Penilaian Risiko TI Pada Website DosenIT Dengan Framework ISO 31000 Dan ISO 27002

  • Gilfen Gioferi Universitas Esa Unggul
  • Yulhendri Yulhendri Universitas Esa Unggul

Abstract

DosenIT is a website that contains information on computer science. the website is managed by various professionals in the IT field, from lecturers, IT staff, to students currently studying at the computer science faculty. The main focus on the DosenIT website consists of seven main discussions, namely troubleshooting, basic computer science, computer networks, IT lectures, software, hardware, and the latest technological developments. During the use of the DosenIT website, some disturbances or problems affected the website such as article spam, viruses, loss of article data, website could not be accessed and pages changed. So that it disrupts the running of the website and even paralyzes all business processes on the DosenIT website. The purpose of this study is to carry out a risk assessment - risks that can disrupt business processes on the DosenIT website. Collecting data in this study using the method of observation, interviews, and literature studies. The data analysis process uses the ISO 31000:2018 framework which consists of communication and consultancy, determining context, risk assessment, and risk treatment according to ISO 27002:2013. The results of research conducted on the DosenIT website found 2 low risk levels, 10 medium risk levels, and 2 high level risks.

Downloads

Download data is not yet available.

References

A. Hartomo, “Perencanaan Strategis Sistem Informasi dan Sistem Manajemen Keamanan Informasi Berbasis ISO / IEC 27001 : 2013 Menggunakan Ward & Peppard pada Perusahaan Transshipment,” J. Teknol. Inf. dan Ilmu Komput., vol. 10, no. 1, pp. 141–152, 2023, doi: 10.25126/jtiik.2023105604.

L. E. Hutagalung, “Analisa Manajemen Risiko Sistem Informasi Manajemen Rumah Sakit (Simrs) Pada Rumah Sakit Xyz Menggunakan Iso 31000,” TeIKa, vol. 12, no. 01, pp. 23–33, 2022, doi: 10.36342/teika.v12i01.2820.

A. P. Aisyah and L. Dahlia, “Enterprise Risk Management Berdasarkan ISO 31000 Dalam Pengukuran Risiko Operasional pada Klinik Spesialis Esti,” J. Akunt. dan Manaj., vol. 19, no. 02, pp. 78–90, 2022, doi: 10.36406/jam.v19i02.483.

BSI, “BSI Standards Publication Risk management — Guidelines i a r t or u p g nin s e s rpo Lo y l on py o c an For Lo y l o s s o p r u p ng i i o c,” BSI Stand. Publ., 2018.

A. D. L. Sugianto, F. Samopa, and H. M. Astuti, “Penilaian Dan Kontrol Risiko Terhadap Infrastruktur Dan Keamanan Informasi Berdasarkan Standar Iso/Iec 27001:2013 (Studi Kasus: Institut Teknologi Sepuluh Nopember),” Sebatik, vol. 24, no. 1, pp. 96–101, 2020, doi: 10.46984/sebatik.v24i1.910.

K. B. Mahardika, A. F. Wijaya, and A. D. Cahyono, “Manajemen Risiko Teknologi Informasi Menggunakan Iso 31000 : 2018 (Studi Kasus: Cv. Xy),” Sebatik, vol. 23, no. 1, pp. 277–284, 2019, doi: 10.46984/sebatik.v23i1.572.

S. A. Atmojo and A. D. Manuputty, “Analisis Manajemen Risiko Teknologi Informasi Menggunakan ISO 31000 pada Aplikasi AHO Office,” JATISI (Jurnal Tek. Inform. dan Sist. Informasi), vol. 7, no. 3, pp. 546–558, 2020, doi: 10.35957/jatisi.v7i3.525.

J. O. Yoewono and A. H. Prasetyo, “Rancangan Dan Proses Manajemen Risiko Pada Pt Surya Selaras Cita,” J. Muara Ilmu Ekon. dan Bisnis, vol. 6, no. 1, p. 56, 2022, doi: 10.24912/jmieb.v6i1.12207.

M. I. Fachrezi, “Manajemen Risiko Keamanan Aset Teknologi Informasi Menggunakan Iso 31000:2018 Diskominfo Kota Salatiga,” JATISI (Jurnal Tek. Inform. dan Sist. Informasi), vol. 8, no. 2, pp. 764–773, 2021, doi: 10.35957/jatisi.v8i2.789.

