Hasil Pencarian  ::  Simpan CSV :: Kembali

"[Program magang ini bertujuan untuk memahami dan menganalisa penerapan manajemen risiko perusahaan pada PT Pertamina EP serta membandingkannya dengan teori dari Standar ISO 31000 Program magang dilakukan selama tiga bulan di Fungsi Strategic Planning and Risk Management pada bagian Risk Management PT Pertamina EP untuk mengamati dan membantu pelaksanaan proses manajemen risiko perusahaan Perbandingannya dengan teori dari Standar adalah pengadopsian prinsip kerangka kerja untuk mengelola risiko dan proses manajemen risiko yang diusulkan oleh standard tersebut Hasil menunjukkan bahwa perusahaan telah mengadopsi standar ISO 31000 dengan baik dan penerapan proses manajemen risiko disesuaikan dengan proses bisnis dan kebutuhan perusahaan ;The internship program aims to understand and analyze the Implementation of Enterprise Risk Management in PT Pertamina EP and compare it with the theory from ISO 31000 The internship program was conducted over three months in the Strategic Planning and Risk Management Function within the Risk Management Division in PT Pertamina EP while observing and helping the administration enterprise risk management process The comparison with the theory in the standard is the adoption of principles the framework for managing risk and the risk management process proposed by the standard The result shows that the company has adopted the ISO 31000 standard well and the risk management process is developed according to the business process and its needs Key words Enterprise Risk Management ISO 31000 Pertamina EP ;The internship program aims to understand and analyze the Implementation of Enterprise Risk Management in PT Pertamina EP and compare it with the theory from ISO 31000 The internship program was conducted over three months in the Strategic Planning and Risk Management Function within the Risk Management Division in PT Pertamina EP while observing and helping the administration enterprise risk management process The comparison with the theory in the standard is the adoption of principles the framework for managing risk and the risk management process proposed by the standard The result shows that the company has adopted the ISO 31000 standard well and the risk management process is developed according to the business process and its needs Key words Enterprise Risk Management ISO 31000 Pertamina EP ;The internship program aims to understand and analyze the Implementation of Enterprise Risk Management in PT Pertamina EP and compare it with the theory from ISO 31000 The internship program was conducted over three months in the Strategic Planning and Risk Management Function within the Risk Management Division in PT Pertamina EP while observing and helping the administration enterprise risk management process The comparison with the theory in the standard is the adoption of principles the framework for managing risk and the risk management process proposed by the standard The result shows that the company has adopted the ISO 31000 standard well and the risk management process is developed according to the business process and its needs Key words Enterprise Risk Management ISO 31000 Pertamina EP , The internship program aims to understand and analyze the Implementation of Enterprise Risk Management in PT Pertamina EP and compare it with the theory from ISO 31000 The internship program was conducted over three months in the Strategic Planning and Risk Management Function within the Risk Management Division in PT Pertamina EP while observing and helping the administration enterprise risk management process The comparison with the theory in the standard is the adoption of principles the framework for managing risk and the risk management process proposed by the standard The result shows that the company has adopted the ISO 31000 standard well and the risk management process is developed according to the business process and its needs Key words Enterprise Risk Management ISO 31000 Pertamina EP ]"

"Sekretariat Kabinet Republik Indonesia (Setkab) sebagai lembaga pemerintah yang memiliki tanggung jawab dalam pengelolaan manajemen kabinet perlu menerapkan manajemen risiko teknologi informasi secara efektif. Selaras dengan Peraturan Menteri Pendayagunaan Aparatur Negara dan Reformasi Birokrasi (Permenpan RB) nomor 5 tahun 2020 tentang Pedoman Manajemen Risiko Sistem Pemerintahan Berbasis Elektronik (SPBE) perlu memiliki rancangan penanganan risiko teknologi informasi. Namun demikian, Setkab belum melaksanakan manajemen risiko teknologi informasi sehingga risiko terkait teknologi informasi tidak teridentifikasi. Penelitian ini bertujuan untuk menyusun rancangan manajemen risiko teknologi informasi yang sesuai dengan kebutuhan dan konteks Setkab. Metode yang digunakan pada penelitian adalah kualitatif dengan pengumpulan data melalui wawancara, analisis dokumen, dan observasi terhadap risiko teknologi informasi di lingkungan Setkab. Analisis data menggunakan metode analisis tematik. Dalam penyusunan kerangka kerja manajemen risiko teknologi informasi Setkab, standar ISO 31000:2018 akan digunakan sebagai kerangka kerja utama, kemudian akan mengacu pada ISO/IEC 27005:2022 sebagai panduan aktivitas penilaian dan penanganan risiko, dan ISO/IEC 27002:2022 sebagai acuan kontrol keamanan informasi. Penelitian ini menghasilkan 245 skenario risiko, 83 diantaranya perlu dimitigasi dan 162 risiko dapat diterima. Penelitian ini menghasilkan rancangan manajemen risiko yang diharapkan dapat membantu Setkab dalam mengelola risiko teknologi informasi secara sistematis.

