Text
Perancangan cyber-risk management berdasarkan NIST CSF V1.1, ISO/IEC 27005:2018, dan NIST SP 800-53 revisi 5 (studi kasus: Diskominfo Kabupaten Jember)
Abstrak:
COVID-19 mendorong transformasi digital di berbagai sektor layanan pemerintah pusat dan daerah. Hal ini berbanding lurus dengan ancaman siber yang mengintai. Sehingga menimbulkan risiko yang merugikan pengguna. Salah satu instansi pemerintah daerah yang melaksanakan transformasi digital adalah Dinas Komunikasi dan Informatika (Diskominfo) Kabupaten Jember. Dilakukannya digitalisasi di berbagai layanan organisasi, memungkinkan peningkatkan risiko siber. Sehingga untuk memitigasi risiko siber dan melindungi aset digital, data sensitif, dan infrastruktur teknologi informasi komunikasi, diperlukan pengelolaan risiko melalui penerapan cyber-risk management. Penerapan cyber-risk management penelitian ini difokuskan pada kerentanan layanan digital di Bidang Infrastruktur Teknologi Informasi Komunikasi. Tahapan perancangan cyber-risk management pada penelitian ini dilakukan berdasar NIST CSF v1.1 sebagai kerangka kerja utama dan ISO/IEC 27005:2018 sebagai kerangka kerja pendukung.
Pada pelaksaaannya, perancangan cyber-risk management menggunakan 6 dari 7 tahapan NIST CSF v1.1 yang dikombinasikan dengan ISO/IEC 27005:2018 pada tahap prioritize and scope, orient, dan conduct a risk assessment. Hasil akhir dari penelitian ini adalah pemberian 171 rekomendasi kontrol berdasarkan NIST SP 800-53 Revisi 5, yang terdiri atas 9 family kontrol antara lain. Hasil penelitian ini dapat dijadikan bahan pertimbangan atau acuan dalam perancangan cyber-risk management di Bidang Infrastruktur Teknologi Informasi Komunikasi pada Dinas Komunikasi dan Informatika Kabupaten Jember Access Control (AC), Awareness and Training (AT), Configuration Management (CM), Identification and Authentication (IA), Maintenance (MA), Media Protection (MP), Program Management (PM), System and Communication Protection (SC), dan Supply Chain Risk Management (SR).
Abstract:
COVID-19 is driving digital transformation in various central and local government service sectors. This is directly proportional to the cyber threats that lurk. So that it creates risks that are detrimental to users. One of the local government agencies implementing digital transformation is the Dinas Komunikasi dan Informatika (Diskominfo) Kabupaten Jember. The digitization of various organizational services allows an increase in cyber risk. To mitigate cyber risks and protect digital assets, sensitive data, and communication information technology infrastructure, risk management is needed through the implementation of cyber-risk management. The application of cyber-risk management in this research is focused on the vulnerability of digital services in the Information Communication Technology Infrastructure Field. The stages of cyber-risk management design in this research are carried out based on NIST CSF v1.1 as the main framework and ISO/IEC 27005: 2018 as a supporting framework. In its implementation, the cyber-risk management design uses 6 of the 7 stages of NIST CSF v1.1 combined with ISO/IEC 27005: 2018 at the prioritize and scope, orient, and conduct a risk assessment stages. The final result of this research is the provision of 171 control recommendations based on NIST SP 800-53 Revision 5, which consists of 9 families of controls, among others. The results of this study can be used as a consideration or reference in designing cyber-risk management in the Communication Information Technology Infrastructure Sector at the Communication and Information Technology Office of Jember Access Control (AC), Awareness and Training (AT), Configuration Management (CM), Identification and Authentication (IA), Maintenance (MA), Media Protection (MP), Program Management (PM), System and Communication Protection (SC), and Supply Chain Risk Management (SR).
Availability
Detail Information
- Series Title
-
--
- Call Number
-
2023 ELL p
- Publisher
- Bogor : Politeknik Siber dan Sandi Negara., 2023
- Collation
-
xiv, 96 halaman
- Language
-
Indonesia
- ISBN/ISSN
-
--
- Classification
-
Rekayasa Keamanan Siber
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
--
- Subject(s)
- Specific Detail Info
-
--
- Statement of Responsibility
-
Ellisa Hani Nur Safitri
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography