Juliana, Agnes (2026) Rancang Bangun Sistem Informasi Manajemen Risiko Berbasis SNI ISO/IEC 27005:2022 untuk Mendukung Implementasi SMKI Pada Penyelenggara Sistem Elektronik. Other thesis, Institut Teknologi Sepuluh Nopember.
![[thumbnail of 5026221006-Undergraduate_Thesis.pdf]](http://repository.its.ac.id/style/images/fileicons/text.png) |
Text
5026221006-Undergraduate_Thesis.pdf - Accepted Version Restricted to Repository staff only Download (17MB) | Request a copy |
Abstract
Penyelenggara Sistem Elektronik (PSE) memiliki tanggung jawab dalam menjaga keamanan informasi sebagai bagian dari penyelenggaraan layanan berbasis sistem elektronik. Seiring meningkatnya pemanfaatan teknologi digital, organisasi dihadapkan pada berbagai risiko keamanan informasi yang memerlukan pengelolaan secara sistematis dan terstruktur. SNI ISO/IEC 27005:2022 menyediakan kerangka kerja manajemen risiko keamanan informasi yang mendukung pendekatan berbasis risiko dalam penerapan Sistem Manajemen Keamanan Informasi (SMKI) sesuai SNI ISO/IEC 27001:2022. Namun, dalam praktiknya, banyak PSE masih mengelola risiko secara manual, sehingga menyulitkan proses dokumentasi dan evaluasi risiko secara konsisten. Penelitian ini bertujuan untuk merancang dan membangun sistem manajemen risiko keamanan informasi berbasis web yang mengacu pada SNI ISO/IEC 27005:2022 untuk mendukung pengelolaan risiko pada PSE. Sistem dirancang dengan memetakan tahapan manajemen risiko ke dalam modul-modul terintegCIi serta menerapkan pendekatan berbasis peran. Sistem juga menyediakan fleksibilitas dalam penilaian risiko melalui penggunaan matriks kemungkinan–dampak dan metode Failure Mode and Effects Analysis (FMEA). Pengembangan sistem dilakukan menggunakan metodologi SDLC Waterfall. Hasil pengujian menunjukkan bahwa seluruh modul utama sistem dapat berjalan sesuai fungsinya dan sistem berada pada kategori layak digunakan berdasarkan pengujian System Usability Scale (SUS). Selain itu, pengujian aplikabilitas menggunakan data risk register riil dari lembaga pendidikan tingkat SMK menunjukkan bahwa sistem mampu menangani data risiko dalam konteks organisasi nyata. Dengan demikian, sistem yang dikembangkan dinilai aplikatif dan relevan untuk mendukung pengelolaan risiko keamanan informasi pada PSE dengan karakteristik serupa.
==================================================================================================================================
Electronic System Providers (ESPs) are responsible for ensuring information security as part of the delivery of electronic-based services. As the use of digital technology continues to increase, organizations face various information security risks that require systematic and structured management. SNI ISO/IEC 27005:2022 provides a framework for information security risk management that supports the risk-based approach required in the implementation of an Information Security Management System (ISMS) in accordance with SNI ISO/IEC 27001:2022. However, in practice, many ESPs still manage risks manually, making consistent risk documentation and evaluation difficult to achieve. This study aims to design and develop a web-based information security risk management system based on SNI ISO/IEC 27005:2022 to support risk management activities in ESPs. The system is designed by mapping the stages of risk management into integrated modules and implementing a peran-based approach. The system also provides flexibility in risk assessment through the use of likelihood–impact matrices and the Failure Mode and Effects Analysis (FMEA) method. System development follows the Waterfall Software Development Life Cycle (SDLC). The testing results show that all main system modules function as intended, and usability testing using the System Usability Scale (SUS) indicates that the system falls within an acceptable usability category. In addition, applicability testing using a real risk register from a vocational high school demonstrates that the system is capable of handling risk data in a real organizational context. Therefore, the developed system is considered applicable and relevant for supporting information security risk management in ESPs with similar characteristics.
| Item Type: | Thesis (Other) |
|---|---|
| Uncontrolled Keywords: | Manajemen Risiko, Website, PSE, ISO/IEC 27005:2022, ISO/IEC 27001:2022, Risk Management, Web-based System, PSE, ISO/IEC 27005:2022, ISO/IEC 27001:2022 |
| Subjects: | T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing |
| Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information System > 57201-(S1) Undergraduate Thesis |
| Depositing User: | Agnes Juliana |
| Date Deposited: | 29 Jan 2026 08:33 |
| Last Modified: | 29 Jan 2026 08:33 |
| URI: | http://repository.its.ac.id/id/eprint/131296 |
Actions (login required)
 |
View Item |