Implementasi Octave-S Dalam Evaluasi Manajemen Resiko Sistem Informasi Pada Balai Pelatihan Kesehatan Batam

  • saut pintubipar saragih Universitas Putera Batam


Information systems security is currently one of the most important needs in an institution, agency or company. At the same time information security is also a very important thing to be managed through information system risk management since information has turned into a valuable asset for the company or institution. In Batam health training center (Bapelkes) which has also implemented information system in business process and organization also accept threats to information system. All the factors that exist in an information system environment must be ensured to run in accordance with good standards in terms of information system security. Information system risk management can use several methods to conduct evaluation or assessment of one of them is by using OCTAVE-S method. Octave-s has three main assessment phases followed by each process. The IT security procedure which is implemented by Bapelkes is authorized to the headquarters of Bapelkes which is remotely controlled by the system administration thoroughly. The result of the research shows that the institution has not implement all the IT risk management in appropriate path, it is found that some standard procedure like IT policy, collaborating system, information system audit, architecture, mitigation management is not managed very well. In addition, that all employees that work in IT area whether end user or IT administrator have not been well trained.


[1] Almorsy, M., Grundy, J., & Ibrahim, A. S. (2011). Collaboration-Based Cloud Computing Security Management Framework. Proceedings - 2011 IEEE 4th International Conference On Cloud Computing, CLOUD 2011, 364–371. Https://Doi.Org/10.1109/CLOUD.2011.9
[2] Anand, S., & Chopra, V. (2012). Decision Support System For Software Risk Analysis During Software Development, 2(1), 29–35.
[3] Anderes Gui, Sanyoto Gondodiyoto, I. T. (2009). PENGUKURAN RESIKO Teknologi Informasi (TI) DENGAN METODE OCTAVE-S. Commit, 2, 33–38.
[4] Chapman, C. S., & Kihn, L. A. (2009). Information System Integration, Enabling Control And Performance. Accounting, Organizations And Society, 34(2), 151–169. Https://Doi.Org/10.1016/J.Aos.2008.07.003
[5] Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A Review Of Cyber Security Risk Assessment Methods For SCADA Systems. Computers & Security, 56, 1–27. Https://Doi.Org/10.1016/J.Cose.2015.09.009
[6] Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current Challenges In Information Security Risk Management. Information Management & Computer Security, 22(5), 410–430. Https://Doi.Org/10.1108/IMCS-07-2013-0053
[8] Jouini, M., Rabai, L. B. A., & Khedri, R. (2015). A Multidimensional Approach Towards A Quantitative Assessment Of Security Threats. Procedia Computer Science, 52(1), 507–514. Https://Doi.Org/10.1016/J.Procs.2015.05.024
[9] Klahr, R., Shah, J. N., Sheriffs, P., Rossington, T., & Pestell, G. (2017). Cyber Security Breaches Survey 2017 Main Report, (April). Retrieved From Http://Www.Ipsos-Mori.Com/Terms.
[10] Nezakati, H., Amidi, A., Jusoh, Y. Y., Moghadas, S., Aziz, Y. A., & Sohrabinezhadtalemi, R. (2015). Review Of Social Media Potential On Knowledge Sharing And Collaboration In Tourism Industry. Procedia - Social And Behavioral Sciences, 172, 120–125. Https://Doi.Org/10.1016/J.Sbspro.2015.01.344
[11] Nurcan, S., Souveyet, C., Salinesi, C., & Ralyte, J. (2010). A Systematic Approach To Define The Domain Of Information System Security Risk Management. Intentional Perspectives On Information Systems Engineering. Https://Doi.Org/10.1007/978-3-642-12544-7
[12] Saleh, M. S., & Alfantookh, A. (2011). A New Comprehensive Framework For Enterprise Information Security Risk Management. Applied Computing And Informatics, 9(2), 107–118. Https://Doi.Org/10.1016/J.Aci.2011.05.002
[13] Spears, J., & Barki, H. (2010). User Participation In Information Systems Security Risk Management. MIS Quarterly, 34(3), 503–522. Https://Doi.Org/10.2337/Dc10-0368
[14] Stephanus. (2014). Implementation OCTAVE-S And ISO 27001 Controls In Risk Management Information Systems. Comtech, 5, 685–693. Https://Doi.Org/2087-1244
[15] Viyanto, A. R., Latuihamallo, O. S., Tua, F. M., & Gui, A. (2013). Manajemen Risiko Teknologi Informasi: Studi Kasus Pada Perusahaan Jasa. Comtech, 4(1), 43–54.
How to Cite
SARAGIH, saut pintubipar. Implementasi Octave-S Dalam Evaluasi Manajemen Resiko Sistem Informasi Pada Balai Pelatihan Kesehatan Batam. JURNAL ILMIAH INFORMATIKA, [S.l.], v. 6, n. 01, p. 17-22, mar. 2018. ISSN 2615-1049. Available at: <>. Date accessed: 31 may 2020. doi: