Perancangan Manajemen Risiko Keamanan Informasi Menggunakan SNI ISO/IEC 27005: Studi Kasus Integrated School Management System milik PT XYZ

Rizky Muhamad Rasyid(1*), Rizal Fathoni Aji(2),

(1) Universitas Indonesia, Indonesia
(2) Universitas Indonesia, Indonesia
(*) Corresponding Author

Abstract


The existence of information technology has provided various conveniences and opportunities for conducting business online, one of which is the Software as a Service (SaaS) industry. PT XYZ is one of the startups focused on the SaaS business as a provider of integrated school management system (ISMS) solutions. IT plays a vital role in the operational activities of ISMS. PT XYZ is aware of this and has implemented a zero-security incident policy for its ISMS. However, the ISMS still experiences security incidents due to vulnerabilities in the system that result in losses for PT XYZ. This indicates the need for information security risk management for the ISMS. The purpose of this study is to obtain a design for information security risk management for ISMS. This study uses a qualitative method where data collection is conducted through interviews, observations, and literature reviews. SNI ISO/IEC 27005:2022 is used as the information security risk assessment, while risk control recommendations utilize SNI ISO/IEC 27001:2022. This study resulted in 28 risk scenarios, namely: 12 High risks, 10 Moderate risks, two Low risks, and four Very Low risks. The outcome of this study is the design of information security risk management for PT XYZ's ISMS.

Full Text:

PDF

References


M. Seifert, S. Kuehnel, dan S. Sackmann, “Hybrid Clouds Arising from Software as a Service Adoption: Challenges, Solutions, and Future Research Directions,” ACM Comput Surv, vol. 55, no. 11, Nov 2023.

W. T. Tsai, X. Y. Bai, dan Y. Huang, “Software-as-a-service (SaaS): Perspectives and challenges,” Science China Information Sciences, vol. 57, no. 5, hlm. 1–15, Mei 2014.

Finfolk, “Berkembang Pesat, Bisnis SaaS di Indonesia Diprediksi Bernilai Rp14,8 Triliun Pada 2025.” [Daring]. Tersedia pada: https://finfolk.co/article/news/berkembang-pesat-bisnis-saas-di-indonesia-diprediksi-bernilai-rp148-triliun-pada-2025

Tracxn, “Global SaaS sector in Indonesia overview.” [Daring]. Tersedia pada: https://tracxn.com/d/explore/global-saas-startups-in-indonesia

Z. Yildirim, C. M. Reigeluth, S. Kwon, Y. Kageto, dan Z. Shao, “A comparison of learning management systems in a school district: searching for the ideal personalized integrated educational system (PIES),” Interactive Learning Environments, vol. 22, no. 6, hlm. 721–736, Nov 2014.

I. S. Syarief, “Kominfo Tangani 94 Kasus Kebocoran Data Pribadi dalam Tiga Tahun.” [Daring]. Tersedia pada: https://www.suarasurabaya.net/kelanakota/2023/kominfo-tangani-94-kasus-kebocoran-data-pribadi-dalam-tiga-tahun

E. V. Beskaravainaya dan T. N. Kharybina, “Characteristics of Information Flow in Scientific Research,” Scientific and Technical Information Processing, vol. 51, no. 3, hlm. 206–214, Sep 2024.

L. Setiyani, “Research Methods Information Technology”. Karawang: Jatayu Catra Internusa, 2018.

Badan Standarisasi Nasional, “SNI ISO/IEC 27005:2022,” 2023.

Badan Standarisasi Nasional, “SNI ISO/IEC 27001:2022,” 2023.

Menteri PAN&RB, “Peraturan Menteri Pendayagunaan Aparatur Negara dan Reformasi Birokrasi Republik Indonesia Nomor 5 Tahun 2020,” Jakarta, Mar 2020.




DOI: http://dx.doi.org/10.30645/jurasik.v10i1.866

DOI (PDF): http://dx.doi.org/10.30645/jurasik.v10i1.866.g841

Refbacks

  • There are currently no refbacks.



JURASIK (Jurnal Riset Sistem Informasi dan Teknik Informatika)
Published Papers Indexed/Abstracted By:

Jumlah Kunjungan : View My Stats