T. F. Rahardian and A. F. Wijaya, “Risk Analysis of Web-Based Information Systems on CV Mega Komputama Uses ISO 31000,” J. Inf. Syst. Informatics, vol. 4, no. 2, p. 442, 2022, [Online]. Available: http://journal-isi.org/index.php/isi

I. P. A. E. Pratama and M. T. S. Pratika, “Manajemen Risiko Teknologi Informasi Terkait Manipulasi dan Peretasan Sistem pada Bank XYZ Tahun 2020 Menggunakan ISO 31000:2018,” J. Telemat., vol. 15, no. 2, pp. 63–70, 2020.

L. F. Putra and A. Profita, “Analisis Risiko Website Telkom Emas Data Validation Menggunakan Iso 31000,” PROFISIENSI J. Progr. Stud. Tek. Ind., vol. 10, no. 2, pp. 175–183, 2022, doi: 10.33373/profis.v10i2.4725.

P. A. Sitanggang and F. A. Sitanggang, “Analisis Implementasi Manajemen Risiko Berdasarkan SNI ISO 31000:2018 (Studi Kasus: Sparepart Personal Computer Second Jambi),” Eksis J. Ilm. Ekon. dan Bisnis, vol. 13, no. 1, p. 12, 2022, doi: 10.33087/eksis.v13i1.293.

A. A. Putri and D. I. Irnanda, “ANALISIS RISIKO TEKNOLOGI INFORMASI MENGGUNAKAN ISO 31000 ( STUDI KASUS : APLIKASI J & T EXPRESS INDONESIA ) Aisyah Journal of Informatics and Electrical Engineering Aisyah Journal of Informatics and Electrical Engineering,” vol. 4, no. 1, pp. 1–9.

S. Agustinus, A. Nugroho, and A. D. Cahyono, “Analisis Risiko Teknologi Informasi Menggunakan ISO 31000 pada Program HRMS,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 1, no. 3, pp. 250–258, 2017, doi: 10.29207/resti.v1i3.94.

N. R. Malonda and A. D. Manuputty, “Information Technology Risk Analysis In The Personnel Management Information System (SIMPEG) At The Salatiga City Education Office,” J. Mantik, vol. 5, no. 36, pp. 1087–1095, 2021, [Online]. Available: https://iocscience.org/ejournal/index.php/mantik/article/view/1462%0Ahttps://iocscience.org/ejournal/index.php/mantik/article/download/1462/1035

H. I. Pribadi and E. Ernastuti, “Manajemen Risiko Teknologi Informasi Pada Penerapan E-Recruitment Berbasis ISO 31000:2018 Dengan FMEA (Studi Kasus PT Pertamina),” J. Sist. Inf. Bisnis, vol. 10, no. 1, pp. 28–35, 2020, doi: 10.21456/vol10iss1pp28-35.

F. Sofiyani and A. Rohmani, “Penentuan Strategi Mitigasi Risiko Kritis Aset IS/IT Perkara Berdasarkan ISO/IEC 27002:2013,” JOINS (Journal Inf. Syst., vol. 4, no. 1, pp. 1–18, 2019, doi: 10.33633/joins.v4i1.2526.

G. W. Lantang, A. D. Cahyono, and M. N. N. Sitokdana, “Analisis Risiko Teknologi Informasi Pada Aplikasi Sap Di Pt Serasi Autoraya Menggunakan Iso 31000,” Sebatik, vol. 23, no. 1, pp. 36–43, 2019, doi: 10.46984/sebatik.v23i1.441.

ISO/IEC, “ISO/IEC 27002:2013.pdf,” Iec, vol. 2013, p. 90, 2013, [Online]. Available: www.iso.org

Published
2023-10-02
How to Cite
Gioferi, G., & Yulhendri, Y. (2023). Penilaian Risiko TI Pada Website DosenIT Dengan Framework ISO 31000 Dan ISO 27002. Jurnal Teknologi Dan Sistem Informasi Bisnis, 5(4), 409-419. https://doi.org/10.47233/jteksis.v5i4.897
Section
Articles