Analisis Keamanan TI Berbasis Risiko Pada Perusahaan XYZ Menggunakan Standar ISO 27001:2022

Iswidono, Daffa Maheswara (2026) Analisis Keamanan TI Berbasis Risiko Pada Perusahaan XYZ Menggunakan Standar ISO 27001:2022. Other thesis, Institut Teknologi Sepuluh Nopember.

Text 5026211136-Undergraduate_Thesis.pdf Restricted to Repository staff only Download (3MB) | Request a copy

Abstract

Peningkatan penggunaan teknologi informasi dalam kegiatan bisnis menimbulkan potensi risiko yang semakin besar terhadap keamanan informasi organisasi. Penelitian ini bertujuan untuk menganalisis tingkat keamanan teknologi informasi berbasis risiko pada Perusahaan XYZ menggunakan standar ISO 27001:2022, serta memberikan rekomendasi pengendalian risiko berdasarkan ISO 27002:2022. Penilaian dilakukan melalui tahapan penentuan konteks, gap assessment, dan penanganan risiko dengan objek penelitian berupa Loyalty Management System. Hasil penelitian menunjukkan bahwa dari total 120 persyaratan yang dievaluasi, sebanyak 89 persyaratan telah terpenuhi dengan tingkat kepatuhan (percentage conformant) sebesar 74,16%, yang menandakan bahwa penerapan Sistem Manajemen Keamanan Informasi (SMKI) telah berjalan dengan baik, meskipun masih diperlukan pembaruan kebijakan dan bukti implementasi yang terdokumentasi. Ditemukan 22 risiko inheren dengan kategori tinggi yang berhasil diturunkan menjadi risiko residual rendah setelah penerapan corrective action sesuai ISO 27002:2022. Hasil ini menunjukkan bahwa pendekatan pengelolaan risiko yang sistematis dan penerapan kontrol yang tepat dapat meningkatkan efektivitas SMKI dan kesiapan organisasi menuju sertifikasi ISO 27001:2022.
==================================================================================================================================
The growing use of information technology in business activities has increased potential risks to organizational information security. This study aims to analyze the level of risk-based information technology security at XYZ Company using the ISO 27001:2022 standard and to provide risk management recommendations based on ISO 27002:2022. The assessment was conducted through several stages, including context establishment, gap assessment, and corrective action determination, with the Loyalty Management System as the research object. The results indicate that out of 120 requirements evaluated, 89 were fulfilled, resulting in a 74.16% compliance rate, signifying that the implementation of the Information Security Management System (ISMS) is in good condition but still requires policy updates and documented evidence of implementation. A total of 22 inherent risks categorized as high were successfully reduced to low residual risks after applying corrective controls aligned with ISO 27002:2022. These findings demonstrate that a systematic risk management approach, supported by appropriate technical and operational controls, can effectively enhance the performance of the ISMS and strengthen the organization’s readiness for ISO 27001:2022 certification

Item Type:	Thesis (Other)
Uncontrolled Keywords:	ISO 27001:2022, ISO 27002:2022, Manajemen Risiko, Gap Assessment, Mitigasi Risiko, Tindakan Korektif.
Subjects:	T Technology > T Technology (General) > T174.5 Technology--Risk assessment. T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing
Divisions:	Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information System > 57201-(S1) Undergraduate Thesis
Depositing User:	Daffa Maheswara Iswidono
Date Deposited:	30 Jan 2026 01:25
Last Modified:	30 Jan 2026 01:25
URI:	http://repository.its.ac.id/id/eprint/131059

Actions (login required)

View Item