Pengukuran Risiko Indeks Keamanan Informasi(Kami) Bagian Tata Kelola Kota XYZ Menggunakan Framework Nist Sp 800-30

I Gede Putu Krisna Juliharta(1*), A Adrian(2), Ayu Pradnyandari Dananjaya Erawan(3),

(1) Universitas Primakara, Bali, Indonesia
(2) Universitas Primakara, Bali, Indonesia
(3) Universitas Primakara, Bali, Indonesia
(*) Corresponding Author

Abstract


The XYZ City Government has conducted an assessment using the KAMI Index, revealing that the governance aspect is weaker compared to other areas. Given this issue, a risk assessment was conducted to provide recommendations for the City of XYZ to improve its information security. The risk assessment was carried out using the NIST SP 800-30 framework, designed as a guideline for evaluating risk management. There are five risk categories: Very Low, Low, Moderate, High, and Very High. Based on the assessment using NIST 800-30, several critical areas for improvement were identified: Policy with a High level of risk, Data and Information with a Very High level of risk, Information Security Education with a Moderate level of risk, Accountability with a High level of risk, Implemented Programs with a High level of risk, Legal Aspects with a High level of risk, BCP and DRP Implementation with a High level of risk, Information Security Standards and Performance with a Moderate level of risk, and Information Security Management with a High level of risk.

Full Text:

PDF

References


T. Rochmadi And I. Y. Pasa, “Measurement Of Risk And Evaluation Of Information Security Using The Information Security Index In Bkd Xyz Based On Iso 27001 / Sni,” 2021.

Chazar Chalifa, “Standar Manajemen Keamanan Sistem Informasi Berbasis Iso/Iec 27001:2005,” 2015. [Online]. Available: Www.Republika.Co.Id.

D. Setiya Budi And A. Tarigan, “Konsep Dan Strategi Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Kami) Dan Evaluasi Kesadaran Keamanan Informasi Pada Pengguna,” Tahun, Vol. 2, No. 1, 2018.

A. Rizky, A. Setyawan, And M. Riza Akbar Pramudya,” Penilaian Risiko Teknologi Informasi Dan Keamanan Informasi Menggunakan Framework Nist Sp 800-30 (Studi Kasus : E-Learning Universitas Pembangunan Nasional Veteran Jakarta).” 2021. [Online]. Available: Https://Elearning40.Upnvj.Ac.Id/.

A. R. Riswaya, A. Sasongko, A. Maulana, S. Mardira Indonesia, And U. Langlangbuana Bandung, “Evaluasi Tata Kelola Keamanan Teknologi Informasi Menggunakan Indeks Kami Untuk Persiapan Standar Sni Iso/Iec 27001 (Studi Kasus: Stmik Mardira Indonesia),” Jurnal Computech & Bisnis, Vol. 14, No. 1, Pp. 10–18, 2020.

L. D. A. Jelita, M. N. Al Azam, And A. Nugroho, “Evaluasi Keamanan Teknologi Informasi Menggunakan Indeks Keamanan Informasi 5.0 Dan Iso/Eic 27001:2022,” Jurnal Saintekom, Vol. 14, No. 1, Pp. 84–94, Mar. 2024, Doi: 10.33020/Saintekom.V14i1.623.

R. Ramadhan Putra, E. Setiawan, And A. Ambarwati, “Analisis Manajemen Risiko Ti Pada Keamanan Data E-Learning Dan Aset Ti Menggunakan Nist Sp 800-30 Revisi 1,” Jurnal Teknik Informatika Dan Sistem Informasi, Vol. 6, No. 1, 2019, [Online]. Available: Http://Jurnal.Mdp.Ac.Id.

I. Gede, P. Krisna Juliharta, P. Anugrah, C. Dewi, And N. P. Widiari, “Analysis And Design Of Risk Management System Of Electronic Government (E-Government) (Study Case: Xyz Institutions),” P Issn, 2023.




DOI: https://doi.org/10.30645/brahmana.v6i1.527

DOI (PDF): https://doi.org/10.30645/brahmana.v6i1.527.g522

Refbacks

  • There are currently no refbacks.


Published Papers Indexed/Abstracted By: