Hasil Pencarian  ::  Simpan CSV :: Kembali

"Perkembangan teknologi informasi mempunyai risiko yang cukup signifikan terhadap suatu perusahaan. Selain dapat mempermudah dan mempercepat proses bisnis tetapi juga dapat membawa risiko dan ancaman terhadap perusahaan. Untuk itu diperlukan kontrol yang dapat memitigasi atau bahkan dapat menghilangkan risiko yang ada, sehingga teknologi informasi yang diterapkan organisasi dapat mendukung sepenuhnya kepentingan organisasi. Hal ini bertujuan agar teknologi informasi memberikan manfaat bagi organisasi. Kondisi saat ini PT. XYZ telah melakukan berbagai usaha untuk dapat memitigasi atau bahkan menghilangkan risiko keamanan informasi yang ada, tetapi karena belum adanya kerangka kerja yang digunakan sehingga sulit bagi PT. XYZ untuk mengukur dan menjalankan keamanan informasi secara optimal. Mengacu pada kondisi dan permasalahan di organisasi tersebut, maka perlu adanya evaluasi keamanan informasi untuk mengukur sejauh apa usaha PT. XYZ telah menerapkan keamanan informasi dan kontrol-kontrol apa yang perlu ditambahkan atau diperbaiki agar usaha PT. XYZ dalam menerapkan keamanan informasi menjadi optimal. Pada penelitian ini menggunakan Framework ISO 27001:2005/ISMS. Melalui pendekatan audit keamanan informasi dengan menggunakan assessment checklist ISO 27001 dan penilaian risiko, dipilih sasaran perbaikan berdasarkan kontrol ISO 27001. Kontrol-kontrol ini nantinya diharapkan dapat memitigasi atau bahkan menghilangkan dampak yang ditimbulkan dari ancaman dan kerawanan yang ada dilingkungan organisasi PT. XYZ.

---

The development of information technology has a significant risk of a company. Besides being able to simplify and speed up business processes but can also bring risks and threats to the company. It is necessary to control that can mitigate or even eliminate existing risks, so that the applied information technology organizations can support fully the interests of the organization. It aims to provide the benefits of information technology to the organization.

Current conditions PT. XYZ has made various efforts to mitigate or even eliminate the risk of information security, but because of the absence of a framework used so difficult for PT. XYZ to measure and run an optimal information security.

Referring to the conditions and problems in the organization, hence the need for information security evaluation to measure the extent to which PT. XYZ has implemented information security and controls what needs to be added or improved in order PT. XYZ in implementing information security to be optimal.

In this study, using the Framework ISO 27001: 2005 / ISMS. Through approach to information security audit using a checklist ISO 27001 assessment and risk assessment, have been targets for improvement based on the control of ISO 27001. These controls might be expected to mitigate or even eliminate the impact of threats and vulnerabilities that exist within the organization PT. XYZ. "

