Hasil Pencarian  ::  Simpan CSV :: Kembali

"Informasi merupakan aset yang bernilai bagi suatu organisasi. Pengamanan terhadap informasi merupakan langkah untuk menjamin kerahasiaan, keutuhan, dan ketersediaan dari informasi. Pengamanan Informasi sendiri bertujuan melindungi keseluruhan bisnis organisasi agar dapat memenuhi tujuannya. Oleh karena itu, agar sistem pengamanan optimal, organisasi perlu melakukan analisis organisasi dalam menentukan tingkat pengamanan yang dibutuhkan. Tahapan analisis ini meliputi pemetaan proses untuk mengidentifkasi elemen yang terlibat, pengklasifikasian setiap elemen termasuk penentuan proses yang dianggap paling prioritas dan aset yang kritikal dalam menjalankan proses, penentuan level pengamanan untuk setiap elemen yang dilakukan oleh tiap-tiap owner process, dan pengecekan konsistensi level pengamanan di tiap proses. Security requirement untuk tiap item proses yang diperoleh dari pembahasan dalam skripsi ini nantinya akan sangat berguna sebagai framework bagi tahap penilaian risiko Aset Teknologi Informasi dan juga bagi penentuan kontrol pengamanan bagi tiap item. Penelitian ini dilakukan di Bagian Administrasi Teknologi Informasi (AdTI)-Departemen Teknologi Informasi Bank X. Dalam penelitian ini akan dijabarkan mengenai proses identifikasi tingkat pengamanan yang dibutuhan dalam proses bisnis Bagian AdTI yang bertanggung jawab sebagai koordinator dalam pengadaan perangkat operasional TI dan pengelola kegiatan administrasi yang berhubungan dengan Teknologi Informasi di Bank X.

---

Information is an valuable asset for an organization. Information Security can be a proper action to secure its confidentiality, integrity, and availability. Objective of this action it self is to protect the organization business process overall in order to achieve its goals. Therefore, to establish security system optimally, organization needs to determine security requirement level through organizational analysis.

Paces of analysis comprise identification of elements involved in process through business process mapping, the most prior or critical process determining including critical assets which support the process it self, security requirement level for each element determined by process owner, and security level consistency checking of each process.

Security requirement resulted through this research would be useful as a framework in IT assets risk analysis and control implementation as well. This research is run in Administration Section of Information Technology (AdTI) in Bank X.

The research will elaborate security requirement level identification process needed by AdTI that is responsible as coordinator in IT operational ware pr_Curement and IT administration management."

"Dewasa ini, informasi telah menjadi suatu hal yang penting bagi suatu organisasi. Seiring dengan itu, pengamanan informasi pada akhirnya juga menjadi suatu hal yang mutlak diperlukan. Pengamanan informasi, tidak hanya mengamankan informasi milik organisasi tapi juga keseluruhan bisnis organisasi. Oleh karena itu, untuk mewujudkan suatu sistem pengamanan yang optimal, organisasi perlu melakukan pemetaan proses bisnis dalam rangka penentuan security requirement.Penelitian mengenai analisis proses bisnis terkait dengan penerapan pengamanan informasi ini dilakukan di Bagian Operasional Teknologi Informasi (OTI) - Departemen Teknologi Informasi Bank X. Bagian OTI dalam waktu dekat akan menerapkan Information Security Management System (ISMS). Dalam penelitian ini, akan dilakukan pemetaan proses bisnis OTI-DTI dengan metode IDEF0 dan dilakukan identifikasi security requirement yang dibutuhan dalam proses bisnis Bagian OTI sebagai Satuan Kerja yang bertanggung jawab terhadap kelangsungan operasional teknologi informasi yang berlaku di Bank X.

---

Nowadays, information has become the most valuable asset for an organization and consequently needs to be suitably protected. Protection of information is ussually refered to as information security. Information security system is not only necessary to protect a company's assets from harm, but also to protect the whole bussiness of the organization. Thus, to optimize information security, an organization needs develop a business process map in order to determine the security requirement.

This research is conducted at Information Technology Operation Section - Information Technology Directory (OTI-DTI) Bank X. In the near future, OTI will be implementing an Information Security Management System. Therefore, this research will provide the bussiness process mapping analysis for OTI using IDEF0 and identify the security requirement for OTI's business process as the section responsible for the ongoing of information technology operation in Bank X."

