Identifikasi Risiko Keamanan Informasi pada Layanan DPTSI ITS Menggunakan Pendekatan Berbasis Aset Berdasarkan SNI ISO/IEC 27005:2022

Ferdiansyah, Muhammad Rivan (2026) Identifikasi Risiko Keamanan Informasi pada Layanan DPTSI ITS Menggunakan Pendekatan Berbasis Aset Berdasarkan SNI ISO/IEC 27005:2022. Other thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 5026211092-Undergraduate_Thesis.pdf] Text
5026211092-Undergraduate_Thesis.pdf - Accepted Version
Restricted to Repository staff only
Download (1MB) | Request a copy

Abstract

Keamanan informasi di institusi pendidikan tinggi menghadapi tantangan yang semakin kompleks akibat tingginya ketergantungan pada layanan digital serta dominasi faktor manusia dan tata kelola organisasi sebagai sumber risiko. Penelitian ini bertujuan untuk mengidentifikasi, menganalisis, dan mengevaluasi risiko keamanan informasi pada Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) Institut Teknologi Sepuluh Nopember (ITS) menggunakan kerangka kerja SNI ISO/IEC 27005:2022 dengan mengacu pada kontrol keamanan SNI ISO/IEC 27002:2022. Identifikasi risiko dilakukan menggunakan pendekatan berbasis aset (asset-based) secara menyeluruh terhadap aset utama dan aset pendukung yang mencakup aspek organisasi, manusia, teknis, dan fisik. Penelitian ini menggunakan pendekatan kualitatif melalui wawancara semi-terstruktur dengan risk owner untuk memvalidasi aset, ancaman, dan kerentanan, serta analisis risiko berdasarkan kriteria kemungkinan (likelihood) dan dampak (impact). Hasil penelitian mengidentifikasi 14 risiko keamanan informasi, yang terdiri atas 1 risiko tingkat tinggi, 9 risiko tingkat sedang, dan 4 risiko tingkat rendah. Risiko dominan berasal dari kelemahan kebijakan dan prosedur keamanan informasi, ketergantungan pada personel kunci, serta pengelolaan perangkat pribadi (BYOD). Selain itu, teridentifikasi pula risiko pada aspek teknis dan fisik terkait dilema pembaruan sistem (patching) dan celah pengawasan akses ruang server yang berakar pada kendala operasional manajemen. Penelitian ini menghasilkan profil risiko keamanan informasi yang mencerminkan kondisi aktual pengelolaan aset di lingkungan DPTSI ITS dan dapat digunakan sebagai dasar penguatan strategi keamanan informasi pada tahap selanjutnya.
===================================================================================================================================
Information security in higher education institutions faces increasingly complex challenges due to high reliance on digital services and the dominance of human factors and organizational governance as sources of risk. This study aims to identify, analyze, and evaluate information security risks at the Directorate of Technology and Information System Development (DPTSI) of Institut Teknologi Sepuluh Nopember (ITS) using the SNI ISO/IEC 27005:2022 framework with reference to SNI ISO/IEC 27002:2022 security controls. Risk identification is conducted using an asset-based approach comprehensively on primary assets and supporting assets, covering organizational, people, technological, and physical aspects. This study employs a qualitative approach through semi-structured interviews with the risk owner to validate assets, threats, and vulnerabilities, followed by risk analysis based on likelihood and impact criteria. The results identified 14 information security risks, consisting of 1 high-level risk, 9 medium-level risks, and 4 low-level risks. Dominant risks stem from weaknesses in information security policies and procedures, dependency on key personnel, and management of personal devices (BYOD). Additionally, risks were identified in technical and physical aspects regarding the system update (patching) dilemma and gaps in server room access oversight, which are rooted in management operational constraints. This study produces an information security risk profile reflecting the actual condition of asset management within the DPTSI ITS environment, serving as a basis for strengthening information security strategies in the future.

Item Type: Thesis (Other)
Uncontrolled Keywords: Manajemen Risiko, Keamanan Informasi, SNI ISO/IEC 27005:2022, SNI ISO/IEC 27002:2022, Asset-Based, DPTSI ITS, Risk Management, Information Security, SNI ISO/IEC 27005:2022, SNI ISO/IEC 27002:2022, Asset-Based, DPTSI ITS.
Subjects: T Technology > T Technology (General) > T174.5 Technology--Risk assessment.
T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing
Divisions: Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information System > 57201-(S1) Undergraduate Thesis
Depositing User: Muhammad Rivan Ferdiansyah
Date Deposited: 29 Jan 2026 06:54
Last Modified: 29 Jan 2026 06:54
URI: http://repository.its.ac.id/id/eprint/131245

Actions (login required)

View Item View Item