PEMBUATAN RENCANA KEAMANAN INFORMASI BERDASARKAN ANALISIS DAN MITIGASI RISIKO TEKNOLOGI INFORMASI
:
https://doi.org/10.9744/informatika.10.1.44-52
Keywords:
risk analysis, risk mitigation, Information Security PlanAbstract
An information security plan consists of strategies and shared responsibility, the main aim is to reduce the risk of a potential threat to the company's operations. If the security plan is not based on the results of risk analysis, can cause weakness in the strategy to anticipate the threat of disruption and attacks on corporate assets. Weak strategy, caused by the process of identifying weaknesses and vulnerabilities of information technology is not done properly. Instead of the security plan should be based on the results of analysis and information technology risk mitigation, so that the security of the proposed strategy can effectively reduce the risks identified through risk analysis and mitigation. The process of risk analysis in addition to producing the identification of risk, also providing recommendations appropriate security controls with the risk would be reduced. The recommended security controls on risk analysis, will then be evaluated from the aspects of effectiveness and efficiency in reducing any risk, the risk mitigation process, so that this process will provide a strong foundation in information security plan to determine an overall, effective and efficient, since it is based with the impelementasinya priority. Sebuah rencana keamanan informasi terdiri atas strategi dan pembagian tanggungjawab, yang bertujuan utama untuk menurunkan risiko yang berpotensi menjadi ancaman terhadap operasional perusahaan. Jika penyusunan rencana keamanan tidak berdasarkan hasil analisis risiko, akan dapat menyebabkan lemahnya strategi dalam mengantisipasi ancaman gangguan dan serangan terhadap aset perusahaan. Lemahnya strategi tersebut, disebabkan oleh proses identifikasi kelemahan dan kerawanan teknologi informasi yang tidak dilakukan dengan baik. Sebaliknya dalam penyusunan rencana keamanan seharusnya didasari oleh hasil analisis dan mitigasi risiko teknologi informasi, agar strategi keamanan yang diusulkan dapat secara efektif menurunkan risiko yang telah diidentifikasi melalui analisis dan mitigasi risiko. Proses analisis risiko selain menghasilkan identifikasi risiko, juga memberikan rekomendasi kontrol keamanan yang sesuai dengan risiko yang akan diturunkan. Kontrol keamanan yang direkomendasikan pada analisis risiko, selanjutnya akan dinilai kembali dari aspek efektivitas dan efisiensi dalam menurunkan setiap risiko, pada proses mitigasi risiko, sehingga proses ini akan memberikan dasar yang kuat dalam menentukan rencana keamanan informasi yang menyeluruh, efektif dan efisien, karena didasarkan dengan prioritas implementasinya. Kata kunci: Analisis risiko, Mitigasi risiko, Rencana Keamanan InformasiDownloads
Published
2010-12-02
How to Cite
AlBone, A. (2010). PEMBUATAN RENCANA KEAMANAN INFORMASI BERDASARKAN ANALISIS DAN MITIGASI RISIKO TEKNOLOGI INFORMASI. Jurnal Informatika, 10(1), 44-52. https://doi.org/10.9744/informatika.10.1.44-52
Issue
Section
Articles
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
