Text

Perancangan cyber-risk management menggunakan nist? cyber security framework (CSF), CIS controls V8, dan ISO 27005:2022 (studi kasus: Diskominfo Kota Tangerang Selatan)

---

Abstrak:
Teknologi informasi menjadi bagian penting untuk organisasi dalam menjalan-kan tugas dan fungsinya. Teknologi informasi digunakan untuk mengelola infor-masi untuk menunjang proses bisnis dalam suatu organisasi agar berfungsi secara efektif dan efisien serta tujuan organisasi dapat tercapai. Organisasi dapat merancang sistem keamanan informasi dengan melakukan kajian dan analisis terhadap risiko siber sesuai skala prioritas dengan cara menerapkan cyber-risk management. Pada penelitian ini, dilakukan perancangan cyber-risk management dengan menggunakan NIST CSF, CIS Controls v8, dan ISO 27005. Dalam melakukan perancangan cyber-risk management, menggunakan 6 tahapan yaitu Prioritized and Scope, Orient, Create a Current Profile, Conduct Risk Assess-ment, Create a Target Profile, dan Determine, Analyze, and Prioritize Gaps. Hasil akhir dari penelitian ini adalah penyusunan rancangan cyber-risk manage-ment dengan rekomendasi kontrol dari CIS Controls v8 yang menjadi satu pro-gram kerja untuk Diskominfo Kota Tangerang Selatan. Proses cyber-risk management ini menghasilkan 40 risiko dengan kategori High, 11 risiko dengan kategori Medium, 5 risiko dengan kategori Low, serta 18 risiko dengan kategori Very Low. Selanjutnya, diberikan rekomendasi kontrol pada 50 risiko yang dinyatakan High dan Medium dengan rekomendasi perlakuan Mitigation berdasarkan CIS Controls v8.0.
Abstract:
Information technology assumes a pivotal role in organizations, enabling the execution of their tasks and functions. Information technology is employed to manage information to support the business processes within an organization to operate effectively and efficiently, thus enabling the organization to achieve its objectives. Organizations can design information security systems by conducting assessments and analyses of cyber risks according to their prioritized scale, through the implementation of cyber-risk management. In this research, the design of cyber-risk management is conducted using NIST CSF, CIS Controls v8, and ISO 27005. In carrying out the design of cyber-risk management, six distinct stages are utilized, Prioritized and Scope, Orient, Create a Current Profile, Conduct Risk Assessment, Create a Target Profile, and Determine, Analyze, and Prioritize Gaps. The final outcome of this research involves the development of a cyber-risk management plan with control recommendations from CIS Controls v8, which serves as a work program for the Diskominfo Kota Tangerang Selatan. This cyber-risk management process has identified 40 risks categorized as High, 11 risks categorized as Medium, 5 risks categorized as Low, and 18 risks categorized as Very Low. Subsequently, control recommendations are provided for the 50 risks classified as High and Medium, with mitigation recommendations based on CIS Controls v8.0

---

Availability

Detail Information

Series Title

--

Call Number

2023 YUL p

Publisher

Bogor : Politeknik Siber dan Sandi Negara., 2023

Collation

xii + 82 halaman

Language

Indonesia

ISBN/ISSN

--

Classification

Rekayasa Keamanan Siber

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

NIST CSF
CIS Controls v8
cyber-risk management
rekomendasi kontrol
ISO 27005:2022

Specific Detail Info

--

Statement of Responsibility

Yulyanti Hendriani

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment