Implementasi Octave-S Dalam Evaluasi Manajemen Resiko Sistem Informasi Pada Balai Pelatihan Kesehatan Batam
DOI:
https://doi.org/10.33884/jif.v6i01.413Keywords:
sistem_informasi, IT_risk, Risk Management, octave-sAbstract
Information systems security is currently one of the most important needs in an institution, agency or company. At the same time information security is also a very important thing to be managed through information system risk management since information has turned into a valuable asset for the company or institution. In Batam health training center (Bapelkes) which has also implemented information system in business process and organization also accept threats to information system. All the factors that exist in an information system environment must be ensured to run in accordance with good standards in terms of information system security. Information system risk management can use several methods to conduct evaluation or assessment of one of them is by using OCTAVE-S method. Octave-s has three main assessment phases followed by each process. The IT security procedure which is implemented by Bapelkes is authorized to the headquarters of Bapelkes which is remotely controlled by the system administration thoroughly. The result of the research shows that the institution has not implement all the IT risk management in appropriate path, it is found that some standard procedure like IT policy, collaborating system, information system audit, architecture, mitigation management is not managed very well. In addition, that all employees that work in IT area whether end user or IT administrator have not been well trained.
References
[2] Anand, S., & Chopra, V. (2012). Decision Support System For Software Risk Analysis During Software Development, 2(1), 29–35.
[3] Anderes Gui, Sanyoto Gondodiyoto, I. T. (2009). PENGUKURAN RESIKO Teknologi Informasi (TI) DENGAN METODE OCTAVE-S. Commit, 2, 33–38.
[4] Chapman, C. S., & Kihn, L. A. (2009). Information System Integration, Enabling Control And Performance. Accounting, Organizations And Society, 34(2), 151–169. Https://Doi.Org/10.1016/J.Aos.2008.07.003
[5] Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A Review Of Cyber Security Risk Assessment Methods For SCADA Systems. Computers & Security, 56, 1–27. Https://Doi.Org/10.1016/J.Cose.2015.09.009
[6] Fenz, S., Heurix, J., Neubauer, T., & Pechstein, F. (2014). Current Challenges In Information Security Risk Management. Information Management & Computer Security, 22(5), 410–430. Https://Doi.Org/10.1108/IMCS-07-2013-0053
[7] Hendarti, H., & Maryani. (2014). PENGUKURAN MANAJEMEN RISIKO TEKNOLOGI INFORMASI DENGAN METODE OCTTAVE-S. Comtech, 5(2), 917–924.
[8] Jouini, M., Rabai, L. B. A., & Khedri, R. (2015). A Multidimensional Approach Towards A Quantitative Assessment Of Security Threats. Procedia Computer Science, 52(1), 507–514. Https://Doi.Org/10.1016/J.Procs.2015.05.024
[9] Klahr, R., Shah, J. N., Sheriffs, P., Rossington, T., & Pestell, G. (2017). Cyber Security Breaches Survey 2017 Main Report, (April). Retrieved From Http://Www.Ipsos-Mori.Com/Terms.
[10] Nezakati, H., Amidi, A., Jusoh, Y. Y., Moghadas, S., Aziz, Y. A., & Sohrabinezhadtalemi, R. (2015). Review Of Social Media Potential On Knowledge Sharing And Collaboration In Tourism Industry. Procedia - Social And Behavioral Sciences, 172, 120–125. Https://Doi.Org/10.1016/J.Sbspro.2015.01.344
[11] Nurcan, S., Souveyet, C., Salinesi, C., & Ralyte, J. (2010). A Systematic Approach To Define The Domain Of Information System Security Risk Management. Intentional Perspectives On Information Systems Engineering. Https://Doi.Org/10.1007/978-3-642-12544-7
[12] Saleh, M. S., & Alfantookh, A. (2011). A New Comprehensive Framework For Enterprise Information Security Risk Management. Applied Computing And Informatics, 9(2), 107–118. Https://Doi.Org/10.1016/J.Aci.2011.05.002
[13] Spears, J., & Barki, H. (2010). User Participation In Information Systems Security Risk Management. MIS Quarterly, 34(3), 503–522. Https://Doi.Org/10.2337/Dc10-0368
[14] Stephanus. (2014). Implementation OCTAVE-S And ISO 27001 Controls In Risk Management Information Systems. Comtech, 5, 685–693. Https://Doi.Org/2087-1244
[15] Viyanto, A. R., Latuihamallo, O. S., Tua, F. M., & Gui, A. (2013). Manajemen Risiko Teknologi Informasi: Studi Kasus Pada Perusahaan Jasa. Comtech, 4(1), 43–54.