---

The Cabinet Secretariat of the Republic of Indonesia (Setkab) as a government institution that is responsible for managing cabinet management needs to implement information technology risk management effectively. In line with the Regulation of the Minister for Empowerment of State Apparatus and Bureaucratic Reform (Permenpan RB) number 5 of 2020 concerning Guidelines for Risk Management for Electronic-Based Government Systems (SPBE), it is necessary to have a design for handling information technology risks. However, Setkab has not yet implemented information technology risk management, so information technology-related risks are not being identified. This study aims to develop a design for information technology risk management that is suitable for the needs and context of Setkab. The method used in the study is qualitative, collecting data through interviews, document analysis, and observation of information technology risks in the Setkab environment. Data analysis uses thematic analysis method. In developing the design for information technology risk management for Setkab, ISO 31000:2018 standard will be used as the main framework, then referring to ISO/IEC 27005:2022, as guidelines for risk assessment and risk treatment activities, and ISO/IEC 27002:2022 as the information security control reference. This research produced 245 risk scenarios, 83 of which needed to be mitigated and 162 risks were acceptable. This research produces a risk management design that is expected to help Setkab manage information technology risks systematically."

"ABSTRAKDalam melaksanakan kegiatan investasi, setiap perusahaan yang bergerak dalam kegiatan hulu migas harus mempertimbangkan segala aspek resiko terkait dengan pengambilan keputusan investasi. Pengembangan lapangan yang memiliki cadangan hydrocarbon harus dilakukan secara cermat dan mengelola segala factor resiko yang ada.Terkait dengan investasi, proyek migas mempunyai ketidakpastian yang relative tinggi, khususnya yang berhubungan dengan aspek geologi, komersialitas dan resiko lainnya sehingga diperlukan sebuah system yang mendukung untuk mempercepat pengambilan keputusan.Penelitian ini bertujuan untuk menganalisis pengaruh implementasi Decision Support System DSS , Teknologi dan Manajemen Resiko untuk meningkatkan efektivitas bisnis di PTABC khususnya Kantor Pusat, Asset 1dan Asset5.Hasil penelitian menunjukkan bahwa ada bukti bahwa DSS dan Teknologi dapat mempengaruhi Efektivitas Bisnis, tetapi tidak ada bukti bahwa Manajemen Risiko dapat mempengaruhi Efektivitas Bisnis.

---

ABSTRACTIn term of investment, anycompany dealing with upstream oil and gas business shouldconsider allrisks associatedwith its investment.Before companies decide to invest, they must firstly identify and evaluate all risks using the Risk Management Framework. It is important because investment in oil and gas sector has a relatively high uncertainty, particularly due to geological, commercial aspects and other risks. Therefore, a Decision Support System DSS is required in order to accelerate decision making process. In terms of DSS application, its features e.g.,speed and reliability will surely affect the performance of decision making process and end user satisfaction.This study is aimed at analyzing the influence of DecisionSupport System DSS , Technology and Risk Managementin improving Business Effectiveness of PT ABC particularly itsheadquarter, and business units Asset 1 and Asset 5 . The result of study shows that there are evidences that DSS and Technology could affect to Business Effectiveness, but there is no evidence that Risk Management could affect Business Effectiveness."

