Usulan manajemen risiko berdasarkan standar SNI ISO/IEC 27001:2009 menggunakan indeks kami (keamanan informasi) studi kasus: Badan Nasional Penempatan dan Perlindungan Tenaga Kerja Indonesia (BNP2TKI)

Main Authors: Indah Kusuma Dewi, Fitroh, Suci Ratnawati
Format: Article
Bahasa: ind
Terbitan: Studia Informatika: Jurnal Sistem Informasi
Online Access: https://www.researchgate.net/publication/323357015_Usulan_manajemen_resiko_berdasarkan_standar_SNI_ISO_IEC_27001_2009_menggunakan_indeks_KAMI_Keamanan_Informasi_PERLINDUNGAN_TENAGA_KERJA_INDONESIA_BNP2TKI
Daftar Isi:
  • National Agency for the Placement and Protection of Indonesian Overseas Workers (BNP2TKI) managing labor data are vital such as data placement and data arrival so required security information. At the Center for Research and Development Information (Puslitfo) are the head of information systems in charge of sub-areas of system development and maintenance of the system. Of the two sub-areas that many threats that occur as the incident that led to the demise of electricity damaged server so that services should be in real time was inhibited. The study began with a check (analysis of current conditions), Act (Self-assessment based index WE) is an evaluation of the role and the importance of ICT as well as V (five) the completeness of the information security area, namely governance, risk management, framework, asset management, and technology and information security, Plan (Creating Risk Management Plan) which has an output Inventory asset, threat list, list of potential weakness, value possible threats, the impact value, and the value of risk and level of risk. And the last one is Do (Implement controls planned). From the results, the role and the importance of ICT with a score of 31, which has a higher category. For completeness of information security level still needs to be improved, and the maturity level of information security is at the first level categories (initial conditions). Of V (five) area evaluation, information security risk management has not reached the minimum so that made the Risk Management Plan and the policies and controls in the Risk Management Plan