| title_sort |
information security management system design on startup (case study of pt x) |
| url |
https://digilib.itb.ac.id/gdl/view/85272 |
| _version_ |
1822010661893308416 |