"[ABSTRAKTesis ini membahas hasil penelitian tentang peran pelaksanaan manajemensekuriti fisik di PT Pertamina EP Asset 3 Tambun Field ? Bekasi. Penelitian inidilakukan dengan pendekatan kualitatif yang bersumber dari data primer dansekunder dengan metode pengumpulan data dilakukan dengan cara observasi,wawancara dan studi dokumentasi.Hasil penelitian menunjukan bahwa pelaksanaan manajemen sekuriti fisikyang dilakukan oleh PT Pertamina EP Asset 3 Tambun Field adalah denganmenggunakan tenaga pengamanan yang berasal dari perusahaan jasa outsourcing PTSatria Mocoginta. Para tenaga pengamanan tersebut pada umumnya merupakanwarga masyarakat sekitar. Namun demikian dalam prakteknya, pelaksanaanmanajemen sekuriti fisik yang dilakukan oleh para tenaga pengamanan tersebutternyata menjadikan sebagai suatu gangguan keamanan, karena mereka melakukankerja sambilan dengan cara memanfaatkan wewenang yang dimilikinya yaknidengan cara meminta sejumlah uang kepada para kontraktor yang melakukanpemeliharaan dan perawatan terhadap genset dan pompa di setiap cluster milik PTPertamina EP Asset 3 Tambun Field. Bahkan seringkali mereka membawa pipa-pipabekas maupun baru milik para kontraktor ketika dilakukan pemeliharaan danpergantian pipa.Untuk mencegah agar tidak terjadi lagi gangguan keamanan di kawasan PTPertamina EP Asset 3 Tambun Field terutama gangguan keamanan dalam suatucluster, maka beberapa upaya yang dilakukan oleh pihak PT Pertamina EP Asset 3Tambun Field adalah: (1) Membuat klasusul perjanjian yang baru dengan parakontraktor dan selalu berkoordinasi dengan Polsek Babelan untuk menempatkanbeberapa anggota Bhabinkamtibmas di sekitar kawasan tersebut; (2) Mengevaluasimodel penyeleng-garaan manajemen sekuriti fisik yang saat ini dilakukan; (3)Berkoordinasi dengan pihak Polsek Babelan agar kegiatan pendidikan dan pelatihanterhadap Satpam Garda Pratama yang telah berhasil dilaksanakan oleh PolsekBabelan, rutin setiap tahun dilakukan; dan (4) Meningkatkan program CSR yangsaat ini telah diberikan terhadap lingkungan sekitarnya.

---

ABSTRACTThis thesis discusses the results of research on the role of physical securitymanagement implementation at PT Pertamina EP Asset 3 Tambun Field - Bekasi.This research was conducted with a qualitative approach derived from primary andsecondary data by the method of data collection done by observation, interview anddocumentation study.The results showed that the implementation of physical security managementconducted by PT Pertamina SP Tambun is to use the power of security that comesfrom outsourcing services company PT Satria Mocoginta. The security personnel aregenerally the residents of surrounding communities. However, in practice, theimplementation of physical security management performed by the securitypersonnel turned out to make as a security breach, because they do odd jobs in amanner that utilizes its authority by asking some money to the contractors who carryout the maintenance and care of the genset and pump in each cluster belonging to PTPertamina EP Tambun. Often they bring pipes belonging to the former and newcontractors when performed maintenance and replacement pipes. Theimplementation of physical security management is done in PT Pertamina EP Asset3 Tambun Field has deviated from the concept of physical security managementactivities in general, the Polsek Babelan perform Basic Education and TrainingSecurity guard Garda Pratama held at the end of 2014. This form of education andtraining of the guard base aimed at residents who were around Pertamina EP Asset 3Tambun Field, and without cost you a dime, even the participants get uniformscomplete with boots and other equipment.To prevent this from happening again in the area of security disturbances PTPertamina EP 3 Asset 3 Tambun Field especially security problems in a cluster, thensome of the efforts made by the PT Pertamina EP Asset 3 Tambun Field are: (1)Make klasusul new agreements with contractors and always coordinate with thepolice Babelan to put some members Bhabinkamtibmas around the region; (2)Evaluate the model of management of physical security that is currently carried out;(3) Coordinate with the Polsek Babelan education and training in order to guardGarda Pratama that have been successfully implemented by the Polsek Babelan,annually conducted; and (4) Enhance CSR program, which has been given to thesurrounding environment., This thesis discusses the results of research on the role of physical securitymanagement implementation at PT Pertamina EP Asset 3 Tambun Field - Bekasi.This research was conducted with a qualitative approach derived from primary andsecondary data by the method of data collection done by observation, interview anddocumentation study.The results showed that the implementation of physical security managementconducted by PT Pertamina SP Tambun is to use the power of security that comesfrom outsourcing services company PT Satria Mocoginta. The security personnel aregenerally the residents of surrounding communities. However, in practice, theimplementation of physical security management performed by the securitypersonnel turned out to make as a security breach, because they do odd jobs in amanner that utilizes its authority by asking some money to the contractors who carryout the maintenance and care of the genset and pump in each cluster belonging to PTPertamina EP Tambun. Often they bring pipes belonging to the former and newcontractors when performed maintenance and replacement pipes. Theimplementation of physical security management is done in PT Pertamina EP Asset3 Tambun Field has deviated from the concept of physical security managementactivities in general, the Polsek Babelan perform Basic Education and TrainingSecurity guard Garda Pratama held at the end of 2014. This form of education andtraining of the guard base aimed at residents who were around Pertamina EP Asset 3Tambun Field, and without cost you a dime, even the participants get uniformscomplete with boots and other equipment.To prevent this from happening again in the area of security disturbances PTPertamina EP 3 Asset 3 Tambun Field especially security problems in a cluster, thensome of the efforts made by the PT Pertamina EP Asset 3 Tambun Field are: (1)Make klasusul new agreements with contractors and always coordinate with thepolice Babelan to put some members Bhabinkamtibmas around the region; (2)Evaluate the model of management of physical security that is currently carried out;(3) Coordinate with the Polsek Babelan education and training in order to guardGarda Pratama that have been successfully implemented by the Polsek Babelan,annually conducted; and (4) Enhance CSR program, which has been given to thesurrounding environment.]"