"[Minyak dan gas bumi (migas) merupakan sumber daya alam yang sangat strategis bagi Indonesia. Karena hingga saat ini sektor migas masih menjadi salah satu tulang punggung perekonomian nasional, sumber penerimaan dan devisa negara, bahan bakar bagi industri, mendorong investasi, penyerapan tenaga kerja, pemenuhan energi domestik dan peningkatan kemampuan sumber daya manusia serta sumber pengembangan ekonomi daerah. Oleh karena itu, pengelolaan data migas yang baik, akurat, lengkap dan aman akan membantu pemerintah dalam pengambilan keputusan dan kebijakan bidang migas. Karena keterbatasan sumber daya manusia, sarana, dan prasarana, hingga saat ini Pusdatin ESDM bekerja sama dengan pihak ketiga dalam pengelolaan data migas. Namun dalam menjalin kerja sama tersebut, Pusdatin ESDM belum memiliki tata kelola keamanan infomasi yang dibutuhkan untuk mendukung keamanan data dan informasi migas.Berdasarkan hal tersebut, jelas bahwa permasalahan di Pusdatin ESDM terkait keamanan informasi pada pengelolaan data migas adalah aspek kerahasiaan, integritas, dan ketersediaan informasi dan data migas belum didukung secara optimal. Sehingga perlu dikembangkan tata kelola keamanan informasi yang sesuai bagi Pusdatin ESDM untuk pengelolaan data migas yang dikelola pihak ketiga.Penelitian ini membahas perancangan tata kelola keamanan informasi untuk pengelolaan data migas yang dikelola oleh pihak ketiga, dengan menggunakan standar keamanan informasi ISO/IEC 27001:2005. Melalui pendekatan penilaian risiko, dipilih sasaran pengendalian dan pengendalian ISO/IEC 27001:2005 yang sesuai untuk pengelolaan data migas. Berdasarkan sasaran pengendalian dan pengendalian terpilih, dikembangkan tata kelola keamanan informasi untuk pengelolaan data migas yang dikelola oleh pihak ketiga. Dalam hal pemetaan peran dan tanggung jawab keamanan informasi, digunakan konsep RACI pada kerangka kerja OMBOK (Outsourcing Management Body of Knowledge).Hasil penelitian ini didapat rancangan tata kelola keamanan informasi yang sesuai bagi Pusdatin ESDM dalam melaksanakan pengelolaan data migas yang hingga saat ini bekerja sama dengan pihak ketiga.;Oil and gas is a natural resource that is very strategic for Indonesia. Nowadays, oil and gas sector remains one of the backbone of the national economy, source of revenue and foreign exchange, fuel for industry, encourage investment, employment, fulfillment of domestic energy and upgrading of human resources, as well as a source of regional economic development. Therefore, good, accurate, complete and safe data management will assist the government in making decisions and policies of oil and gas fields. Due to limited human resources, facilities, and infrastructure, Pusdatin ESDM (Data and Information Technology Center for Energy and Mineral Resource) cooperate with third parties in oil and gas data management. However, Pusdatin ESDM do not have any governance to make sure the security of oil and gas information.It is clear that the information security problem in Pusdatin ESDM for oil and gas data management is the low concern of data confidentiality, integrity, and availability. So it is necessary to develop information security governance suitable for Pusdatin ESDM for oil and gas data management which are managed by third parties.This study discusses the design of information security governance for oil and gas data management, managed by a third party, by using information security standards ISO/IEC 27001:2005. Through a risk assessment approach, control objectives and control of ISO/IEC 27001:2005 which related to the data management of oil and gas are selected. Based on control objectives and control selected, the information security governance for oil and gas data management that are managed by a third party, are developed and created. In the case of mapping the roles and responsibilities of information security, RACI concept of OMBOK (Outsourcing Management Body of Knowledge) framework is used.The results of this study is an information security governance design suitable for Pusdatin ESDM in implementing oil and gas data management managed by third parties., Oil and gas is a natural resource that is very strategic for Indonesia. Nowadays, oil and gas sector remains one of the backbone of the national economy, source of revenue and foreign exchange, fuel for industry, encourage investment, employment, fulfillment of domestic energy and upgrading of human resources, as well as a source of regional economic development. Therefore, good, accurate, complete and safe data management will assist the government in making decisions and policies of oil and gas fields. Due to limited human resources, facilities, and infrastructure, Pusdatin ESDM (Data and Information Technology Center for Energy and Mineral Resource) cooperate with third parties in oil and gas data management. However, Pusdatin ESDM do not have any governance to make sure the security of oil and gas information.It is clear that the information security problem in Pusdatin ESDM for oil and gas data management is the low concern of data confidentiality, integrity, and availability. So it is necessary to develop information security governance suitable for Pusdatin ESDM for oil and gas data management which are managed by third parties.This study discusses the design of information security governance for oil and gas data management, managed by a third party, by using information security standards ISO/IEC 27001:2005. Through a risk assessment approach, control objectives and control of ISO/IEC 27001:2005 which related to the data management of oil and gas are selected. Based on control objectives and control selected, the information security governance for oil and gas data management that are managed by a third party, are developed and created. In the case of mapping the roles and responsibilities of information security, RACI concept of OMBOK (Outsourcing Management Body of Knowledge) framework is used.The results of this study is an information security governance design suitable for Pusdatin ESDM in implementing oil and gas data management managed by third parties.]"

"Tujuan utama keamanan informasi adalah menjaga aset informasi yang dimiliki oleh suatu organisasi, seperti kerahasiaan, integritas, dan ketersediaan (dikenal sebagai CIA). Dalam memelihara aset informasi, perusahaan biasanya mengelola keamanan informasi dengan membuat dan menerapkan kebijakan Sistem Manajemen Keamanan Informasi (SMKI). Kebijakan SMKI yang banyak digunakan dan diterapkan di Indonesia adalah ISO/IEC 27001. PT ABC adalah salah satu perusahaan telekomunikasi yang telah menerapkan standar dan prosedur ISO / IEC 27001: 2013. Perusahaan melakukan audit setahun sekali untuk menjaga tingkat kepatuhan dengan ISO / IEC 27001: 2013. Namun, hanya beberapa orang yang terlibat dalam melakukan audit, dan masih belum diketahui berapa banyak karyawan yang mengetahui keamanan informasi perusahaan. Penelitian ini berfokus pada penilaian seberapa besar kesadaran keamanan informasi yang ada dalam PT ABC. Kuesioner dibagikan di dua departemen perusahaan: supply chain management dan service delivery Jakarta Operation Network. Penelitian ini juga memeriksa dokumen perusahaan dan surveillance audit pada tahun 2018, dan menilai kepatuhan PT ABC terhadap implementasi ISO 27001:2013. Para karyawan dikelompokkan berdasarkan masa kerja karyawan. Setelah pendistribusian kuisioner dilakukan, maka dapat dihitung margin kesalahan yaitu 6%. Kuisioner yang didistribusikan dapat menjadi salah satu cara untuk mempermudah pengukuran level kesadaran keamanan informasi. Data penelitian menunjukkan bahwa sebagian besar karyawan yang telah bekerja di perusahaan selama lebih dari enam tahun memahami dan menerapkan kontrol ISO 27001. Sementara itu, perusahaan masih perlu mensosialisasikan ISO kepada karyawan yang telah bekerja di perusahaan hanya selama satu atau dua tahun.

