Sulistyowati, Indri (2019) Manajemen Risiko Keamanan Informasi Dengan Metode Octave Dan ISO/EIC 27001:2013 (Studi Kasus : Universitas Airlangga). Masters thesis, Institut Teknologi Sepuluh Nopember.
Text
0921165004023-Master_thesis.pdf - Accepted Version Restricted to Repository staff only until 1 October 2022. Download (1MB) | Request a copy |
Abstract
Universitas Airlangga telah menerapk an ISO 27001: 2013 dalam tata kelola
keamanan informasi berbasis aset, yang mencakup aset informasi, aset perangkat
lunak, aset perangkat keras, aset sy stem, asset sumberdaya manusia. Namun,
banyak kerentanan dalam sistem komputasi universitas tidak dapat dimitigasi
dengan baik, sebagaimana dibuktikan oleh peretasan sistem komputasi universitas
yang terus berlanjut. Ini menunjukkan ba hwa hasil tes peretasan pada sistem
komputasi universitas tidak diidentifikasi secara lebih rinci dan tidak termasuk
dalam manajemen risiko universitas. Tujuan dari penelitian ini adalah untuk
membangun kerangka manajemen risiko keamanan informasi universitas
menggunakan metode OCTAVE berdasarkan ISO / EIC 27001: 2013. Penelitian
ini menggunakan kerangka OCTAVE untuk membangun model kerangka
manajemen risiko. Metode pengukuran akan dilakukan dengan metode kualitatif
untuk mengukur tingkat keparahan dan pr obabilitas masing-masing aset dan
metode kuantitatif untuk mengukur potensi kerugian pada biaya masing-masing
aset. Hasil penelitian ini adalah kerangka kerja manajemen risiko keamanan
informasi, sehingga kondisi keamanan informasi saat ini, ancaman, kerentanan,
penilaian risiko dapat dilakukan untuk masi ng-masing aset dan rencana mitigasi
risiko serta perhitungan pengembalian inve stasi dapat sesuai dengan kebutuhan
organisasi.
================================================================================================
Airlangga University has implemented ISO 27001: 2013 in asset-based information security governance, covering information assets, software assets, hardware assets, system assets, human resources assets. However, many vulnerabilities in university computing systems can not be mitigated properly, as evidenced by the continued hacking of university computing systems. It shows that the results of hacking tests on university computing systems are not identified in more detail and are not included in university risk management. The purpose of this research is to build a university information security risk management framework using OCTAVE method based on ISO / EIC 27001: 2013. This research uses the OCTAVE framework to build a risk management framework model. The measurement method will be done by qualitative method to measure the severity and the frequency of each asset and quantitative method to measure the potential loss on the cost of each asset. The results of this study are the information security risk management framework, so that the current information security conditions, threats, vulnerabilities, risk assessments can be carried out for each asset. The risk mitigation plan and investment return calculation can be in accordance with the needs of the organization.
Keywords: Information risk management, OCTAVE, vulnerability, return of investment
Item Type: | Thesis (Masters) |
---|---|
Additional Information: | RTMT 658.155 Sul m-1 2019 |
Uncontrolled Keywords: | Manajemen risiko keamanan informasi, OCTAVE, kerentanan, pengembalian investasi, Information risk management |
Subjects: | H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management T Technology > T Technology (General) T Technology > T Technology (General) > T174.5 Technology--Risk assessment. |
Divisions: | Faculty of Creative Design and Digital Business (CREABIZ) > Technology Management > 61101-(S2) Master Thesis |
Depositing User: | Indri Sulistyowati |
Date Deposited: | 30 Dec 2021 07:57 |
Last Modified: | 30 Dec 2021 07:57 |
URI: | http://repository.its.ac.id/id/eprint/61912 |
Actions (login required)
View Item |