Hasil Pencarian  ::  Simpan CSV :: Kembali

"Inisiatif optimalisasi pemanfaatan Teknologi Informasi dan Komunikasi (TIK) merupakan salah satu bentuk inisiatif strategis dari Sekretariat Presiden (Setpres) yang tertuang dalam rencana strategis Setpres 2020-2024. Setpres dalam menjalankan kegiatan operasional maupun administrasi menetapkan konsep zero mistake, sehingga dalam melaksanakan pekerjaan diharuskan untuk teliti dan berhati-hati agar dapat meminimalisir munculnya risiko kesalahan dan timbulnya persepsi yang buruk terhadap kinerja Setpres. Layanan Setpres dituntut agar dapat memberikan data dan informasi yang aman dan handal dalam proses pengambilan keputusan. Namun pada kenyataannya pengelolaan aset dan risiko pada pusat data belum dikelola dengan baik dan bersifat spontanitas saja. Oleh karenanya dengan penelitian ini diharapkan pengelolaan risiko dan penanganan terkait keamanan informasi pada pusat data Setpres dapat dikelola dengan baik. Penelitian ini menggunakan metode kualitatif dimana proses pengumpulan data primer menggunakan wawancara, diskusi atau rapat dan melalui observasi serta dilengkapi dengan data sekunder. Kerangka kerja yang digunakan dalam proses manajemen risiko keamanan informasi penelitian ini adalah ISO/IEC 27005:2018 dan menggunakan panduan dari NIST SP 800-30 Rev.1 dalam proses penilaian risiko, kemudian menggunakan ISO/IEC 27002:2013 untuk memberikan rekomendasi kontrol penanganan risikonya. Penelitian ini menghasilkan 119 skenario risiko dimana 97 diantaranya perlu dimitigasi dan 22 risiko dapat diterima. Risiko yang dimitigasi 75 risiko ditangani dengan memodifikasi risiko, 22 dengan berbagi risiko, dan 22 risiko diterima. Rancangan manajemen risiko keamanan informasi pusat data Setpres ini diharapkan dapat bermanfaat bagi organisasi Setpres dalam mengelola risiko keamanan informasi pusat data maupun unit kerja lain di lingkungan Kementerian Sekretariat Negara dan juga pihak atau peneliti lain yang berkaitan dengan manajemen risiko keamanan informasi.......The initiative to optimize the use of Information Technology and Communication (ICT) is a form of strategic initiative of Presidential Secretariat (Setpres) which is can be found in the 2020-2024 Presidential Secretariat strategic plan. Setpres in carrying out the operational and administrative activities, Presidential Secretariat sets the concept of zero mistake, so that when doing the activities had to be thorough and careful in order to minimize the risk of errors and the emergence of a bad perception of the performance of the Presidential Secretariat. Presidential Secretariat services were required to provide be safe dan reliable data and information in the process of decision making. However, in the reality data center management of assets and risks was not managed properly, where the risk management and risk treatment were conducted spontaneously. Therefore, with this research risk management and the risk treatment related to the data center information security could be managed properly. This study uses qualitative method that the primary data collection by interviews, discussions or meetings, and observation, also uses the secondary data collection. Framework that is used by this research in the information security risk management process is ISO/IEC 27005:2018, and uses guidelines from NIST SP 800-30 Rev.1 in the risk assessment process, also completed with the ISO/IEC 27002:2013 for the recommendation for the risk controls. This study resulted 119 risk scenarios where 97 of them need to be mitigated and 22 risks are acceptable. Risks that were mitigated, 75 of the risks will be handled by modifying risks, 22 by sharing the risks, and 22 risks were acceptable. The design of data center information security risk management of the Presidential Secretariat was expected to be useful for Setpres Organization itself to manage information security risks and other works units within the Ministry of State Secretariat of the Republic of Indonesia as well as other parties or researchers related to the information security risk management."

"Ditjen. Imigrasi sebagai pelaksana tugas dan fungsi Kementerian Hukum dan HAM RI di bidang keimigrasian telah memanfaatkan SI/TI yang mengintegrasikan seluruh fungsi keimigrasian baik di dalam maupun luar negeri, yaitu dengan Sistem Informasi Manajemen Keimigrasian (SIMKIM). Lingkup SIMKIM yang meliputi hampir seluruh aspek layanan keimigrasian menyebabkan ketersediaan layanan SIMKIM menjadi sangat penting. Tidak tersedianya layanan SIMKIM menyebabkan proses pelayanan keimigrasian menjadi tidak berjalan. Terjadinya insiden terkait keamanan informasi dalam organisasi serta maraknya kasus serangan siber di instansi pemerintah Indonesia, menuntut kepastian pengamanan SIMKIM untuk melindungi data krusial yang dimiliki. Tingginya ketergantungan Imigrasi terhadap SIMKIM dan dalam rangka menjaga kredibilitas instansi, dibutuhkan suatu perencanaan manajemen risiko keamanan informasi untuk menjamin kerahasiaan, integritas, dan ketersediaan layanan SIMKIM.Dalam menyusun perencanaan manajemen risiko keamanan informasi SIMKIM, penelitian dilakukan dengan menggunakan kerangka kerja ISO/IEC 27005:2018 sebagai kerangka kerja utama dalam proses manajemen risiko, NIST SP 800-30 Rev. 1 sebagai panduan pelaksanaan aktivitas penilaian risiko, dan NIST SP 800-53 Rev. 5 sebagai acuan penentuan rekomendasi. Dari penilaian risiko, diidentifikasi 23 skenario risiko yang perlu dimitigasi oleh organisasi dan 5 skenario risiko yang dapat dialihkan ke pihak ketiga. Penelitian ini menghasilkan dokumen rancangan manajemen risiko keamanan informasi SIMKIM.......The Directorate General of Immigration as the executor of the duties and functions of the Ministry of Law and Human Rights of Republic of Indonesia in the Immigration sector has utilized IS/IT that integrates all immigration functions both at inside and outside territory of Indonesia, namely the Sistem Informasi Manajemen Keimigrasian (SIMKIM). The scope of SIMKIM which covers almost all aspects of immigration services makes the availability of SIMKIM services very important. The unavailability of SIMKIM services causes the immigration service process to not work. The occurrence of incidents related to information security within the organization as well as the rise of cases of cyber attacks in Indonesian government agencies, demands the certainty of SIMKIM security to protect the crucial data held. Immigration's high dependence on SIMKIM and to maintain the credibility of the agency, an information security risk management plan is needed to ensure the confidentiality, integrity, and availability of SIMKIM services.In preparing the information security risk management plan for SIMKIM, the research uses the ISO/IEC 27005 framework as the main framework in the risk management process, NIST SP 800-30 Rev. 1 as a guide for the implementation of risk assessment activities, and NIST SP 800-53 Rev. 5 as a reference for determining recommendations. From the risk assessment, 23 risk scenarios were identified that need to be mitigated by the organization and 5 risk scenarios that can be transferred to third parties. This research produces a SIMKIM information security risk management design document."

