Hasil Pencarian  ::  Simpan CSV :: Kembali

"Abstract:"Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply these concepts to their own efforts. The book examines the elements of computer security, employee roles and responsibilities, and common threats. It examines the need for management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a typical information protection program.The volume discusses organizationwide policies and their documentation, and legal and business requirements. It explains policy format, focusing on global, topic-specific, and application-specific policies. Following a review of asset classification, the book explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management. Information Security Fundamentals concludes by describing business continuity planning, including preventive controls, recovery strategies, and ways to conduct a business impact analysis""

"Seiring dengan masifnya penggunaan TIK dikalangan instansi Pemerintah, terdapat pula masalah yang muncul di bidang keamanan informasi dalam bentuk insiden keamanan informasi. Untuk menghadapi serangan terhadap keamanan sistem informasi tersebut, Pemerintah perlu membentuk organisasi Pusat Penanganan Insiden Keamanan Informasi Pemerintah. Dalam pembentukan oragnisasi tersebut, Pemerintah memerlukan perencanaan dan arahan strategis agar dapat memenuhi tujuan yang diharapkan. Penelitian ini mengusulkan sebuah rencana strategis pembentukan Pusat Penanganan Insiden Keamanan Informasi Pemerintah. Perencanaan strategis Pusat Penanganan Insiden Keamanan Informasi Pemerintah ini menggunakan metodologi yang dikembangkan oleh Carnegie Mellon University dengan menyesuaikan pada karakteristik organisasi. Pada metodologi tersebut, metodologi yang digunakan dipadu dengan metodologi Perencanaan Strategis Sistem Informasi versi Anita Cassidy dalam tahapan perencanaan infrastruktur SI/TI organisasi dengan mengkombinasikan beberapa alat analisis seperti Critical Success Factor, Value Chain Analysi, dan SWOT Analysis agar dapat memberikan arahan pengembangan system informasi yang sifatnya teknis maupun non teknis berupa kebijakan atau kegiatan manajerial. Hasil dari penelitian ini adalah masukan atau landasan dalam pengembangan Pusat Penanganan Insiden Keamanan Informasi Pemerintah agar dapat mewujudkan pemanfaatan TIK pada Pemerintah yang aman dan nyaman.

---

Along with the rapidly use of ICT among government agencies, there are also problems that arise in the field of information security in the form of information security incidents. To deal with security attacks on information systems, the Government needs to establish their Government Information Security Incident Response Center. In these organizations of the establishment, the Government requires planning and strategic direction to meet the desired objectives. This research proposes a strategic plan for the establishment of the Government Information Security Incident Response Center. Strategic Planning for Government Information Security Incident Response Center use the methodology that developed by Carnegie Mellon University which is adjusted with the characteristics of the organization. This methodology combined with the Information Systems Strategic Planning methodology of Anita Cassidy version in the planning stages of infrastructure / IT organization by combining several analysis tools such as Critical Success Factor, Value Chain analysis, and a SWOT Analysis in order to provide guidance information system development technical or non-technical nature in the form of policy or managerial activities. The results of this research is used as input or foundation in the development of the Government Information Security Incident Response Center to realize the use of ICT in government that is safe and comfortable."

"PT. Z adalah organisasi yang bergerak di bidang asuransi kecelakaan lalu lintas, pemanfaatan TI bagi PT. Z adalah untuk mempercepat proses bisnis dan meningkatkan kualitasi penyediaan pelayanan, PT. Z dalam pengelolaan TI harus dapat mengantisipasi risiko yang ada. Pengelolaan terhadap manajemen risiko yang baik bagi PT. Z adalah termasuk kedalam penerapan GCG, untuk BUMN GCG berpedoman kepada Permen BUMN No. PER-02/MBU/2013 yang di rekomendasikan untuk di ikuti oleh semua BUMN, pada GCG PER-02/MBU/2013 salah satu deliverable nya adalah mengenai kebijakan pengelolaan manajemen risiko yang dapat menghasilkan prosedur kerangka kerja pengelolaan risiko TI, selain itu PT. Z memang ingin mengadopsi standar keamanan TI. Dalam penelitian ini, dipilih aplikasi utama dari PT. Z untuk dilakukan perancangan manajemen risiko yang sesuai, aplikasi pelayanan adalah salah satu aplikasi utaman bagi PT. Z dalam menjalankan bisnis nya. Rancangan manajemen risiko pada aplikasi ini memakai framework ISO27005 seperti penentuan konteks, kriteria dasar pengelolaan risiko, penentuan ruang lingkup, penilaian risiko, penanganan dan penerimaan risiko itu sendiri, aset utama dan aset pendukung pada aplikasi ini semua dilakukan penilaian risiko nya dan untuk menghitung nilai risiko menggunakan NIST SP 800-30, pada tahap penanganan risiko mengaplikasikan kontrol - kontrol yang ada pada ISO 27002. Dari hasil penelitian, dapat disimpulkan bahwa terdapat 13 risiko yang akan diterima dan 48 risiko yang akan dilakukan pengurangan dengan mengaplikasikan kontrol yang di rekomendasikan berdasarkan kepada ISO 27002.

---

PT. Z is an organization which run their business for accident insurance, IT Utilization for PT. Z is to accelerate the business processes and to improve the quality of service for their customers. A proper way to managed the risk management for PT. Z is including at implementation of Good Corporate Governance (GCG), GCG at PT. Z is guided by PERMEN BUMN No. PER-02/MBU/2013 which recommended to follow and comply by all of government companies. In PER-02/MBU/2013 one of its deliverable is about the policy of risk management that can give the result of framework IT risk management, in addition PT. Z want to adopt IT security standards.

In this study, has been choosen the main application of PT. Z to do risk management plan and design that appropriate and suitable for PT. Z, one of the key application that they had is “aplikasi pelayanan” to support their main business. Risk management plan and design for this application is using ISO27005 framework for determining the risk context, risk criteria, determining the scope, risk identification, risk estimation, risk evaluation, risk treatment and risk acceptance. Risk estimation using NIST SP 800-30 framework and for risk evaluation using control from ISO27002.

Concluding from this research is that is 13 risks that will accept and 48 risks that want to do a reduction by applied control that recommended by ISO 27002."