Manajemen Risiko pada Sistem Informasi Akademik Universitas XYZ menggunakan ISO 27005:2018

  • Zefanya Valencia Leasa Universitas Internasional Semen Indonesia
  • Grandys Frieska Prassida Universitas Internasional Semen Indonesia

Abstract

XYZ University is very likely to face security risks in the implementation of the Academic Information System (SIAKAD), which includes various threats such as cyber attacks, data leaks, and unauthorized use of data. Therefore, this study aims to identify information security risks with an approach that follows the ISO 27005:2018 standard. The research method used involves several important stages in ISO 27005:2018, starting from determining a clear scope and context as a basis for identifying, analyzing, and evaluating and determining appropriate actions against information security risks. The results of this study indicate that there are 4 data-related risks, 3 software-related risks, 6 hardware-related risks, and 5 risks in the people category, which have been identified. From the results of the analysis, there is 1 risk with an extreme level and 10 high-level risks. After evaluating the implementation of existing controls, there are 6 risks that exceed the risk acceptance level so that special actions are needed to manage these risks. Ultimately, this study contributes theoretically to the application of ISO 27005:2018 to analyze information security risks within the University. In addition, this study provides practical benefits for University management to be able to determine the right strategies and actions in managing information security risks.

Downloads

Download data is not yet available.

References

M. Al Fikri, F. A. Putra, Y. Suryanto, and K. Ramli, “Risk assessment using NIST SP 800-30 revision 1 and ISO 27005 combination technique in profit- based organization: Case study of ZZZ information system application in ABC agency,” Procedia Comput. Sci., vol. 161, pp. 1206–1215, 2019, doi: 10.1016/j.procs.2019.11.234.

D. Fatih and R. F. Aji, “Evaluasi Keamanan Informasi Menggunakan ISO / IEC 27001 : Studi Kasus PT XYZ,” vol. 8, pp. 72–84, 2024.

K. Isnaini, G. J. Nofita Sari, and A. P. Kuncoro, “Analisis Risiko Keamanan Informasi Menggunakan ISO 27005:2019 pada Aplikasi Sistem Pelayanan Desa,” J. Eksplora Inform., vol. 13, no. 1, pp. 37–45, 2023, doi: 10.30864/eksplora.v13i1.696.

Sindi Aprianti, Renny Puspita Sari, and Ibnur Rusi, “Manajemen Risiko Keamanan Simbada Menggunakan Metode NIST SP 800-30 Revisi 1 dan Kontrol ISO/IEC 27001:2013,” J. Buana Inform., vol. 14, no. 01, pp. 50–59, 2023, doi: 10.24002/jbi.v14i01.7043..

Tutik, N. Mutiah, and I. Rusi, “Analisis Dan Manajemen Risiko Keamanan Informasi Menggunakan Metode Failure Mode And Effects Analysis (FMEA) Dan ISO/IEC 27001:2013,” Coding J. Komput. dan Apl., vol. 10, no. 02, pp. 249–261, 2022.

Syifaurachman and A. Wibowo, “Risk Assessment Related To Privacy Information on Electronic Money Server-Based Using Iso 27001 Iso 27005, Iso 27701,” J. Theor. Appl. Inf. Technol., vol. 101, no. 3, pp. 1067–1077, 2023.

T. S. Putri, N. Mutiah, and D. Prawira, “Analisis Manajemen Risiko Keamanan Informasi Menggunakan Nist Cybersecurity Framework dan ISO/IEC 27001:2013 (Studi Kasus: Badan Pusat Statistik Kalimantan Barat),” Coding J. Komput. dan Apl., vol. 10, no. 2, pp. 237–248, 2022.

H. Sulaeman, H. P. Utomo, and A. Suryana, “Penilaian Risiko Keamanan Informasi Pada Sistem Informasi Akademik (Siakad) Dengan Menggunakan Framework Nist-Sp 800 30,” Naratif J. Nas. Riset, Apl. dan Tek. Inform., vol. 5, no. 2, pp. 171–185, 2023, doi: 10.53580/naratif.v5i2.254.

D. Anggraini and R. Bisma, “Perencanaan Tata Kelola Keamanan Informasi dalam Penerapan Cloud Computing Menggunakan ISO 27001:2013 pada PT.SPINDO,Tbk,” J. Informatics Comput. Sci., vol. 3, no. 01, pp. 46–54, 2021, doi: 10.26740/jinacs.v3n01.p46-54.

