Sistem informasi dan aplikasi manajemen kepegawaian memiliki peran penting dalam menjaga kerahasiaan data pribadi karyawan, terutama di sektor pemerintahan di mana manajemen karier sangat bergantung pada informasi dari data Aparatur Sipil Negara (ASN) dalam sistem informasi kepegawaian. Selain sebagai sumber informasi, aplikasi ini juga berfungsi sebagai perantara pengguna dan database. Namun, seringkali aplikasi ini menjadi target serangan siber yang bertujuan mengakses data pribadi ASN. Tidak ada aplikasi yang dapat menjamin keamanan mutlak atau bebas dari serangan semacam itu. Oleh karena itu, diperlukan pengembangan manajemen risiko teknologi informasi yang dapat diimplementasikan saat terjadi serangan. Penerapan framework standar untuk manajemen risiko dalam sistem informasi tidaklah mudah, sehingga diperlukan pedoman yang komprehensif. Penelitian ini bertujuan membangun model manajemen risiko khusus untuk sistem informasi kepegawaian, mengadopsi panduan NIST 800-34 Rev 1 dan NIST 800-61 Rev 2, serta mengintegrasikan teori terkait dengan pengembangan manajemen risiko dan contingency plan yang ada. Metode penelitian melibatkan tinjauan literatur sebelumnya dan analisis panduan NIST terkait manajemen risiko teknologi informasi untuk mengidentifikasi tahapan yang signifikan pada model manajemen risiko dalam sistem informasi. Penelitian ini akan menghasilkan model manajemen risiko yang mencakup analisis dampak bisnis, rencana tanggap insiden, dan rencana pemulihan bencana, dirancang khusus untuk sistem informasi kepegawaian dalam konteks pemerintahan.

Manajemen Risiko, Model Manajemen Risiko Sistem Informasi, Sistem Informasi Kepegawaian, Contingency Plan, NIST

J. M. Cavanillas, E. Curry, and W. Wahlster, “The Big Data Value Opportunity,” in New Horizons for a Data-Driven Economy, Cham: Springer International Publishing, 2016, pp. 3–11. doi: 10.1007/978-3-319-21569-3_1.

Z. Ke and L. Yongzhen, “Research on Internet data security and privacy protection,” J Phys Conf Ser, vol. 2005, no. 1, p. 012004, Aug. 2021, doi: 10.1088/1742-6596/2005/1/012004.

Republik Indonesia, Peraturan Pemerintah Republik Indonesia Nomor 11 Tahun 2017 tentang Manajemen Pegawai Negeri Sipil. Republik Indonesia, 2017.

R. Aswandi, P. Muchsin, and M. Sultan, “Perlindungan Data dan Informasi Pribadi melalui Indonesia Data Protection System (IDPS),” Jurnal Legislatif, Fakultas Hukum, Universitas Hasanudin, vol. 3, no. 2, pp. 167–190, Jun. 2020.

A. Ibrahim, C. Valli, I. McAteer, and J. Chaudhry, “A security review of local government using NIST CSF: a case study,” J Supercomput, vol. 74, no. 10, pp. 5171–5186, Oct. 2018, doi: 10.1007/s11227-018-2479-2.

M. Frayssinet Delgado, D. Esenarro, F. F. Juárez Regalado, and M. Díaz Reátegui, “Methodology based on the NIST cybersecurity framework as a proposal for cybersecurity management in government organizations,” 3C TIC: Cuadernos de desarrollo aplicados a las TIC, vol. 10, no. 2, pp. 123–141, Jun. 2021, doi: 10.17993/3ctic.2021.102.123-141.

S. Salnyk, P. Sydorkin, S. Nesterenko, A. Zaytcev, and M. Konotopetc, “Comparative analysis of the us ISO and NIST standards on assessing the risk of information leakage in communication systems,” Journal of Scientific Papers “Social development and Security,” vol. 10, no. 6, pp. 29–39, Dec. 2020, doi: 10.33445/sds.2020.10.6.4.

A. Setyawan, Y. Giri Sucahyo, and A. Gandhi, “Design of Disaster Recovery Plan: State University in Indonesia,” in 2020 Fifth International Conference on Informatics and Computing (ICIC), IEEE, Nov. 2020, pp. 1–5. doi: 10.1109/ICIC50835.2020.9288543.

Yevhenii Kurii and Ivan Opirskyy, “Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001:2013,” Cybersecurity Providing in Information and Telecommunication Systems, , Kyiv, Ukraine, Oct. 2022.

C. S. Puteho, A. Gamundani, and I. Nhamu, “Applying the NIST cybersecurity framework in developing a digital forensic incident response roadmap for the security sector in Namibia,” SSRN Electronic Journal, 2023, doi: 10.2139/ssrn.4332936.

National Institute of Standards and Technology, “Risk management framework for information systems and organizations:,” Gaithersburg, MD, Dec. 2018. doi: 10.6028/NIST.SP.800-37r2.

L. Tello-Oquendo et al., “A Structured Approach to Guide the Development of Incident Management Capability for Security and Privacy,” in Proceedings of the 21st International Conference on Enterprise Information Systems, SCITEPRESS - Science and Technology Publications, 2019, pp. 328–336. doi: 10.5220/0007753503280336.

A. Rabello, J. Goulart, M. Karam, M. Pitanga, R. Filho, and R. Ricioni, “Proposed Incident Response Methodology for Data Leakage,” ICSEA 2021 : The Sixteenth International Conference on Software Engineering Advances, pp. 50–55, 2021.

National Institute of Standards and Technology, “NIST Special Publication 800-57 Part 1 Revision 5,” Gaithersburg, MD, May 2020. doi: 10.6028/NIST.SP.800-57pt1r5.

Michael E. Whitman; Herbert J. Mattord, Principles of Incident Response & Disaster Recovery 3rd Edition . 2022.

N. Shinde and P. Kulkarni, “Cyber incident response and planning: a flexible approach,” Computer Fraud & Security, vol. 2021, no. 1, pp. 14–19, Jan. 2021, doi: 10.1016/S1361-3723(21)00009-9.

D. Mahima, “Cyber Threat in Public Sector: Modeling an Incident Response Framework,” in 2021 International Conference on Innovative Practices in Technology and Management (ICIPTM), IEEE, Feb. 2021, pp. 55–60. doi: 10.1109/ICIPTM52218.2021.9388333.

A. O. L. S. and C. R. Alexandre Fernandes, “A Strategy for Implementing an Incident Response Plan,” in Proceedings of the European Conference on Information Warfare and Security, Academic Conferences International Ltd, 2021. doi: 10.34190/EWS.21.080.

R. Knight and J. R. C. Nurse, “A framework for effective corporate communication after cyber security incidents,” Comput Secur, vol. 99, p. 102036, Dec. 2020, doi: 10.1016/j.cose.2020.102036.

Y. He, L. Maglaras, A. Aliyu, and C. Luo, “Healthcare Security Incident Response Strategy - A Proactive Incident Response (IR) Procedure,” Security and Communication Networks, vol. 2022, pp. 1–10, Feb. 2022, doi: 10.1155/2022/2775249.