"Analisis risiko pada pipa 6” crude oil SP PDT I - SP Tambun di PT Pertamina EP Region Jawa Field Tambun tahun 2013 ini dilakukan mengingat adanya potensi bahaya dan risiko yang mengancam keselamatan pekerja dan masyarakat di sekitar jalur pipa. Penelitian yang bersifat deskriptif analitik dan dilakukan dengan menggunakan metode analisis semi kuantitatif ini bertujuan untuk mendapatkan nilai dan level risiko yang ada. Hasil penelitian yang menggunakan sistem skoring berdasarkan Model Studi Zulkifli Djunaidi ini menunjukkan bahwa nilai probabilitas dari pipa yang diteliti adalah 13,05 poin dengan nilai konsekuensi sebesar 5,11 poin. Berdasarkan perhitungan, nilai risiko relatif-nya adalah 2,55 sehingga termasuk level risiko High Risk berdasarkan Tabel ALARP Kriteria (EPA, 2004). Oleh sebab itu, perlu dilakukan tindakan perbaikan dan pengendalian yang tepat untuk risiko yang memberikan kontribusi besar terhadap kemungkinan terjadinya kebocoran, kebakaran, dan ledakan pada pipa.

---

Risk analysis for 6” crude oil pipeline system SP PDT I - SP Tambun at PT Pertamina EP Java Region Field Tambun 2013 has to be done because the presence of the hazards and risk potential that threats not only employee’s safety but also people’s safety around the pipeline Right of Way (ROW). This analytical descriptive research that uses semi-quantitative analytical method has a purpose to assess the existing risk score and risk level.

The result of this research that uses scoring system based on Zulkifli Djunaidi’s Study Model shows that the probability’s score is 13.05 points and the consequence’s score is 5.11 points. Based on calculation, the relative-risk score is 2.55 and belongs to High Risk Level based on ALARP Criteria Table (EPA, 2004). Therefore, an appropriate improvement and controlling system need to be performed for the pipeline major risks by PT Pertamina EP Java Region Field Tambun."

"Penelitian ini berfokus pada konteks pada PT XYZ, yang telah merencanakan untuk mengadopsi ISO 31000 sebagai dasar kerangka kerja manajemen risiko mereka. Namun, perusahaan belum menerapkan manajemen risiko secara optimal untuk menghadapi risiko yang dimiliki hingga saat penelitian ini ditulis. Sehingga, perusahaan menghadapi tantangan dari perubahan lingkungan bisnis yang terus berkembang, menciptakan potensi risiko yang berubah cepat dan dapat menghambat efektivitas kebijakan. Penelitian ini dimaksudkan untuk memberikan sumbangan dalam mengisi celah pembahasan terkait penerapan manajemen risiko pada industri jasa layanan streaming video. Strategi penelitian yang digunakan yaitu studi kasus dengan pendekatan kualitatif dan single unit of analysis yaitu PT XYZ. Instrumen penelitian dalam proses pengumpulan data dilakukan melalui wawancara semi-terstruktur dibantu dengan daftar periksa (checklist). Hasil analisis menunjukkan adanya risiko bisnis, risiko keuangan, risiko operasional, risiko hukum, dan risiko reputasi. Perusahaan perlu mengambil tindakan mitigasi yang sesuai untuk mengatasi risiko-risiko ini. Pentingnya persiapan pelaporan risiko yang akurat dan tepat waktu ditekankan, serta perlunya penilaian risiko yang berkelanjutan untuk mengidentifikasi risiko-risiko baru. Penelitian ini juga menunjukkan perlunya perusahaan meningkatkan kesiapan dalam pelaporan risiko, termasuk sistem informasi dan teknologi yang mendukungnya. Dengan demikian, penelitian ini memberikan wawasan tentang cara-cara untuk memitigasi risiko yang mungkin timbul.