"Keamanan informasi menjadi perhatian penting bagi pemerintah dan industri karena meningkatnya serangan siber selama Covid-19. Pemerintah dalam menyelenggarakan Sistem Pemerintahan Berbasis Elektronik (SPBE) Peraturan Presiden Republik Indonesia Nomor 95 tahun 2018 berkewajiban menjamin kerahasiaan, keutuhan, ketersediaan, keaslian dan kenirsangkalan sumber daya terkait data dan informasi, Infrastruktur SPBE, dan Aplikasi SPBE. Untuk mengatasi masalah tersebut pemerintah membutuhkan pendekatan untuk implementasi pengelolaan risiko keamanan informasi dan kontrol keamanan informasi. Penelitian ini bertujuan untuk melakukan risk identification, risk analysis, risk evaluation, risk treatment, risk acceptance, pengendalian risiko, menyusun kerangka kerja manajemen risiko keamanan informasi dan menilai kematangan Cyber security maturity pada domain tata kelola, identifikasi, proteksi, deteksi dan respon. Metodologi menggunakan ISO/IEC 27005:2018 sebagai panduan melakukan risk assesment. Kode praktik untuk kontrol keamanan informasi menggunakan standar ISO/IEC 27002:2013 dan menilai kematangan siber menggunakan model cyber security matury versi 1.10 yang dikembangkan oleh Badan Siber dan Sandi Negara Republik Indonesia. Dari hasil penelitian didapatkan bahwa penilaian risiko dan pengendalian risiko dengan dua metode yang digunakan dapat meningkatkan nilai kematangan siber organisasi dari 3.19 menjadi 4.06. Hasil penelitian ini juga menunjukkan bahwa kerangka kerja manajemen risiko keamanan informasi aplikasi pengelolaan data ABC telah sesuai dengan kebutuhan Institusi XYZ dalam menjalankan proses bisnisnya.......Information security is an important concern for the government and industry due to cyber attacks during Covid-19. The government in implementing the Electronic-Based Government System (SPBE) Presidential Regulation of the Republic of Indonesia Number 95 of 2018 guarantees the confidentiality, integrity, availability, authenticity and denial of resources related to data and information, SPBE Infrastructure, and SPBE Applications. To overcome these problems, the government in the approach to the implementation of information security risks and information security controls. This study aims to carry out risk identification, risk analysis, risk evaluation, risk treatment, risk acceptance, risk control, developing an information security risk management, and evaluation of cyber ​​security maturity,  governance domain maturity, examination, protection, detection and response. The methodology uses ISO/IEC 27005:2018 as a guide for conducting a risk assessment. The code of practice for information security control uses the ISO/IEC 27002:2013 standard and assesses cyber maturity using the cyber security maturity model version 1.10 developed by the National Cyber ​​and Crypto Agency of the Republic of Indonesia. From the results of the study, it was found that risk assessment and risk control with the two methods used can improve the cyber quality of the organization from 3.19 to 4.06. The results of this study also show that the security risk management framework for the application of ABC data management application is in accordance with the needs of XYZ Institution in carrying out its business processes."

"This book presents the proceedings of the International Conference on Wireless Intelligent and Distributed Environment for Communication (WIDECOM 2019), sponsored by the University of Milan, Milan, Italy, February 11-13, 2019. The conference deals both with the important core and the specialized issues in the areas of new dependability paradigms design and performance of dependable network computing and mobile systems, as well as issues related to the security of these systems. The WIDECOM proceedings features papers addressing issues related to the design, analysis, and implementation, of infrastructures, systems, architectures, algorithms, and protocols that deal with network computing, mobile/ubiquitous systems, cloud systems, and IoT systems. It is a valuable reference for researchers, instructors, students, scientists, engineers, managers, and industry practitioners. The books structure and content is organized in such a manner that makes it useful at a variety of learning levels.Presents the proceedings of the International Conference on Wireless Intelligent and Distributed Environment for Communication (WIDECOM 2019), Milan, Italy, February 11-13, 2019; Includes an array of topics networking computing, mobile/ubiquitous systems, cloud systems, and IoT systems; Addresses issues related to protecting information security and establishing trust in the digital space."