ANALISIS DAN PENERAPAN MANAJEMEN RISIKO APLIKASI PEMANTAUAN SERTA SISTEM MANAJEMEN KEAMANAN INFORMASI MENGGUNAKAN
SNI ISO/IEC 27001:2013 (Studi Kasus: KPID Jawa Barat)
Abstract
In the success of the Electronic-Based Government System and Information Security Management System (SMKI), the West Java KPID must participate in it. West Java KPID has a monitoring application that functions to process recorded data and produce findings of violations of broadcast content in television broadcasts. In the monitoring application, there are national TV broadcasts that have networked main stations and local TV broadcasts. The monitoring application can only monitor television because there is a TV tuner that can make a computer capable of processing television signals and then recording them into and into the database and recording 24 hours of television viewing. Given the importance of information and the high risk of interference, the West Java KPID needs to carry out information security governance activities in the environment, especially in monitoring applications because there is data recording the contents of television broadcasts. There are frequent bugs and crashes in monitoring applications due to loss of voltage and not having a temporary power supply. The need for LAN network security to minimize the threat of attacks on monitoring applications. Risk assessment is needed to maintain the aspects of Confidentiality, Integrity, and availability and develop controls to minimize threats. This study carries out risk management monitoring applications using SNI ISO/IEC 27005: 2013 and carries out risk assessment controls based on SNI ISO/IEC 27001: 2013.
The steps taken are identification of information assets, threats, vulnerabilities, risks, impacts and clause mapping based on risk assessment. Then do a maturity level analysis, gap analysis, recommendation of control objectives and information security. So that this study resulted in a risk assessment, proposed mapping of control and control objectives based on SNI ISO/IEC 27001: 2013, the level of maturity of information security, findings and recommendations.
