Full Description
| Record of Work | Karya Akhir |
| Cataloguing Source | LibUI ind rda |
| Content Type | text (rdacontent) |
| Media Type | computer (rdamedia) |
| Carrier Type | online resource (rdacarrier) |
| Physical Description | xiv, 107 pages : illustration ; appendix |
| Concise Text | |
| Holding Institution | Universitas Indonesia |
| Location | Perpustakaan UI |
- Availability
- Digital Files: 1
- Review
- Cover
- Abstract
| Call Number | Barcode Number | Availability |
|---|---|---|
| TA-Pdf | 16-21-331132949 | TERSEDIA |
| No review available for this collection: 20502760 |
Abstract
ABSTRAK
Hasil audit TI tahun 2016 merekomendasikan BPK RI untuk membuat kebijakan terkait keamanan data dan informasi, agar dapat menerapkan tata kelola teknologi informasi dan komunikasi (TKTIK) BPK RI. Sebagai pemeriksa pemeriksa eksternal pemerintah, BPK RI wajib untuk melaksanakan UU Nomor 15 Tahun 2006 tentang BPK. Di dalamnya menyuratkan bahwa BPK RI harus mengamankan data kertas kerja pemeriksaan (KKP) dan membatasi pemakaiannya hanya untuk keperluan pemeriksaan saja. BPK RI menggunakan Sistem Aplikasi Pemeriksaan (SiAP) untuk mendokumentasikan KKP yang sudah didapatkan dan diolah saat pemeriksaan. Karena itu, SiAP sebagai sistem elektronik strategis BPK RI harus dilengkapi dengan fasilitas yang menjamin keamanan informasinya. Hal itu sejalan dengan Permenkominfo tentang sistem manajemen pengamanan informasi. Dari kebutuhan tersebut, maka kebijakan keamanan informasi terhadap SiAP menjadi prioritas untuk dibuat terlebih dahulu sebelum dokumen dan aksi lainnya sesuai urutan tata dokumen keamanan informasi. Kebijakan keamanan informasi ini disusun dengan menggunakan ISO/IEC 27001 sebagai kerangka utama, ISO/IEC 31000 terkait konteks organisasi, dilengkapi dengan NIST SP 800-53r4 dan elemen-elemen dari penelitian sebelumnya. Penelitian ini disusun mulai dari perumusan masalah, penyusunan kerangka kerja, penyusunan kebijakan penanganan risiko keamanan informasi (focus group discussion/FGD bersama pelaku TIK di BPK RI), hingga menghasilkan kebijakan keamanan informasi terhadap SiAP.
ABSTRACT The result of IT Audit on 2016 recommended BPK RI to construct data and information security policy to comply with Information and Communication Technology governance in BPK. As independent external auditor of government, BPK RI must conform with Law number 15 of 2016 regarding BPK RI. It states that BPK RI must secure audit workpaper and limit its use for audit purposes only. BPK RI use Sistem Aplikasi Pemeriksaan (SiAP) to record audit workpapers which are obtained and processed during the audit. Consequently, as strategic electronic system of BPK RI, SiAP must be equipped by facilities which ensure its security of information. It is aligned with the Minister of Communication and Information Regulation regarding the information security management system. From those needs, the information security policy for SiAP is a priority to be made foremost before the documents and other actions in accordance with the order of information security document system. This information security policy was prepared using ISO / IEC 27001 as the main structure, ISO / IEC 31000 related to organizational context, supplemented with NIST SP 800-53r4 and elements from former researchs. This research was compiled starting from the formulation of the problem, the forming of the framework, the compiling of information security risk management policies (focus group discussions / FGDs with ICT actors in BPK RI), until producing information security policy for SiAP.
ABSTRACT The result of IT Audit on 2016 recommended BPK RI to construct data and information security policy to comply with Information and Communication Technology governance in BPK. As independent external auditor of government, BPK RI must conform with Law number 15 of 2016 regarding BPK RI. It states that BPK RI must secure audit workpaper and limit its use for audit purposes only. BPK RI use Sistem Aplikasi Pemeriksaan (SiAP) to record audit workpapers which are obtained and processed during the audit. Consequently, as strategic electronic system of BPK RI, SiAP must be equipped by facilities which ensure its security of information. It is aligned with the Minister of Communication and Information Regulation regarding the information security management system. From those needs, the information security policy for SiAP is a priority to be made foremost before the documents and other actions in accordance with the order of information security document system. This information security policy was prepared using ISO / IEC 27001 as the main structure, ISO / IEC 31000 related to organizational context, supplemented with NIST SP 800-53r4 and elements from former researchs. This research was compiled starting from the formulation of the problem, the forming of the framework, the compiling of information security risk management policies (focus group discussions / FGDs with ICT actors in BPK RI), until producing information security policy for SiAP.