Hasil Pencarian  ::  Simpan CSV :: Kembali

"Abstract:"Effective security rules and procedures do not exist for their own sake-they are put in place to protect critical assets, thereby supporting overall business objectives. Recognizing security as a business enabler is the first step in building a successful program.Information Security Fundamentals allows future security professionals to gain a solid understanding of the foundations of the field and the entire range of issues that practitioners must address. This book enables students to understand the key elements that comprise a successful information security program and eventually apply these concepts to their own efforts. The book examines the elements of computer security, employee roles and responsibilities, and common threats. It examines the need for management controls, policies and procedures, and risk analysis, and also presents a comprehensive list of tasks and objectives that make up a typical information protection program.The volume discusses organizationwide policies and their documentation, and legal and business requirements. It explains policy format, focusing on global, topic-specific, and application-specific policies. Following a review of asset classification, the book explores access control, the components of physical security, and the foundations and processes of risk analysis and risk management. Information Security Fundamentals concludes by describing business continuity planning, including preventive controls, recovery strategies, and ways to conduct a business impact analysis""

"PT. Z adalah organisasi yang bergerak di bidang asuransi kecelakaan lalu lintas, pemanfaatan TI bagi PT. Z adalah untuk mempercepat proses bisnis dan meningkatkan kualitasi penyediaan pelayanan, PT. Z dalam pengelolaan TI harus dapat mengantisipasi risiko yang ada. Pengelolaan terhadap manajemen risiko yang baik bagi PT. Z adalah termasuk kedalam penerapan GCG, untuk BUMN GCG berpedoman kepada Permen BUMN No. PER-02/MBU/2013 yang di rekomendasikan untuk di ikuti oleh semua BUMN, pada GCG PER-02/MBU/2013 salah satu deliverable nya adalah mengenai kebijakan pengelolaan manajemen risiko yang dapat menghasilkan prosedur kerangka kerja pengelolaan risiko TI, selain itu PT. Z memang ingin mengadopsi standar keamanan TI. Dalam penelitian ini, dipilih aplikasi utama dari PT. Z untuk dilakukan perancangan manajemen risiko yang sesuai, aplikasi pelayanan adalah salah satu aplikasi utaman bagi PT. Z dalam menjalankan bisnis nya. Rancangan manajemen risiko pada aplikasi ini memakai framework ISO27005 seperti penentuan konteks, kriteria dasar pengelolaan risiko, penentuan ruang lingkup, penilaian risiko, penanganan dan penerimaan risiko itu sendiri, aset utama dan aset pendukung pada aplikasi ini semua dilakukan penilaian risiko nya dan untuk menghitung nilai risiko menggunakan NIST SP 800-30, pada tahap penanganan risiko mengaplikasikan kontrol - kontrol yang ada pada ISO 27002. Dari hasil penelitian, dapat disimpulkan bahwa terdapat 13 risiko yang akan diterima dan 48 risiko yang akan dilakukan pengurangan dengan mengaplikasikan kontrol yang di rekomendasikan berdasarkan kepada ISO 27002.

---

PT. Z is an organization which run their business for accident insurance, IT Utilization for PT. Z is to accelerate the business processes and to improve the quality of service for their customers. A proper way to managed the risk management for PT. Z is including at implementation of Good Corporate Governance (GCG), GCG at PT. Z is guided by PERMEN BUMN No. PER-02/MBU/2013 which recommended to follow and comply by all of government companies. In PER-02/MBU/2013 one of its deliverable is about the policy of risk management that can give the result of framework IT risk management, in addition PT. Z want to adopt IT security standards.

In this study, has been choosen the main application of PT. Z to do risk management plan and design that appropriate and suitable for PT. Z, one of the key application that they had is “aplikasi pelayanan” to support their main business. Risk management plan and design for this application is using ISO27005 framework for determining the risk context, risk criteria, determining the scope, risk identification, risk estimation, risk evaluation, risk treatment and risk acceptance. Risk estimation using NIST SP 800-30 framework and for risk evaluation using control from ISO27002.

Concluding from this research is that is 13 risks that will accept and 48 risks that want to do a reduction by applied control that recommended by ISO 27002."

"PT Pupuk Kujang selaku perusahaan BUMN di bidang industri pupuk dan industri kimia terus berupaya meningkatkan kualitas dari kinerja teknologi informasinya, sesuai dengan panduan penyusunan pengelolaan teknologi informasi pada BUMN yang terlampir pada peraturan menteri BUMN, yang harus berdasarkan pada suatu sistem tata kelola, yang termuat dalam sebuah master plan, dan dikembangkan secara bersinergi sesama BUMN. Dalam IT master plan PI group yang telah dirancang terdapat point peningkatan kesadaran keamanan informasi yang mengharuskan adanya pengukuran kesadaran keamanan informasi oleh pegawai perusahaan. Keamanan informasi adalah terjaganya kerahasiaan (confidentiality), keutuhan (integrity), dan ketersediaan (availability) informasi. Penelitian ini bertujuan untuk melakukan pengukuran tingkat kesadaran keamanan informasi pegawai yang bekerja di kantor PT Pupuk Kujang. Pengumpulan data pengukuran pada penelitian ini didapatkan dari hasil penyebaran kuesioner, yang dilanjutkan dengan pengolahan data menggunakan metode PLS-SEM dengan aplikasi SmartPLS untuk melakukan uji validitas konvergen, validitas diskriminan dan uji reliabilitas, serta pengujian inner model test terhadap variabel knowledge, attitude, dan behavior (model KAB). Hasil dari penelitian ini didapatkan bahwa antara variabel KAB tidak memiliki hubungan satu sama lainnya dalam memengaruhi tingkat kesadaran keamanan informasi, dan hasil dari skala tingkat kesadaran keamanan informasi di perusahaan ada pada skala “Baik”.

---

PT Pupuk Kujang is a Chemical and Fertilizer company, as a state-owned company (BUMN) PT Pupuk Kujang needs to continuously improve its IT performance align with the IT management and development guidelines. This is in line as well with the BUMN Ministry book of law. The IT usage and development in BUMN must be based on the masterplan that synergistically developed across the BUMNs. In the PI group IT master plan that has been designed there is a point of increasing information security awareness which requires measuring information security awareness by company employees. Information security is the maintenance of confidentiality, integrity, and availability of information.

This study aims to measure the level of information security awareness of employees who work in the office of PT Pupuk Kujang. The collection of measurement data in this study was obtained from the results of distributing questionnaires, followed by data processing using the PLS-SEM method with the SmartPLS application to test convergent validity, discriminant validity and reliability tests, as well as testing inner model tests on knowledge, attitude, and behavior variables. (KAB model). The results of this study found that the KAB variables did not have a relationship with each other in influencing the level of information security awareness, and the results of the scale of the level of information security awareness in the company were on the "Good" scale."