---

The main purpose of information security is to safeguard information assets owned by an organization, such as confidentiality, integrity and availability (known as the CIA). In maintaining information assets, companies usually manage information security by creating and implementing an Information Security Management System (ISMS) policy. The ISMS policy that is widely used and applied in Indonesia is ISO/IEC 27001. PT ABC is one of the telecommunication companies in Jakarta that has implemented ISO/IEC 27001:2013 standards and procedures. The company conducts audits once a year to maintain compliance with ISO/IEC 27001: 2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of company information security.

This study focuses on assessing how much information security awareness exists in PT ABC. Questionnaires were distributed in two company departments: supply chain management and service delivery Jakarta Operation Network. This study also examined company documents and surveillance audits in 2018, and assessed PT ABC`s compliance with the implementation of ISO 27001: 2013. Employees are grouped based on their length of work. The results of the questionnaire, with a margin of error of 6%. The distributed questionnaire can be one way to facilitate the measurement of the level of information security awareness.

Research data shows that most employees who have worked in the company for more than six years understand and implement ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked for the company for only one or two years."

"Seiring dengan kemajuan teknologi, peningkatan interkonektivitas bisnis Bank D yang berarti peningkatan jumlah dan variasi ancaman serta kerawanan keamanan informasi tak terelakkan. Oleh karena itu, peningkatan daya dukung dan sumber daya teknologi informasi pada Bank D sangat penting. Salah satu cara untuk menjawab tantangan diatas adalah melalui penerapan Balanced Scorecard Departemen Teknologi Informasi di Bank D berdasarkan ISO/ IEC 17799:2005 dan ISO/ IEC 27001:2005, yang merupakan aplikasi pertama Balanced Scorecard generasi ke-4 di Indonesia. Yang dimaksud dengan metode pengembangan Balanced Scorecard generasi ke-4 adalah: a) penggunaan penilaian ahli Indikator Kinerja Utama (IKU) Departemen Teknologi Informasi Bank D dan ISO/ IEC 17799:2005 dan ISO/ IEC 27001:2005 pada tiap proses pengembangan Balanced Scorecard generasi ke-4, b) penentuan kriteria pemilihan risiko serta Indikator Risiko Utama (IRU) dan Indikator Pengendalian Utama (IPU) dengan skala Likert, c) pembobotan kriteria pemilihan indikator (IRU dan IPU) berdasarkan tingkat kepentingan dengan perbandingan berpasangan pada metode Analytical Hierarchy Process (AHP), d) penentuan IRU dan IPU dari tiap risiko dengan matriks prioritas, e) pembuatan matriks control risiko, dan f) penentuan hubungan antara IRU dan IPU dengan IKU Departemen Teknologi Informasi Bank D menggunakan matriks prioritas.

---

In accordance with the advancement of technology, so does the incremental business interconnectivity of Bank D. This will bring along a larger amount and variation of threats and vulnerabilities towards IT security. Therefore, support system and IT resources enhancement becomes critical. One of the ways according with that concern is 4th generation Balanced Scorecard development at the Information Technology Department of Bank D based on ISO/IEC 17799:2005 and ISO/ IEC 27001:2005 that is ' by far ' the first concept application to be implemented in Indonesia. This research is dedicated to find methods of putting 4th generation of Balanced Scorecard into practice at Bank D. Fourth generation Balanced Scorecard development consists of following method: a) involvement of experts judgment that are excel in Key Performance Indicator of Information Technology Department, ISO/ IEC 17799:2005 and ISO/ IEC 27001:2005, b) sort listing of risk and indicator selection criteria using Likert scale, c) weighting of indicator criteria selected using pairwise comparison from Analytical Hierarchy Process, d) setting of Key Risk Indicator (KRI) and Key Control Indicator (KCI) using priority matrix, e) making of risk control matrix, f) setting the relation between KRI, KCI, and KPI of IT Department of Bank D using priority matrix."