Hasya, Dylan Kaisar (2025) Evaluasi Manajemen Risiko Keamanan Informasi Di Ruang Server Diskominfo Kabupaten Mojokerto Berdasarkan ISO/IEC 27001:2022 Dan ISO/IEC 27002:2022. Other thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 5026211131-Undergraduate_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
5026211131-Undergraduate_Thesis.pdf Restricted to Repository staff only Download (4MB) |
Abstract
Keamanan informasi merupakan elemen krusial dalam penyelenggaraan layanan e-Government, terutama pada infrastruktur penting seperti ruang server yang menyimpan data sensitif milik instansi pemerintah. Penelitian ini bertujuan untuk mengevaluasi manajemen risiko keamanan informasi di ruang server Dinas Komunikasi dan Informatika (Diskominfo) Kabupaten Mojokerto dengan menggunakan pendekatan standar ISO/IEC 27001:2022 dan ISO/IEC 27002:2022. Metodologi yang digunakan meliputi observasi langsung, wawancara, penyebaran kuesioner kepatuhan, serta pengujian keamanan (Scanning Website) terhadap website resmi Diskominfo menggunakan OWASP ZAP. Hasil evaluasi menunjukkan adanya sejumlah kerentanan, seperti tidak adanya header keamanan (Content-Security-Policy, Strict-Transport-Security), konfigurasi cookie yang tidak aman, serta potensi serangan XSS, CSRF, dan kelemahan dalam manajemen sesi dan autentikasi. Tingkat kepatuhan terhadap kontrol ISO/IEC 27001:2022 juga masih belum optimal. Penelitian ini menyusun rekomendasi teknis dan kebijakan mitigatif, antara lain pembentukan SOP keamanan informasi, penguatan kontrol akses, konfigurasi keamanan aplikasi web, serta peningkatan kesadaran staf terhadap risiko siber. Temuan ini diharapkan dapat menjadi dasar perbaikan manajemen keamanan informasi yang lebih sistematis dan sejalan dengan praktik terbaik internasional, sehingga meningkatkan ketahanan siber dan kepercayaan publik terhadap layanan digital pemerintah daerah.
===================================================================================================================================
Information security is a crucial element in the implementation of e-Government services, especially in critical infrastructure such as server rooms that store sensitive data belonging to government agencies. This study aims to evaluate information security risk management in the server room of the Mojokerto Regency Communication and Informatics Service (Diskominfo) using the ISO/IEC 27001:2022 and ISO/IEC 27002:2022 standard approaches. The methodology used includes direct observation, interviews, distribution of compliance questionnaires, and security testing of the official Diskominfo website using OWASP ZAP. The evaluation results showed a number of vulnerabilities, such as the absence of security headers (Content-Security-Policy, Strict-Transport-Security), insecure cookie configurations, and potential XSS, CSRF attacks, and weaknesses in session management and authentication. The level of compliance with ISO/IEC 27001 controls is also still not optimal. This study compiles technical recommendations and mitigation policies, including the establishment of information security SOPs, strengthening access control, configuring web application security, and increasing staff awareness of cyber risks. These findings are expected to be the basis for improving information security management that is more systematic and in line with international best practices, thereby increasing cyber resilience and public trust in local government digital services
| Item Type: | Thesis (Other) |
|---|---|
| Uncontrolled Keywords: | Keamanan Informasi, Manajemen Risiko, ISO/IEC 27001:2022, ISO/IEC 27002:2022, Scanning Website , e-Government Information Security, Risk Management, ISO/IEC 27001:2022, ISO/IEC 27002:2022, Scanning Website, e-Government |
| Subjects: | T Technology > T Technology (General) > T58.6 Management information systems |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information System > 57201-(S1) Undergraduate Thesis |
| Depositing User: | Dylan Kaisar Hasya |
| Date Deposited: | 25 Jul 2025 04:06 |
| Last Modified: | 25 Jul 2025 04:06 |
| URI: | http://repository.its.ac.id/id/eprint/121533 |
Actions (login required)
 |
View Item |