"Kehadiran bencana tidak dapat diduga atau dihindari. Definisi bencana sendiri telah mengalami perubahan makna dari bencana alam menjadi keadaan darurat yang berpengaruh negatif bagi kelangsungan bisnis dan industri. Dalam menjalankan tugas pokok Bagian AdTI - DTI terdapat beberapa potensi gangguan yang dapat menghambat keberlangsungan proses bisnis yang secara langsung maupun tidak langsung dapat mengganggu proses bisnis Bank X. Bagi Bank X, terjadinya gangguan tidak hanya mengakibatkan kerugian sesaat, namun akan bertambah parah apabila Bank X tidak mampu mengembalikan proses bisnis utama dalam periode waktu yang dapat diterima. Untuk mengantisipasi hal tersebut, perlu direncanakan kegiatan-kegiatan yang diperlukan dalam memulihkan keadaan dan proses bisnis pasca terjadinya bencana yang tepat dan sesuai dengan karakteristik Bank X. Pertimbangan dalam melakukan pemulihan keadaan pasca bencana antara lain proses bisnis yang diprioritaskan, aset yang dibutuhkan, waktu tertunda yang dapat diterima, biaya yang dapat ditoleransi serta prioritas pemulihan dan jumlah minimal aset. Analisa dampak terhadap kelangsungan proses bisnis merupakan kajian yang dibahas dalam karya tulis ini. Berdasarkan kedua proses tersebut disusunlah rencana pemulihan pasca bencana yang berupa prosedur dengan skenario-skenario tertentu beserta prosedur dan dokumen pendukungnya, seperti sruktur organisasi pelaksana rencana pemulihan tersebut, denah ruang kerja pengganti, dan daftar nomor telepon personil. Metode yang digunakan dalam penyusunan karya tulis ini adalah berdasarkan panduan dan standar yang diberikan oleh Federal Emergency Management Agency di Amerika Serikat dan National Institute of Standards and Technology yang kemudian disesuaikan dengan keadaan yang ada pada Bagian AdTI - DTI Bank X dengan analisis dampak bencana terhadap proses bisnis terlebih dahulu.

---

Disaster can't be predicted or avoided. The definition itself has changed from natural disaster to an emergency situation that causes negative implies to business and industries. Dealing with the business process of Division AdTI - DTI, there are some potential risks that can happened and affected the business process of Bank X directly or indirectly. For Bank X, impact of disaster will be worse if the business process not recovered in an acceptable period. To anticipate the need, a plan of activities in order to recover the business processes have to be composed correctly based on the characteristic of the Bank. There are some considerations in disaster recovery such as prioritized business process, asset that should be able, acceptable period, tolerable cost, prioritized recovery and minimum amount of assets. This research discuss about impact analysis of the business process. Recovery plan in this paper includes procedures with some scenarios and the supporting procedures and documents, such as organizational structure that responsible for the recovery process, layout of the substitute working area, and the list of personnel's phone number. Approach used in composing the recovery plan is based on the guidance and standards from Federal Emergency Management Agency of the United States and National Institute of Standards and Technology then adapted with the condition in Division of AdTI - DTI Bank X with business impact analysis at the first."

"Informasi menjadi suatu hal yang penting bagi suatu organisasi. Maka, pengamanan informasi pada akhirnya juga menjadi suatu hal yang mutlak diperlukan. Pengamanan Informasi itu sendiri sesunguhnya ditujukan bukan hanya untuk mengamankan aset teknologi informasi saja, tetapi juga dimaksudkan untuk melindungi keseluruhan bisnis organisasi. Oleh karena itu, untuk mewujudkan suatu sistem pengamanan yang optimal, organisasi perlu melakukan analisis organisasi dalam penentuan security requirement. Analisis organisasi ini diawali dengan pemetaan proses, yang meliputi proses pembuatan peta proses, lalu penentuan kritikalitas proses. Selanjutnya setelah seluruh item yang terlibat dalam proses bisnis berhasil diidentifikasi, maka dilakukan penentuan level pengamanan (security requirement) untuk keseluruhan item dalam proses bisnis tersebut oleh tiap owner process. Tahap akhir yang dilakukan adalah mengecek konsistensi level pengamanan di tiap proses yang diidentifikasi dalam peta proses. Penelitian mengenai analisis proses bisnis terkait dengan penentuan level pengamanan informasi ini dilakukan di Tim Strategi Kebijakan Teknologi Informasi (SKTI) - Departemen Teknologi Informasi Bank XYZ. Tim SKTI dalam waktu dekat akan menerapkan Information Security Management System (ISMS). Melalui pembahasan dalam skripsi ini akan dijabarkan mengenai proses identifikasi level pengamanan yang dibutuhan dalam proses bisnis Tim SKTI sebagai pembuat kebijakan Teknologi Informasi yang berlaku di Bank XYZ.

