PERANCANGAN SISTEM MANAJAMEN INSIDEN KEAMANAN INFORMASI BERDASARKAN SNI ISO/IEC 27035 DI INSTANSI PEMERINTAH
DOI:
https://doi.org/10.34151/technoscientia.v13i1.2927Keywords:
Incident, Information security, ISO/IEC 27035, ManagementAbstract
The government services of information technology are required to always run optimally. On the other hand, many information services are still faced with security incidents. In terms of human resources, technology, policy, and procedural aspects, the focus problem has not been on security incidents of information. Therefore, we need information security incident management system as one of the system solutions that must be provided to ensure the sustainability of information services and IT systems. The purpose of this research is able to provide security information of incidents having a management system that was adopted and developed based on ISO/IEC 27035 standardization. The research methodology was carried out by using qualitative methods with case studies. The preparation of the document refers to the results of the assessment approach between the current conditions of business processes and the incident management of information security. It has been carried out with the clauses required by ISO/ IEC 27035. The results of this study are policy documents and procedures for the incident management systems of information security specifically designed as a reference standard in government. Finally, the use of structured policies and procedures can improve performance in handling incidents faced by the government.
References
Azizah, N., Kusumawati, Y. dan Sani, R. R. (2020) “Perancangan Manajemen Insiden pada Layanan Teknologi Informasi Inventory Menggunakan Framework ITIL Versi3 (Studi Kasus : PT. Genta Semar Mandiri Semarang),” JOINS (Journal of Information System), 5(1), hal. 136–146.
Baskerville, R., Spagnoletti, P. dan Kim, J. (2014) “Incident-centered information security : Managing a strategic balance between prevention and response,” Information & Management. Elsevier B.V., 51(1), hal. 138–151.
Hove, C., Marte, T., Line, M. B., Bernsmed, K. (2014) “Information security incident management : Identified practice in large organizations,” in Eighth International Conference on IT Security Incident Management & IT Forensics Information, hal. 27–46.
Ilvarianto, D. S. dan Legowo, N. (2017) “Incident management implementation using continual service improvement method at PT AOP,” in Proceedings - 2017 International Conference on Applied Computer and Communication Technologies, ComCom 2017, hal. 1–7.
International Organization for Standardization. (2019) SNI ISO/IEC 27035-1:2016 - Teknologi Informasi - Teknik Keamanan - Manajemen Insiden Keamanan Informasi - Bagian 1 : Prinsip manajemen insiden. Badan Standardisasi Nasional, Jakarta.
Line, M. B., Tøndel, I. A. dan Jaatun, M. G. (2014) “Information security incident management : Planning for failure,” in Eighth International Conference on IT Security Incident Management & IT Forensics. IEEE, hal. 47–61.
Nugraha, A. D. dan Legowo, N. (2017) “Implementation of incident management for data services using ITIL V3 in telecommunication operator company,” in Proceedings - 2017 International Conference on Applied Computer and Communication Technologies, ComCom 2017, hal. 1–6.
Palilingan, V. R. dan Batmetan, J. R. (2018) “Incident Management in Academic Information System using ITIL Framework,” in IOP conferences Series : materials Science and Engineering. IOP, hal. 0–9.
Rizky, A. F., Herdiyanti, A. dan Susanto, T. D. (2017) “Pembuatan Prosedur Operasional Standar Pengelolaan Insiden pada Government Resources Management Systems Kota Surabaya Berdasarkan ITIL V3,” 06(02), hal. 199–214.
Setiawan, A. B. (2014) “Perencanaan Strategis Sistem Informasi Pada Pusat Penanganan Insiden Keamanan Informasi Sektor Pemerintah,” Jurnal Masyarakat Telematika dan Informasi, 5(1), hal. 1–24.
Tello-Oquendo, L., Tapia, F., Fuertes, W., Andrade, R., Erazo, N. S., Torres, J., Cadena, A (2019) “A structured approach to guide the development of incident management capability for security and privacy,” in ICEIS 2019 - Proceedings of the 21st International Conference on Enterprise Information Systems, hal. 328–336.
Tondel, I. A., Line, M. B. dan Jaatun, M. G. (2014) “Information security incident management : Current practice as reported in the literature,” Computers & Security, 45(September), hal. 42–57.
Tsakalidis, G. et al. (2019) “A cybercrime incident architecture with adaptive response policy,” Computers and Security. Elsevier Ltd, 83, hal. 22–37.