---

This research focuses on the context of PT XYZ, which has planned to adopt ISO 31000 as the basis of their risk management framework. However, companies have not implemented optimal risk management to deal with the risks they have until the time this research was written. Thus, companies face challenges from changes in the business environment that continue to develop, creating potential risks that change rapidly and can hamper the effectiveness of policies. This research is intended to contribute to filling the discussion gap regarding the implementation of risk management in the video streaming service industry. The research strategy used is a case study with a qualitative approach and a single unit of analysis, namely PT XYZ. The research instrument in the data collection process was carried out through semi-structured interviews assisted by a checklist. The analysis results show that there are business risks, financial risks, operational risks, legal risks and reputation risks. Companies need to take appropriate mitigation measures to address these risks. The importance of preparing accurate and timely risk reporting is emphasized, as well as the need for ongoing risk assessment to identify new risks. This research also shows the need for companies to increase readiness in risk reporting, including the information systems and technology that support it. Thus, this research provides insight into ways to mitigate risks that may arise."

"[ABSTRAKUsaha Kecil Menengah (UKM) mempunyai peran yang strategis dalam pembangunan ekonomi nasional, karena selain berperan dalam pertumbuhan ekonomi dan penyerapan tenaga kerja juga berperan dalam pendistribusian hasil-hasil pembangunan. Terdapat beberapa aspek yang dapat mempengaruhi keberlangsungan UKM, yaitu sumber daya manusia, finansial, kepuasan konsumen, proses produksi dan infrastruktur UKM. Namun lebih dari 70% usaha kecil dan menengah “mati” dalam waktu lima tahun sejak usaha tersebut didirikan akibatnya kurangnya penerapan sistem manajemen mutu pada UKM.Sistem manajemen mutu yang populer digunakan adalah ISO 9001. Saat ini akan segera hadir edisi terbaru ISO 9001:2015 yang menekankan pentingnya penerapan manajemen risiko pada bisnis. Sehingga penerapan sistem manajemen mutu untuk UKM berdasarkan ISO 9001:2015 dengan fokus pada manajemen risiko terhadap aspek-aspek yang mempengaruhi keberlangsungan UKM perlu dilakukan untuk mempermudah para pemilik UKM menjaga keberlangsungan bisnisnya. Langkah pertama yang dilakukan adalah penentuan 20 faktor dari kelima aspek yang ada, setelah itu dilakukan validasi faktor sehingga diperoleh 14 faktor yang dianggap memiliki risiko penting terhadap keberlangsungan UKM untuk selanjutnya dibobotkan menggunakan metode multi criteria decision making (AHP) dengan bantuan software Expert Choice. Tahap selanjutnya adalah identifikasi dan analisa risiko dari keempat belas faktor yang dianggap memiliki risiko penting terhadap keberlangsungan UKM, dari hasil analisa diperoleh 6 faktor (keahlian dan keterampilan pegawai, kinerja pegawai, tanggung jawab pegawai, harga yang kompetitif, mutu pelayanan, mutu produk) yang berada pada kategori level risiko tinggi dan tidak dapat diterima.

