Rencana Penerapan Cyber-Risk Management Menggunakan NIST CSF dan COBIT 5
Abstract
Kemajuan Teknologi Informasi dan Komunikasi (TIK) membentuk ruang siber sehingga memudahkan akses informasi maupun pengelolaan informasi secara cepat dan akurat. Pemanfaatan TIK yang meningkat saat ini membuat kebutuhan keamanan pada sistem yang digunakan juga meningkat, begitu pula risikonya. Untuk mengatasi hal tersebut, perlu diterapkan cyber-risk management sehingga risiko-risiko siber dapat dikelola. Organisasi ABC merupakan salah instansi pemerintah pengelola infrastruktur kritis negara. Sistem informasi XYZ merupakan SI strategis yang digunakan untuk membantu pimpinan dalam pengambilan keputusan. Dalam penelitian ini, diusulkan rencana penerapan cyber-risk management menggunakan NIST CSF dan COBIT 5 untuk mengelola risiko-risiko siber pada sistem informasi XYZ. Hasil penelitian berupa 13 risiko bernilai tinggi dan 22 risiko bernilai sedang disertai dengan enabler process COBIT 5 sebagai mitigasi risiko. Dari hasil tersebut kemudian disusun 15 rencana aksi (program kerja) penerapan cyber-risk management sesuai dengan kapabilitas dan target organisasi. Rencana aksi tersebut kemudian diprioritaskan sesuai kepentingan organisasi.
Downloads
References
[2] Y. Chen, P. P. Chong, and B. Zhang, “Cyber security management and e-government,” vol. 1, no. 3, pp. 316–327, 2004.
[4] M. J. Hutchins, R. Bhinge, M. K. Micali, S. L. Robinson, J. W. Sutherland, and D. Dornfeld, “Framework for Identifying Cybersecurity Risks in Manufacturing,” Procedia Manuf., vol. 1, pp. 47–63, 2015.
[5] I. Rahmawati, “Analisis Manajemen Risiko Ancaman Kejahatan Siber (Cyber Crime) Dalam Peningkatan Cyber Defense,” J. Pertahanan dan Bela Negara, vol. 7, no. 2, pp. 51–66, 2017.
Publikasi elektronik atau informasi dari internet
[8] Kominfo, “Tren Serangan Siber Nasional 2016 dan Prediksi 2017,” 2017.
https://www.owasp.org/images/4/47/Iwan-OWASP-Cyber-Security-Trends-2017.pdf
[12] F. Wamala, ITU National Cybersecurity Strategy Guide. 2011.
http://www.itu.int/ITU-D/cyb/cybersecurity/docs/ITUNationalCybersecurityStrategyGuide.pdf
[13] NIST, “Framework for Improving Critical Infrastructure Cybersecurity Version 1.0,” United State, 2014.
https://www.nist.gov/document-3766
Buku
[1] A. Refsdal, B. Solhaug, and K. Stolen, Cyber-Risk Management. 2015.
[14] ISACA, COBIT 5 Enabling Processes. 2012.
[15] ISACA, Process Assessment Model (PAM): Using COBIT ® 5. 2013.
[16] ISACA, Self-assessment Guide: Using COBIT ® 5. Canada, 2013.
[17] ISACA, Using COBIT 5 for Risk Management, vol. 4, no. October. 2013.
[18] ISACA, Implementing The NIST Cybersecurity Framework. 2014.
Tugas Akhir
[3] C. W. Hardani, Analisis Risiko Flight Clearance Information System Menggunaka Risk Scenario COBIT 5 for Risk dan NIST SP 800-30 Revisi 1. 2016.
Paper dan Laporan
[6] R. Von Solms and J. Van Niekerk, “From information security to cyber security,” Comput. Secur., pp. 2–7, 2013.
Data Spesial
[7] Peraturan internal. 2014, pp. 1–64.
[9] Peraturan internal. 2014, pp. 1–250.
[10] Peraturan internal. 2011, pp. 4–19.
[11] Laporan internal, “Sistem informasi XYZ” 2017.
Copyright (c) 2018 Jurnal Sistem Informasi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).