---

Nowadays, information has become most valuable asset for organization and consequently needs to be well protected. In order to protect organization's asset, they need to implement Information Security Management System (ISMS). Information Security Management System is not only necessary to protect a company's assets from threat, but also to ensure the flow of organization business processes. Thus, to optimize the information security, organization needs analyze their organizational environment to determine the security requirements by using their business processes model. The next process after the security requirement is the checking process of consistency level of all security requirements. This research was being conducted in SKTI-DTI team Bank ofXYZ. The methodology used for modeling the business processes in this research is IDEFO. Furthermore, this paper will describe about the identification process of the security requirement by using the business processes modeling."

"Dewasa ini manajemen risiko muncul sebagai suatu area kepentingan yang dinilai sebagai prioritas tinggi di banyak organisasi. Tujuan utama dari manajemen risiko dalam organisasi adalah untuk meminimalkan impak kerugian akibat dari suatu risiko pada organisasi hingga pada level yang dapat ditoleransi oleh organisasi. Manajemen risiko sangat terkait dengan aset dari organisasi. Dengan nilai aset informasi yang kini menjadi sangat signifikan bagi organisasi, bidang manajemen risiko yang secara spesifik terfokus pada risiko sistem informasi kini mendapat perhatian besar. Setiap organisasi tentunya memiliki misi yang spesifik. Dalam era digital dewasa ini penggunaan teknologi informasi atau information technology (IT) sangat dimaksimalkan untuk pengolahan informasi. dalam menyediakan dukungan yang lebih baik terhadap pencapaian misi organisasi Seiring dengan meningkatnya ketergantungan organisasi pada sistem informasi terotomasi, semakin meningkat pula tingkat kerentanan organisasi terhadap risiko-risiko seperti sabotase dan gangguan terhadap proses bisnis organisasi. Atas dasar itu sistem manajemen pengamanan informasi berperan penting, yaitu sebagai suatu pelindung terhadap aset informasi organisasi, yang juga berarti melindungi misi organisasi dari risikorisiko terkait keamanan sistem informasi. Manajemen risiko di bidang IT atau Sistem Manajemen Pengamanan Informasi dapat dilakukan dengan bermacam metodologi dan pendekatan. Salah satu pendekatan yang bersifat umum dan holistik adalah pedoman ISO 27001:2005 yang dikeluarkan oleh International Standard Organization. Pedoman ini mendasari aktifitas manajemen risiko yang dilakukan di Bank X dan juga mendasari penelitian ini. Penanganan risiko informasi yang ideal adalah yang dilakukan dengan penuh pertimbangan. Salah satu metode untuk mengoptimalkan formulasi solusi dari risiko untuk kemudian dijadikan bahan pertimbangan adalah dengan simulasi risiko. Hasil simulasi risiko terkait sistem manajemen pengamanan informasi sebagai tindak lanjut dari manajemen risiko yang dilakukan di Bank X adalah formulasi alokasi dana penanggulangan risiko ke dalam 7 dari 11 kelompok risiko yang ada. Berdasarkan simulasi didapati bahwa bentuk alokasi ini akan mendatangkan perhitungan keuntungan paling tinggi bagi organisasi dalam batasan kendala yang ada.

---

Risk management has emerged as one major interest area considered as high priority by many organizations. The main objective of risk management is to minimize the impact of loss as the effect of risks for the organization to the lowest level possible and in the organization's range of tollerance. Risk management is highly concerned with the organization's assets. As the value of information as organization's asset continually increasing, a more specifically focused information security management system has attracted organizations. Every organization must have a specific mission to be accomplished. In this digital era the use or information technology (IT) has came highly into practice to process information and to provide a better support to the organization's effort to achieve its mission. As the dependence grows, the organization's vulnerability also grows bigger prior to information system risks such as sabotage and interruption to busness process. This is where the importance of Information Security Management system, to form a protective system to organization's information assets. This means also protecting organization's mission from information system security risks. The application of risk management in IT domain or Information Security Management System can be taken in various methodology and approach. The common and holistic set of example is the ISO 27001:2005 document issued by International Standard Organization. This guidance provides base to risk management activity in Bank X. It is also the main methodology of the base of this research. An ideal risk treatment as the following activity in risk management should be carried with proper considerations. A method to optimize the formulation of risk solutions to be taken into consideration is risk simulation. The result of the simulation carried in this research is a formulation of fund allocation into 7 out of 11 groups of risks identified in the system. Based on this simulation this formulation will lead to the most optimum advantage for the organization."