---

ABSTRACTSmall and medium enterprises (SME) has a role in a strategicway to national economic development, its role in economic growth, creating job and also participate in distribution of development. There are several aspects that might affect the sustainability of small and medium business like human resources, financial, customer satisfaction, production process and infrastructure of SME. However, more that 70% of SME are “death” within five years since its established as a result a lack of the implementation quality management system (QMS) for SME.A popular QMS used to implementing in business is ISO 9001. Soon, there will be ISO 9001:2015 as the newest edition of ISO 9001 that emphasizes the importance of risk management iplementation for business. Therefore the implementation of QMS for SME based on ISO 9001:2015 with the focus on risk management againts the aspect that affect sustainability of SME is necessary to be done to ease the owners of SME in maintaining the sustaianability of their business. The first step is determinating of 20 factors from the fifthh aspects, and then validating the factors so obtained 14 factors considered to have an important risk for the sustainability of SME to be weighting using a multi criteria decision making method (AHP) by Expert Choice Software. The next step is identificating and analyzing the risk of 14 factors that affecting sustainability of SME, the results is there are 6 factors (skill of employee, performance of employee, responsibility of employee, competitive price, quality of product and quality of service) that affecting sustainability of SME most and unacceptable because it located on a high level of risk .;Small and medium enterprises (SME) has a role in a strategicway to national economic development, its role in economic growth, creating job and also participate in distribution of development. There are several aspects that might affect the sustainability of small and medium business like human resources, financial, customer satisfaction, production process and infrastructure of SME. However, more that 70% of SME are “death” within five years since its established as a result a lack of the implementation quality management system (QMS) for SME.A popular QMS used to implementing in business is ISO 9001. Soon, there will be ISO 9001:2015 as the newest edition of ISO 9001 that emphasizes the importance of risk management iplementation for business. Therefore the implementation of QMS for SME based on ISO 9001:2015 with the focus on risk management againts the aspect that affect sustainability of SME is necessary to be done to ease the owners of SME in maintaining the sustaianability of their business. The first step is determinating of 20 factors from the fifthh aspects, and then validating the factors so obtained 14 factors considered to have an important risk for the sustainability of SME to be weighting using a multi criteria decision making method (AHP) by Expert Choice Software. The next step is identificating and analyzing the risk of 14 factors that affecting sustainability of SME, the results is there are 6 factors (skill of employee, performance of employee, responsibility of employee, competitive price, quality of product and quality of service) that affecting sustainability of SME most and unacceptable because it located on a high level of risk ., Small and medium enterprises (SME) has a role in a strategicway to national economic development, its role in economic growth, creating job and also participate in distribution of development. There are several aspects that might affect the sustainability of small and medium business like human resources, financial, customer satisfaction, production process and infrastructure of SME. However, more that 70% of SME are “death” within five years since its established as a result a lack of the implementation quality management system (QMS) for SME.A popular QMS used to implementing in business is ISO 9001. Soon, there will be ISO 9001:2015 as the newest edition of ISO 9001 that emphasizes the importance of risk management iplementation for business. Therefore the implementation of QMS for SME based on ISO 9001:2015 with the focus on risk management againts the aspect that affect sustainability of SME is necessary to be done to ease the owners of SME in maintaining the sustaianability of their business. The first step is determinating of 20 factors from the fifthh aspects, and then validating the factors so obtained 14 factors considered to have an important risk for the sustainability of SME to be weighting using a multi criteria decision making method (AHP) by Expert Choice Software. The next step is identificating and analyzing the risk of 14 factors that affecting sustainability of SME, the results is there are 6 factors (skill of employee, performance of employee, responsibility of employee, competitive price, quality of product and quality of service) that affecting sustainability of SME most and unacceptable because it located on a high level of risk .]"

"Peraturan Pemerintah Nomor 71 Tahun 2019 tentang Penyelenggaraan Sistem dan Transaksi Elektronik Pasal 12 merupakan peraturan yang mendasari tentang manajemen risiko dalam sistem elektronik. pada Peraturan Badan Siber dan Sandi Negara Nomor 8 Tahun 2020 tentang Sistem Pengamanan Dalam Penyelenggaraan Sistem Elektronik menyebutkan bahwa Sistem Manajemen Pengamanan Informasi (SMPI) adalah pengaturan kewajiban bagi Penyelenggara Sistem Elektronik dalam penerapan manajemen pengamanan informasi berdasarkan asas risiko. Pusat Operasi Keamanan Siber Nasional (Pusopskamsinas) merupakan unit kerja di Badan Siber dan Sandi Negara yang melaksanakan tugas memegang kendali operasi keamanan siber Indonesia. Adanya serangan siber yang semakin besar hingga tercatat pada tahun 2020 terdapat 495.337.202 anomali yang menyerang di jaringan Indonesia, hal ini dibutuhkan keandalan Pusopskamsinas dalam melaksanakan monitoring lalu lintas siber di Indonesia. Dalam penyelenggaraan operasi keamanan siber tentu terdapat kerawanan dan potensi ancaman yang memberikan dampak negatif/risiko terhadap organisasi di mana risiko tersebut dapat dilakukan mitigasi dengan menerapkan manajemen risiko keamanan informasi pada Pusopskamsinas. Salah satu Indikator Sasaran Kegiatan Pusopskamsinas yaitu “Meningkatnya Kualitas Pemonitoran Keamanan Siber atas Serangan dan Ancaman Siber”. Berdasarkan data Laporan Kinerja Pusopskamsinas tahun 2020, diketahui bahwa Pusopskamsinas belum dapat memenuhi target kinerja dari indikator kinerja sasaran dengan capaian nilai 65% dari target capaian 100%. Tidak tercapainya target kinerja dapat berpengaruh terhadap Indikator Kinerja Utama (IKU) organisasi sebagai penentu ukuran tingkat keberhasilan sasaran strategis sehingga diperlukan adanya evaluasi kinerja organisasi. Berdasarkan hasil analisis permasalahan digunakan Business Model for Information Security dari ISACA yaitu Organization, People, Technology, dan Process, salah satu instrumen dari segi organisasi yang belum tersedia adalah dokumen Perencanaan Manajemen Risiko Keamanan Informasi. Penelitian ini merupakan penelitian menggunakan metode kualitatif dengan metode penarikan kesimpulan berupa secara induktif dan merupakan klasifikasi penelitian studi kasus. Pengumpulan data dilakukan melalui observasi, studi dokumen, dan wawancara kepada pejabat, pengelola layanan / tim operasional, serta perwakilan stakeholder. Hasil dari penelitian ini berupa Perencanaan Manajemen Risiko yang sesuai dengan kondisi Pusopskamsinas sehingga dapat membantu pencapaian target kinerja serta meningkatkan pencapaian Rencana Strategis BSSN.

