Text

Implementasi NIST Cyber Security Framework (CSF) dan Center for Internet Security (CIS) controls sebagai rancangan kriteria cyber security audit di sektor industri energi berdasarkan Peraturan Menteri BUMN Nomor PER02-03/MBU/02/2018

---

Pertumbuhan pengguna teknologi yang semakin meningkat setap tahunnya di Indonesia, turut mendorong pemanfaat ruang siber. Ruang siber menjadi pilihan saat ini dikarenakan kemudahan yang ada pada fleksibilitas medianya. Selain digunakan masyarakat secara umum, ruang siber juga digunakan dalam berbagai sektor vital di indonesia, atau lebih dikenal sebagai Infrastruktur Informasi Vital Nasional (IIVN). Selain dari manfaat yang ada, dibaliknya terdapat kerentanan maupun kemungkinan ancaman dan serangan. Salah satu metode yang digunakan untuk mempertahankan keamanan siber suatu organisasi adalah dengan pemeriksaan total atas aspek keamanan, apakah sudah memenuhi kriteria minimal. Hal ini dinyatakan sebagai Cyber Security Audit (CSA). Berbagai standar dapat dijadikan dasar penyusunan CSA, seperti NIST CSF, CIS Control, COBIT 2019, dan lainnya. Dari semua standar, NIST CSF dan CIS Control memiliki kelebihan berupa format yang terstruktur, sehingga memudahkan untuk penggunaannya. Kedua standar tadi lalu dicocokan dengan PER 02-03/MBU/02/2018 sebagai dasar hukum pelaksanaan audit. Kriteria audit yang disusun kemudian dibuat menjadi pertanyaan audit, yang metode perolehan dan hasilnya divalidasi oleh pakar audit keamanan siber dari ISACA Indonesia. Proses tersebut menghasilkan 160 pertanyaan yang terdiri dari Identify (23 pertanyaan), Protect (90 pertanyaan), Detect (35 pertanyaan), dan Respond (12 pertanyaan). --

The growth of technology users, which is increasing every year in Indonesia, also encourages the use of cyberspace. Cyberspace is the current choice because of the ease in terms of flexibility that exists in this media. In addition to being used by the general public, cyberspace is also used in various vital sectors in Indonesia, better known as the National Vital Information Infrastructure (IIVN). Apart from the benefits, there are vulnerabilities as well as possible threats and attacks. One of the methods used to maintain the cyber security of an organization is a total examination of the security aspects. In this case, it can be declared as a Cyber Security Audit (CSA). Various standards can be used as the basis for the preparation of a CSA, such as NIST CSF, CIS Control, COBIT 2019, and others. Of all the standards, NIST CSF and CIS Control have the advantage of being in a structured format, making them easier to use. The two standards were then matched with PER 02-03/MBU/02/2018 as the legal basis for the audit. The audit criteria that were compiled were then made into audit questions, the methods of which were obtained, and the results were validated by cyber security audit experts from ISACA Indonesia. The process resulted in 160 questions consisting of Identify (23 questions), Protect (90 questions), Detect (35 questions), and Respond (12 questions).

---

Availability

No copy data

Detail Information

Series Title

-

Call Number

2022 MEL i

Publisher

Bogor : Poltek SSN., 2022

Collation

xiv, 46 hlm.

Language

Indonesia

ISBN/ISSN

--

Classification

--

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

NIST CSF
CIS Controls v8
Cyber security
Cyber Security Audit (CSA)
PER 02-03/MBU/02/2018

Specific Detail Info

-

Statement of Responsibility

Melandy Andriawan

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment