Analisis Manajemen Risiko Keamanan Informasi Operator Selular Menggunakan Iso 27005 Dan Nist Sp 800-30

Ariwisnu, Narendro (2023) Analisis Manajemen Risiko Keamanan Informasi Operator Selular Menggunakan Iso 27005 Dan Nist Sp 800-30. Masters thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 6032202062_Master_Thesis.pdf] Text
6032202062_Master_Thesis.pdf - Accepted Version
Restricted to Repository staff only until 1 April 2025.

Download (2MB) | Request a copy

Abstract

Saat ini Sistem Manajemen Keamanan Informasi merupakan tantangan teknologi terbesar dalam sebuah organisasi dan berinvestasi pada keamanan informasi merupakan kunci untuk mencapai tujuan organisasi. Saudi Arabia menjadi salah satu target utama dalam serangan cyber, disebabkan oleh posisi geopolitik dan sumber daya minyaknya yang melimpah. Serangan cyber yang dilakukan tidak hanya ke perusahaan minyak, namun juga di sektor yang dianggap sebagai infrastruktur kritikal seperti telekomunikasi. Ancaman terhadap sistem keamanan informasi tidak hanya datang dari eksternal namun juga internal. Dari pertengahan tahun 2019 hingga akhir 2021, sebuah operator selular di Saudi Arabia, menerbitkan 21 Emergency Ticket yang mengharuskan sebuah insiden ditangani langsung dengan sesegara mungkin untuk mengatasi dampak yang merugikan bagi perusahaan. Penelitian ini menjelaskan bagaimana mengidentifikasi aset, kemungkinan terjadinya ancaman (threats) dan kerentanan (vulnerabilities), menganalisa risiko serta melakukan evaluasi risiko dengan menggunakan standar dari ISO 27005:2018 dan panduan NIST SP800-30 revision 1. Berdasarkan evaluasi risiko menggunakan ISO 27005:2018 dan analisis kesenjangan (gap analysis) implementasi kontrol dari ISO 27001:2013, penelitian ini memberikan rekomendasi kontrol-kontrol keamanan yang harus dilakukan untuk menjaga dan memperbaiki keamanan informasi pada operator selular. Penelitian dilakukan dengan pendekatan kualitatif menggunakan metode obervasi, peninjauan dokumen dan wawancara, di salah satu operator selular, di Arab Saudi. Hasil penelitian ini memberikan rekomendasi kontrol keamanan di operator selular, diantaranya berupa pembuatan monitoring tools untuk memantau penggunaan resources dan license, iv memastikan keberlanjutan layanan servis hardware/software, memiliki sistem redudansi terhadap aplikasi bisnis proses yang penting, serta memiliki lingkungan uji coba.
==============================================================================================================================
Nowadays, Information Security Management System has become the greatest challenge in an organization and investing in information security has become a key factor to reach organization’s goals. Saudi Arabia is one of the most targeted countries in cyber attack, due to its geopolitical position and its abundant of oil resources. Cyber attack not only happened in oil company, but also to other sector which is considered as critical infrastructure such as Telecommunication sector. Threats of information security not only happened from externally, but also internally. This research has been done in one of cellular operator in Saudi Arabia. From middle of 2019 until end of 2021, it has raised 21 Emergency Tickets, which need immediate response and solution to fix the incident as soon as possible in timely manner, otherwise it could do harmful for the company in business mission perspective. This research explains how to identify asets, threats, and vulnerabilities, risk analysis along with risk evaluation, using ISO 27005:2018 standart and guidance of NIST SP800-30 revision 1. Based on risk evaluation using ISO 27005:2018 and gap analysis of implemented existing security control from ISO 27001:2013, it provides control sets recommendation that need to be implemented as an improvement in cellular operator. This research uses qualitative approached via observation, document review and interview, at one of the cellular operator, in Saudi Arabaia. As a result, this research gives recommendation of information security control in operator cellular, such as develop monitoring tools to supervise resource and license utilization, extend hardware/software service vi support continuity, have a redundancy in critical business process application, and establish test bed environment.

Item Type: Thesis (Masters)
Uncontrolled Keywords: ISO 27001, ISO 27005, Sistem Manajemen Keamanan Informasi, NIST, gap analysis, Information Security Management System
Subjects: T Technology > T Technology (General) > T58.6 Management information systems
Divisions: Interdisciplinary School of Management and Technology (SIMT) > 61101-Master of Technology Management (MMT)
Depositing User: Narendro Ariwisnu
Date Deposited: 06 Feb 2023 19:45
Last Modified: 06 Feb 2023 19:45
URI: http://repository.its.ac.id/id/eprint/96344

Actions (login required)

View Item View Item