Model Manajemen Risiko Sistem Informasi Untuk Sistem Informasi Manajemen Kepegawaian

Authors

  • Eka Yulisuyanti Bina Nusantara University
  • Benfano Soewito Bina Nusantara University

DOI:

https://doi.org/10.33633/tc.v22i3.8356

Keywords:

Manajemen Risiko, Model Manajemen Risiko Sistem Informasi, Sistem Informasi Kepegawaian, Contingency Plan, NIST

Abstract

Sistem informasi dan aplikasi manajemen kepegawaian memiliki peran penting dalam menjaga kerahasiaan data pribadi karyawan, terutama di sektor pemerintahan di mana manajemen karier sangat bergantung pada informasi dari data Aparatur Sipil Negara (ASN) dalam sistem informasi kepegawaian. Selain sebagai sumber informasi, aplikasi ini juga berfungsi sebagai perantara pengguna dan database. Namun, seringkali aplikasi ini menjadi target serangan siber yang bertujuan mengakses data pribadi ASN. Tidak ada aplikasi yang dapat menjamin keamanan mutlak atau bebas dari serangan semacam itu. Oleh karena itu, diperlukan pengembangan manajemen risiko teknologi informasi yang dapat diimplementasikan saat terjadi serangan. Penerapan framework standar untuk manajemen risiko dalam sistem informasi tidaklah mudah, sehingga diperlukan pedoman yang komprehensif. Penelitian ini bertujuan membangun model manajemen risiko khusus untuk sistem informasi kepegawaian, mengadopsi panduan NIST 800-34 Rev 1 dan NIST 800-61 Rev 2, serta mengintegrasikan teori terkait dengan pengembangan manajemen risiko dan contingency plan yang ada. Metode penelitian melibatkan tinjauan literatur sebelumnya dan analisis panduan NIST terkait manajemen risiko teknologi informasi untuk mengidentifikasi tahapan yang signifikan pada model manajemen risiko dalam sistem informasi. Penelitian ini akan menghasilkan model manajemen risiko yang mencakup analisis dampak bisnis, rencana tanggap insiden, dan rencana pemulihan bencana, dirancang khusus untuk sistem informasi kepegawaian dalam konteks pemerintahan.

References

J. M. Cavanillas, E. Curry, and W. Wahlster, “The Big Data Value Opportunity,” in New Horizons for a Data-Driven Economy, Cham: Springer International Publishing, 2016, pp. 3–11. doi: 10.1007/978-3-319-21569-3_1.

Z. Ke and L. Yongzhen, “Research on Internet data security and privacy protection,” J Phys Conf Ser, vol. 2005, no. 1, p. 012004, Aug. 2021, doi: 10.1088/1742-6596/2005/1/012004.

Republik Indonesia, Peraturan Pemerintah Republik Indonesia Nomor 11 Tahun 2017 tentang Manajemen Pegawai Negeri Sipil. Republik Indonesia, 2017.

R. Aswandi, P. Muchsin, and M. Sultan, “Perlindungan Data dan Informasi Pribadi melalui Indonesia Data Protection System (IDPS),” Jurnal Legislatif, Fakultas Hukum, Universitas Hasanudin, vol. 3, no. 2, pp. 167–190, Jun. 2020.

A. Ibrahim, C. Valli, I. McAteer, and J. Chaudhry, “A security review of local government using NIST CSF: a case study,” J Supercomput, vol. 74, no. 10, pp. 5171–5186, Oct. 2018, doi: 10.1007/s11227-018-2479-2.

M. Frayssinet Delgado, D. Esenarro, F. F. Juárez Regalado, and M. Díaz Reátegui, “Methodology based on the NIST cybersecurity framework as a proposal for cybersecurity management in government organizations,” 3C TIC: Cuadernos de desarrollo aplicados a las TIC, vol. 10, no. 2, pp. 123–141, Jun. 2021, doi: 10.17993/3ctic.2021.102.123-141.

S. Salnyk, P. Sydorkin, S. Nesterenko, A. Zaytcev, and M. Konotopetc, “Comparative analysis of the us ISO and NIST standards on assessing the risk of information leakage in communication systems,” Journal of Scientific Papers “Social development and Security,” vol. 10, no. 6, pp. 29–39, Dec. 2020, doi: 10.33445/sds.2020.10.6.4.