"In accordance with the message of the 1999-2004 GBHN (Broad Outline of the Nation's Direction) that since the fiscal year of 1999/2000 up to now the taxation sector has become the backbone for the government in financing state expenditure known as the six strategic targets namely : to reflect the effect in the direction of sustainable fiscal achievement to continue t" creation of fiscal stimulus, to support the sanitation program of the banking sector, the provision of subsidy for strategic commodities. better income for apparatus of the public sector and strengthen implementation of regional decentralization. The state income from the taxation sector from year to year showed an increase, the realization of revenue in 2001 was Rp. 185,5 trillion increasing into Rp. 210,2 trillion in 2002 and 2003 amounting to Rp. 254,2 trillion.

The taxation revenue in 2004 planned in the amount of RI). 272,17 trillion, is expected to be achieved by the hard work of all echelons of the Directorate General of Tax by performing reformation program of taxation administration namely to increase the effectiveness of tax collection and to extend the tax basis without having to wsrit for a change in the existing taxation laws. The effort to be inter alia is to perfect the taxation regulations to accommodate the development climate for the entry of investments and trade, to continue the program at extension and intensification of taxes collection, to enhance the service to taxpayers and to enhance the ethical code in the echelons of Directorate General Tax.

In order to carry out one of these taxation reformations without the exception of the banking sector it is also necessary to dig carefully in which the largest tax income from this banking sector is from deposits, saving, clearing deposit (giro) and from employees. To that effect the monitoring of the revenue of income tax from this sector must be made swiftly and accurately namely the availability of computer application managing the revenue data in executing banks, perception banks as well as PT. Posindo on behalf of the Directorate General of Tax.

As known that the development of the sophisticated ness of computers in the information technology era plays a great role in the information exploitation process by organizations exploiting it, so that its superiority assist the completion ofvery work such as the improvement of efficiency, productivity, human resources, and to invent other superiorities. So that information technology is very necessary in the application of policy of each institution not expecting in fiscal policy.

Notwithstanding to date Bank "X" has made a calculation of the amount of taxes to be reported to the government yet it has not shown an optimal condition, in view of the amount of the interest rate level from operational fund sources ( clearing deposit, saving and deposits) and the work force are not yet duly counted. Therefore the writerf tries to make an approach thru the Management Information System in order to give an optimal income taxes revenue in this Bank "X"."

"Serangan Denial of Service adalah salah satu ancaman serius bagi keamanan jaringan yang dapat menyebabkan gangguan dan tidak tersedianya suatu layanan. Security Information and Event Management (SIEM) Wazuh merupakan sebuah solusi open-source yang dirancang untuk memberikan visibilitas, analisis, dan respons terhadap ancaman keamanan dalam jaringan. Penelitian ini bertujuan untuk menganalisis implementasi SIEM Wazuh dalam mendeteksi serangan DoS dengan mengintegrasikan SIEM Wazuh dengan Intrusion Detection System (IDS) Suricata sebagai pengumpul log paket jaringan. Penelitian dilakukan dalam lingkungan mesin virtual dengan tiga skenario serangan, SYN flood, UDP flood, serta ICMP flood yang dilakukan dengan Hping. Dari hasil penelitian didapatkan bahwa Wazuh dapat mendeteksi semua serangan berdasarkan rule kustom yang telah dibuat dengan waktu rerata deteksi tiap serangan secara berurut 13,99 detik, 45,083 detik, dan 1,2 detik. Penelitian ini menunjukkan bahwa Wazuh mendeteksi serangan berdasarkan rule dan fitur seperti pemantauan log real-time, analisis rule-based serta integrasi dengan sistem keamanan lainnya berkontribusi terhadap efektivitas Wazuh dalam mendeteksi serangan DoS.

---

Denial of Service attacks pose a serious threat to network security, causing disruption and service unavailability. Security Information and Event Management (SIEM) Wazuh is an open-source solution designed to provide visibility, analysis, and response to security threats within networks. This research aims to analyze the implementation of SIEM Wazuh in detecting DoS attacks by integrating it with the Intrusion Detection System (IDS) Suricata as the network packet logging collector. The study was conducted in a virtual machine environment with three attack scenarios: SYN flood, UDP flood, and ICMP flood simulated using Hping3. The research findings indicate that Wazuh can detect all attacks based on custom rules created, with average detection times for each attack scenario sequentially being 13.99 seconds, 45.083 seconds, and 1.2 seconds. The study demonstrates that Wazuh detects attacks through rules and features such as real-time log monitoring, rule-based analysis, and integration with other security systems contributing to its effectiveness in detecting DoS attacks."