---

Government Regulation Number 71 of 2019 concerning Implementation of Electronic Systems and Transactions Article 12 is an underlying regulation concerning risk management in electronic systems. Regulation of the National Cyber and Crypto Agency Number 8 of 2020 concerning Security Systems in the Operation of Electronic Systems states that the Information Security Management System (ISMS) is a regulation of obligations for Electronic System Operators in implementing information security management based on risk principles. The National Cyber Security Operations Center (Pusopskamsinas) is a work unit in the National Cyber and Crypto Agency that carries out the task of controlling Indonesian cybersecurity operations. The existence of cyber-attacks is getting bigger until it was recorded that in 2020 there were 495,337,202 anomalies attacking the Indonesian network, this required the reliability of Pusopskamsinas in carrying out cyber traffic monitoring in Indonesia. In carrying out cyber security operations, of course there are vulnerabilities and potential threats that have a negative impact / risk on the organization where these risks can be mitigated by implementing information security risk management at Pusopskamsinas. One of the indicators of the Pusopskamsinas activity target is "Increasing the Quality of Cyber Security Monitoring of Cyber Attacks and Threats". Based on data from the 2020 Pusopskamsinas Performance Report, it is known that the Pusopskamsinas has not been able to meet the performance targets of the target performance indicators with a score of 65% of the 100% achievement target. The failure to achieve the performance targets can affect the main performance indicators (IKU) of the organization as a determinant of the level of success of strategic targets so that an evaluation of organizational performance is needed. Based on the results of the problem analysis, ISACA's Business Model for Information Security is used, namely Organization, People, Technology, and Process. One of the instruments in terms of organization that is not yet available is the Information Security Risk Management Planning document. This research is using qualitative methods such as inductive inference and the classification of a case study. Data collected through observation, study of documents and interviews of officials, managers of services / operations team, and stakeholder representatives. The results of this study are in the form of a Risk Management Planning in accordance with the conditions of the Pusopskamsinas so that it can help achieve performance targets and increase the achievement of the BSSN Strategic Plan."

"Keberadaan teknologi informasi telah memberikan berbagai kemudahan dan peluang melakukan bisnis secara online, salah satunya adalah industri Software as a Service (SaaS). PT Mitra Cerdas Nusantara (MCN) merupakan salah satu startup yang berfokus pada bisnis SaaS sebagai penyedia solusi integrated school management system bernama Ziad Smart. IT memiliki peran yang vital pada kegiatan operasional Ziad Smart. PT MCN sadar akan hal tersebut dan menerapkan zero security incident pada Ziad Smart. Namun pada kenyataannya, Ziad Smart masih mengalami insiden keamanan karena terdapat celah pada sistem yang mengakibatkan kerugian bagi PT MCN. Hal tersebut menandakan perlunya manajemen risiko keamanan informasi bagi aplikasi Ziad Smart. Tujuan dari penelitian ini adalah untuk memperoleh rancangan manajemen risiko keamanan informasi aplikasi Ziad Smart. Penelitian ini menggunakan metode kualitatif dimana pengumpulan data dilakukan melalui wawancara, observasi, dan tinjauan pustaka. SNI ISO/IEC 27005:2022 digunakan sebagai kerangka dasar perancangan manajemen risiko keamanan informasi, sementara rekomendasi perlakuan risiko menggunakan SNI ISO/IEC 27002:2022. Hasil dari penelitian ini adalah rancangan manajemen risiko keamanan informasi aplikasi Ziad Smart milik PT MCN. Penelitian ini menghasilkan 43 skenario risiko, yaitu: 10 risiko Tinggi, 21 risiko Sedang, dan 12 risiko Rendah. Penelitian ini mengusulkan 13 rekomendasi perlakuan untuk meningkatkan keamanan informasi dari aplikasi Ziad Smart.

