Perancangan Manajemen Risiko Keamanan Informasi pada Penyelenggara Sertifikasi Elektronik (PSrE)
DOI:
https://doi.org/10.22441/incomtech.v9i2.6474Keywords:
Penyelenggara Sertifikasi Elektronik, Manajemen Risiko, ISO 27005, ISO 27002, Manajemen Keamanan InformasiAbstract
Badan Pengkajian dan Penerapan Teknologi (BPPT) merupakan Penyelenggara Sertifikasi Elektronik (PSrE) untuk instansi pemerintah. Berdasarkan Peraturan Pemerintah No.82 Tahun 2012 Penyelenggara Sertifikasi Elektronik (PSrE) BPPT dikategorikan sebagai Penyelenggara Sistem Elektronik yang termasuk dalam Penyelenggara Sistem Elektronik strategis dan tinggi sehingga diwajibkan untuk memiliki sistem manajemen keamanan informasi. Dalam penelitian ini, untuk mendukung Penyelenggara Sertifikasi Elektronik (PSrE) BPPT memiliki sistem manajemen keamanan informasi maka dilakukan perancangan manajemen risiko keamanan informasi. Rancangan manajemen risiko pada Penyelenggara Sertifikasi Elektronik (PSrE) BPPT menggunakan framework ISO/IEC 27005 seperti penentuan konteks, kriteria dasar pengelolaan risiko, penentuan ruang lingkup, penilaian risiko, penanganan dan penerimaan risiko itu sendiri, aset utama dan aset pendukung pada Penyelenggara Sertifikasi Elektronik (PSrE) BPPT semua dilakukan penilaian risikonya dan untuk menghitung nilai risiko menggunakan NIST SP 800-30. Kemudian pada tahapan penanganan risiko menggunakan ISO/IEC 27002. Dari hasil penelitian ini, dapat disimpulkan bahwa terdapat terdapat 51 skenario risiko yang dilakukan pengurangan risiko (reduction) dan 10 skenario risiko yang dilakukan penerimaan risiko (accept) dengan mengaplikasikan kontrol yang direkomendasikan berdasarkan kepada ISO/IEC 27002.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
The copyright to this article is transferred to Universitas Mercu Buana (UMB) if and when the article is accepted for publication. The undersigned hereby transfers any and all rights in and to the paper including without limitation all copyrights to UMB. The undersigned hereby represents and warrants that the paper is original and that he/she is the author of the paper, except for material that is clearly identified as to its original source, with permission notices from the copyright owners where required. The undersigned represents that he/she has the power and authority to make and execute this assignment.
We declare that:
1. This paper has not been published in the same form elsewhere.
2. It will not be submitted anywhere else for publication prior to acceptance/rejection by this Journal.
3. A copyright permission is obtained for materials published elsewhere and which require this permission for reproduction.
Furthermore, I/We hereby transfer the unlimited rights of publication of the above mentioned paper in whole to UMB. The copyright transfer covers the exclusive right to reproduce and distribute the article, including reprints, translations, photographic reproductions, microform, electronic form (offline, online) or any other reproductions of similar nature.
The corresponding author signs for and accepts responsibility for releasing this material on behalf of any and all co-authors. This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s) where applicable. After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted.
Retained Rights/Terms and Conditions
1. Authors retain all proprietary rights in any process, procedure, or article of manufacture described in the Work.
2. Authors may reproduce or authorize others to reproduce the Work or derivative works for the authors personal use or for company use, provided that the source and the UMB copyright notice are indicated, the copies are not used in any way that implies UMB endorsement of a product or service of any employer, and the copies themselves are not offered for sale.
3. Although authors are permitted to re-use all or portions of the Work in other works, this does not include granting third-party requests for reprinting, republishing, or other types of re-use.
