Cyber-Risk Management Menggunakan NIST Cyber Security Framework (CSF) dan Cobit 2019 pada Instansi XYZ

Authors

  • Andhika Sigit Julianto Politeknik Siber dan Sandi Negara
  • Ira Rosianal Hikmah Politeknik Siber dan Sandi Negara
  • Ray Novita Yasa Politeknik Siber dan Sandi Negara

DOI:

https://doi.org/10.56706/ik.v18i2.99

Keywords:

cyber risk management, NIST CSF, COBIT 2019, SPBE, penilaian risiko

Abstract

Current technological developments trigger companies or organizations to use Information Technology (IT) as a service base and optimize business processes. IT can provide opportunities in the government sector to develop state apparatus through implementing the Electronic-Based Government System (SPBE). Central and Local Government Agencies have implemented SPBE and contributed to the efficiency and effectiveness of government administration. Ensuring the sustainability of SPBE and reducing the impact of risk is the goal of risk management, with a process of identification, analysis, control, monitoring, and evaluation of risks based on risk management determined by the government. XYZ Agency is an agency that operates in the fields of communication and information, coding and statistics. XYZ Agency also implemented an Electronic Based Government System (SPBE). In this study, Cyber-risk management was designed using NIST CSF and COBIT 2019. In designing cyber-risk management, using 6 stages, namely Prioritized and Scope, Orient, Create a Current Profile, Conduct Risk Assessment, Create a Target Profile, and Determine, Analyze, and Prioritize Gaps. In this study, there are 28 assets, 17 threats, 13 vulnerabilities, and 12 controls implemented. With these results obtained 111 risks, there are 35 risks in the high category, 63 risks in the medium category, and 13 risks in the low category. The final result of this research is the preparation preparation of a cyber-risk management design by grouping the recommended actions based on Work Products (WP) and Generic Work Products (GWP) which become a work program for XYZ Agency.

References

P. Burnap, “Risk Management and Governance,” dalam The Cyber Security Body of Knowledge, vol. 1.0, A. Rashid, H. Chivers, G. Danezis, E. Lupu, dan A. Martin, Ed., Bristol: The National Cyber Security Centre, 2019, 2, hlm. 19–48.

Pemerintah Kabupaten Bogor, “Peraturan Bupati Bogor Nomor 63 Tahun 2020 Tentang Penyelenggaraan Sistem Pemerintahan Berbasis Elektronik,” 2020, Bogor.

B. Supradono, “Manajemen Risiko Keamanan Informasi dengan Menggunakan Metode Octave (Operationally Critical Threat, Asset, and Vulnerability Evaluation),” Media Elektrika, vol. 2, no. 1, hlm. 4–8, Jun 2009.

A. Refsdal, B. Solhaug, dan K. Stolen, Cyber-Risk Management. London: Springer, 2015.

S. C. Dewanti, “Urgensi pembenahan Sistem Keamanan Siber Pemerintah,” Info Singkat: Kajian Singkat Terhadap Isu Aktual Dan Strategis, vol. 13, no. No.9/II/Puslit/Agustus/2021, hlm. 25–30, Agu 2021.

K. Y. Rahayu, “Laman Daring Pemerintah Jadi Sasaran Empuk Peretasan,” Jakarta, Agu 2021.

W. Miron dan K. Muita, “Cybersecurity Capability Maturity Models for Providers of Critical Infrastructure,” Technology Innovation Management Review, hlm. 33–39, Okt 2014.

Pemerintah Republik Indonesia, “Peraturan Pemerintah Nomor 71 Tahun 2019 Tentang Penyelenggaraan Sistem dan Transaksi Elektronik,” 2019, Jakarta.

G. Strupczewski, “Defining cyber risk,” Saf Sci, vol. 135, hlm. 1–10, Mar 2020.

P. Taveras, “Cyber Risk Management, Procedures and Considerations to Address the Threats of a Cyber Attack,” dalam Proceedings of the ForenSecure: Cybersecurity and Forensics Conference, Chicago, Apr 2019, hlm. 1–10.

National Institute of Standards and Technology, “Cybersecurity Framework,” dalam Framework for Improving Critical Infrastructure Cybersecurity, vol. 1.1, 2018.

R. M. Blank dan P. D. Gallagher, Information Security. Gaithersburg: National Institute of Standards and Technology, 2012.

National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity,” Apr 2018.

ISACA, COBIT® 2019 Framework: Governance and Management Objectives. Schaumburg, 2018.

ISACA, COBIT® 5 Supplementary guide for the COBIT 5 Process Assessment Model (PAM). Schaumburg, 2012.

Downloads

Submitted

20-06-2024

Accepted

27-08-2024

Published

29-08-2024

Issue

Section

Articles