Analisis dan Manajemen Risiko Keamanan Informasi Menggunakan Metode Failure Mode and Effects Analysis (FMEA) dan Kontrol ISO/IEC 27001:2022 (Studi Kasus: Dinas Komunikasi, Informatika, dan Statistik Kabupaten Lombok Barat)

Harjian, Alda Risma (2024) Analisis dan Manajemen Risiko Keamanan Informasi Menggunakan Metode Failure Mode and Effects Analysis (FMEA) dan Kontrol ISO/IEC 27001:2022 (Studi Kasus: Dinas Komunikasi, Informatika, dan Statistik Kabupaten Lombok Barat). Other thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 5027201004-Undergraduate_Thesis.pdf] Text
5027201004-Undergraduate_Thesis.pdf - Accepted Version
Restricted to Repository staff only until 1 October 2026.

Download (15MB) | Request a copy

Abstract

Teknologi informasi merupakan salah satu kebutuhan penting sebuah organisasi untuk menunjang kegiatan operasional serta membantu meningkatkan efisiensi dan efektifitas proses kegiatan organisasi. Tidak dapat dipungkiri bahwa penggunaan teknologi informasi akan melibatkan beberapa tingkat risiko keamanan informasi, yang menyebabkan bisnis atau lembaga pemerintah harus mengungkapkan aset informasi mereka. Dinas Komunikasi, Informatika, dan Statistik Kabupaten Lombok Barat merupakan lembaga pemerintah daerah yang bertanggung jawab atas pengelolaan dan penyediaan informasi serta statistik di wilayah Kabupaten Lombok Barat. Diketahui bahwa DISKOMINFOTIK Kabupaten Lombok Barat belum memiliki kebijakan manajemen risiko yang mengatur tentang keamanan informasi. Tujuan penelitian ini untuk mengetahui faktor yang mempengaruhi aset keamanan informasi, mengidentifikasi, menilai, dan memberikan rekomendasi mitigasi risiko pada DISKOMINFOTIK. Pengumpulan data dan informasi pada penelitian ini dilakukan melalui observasi, wawancara, kuesioner, dan peninjauan dokumen. Metode Failure Mode and Effect Analysis (FMEA) digunakan untuk melakukan identifikasi proses bisnis, penyebab kegagalan, dampak kegagalan dan memberikan penilaian berdasarkan 4 penilaian yaitu tingkat keparahan (severity), tingkat kejadian (occurrence), tingkat deteksi (detection), dan RPN (Risk Priority Number). Sedangkan ISO/IEC 27001 digunakan untuk memberikan rekomendasi mitigasi risiko. Dalam penelitian ini, diperoleh hasil 37 penyebab potensial dan 29 identifikasi risiko dari kategori aset hardware, software, people, network, dan data. Kemudian, berdasarkan hasil Risk Priority Number (RPN) terdapat 3 ancaman risiko dengan kategori very low, 11 ancaman risiko dengan kategori low, 6 ancaman risiko dengan kategori moderate, 11 ancaman risiko dengan kategori high, dan 6 ancaman risiko dengan kategori very high. Penelitian ini menggunakan Standar Nasional Indonesia (SNI) ISO/IEC 27001:2022, yang dimana terdapat 9 kontrol keamanan yang digunakan sebagai upaya untuk mengurangi risiko dari ancaman yang teridentifikasi.
==================================================================================================================================
Information technology is one of the important needs of an organization to support operational activities and help improve the efficiency and effectiveness of organizational activity processes. It is inevitable that the use of information technology will involve some level of information security risk, which causes businesses or government agencies to have to disclose their information assets. The Communication, Informatics and Statistics Office of West Lombok Regency is a local government agency responsible for managing and providing information and statistics in the West Lombok Regency area. It is known that DISKOMINFOTIK West Lombok Regency does not yet have a risk management policy that regulates information security. The purpose of this study is to determine the factors that affect information security assets, identify, assess, and provide recommendations for risk mitigation at DISKOMINFOTIK. Data and information collection in this study was carried out through observation, interviews, questionnaires, and document review. The Failure Mode and Effect Analysis (FMEA) method is used to identify business processes, causes of failure, the impact of failure and provide an assessment based on 4 assessments, namely severity, occurrence rate, detection rate, and RPN (Risk Priority Number). While ISO/IEC 27001 is used to provide risk mitigation recommendations. In this study, 37 potential cause and 29 risk identifications were obtained from the hardware, software, people, network, and data asset categories. Then, based on the Risk Priority Number (RPN) results, there are 3 risk threats with a very low category, 11 risk threats with a low category, 6 risk threats with a moderate category, 11 risk threats with a high category, and 6 risk threats with a very high category. This research uses the Indonesian National Standard (SNI) ISO / IEC 27001: 2022, where there are 9 security controls used as an effort to reduce the risk of identified threats.

Item Type: Thesis (Other)
Uncontrolled Keywords: Failure Mode and Effect Analysis (FMEA), ISO/IEC 27001:2022, Keamanan Informasi, Manajemen Risiko Failure Mode and Effect Analysis (FMEA), Information Security, ISO/IEC 27001: 2022, Risk Management
Subjects: T Technology > T Technology (General) > T174.5 Technology--Risk assessment.
T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing
Divisions: Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information Technology > 59201-(S1) Undergraduate Thesis
Depositing User: Alda Risma Harjian
Date Deposited: 18 Jul 2024 04:38
Last Modified: 18 Jul 2024 04:38
URI: http://repository.its.ac.id/id/eprint/108427

Actions (login required)

View Item View Item