A. Setyawan, Y. Giri Sucahyo, and A. Gandhi, “Design of Disaster Recovery Plan: State University in Indonesia,” in 2020 Fifth International Conference on Informatics and Computing (ICIC), IEEE, Nov. 2020, pp. 1–5. doi: 10.1109/ICIC50835.2020.9288543.

Yevhenii Kurii and Ivan Opirskyy, “Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001:2013,” Cybersecurity Providing in Information and Telecommunication Systems, , Kyiv, Ukraine, Oct. 2022.

C. S. Puteho, A. Gamundani, and I. Nhamu, “Applying the NIST cybersecurity framework in developing a digital forensic incident response roadmap for the security sector in Namibia,” SSRN Electronic Journal, 2023, doi: 10.2139/ssrn.4332936.

National Institute of Standards and Technology, “Risk management framework for information systems and organizations:,” Gaithersburg, MD, Dec. 2018. doi: 10.6028/NIST.SP.800-37r2.

L. Tello-Oquendo et al., “A Structured Approach to Guide the Development of Incident Management Capability for Security and Privacy,” in Proceedings of the 21st International Conference on Enterprise Information Systems, SCITEPRESS - Science and Technology Publications, 2019, pp. 328–336. doi: 10.5220/0007753503280336.

A. Rabello, J. Goulart, M. Karam, M. Pitanga, R. Filho, and R. Ricioni, “Proposed Incident Response Methodology for Data Leakage,” ICSEA 2021 : The Sixteenth International Conference on Software Engineering Advances, pp. 50–55, 2021.

National Institute of Standards and Technology, “NIST Special Publication 800-57 Part 1 Revision 5,” Gaithersburg, MD, May 2020. doi: 10.6028/NIST.SP.800-57pt1r5.

Michael E. Whitman; Herbert J. Mattord, Principles of Incident Response & Disaster Recovery 3rd Edition . 2022.

N. Shinde and P. Kulkarni, “Cyber incident response and planning: a flexible approach,” Computer Fraud & Security, vol. 2021, no. 1, pp. 14–19, Jan. 2021, doi: 10.1016/S1361-3723(21)00009-9.

D. Mahima, “Cyber Threat in Public Sector: Modeling an Incident Response Framework,” in 2021 International Conference on Innovative Practices in Technology and Management (ICIPTM), IEEE, Feb. 2021, pp. 55–60. doi: 10.1109/ICIPTM52218.2021.9388333.

A. O. L. S. and C. R. Alexandre Fernandes, “A Strategy for Implementing an Incident Response Plan,” in Proceedings of the European Conference on Information Warfare and Security, Academic Conferences International Ltd, 2021. doi: 10.34190/EWS.21.080.

R. Knight and J. R. C. Nurse, “A framework for effective corporate communication after cyber security incidents,” Comput Secur, vol. 99, p. 102036, Dec. 2020, doi: 10.1016/j.cose.2020.102036.

Y. He, L. Maglaras, A. Aliyu, and C. Luo, “Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure,” Security and Communication Networks, vol. 2022, pp. 1–10, Feb. 2022, doi: 10.1155/2022/2775249.

Downloads

Published

2023-08-24

Issue

Vol. 22 No. 3 (2023): Agustus 2023

Section

Articles

License

 

License Terms

All articles published in Techno.COM Journal are licensed under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0). This means:

1. Attribution

Readers and users are free to:

  • Share – Copy and redistribute the material in any medium or format.

  • Adapt – Remix, transform, and build upon the material.

As long as proper credit is given to the original work by citing the author(s) and the journal.

2. Non-Commercial Use

  • The material cannot be used for commercial purposes.

  • Commercial use includes selling the content, using it in commercial advertising, or integrating it into products/services for profit.

3. Rights of Authors

  • Authors retain copyright and grant Techno.COM Journal the right to publish the article.

  • Authors can distribute their work (e.g., in institutional repositories or personal websites) with proper acknowledgment of the journal.

4. No Additional Restrictions

  • The journal cannot apply legal terms or technological measures that restrict others from using the material in ways allowed by the license.

5. Disclaimer

  • The journal is not responsible for how the published content is used by third parties.

  • The opinions expressed in the articles are solely those of the authors.

For more details, visit the Creative Commons License Page:
? https://creativecommons.org/licenses/by-nc/4.0/

 

Most read articles by the same author(s)

Obs.: This plugin requires at least one statistics/report plugin to be enabled. If your statistics plugins provide more than one metric then please also select a main metric on the admin's site settings page and/or on the journal manager's settings pages.