Text
Perancangan Cyber-Risk Management Berdasarkan NIST CSF V1.1, ISO/IEC 27005:2018, dan NIST SP 800-53 Revisi 5 (Studi Kasus: Diskominfo Kabupaten Jember)
Abstrak:
COVID-19 mendorong transformasi digital di berbagai sektor layanan pemerintah
pusat dan daerah. Hal ini berbanding lurus dengan ancaman siber yang mengintai.
Sehingga menimbulkan risiko yang merugikan pengguna. Salah satu instansi
pemerintah daerah yang melaksanakan transformasi digital adalah Dinas
Komunikasi dan Informatika (Diskominfo) Kabupaten Jember. Dilakukannya
digitalisasi di berbagai layanan organisasi, memungkinkan peningkatkan risiko
siber. Sehingga untuk memitigasi risiko siber dan melindungi aset digital, data
sensitif, dan infrastruktur teknologi informasi komunikasi, diperlukan pengelolaan
risiko melalui penerapan cyber-risk management. Penerapan cyber-risk
management penelitian ini difokuskan pada kerentanan layanan digital di Bidang
Infrastruktur Teknologi Informasi Komunikasi. Tahapan perancangan cyber-risk
management pada penelitian ini dilakukan berdasar NIST CSF v1.1 sebagai
kerangka kerja utama dan ISO/IEC 27005:2018 sebagai kerangka kerja pendukung.
Pada pelaksaaannya, perancangan cyber-risk management menggunakan 6 dari 7
tahapan NIST CSF v1.1 yang dikombinasikan dengan ISO/IEC 27005:2018 pada
tahap prioritize and scope, orient, dan conduct a risk assessment. Hasil akhir dari
penelitian ini adalah pemberian 171 rekomendasi kontrol berdasarkan NIST SP
800-53 Revisi 5, yang terdiri atas 9 family kontrol antara lain. Hasil penelitian ini
dapat dijadikan bahan pertimbangan atau acuan dalam perancangan cyber-risk
management di Bidang Infrastruktur Teknologi Informasi Komunikasi pada Dinas
Komunikasi dan Informatika Kabupaten Jember Access Control (AC), Awareness
and Training (AT), Configuration Management (CM), Identification and
Authentication (IA), Maintenance (MA), Media Protection (MP), Program
Management (PM), System and Communication Protection (SC), dan Supply Chain
Risk Management (SR).
Abstract:
COVID-19 is driving digital transformation in various central and local
government service sectors. This is directly proportional to the cyber threats that
lurk. So that it creates risks that are detrimental to users. One of the local
government agencies implementing digital transformation is the Dinas Komunikasi
dan Informatika (Diskominfo) Kabupaten Jember. The digitization of various
organizational services allows an increase in cyber risk. To mitigate cyber risks
and protect digital assets, sensitive data, and communication information
technology infrastructure, risk management is needed through the implementation
of cyber-risk management. The application of cyber-risk management in this
research is focused on the vulnerability of digital services in the Information
Communication Technology Infrastructure Field. The stages of cyber-risk
management design in this research are carried out based on NIST CSF v1.1 as the
main framework and ISO/IEC 27005: 2018 as a supporting framework. In its
implementation, the cyber-risk management design uses 6 of the 7 stages of NIST
CSF v1.1 combined with ISO/IEC 27005: 2018 at the prioritize and scope, orient,
and conduct a risk assessment stages. The final result of this research is the
provision of 171 control recommendations based on NIST SP 800-53 Revision 5,
which consists of 9 families of controls, among others. The results of this study can
be used as a consideration or reference in designing cyber-risk management in the
Communication Information Technology Infrastructure Sector at the
Communication and Information Technology Office of Jember Access Control
(AC), Awareness and Training (AT), Configuration Management (CM),
Identification and Authentication (IA), Maintenance (MA), Media Protection (MP),
Program Management (PM), System and Communication Protection (SC), and
Supply Chain Risk Management (SR).
Availability
No copy data
Detail Information
- Series Title
-
--
- Call Number
-
2023 ELL p
- Publisher
- Bogor : Politeknik Siber dan Sandi Negara., 2023
- Collation
-
xiv, 96 halaman
- Language
-
Indonesia
- ISBN/ISSN
-
--
- Classification
-
Rekayasa Keamanan Siber
- Content Type
-
-
- Media Type
-
-
- Carrier Type
-
-
- Edition
-
--
- Subject(s)
- Specific Detail Info
-
-
- Statement of Responsibility
-
Ellisa Hani Nur Safitri
Other version/related
No other version available
File Attachment
Comments
You must be logged in to post a comment
Computer Science, Information & General Works 
Philosophy & Psychology 
Religion 
Social Sciences 
Language 
Pure Science 
Applied Sciences 
Art & Recreation 
Literature 
History & Geography