Gina Cahya Utami, Aden Bahtiar Supramaji, and Khairunnisak Nur Isnaini, “Penilaian Risiko Keamanan Informasi pada Website dengan Metode DREAD dan ISO 27005:2018,” JUSTINDO (Jurnal Sist. dan Teknol. Inf. Indones., vol. 8, no. 1, pp. 47–56, 2023, doi: 10.32528/justindo.v8i1.219.

R. J. Gagas, I. Syah, and F. Febryanto, “Analisis, Evaluasi, Dan Mitigasi Risiko Aset Teknologi Informasi Menggunakan Framework Octave Dan Fmea (Studi Kasus: Unit Pengelola Teknis Teknologi Informasi Dan Komunikasi Universitas Xyz),” J. Khatulistiwa Inform., vol. 9, no. 2, pp. 121–133, 2021, doi: 10.31294/jki.v9i2.11368.

M. Nawir, I. AP, and F. Wajidi, “INTEGRATION OF FRAMEWORK ISO 27001 AND COBIT 2019 IN SMART TOURISM INFORMATION SECURITY PT. YoY INTERNATIONAL MANAGEMENT,” J. Komput. dan Inform., vol. 10, no. 2, pp. 122–128, 2022, doi: 10.35508/jicon.v10i2.7985.

M. Amirinnisa1 and R. Bisma2, “Analisis Penilaian Risiko Keamanan Informasi Berdasarkan Iso 27005 Untuk Persiapan Sertifikasi Iso 27001 pada Pemerintah Kota Madiun,” Jeisbi, vol. 04, no. 04, pp. 47–58, 2023.

J. Juminovario and E. S. Negara, “Manajemen Risiko Divisi Sistem Informasi Pada Universitas Bina Insan Menggunakan Framework Cobit 5,” CogITo Smart J., vol. 8, no. 2, pp. 491–500, 2022, doi: 10.31154/cogito.v8i2.435.491-500.

S. Rif and R. Bisma, “Pembuatan Standard Operating Procedure (SOP) Keamanan Informasi Berdasarkan Framework ISO / IEC 27001: 2013 dan ISO / IEC 27002: 2013 pada Dinas Komunikasi dan Informatika Pemerintah Kota Madiun,” JEISBI (Journal Emerg. Inf. Syst. Bus. Intell., vol. 01, pp. 43–50, 2020.

D. G. L. W. D et al., “’Hvljq Ri, Qirupdwlrq 6Hfxulw 5Lvn 0Dqdjhphqw 8Vlqj, 62, (& Dqg 1,67 63 5Hylvlrq $ &Dvh 6Wxg Dw &Rppxqlfdwlrq ’Dwd$Ssolfdwlrqv Ri ;<=, Qvwlwxwh,” pp. 3–8.

L. Munaroh, Y. Amrozi, and R. A. Nurdian, “Pengukuran Risiko Keamanan Aset TI Menggunakan Metode FMEA dan Standar ISO/IEC 27001:2013,” Technomedia J., vol. 5, no. 2 Februari, pp. 167–181, 2020, doi: 10.33050/tmj.v5i2.1377.

I. P. S. Syahindra, C. Hetty Primasari, and A. Bagas Pradipta Iriantor, “Evaluasi Risiko Keamanan Informasi Diskominfo Provinsi Xyz Menggunakan Indeks Kami Dan Iso 27005: 2011,” J. Teknoinfo, vol. 16, no. 2, p. 165, 2022, doi: 10.33365/jti.v16i2.1246.

J. Jonny, A. Ambarwati, and C. Darujati, “Penilaian Risiko Data Sistem Informasi Manajemen Puskesmas dan Aset Menggunakan ISO 27005,” Sistemasi, vol. 10, no. 1, p. 1, 2021, doi: 10.32520/stmsi.v10i1.995.

M. Wasesa, A. Info, C. Resilience, D. Security, and I. S. Control, “Managing Inherent IT Business Risk against Cyber Threats : a Decision Analysis Case Study of an Oil and Gas Company,” vol. 5, no. 1, 2024, doi: 10.59395/ijadis.v5i1.1315.

Published
2024-10-01
How to Cite
Leasa, Z., & Prassida, G. F. (2024). Manajemen Risiko pada Sistem Informasi Akademik Universitas XYZ menggunakan ISO 27005:2018. Jurnal Teknologi Dan Sistem Informasi Bisnis, 6(4), 649-656. https://doi.org/10.47233/jteksis.v6i4.1459
Section
Articles