"Skripsi ini membahas pemetaan proses bisnis dan penilaian kritikalitas pengamanan informasi dalam proses bisnis terkait manajemen risiko guna menunjang Sistem Manajemen Pengamanan Informasi (ISMS) berdasarkan ISO/IEC 27001:2005 dan ISO/IEC 17799:2005 sebagai panduan pengendaliannya. Penelitian ini bertujuan untuk memperoleh alternatif risk treatment dan model simulasi peramalan serta optimasi alokasi biaya berdasarkan analisa risiko dan proses penilaian (dengan metode FRAAP - Facilitated Risk Analysis and Assessment Process) terhadap proses bisnis yang terkait dengan Information Security pada Infrastruktur Internet. Hasil penelitian ini juga akan memperlihatkan prioritas alternatif risk treatment berdasarkan simulasi peramalan dan optimasi pengalokasian dana guna pengendalian risiko.

---

The focus of this study is about business process mapping and criticality assessment of information security in business process related to risk management in order to support Information Security Management System (ISMS) base on ISO/IEC 27001:2005 and ISO/IEC 17799:2005 as a guide of control objectives.

The purpose of this study is to obtain risk treatment alternatives and forecasting simulation model and also optimization of fund allocation base on risk analysis and business process assessment (with FRAAP method) that related to information security on internet infrastructure.

The outcome of this study also showing risk treatment alternative priority base on forecasting simulation and optimization of fund allocation in order to controlling risk."

"In this era of digital age where considerable business activities are powered by digital and telecommunication technologies, deriving customer loyalty and satisfaction through delivering high quality services, driven by complex and sophisticated Information Technology (IT) systems, is one of the main services objectives of the Bank towards its customers. From customer services perspective, "availability" is a degree of how closed the Bank is to its customers so that they can "consume" the Bank"s services easily and in preference to its competitors. "Reliability" is the degree of how adequate and responsive the Bank is in meeting its customers" needs. "Confidentiality" is the trust the customers have in the Bank in that their confidential information will not fall into the wrong hands.Information Technology is one of the means that Bank uses to achieve quality service objectives. Reliance on IT requires an understanding of the importance of IT Security within the IT environments. As business advantages are derived from the use of IT to deliver quality services, critical IT security issues related to the use of IT should be understood and addressed. Safeguarding and protecting security Information systems and assets are prominent issues that all responsible IT users must address. Information is the most valuable assets of the Bank. Adequate resources must be allocated to carry out the safeguarding of Bank"s information assets through enforcing a defined IT Security Policies, Standards and Procedures.Compliance with international and national standards designed to facilitate the Interchange of data between Banks should be considered by the Bank"s management as part of the strategy for IT Security which helps to enforce and strengthen IT security within an organization."

"Skripsi ini membahas mengenai penerapan manajemen risiko internet banking, khusunya pada Bank X. Disamping memberikan kemudahan bagi nasabah, internet banking juga berpotensi meningkatkan risiko. Pokok permasalahan dalam penelitian ini adalah bagaimana ketentuan-ketentuan hukum mengenai manajemen risiko oleh Bank Umum terkait internet banking dan bagaimana penerapannya oleh Bank X.Metode penelitian yang digunakan dalam SEBI Nomor 6/18/DPNP tanggal 20 April 2004 mencakup pengawasan aktif dewan komisaris dan direksi, pengendalian pengamanan serta manajemen risiko hukum dan reputasi. Pelaksanaan manajemen risiko internet banking di Bank X sudah sesuai dengan ketentuan perundang-undangan yang berlaku.

---

This thesis explains about the implementation of risk management of internet banking, especially in Bank X. In addition to providing convenience for customers, internet banking is also potentially increase the risk. The issue in this study is how is the legal provisions concerning Risk Management on internet banking and how it is applied by Bank X.

The method used in this research is normative juridical method. The risk management of internet banking is set in SEBI No. 6/18 / DPNP, includes active surveillance by commissioners and directors, security control also legal and reputation risk management. The implementation of risk management on internet banking in Bank X is in accordance with the applicable regulations."