---

Information technology presence has created several advantages and opportunities for conducting business online, one of which is the Software as a Service (SaaS) market. PT Mitra Cerdas Nusantara (MCN) is a SaaS-focused startup that provides integrated school management system solution namely Ziad Smart. Ziad Smart relies heavily on information technology for its operations. PT MCN is aware of this and has implemented a zero-security incident policy at Ziad Smart. However, Ziad Smart still experiencing security incidents because of a system flaw that causes loss for PT MCN. This highlights the necessity for information security risk management in the Ziad Smart application. The goal of this research is to provide a design for managing information security risks for the Ziad Smart application. This research employs qualitative approaches, with data collected through interviews, observations, and literature reviews. SNI ISO/IEC 27005:2022 serves as the foundation for establishing information security risk management, while risk treatment guidelines are based on SNI ISO/IEC 27002:2022. This investigation resulted in the formulation of an information security risk management strategy for PT MCN's Ziad Smart application. This study revealed 43 risk scenarios, including 10 high risks, 21 medium risks, and 12 low risks. This research presents 13 control measures to improve the information security of the Ziad Smart application."

"BPK telah mengimplementasikan Sistem Informasi Pemantauan Tindak Lanjut (SIPTL) untuk melaksanakan dan memantau tindak lanjut rekomendasi hasil pemeriksaan. Sejalan dengan mandat yang diberikan Undang-Undang Dasar 1945 untuk melaksanakan pemeriksaan atas pengelolaan dan tanggung jawab keuangan negara secara bebas dan mandiri, keamanan informasi hasil pemeriksaan merupakan hal penting bagi BPK. Namun demikian, dalam operasionalnya, pemanfaatan SIPTL belum sesuai dengan standar manajemen risiko keamanan informasi. Penelitian ini bertujuan untuk mendapatkan rancangan manajemen risiko keamanan informasi SIPTL. Penelitian ini menggunakan metode kualitatif dan pengumpulan data melalui wawancara dan studi literatur. Wawancara dilakukan dengan pejabat eselon III dan IV pada Biro TI BPK. Kerangka kerja yang digunakan pada penelitian ini berdasarkan SNI ISO/IEC 27005:2018 dengan penanganan risiko menggunakan SNI ISO/IEC 27001:2013, dan SNI ISO/IEC 27002:2013. Hasil yang didapatkan dari penelitian ini adalah 13 skenario risiko di mana dua risiko mempunyai level yang tinggi, lima risiko mempunyai level sedang, dan enam risiko memiliki level rendah. Berdasarkan skenario risiko selanjutnya disusun rancangan manajemen risiko keamanan informasi SIPTL, yang dapat digunakan sebagai bahan pertimbangan dalam penerapan manajemen risiko keamanan informasi di BPK.

---

BPK has implemented the Follow-up Monitoring Information Systems (SIPTL) to conduct and monitor follow-up of recommendations-audit result. In line with the mandate given by the 1945 Constitution to audit towards management of and accountability for the state’s finances a free and independen, the information security of audit results is an important matter for BPK. However, in its operations, the utilization of SIPTL is not in accordance with information security risk management standards. This study aims to obtain a SIPTL information security risk management design. This research uses qualitative methods and data collection through interviews and literature studies. Interview was conducted with middle level official at BPK’s Bureau of IT. The framework used in this research is based on SNI ISO / IEC 27005: 2018, and risk treatment based on SNI ISO / IEC 27001: 2013 also SNI ISO / IEC 27002: 2013. The results obtained from this study are 13 risk scenarios including two high level risks, five medium level risks, and six low level risks. Based on the risk scenario, the SIPTL information security risk management design is then prepared, which can be used as recommendation towards the implementation of information security risk management at BPK."