Rekomendasi Perancangan Sistem Manajemen Keamanan Informasi (SMKI) Menggunakan Metode AHP-TOPSIS Berdasarkan ISO/IEC 27001:2005 (Studi Kasus: PT PJB SERVICES)

Djajanto, Purnomo Dwi (2018) Rekomendasi Perancangan Sistem Manajemen Keamanan Informasi (SMKI) Menggunakan Metode AHP-TOPSIS Berdasarkan ISO/IEC 27001:2005 (Studi Kasus: PT PJB SERVICES). Masters thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 09211650055004-Master_Thesis.pdf]
Preview
Text
09211650055004-Master_Thesis.pdf - Accepted Version

Download (6MB) | Preview

Abstract

PT. PJB Services adalah perusahaan yang didirikan untuk memenuhi kebutuhan lini bisnis dalam memberikan jasa operasi dan pemeliharaan unit pembangkit listrik. Pengelolaan keamanan informasi pada PT. PJB Services selama ini hanya didasarkan pada praktik dasar keamanan yang melalui proses peningkatan tanpa adanya dasar pedoman. Perusahaan cenderung melakukan peningkatan keamanan informasi berdasarkan trend yang berkembang saat itu atau saat terjadinya insiden yang berkaitan dengan keamanan informasi. Tanpa adanya pengelolaan keamanan informasi yang baik dan berkelanjutan pada perusahaan, maka perusahaan sangat rentan terdahap ancaman keamanan informasi yang ada.
Berdasarkan hal tersebut, penelitian difokuskan kepada rekomendasi perancangan Sistem Manajemen Keamanan Informasi (SMKI) untuk PT PJB Services khususnya di Divisi Teknologi Informasi (TI). SMKI merupakan sebuah sistem manajemen yang berdasarkan pendekatan risiko aset informasi untuk memantapkan, menerapkan, menjalankan, memantau, meninjau ulang, memelihara dan meningkatkan keamanan informasi. Penelitian ini menggabungkan penggunaan AHP-TOPSIS dengan berdasar pada ISO/IEC 27001:2005 dalam pembuatan perancangan SMKI. Proses assessment menggunakan ISO/IEC 27001:2005, dari hasil audit akan didapatkan kontrol beserta cara penanganan berdasarkan beberapa kriteria dari resiko tersebut, setelah itu akan dilakukan proses rekomendasi menggunakan metode AHP-TOPSIS sehingga akan mendapatkan prioritas kontrol dalam penanganan keamanan informasi.
Hasil dari penelitian ini, sebanyak 45 aset informasi dan 224 risiko yang dapat diidentifikasi. Prioritas kontrol yang direkomendasikan sesuai dari hasil penelitian ini adalah Security Policy, Organization of Information Security, Human Resource Policy, Physical and Environmental Security, Communications and Operations Management, Access Control, Information Security Incident Management, Asset Management, Information System Acquisition Development and Maintenance.

===========================================================

PT. PJB Services is a company established to meet the needs of business lines in providing services operation and maintenance of power plant. Information security management at PT. PJB Services has been based solely on basic security practices through an improvement process in the absence of a guideline. Companies improve information security based on current trends or incidents related to information security. In the absence of good and sustainable corporate information security management, companies are vulnerable to existing information security threats.
Based on that situation, this research focused on designing recommendation of Information Security Management System (ISMS) for PT PJB Services, especially in the Division of Information Technology (IT). The ISMS is a management system based on an information asset risk approach to consolidate, implement, monitor, review, maintain and enhance information security. This study combines the use of AHP-TOPSIS based on ISO / IEC 27001: 2005 in making ISMS design. The assessment process using ISO / IEC 27001: 2005, from the assessment results will be obtained control and how to handle based on several criteria of the risk, after that, the recommendation process will be done using AHP-TOPSIS method so it will get priority control in handling information security.
The results of this study, 45 information assets and 224 risks that can be identified. The recommended priority controls from the results of this study are Security Policy, Organization of Information Security, Human Resource Policy, Physical and Environmental Security, Communications and Operations Management, Access Control, Information Security Incident Management, Asset Management, Information Systems Acquisition Development and Maintenance.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Sistem Manajemen Kemanan Informasi (SMKI), ISO/IEC 27001:2005, AHP-TOPSIS
Subjects: T Technology > T Technology (General)
T Technology > T Technology (General) > T174.5 Technology--Risk assessment.
Divisions: 61101-Magister Management Technology
Depositing User: Purnomo Dwi Djajanto
Date Deposited: 21 Jun 2021 02:40
Last Modified: 21 Jun 2021 02:40
URI: http://repository.its.ac.id/id/eprint/54425

Actions (login required)

View Item View Item