Penilaian Risiko Sistem Informasi Keamanan Data Karyawan Dengan Menggunakan Framework Nist Sp 800-30 pada Perusahaan XYZ Institut Teknologi Nasional Bandung

Authors

  • ADITYA NUGRAHA SUSANTO Sisitem Informasi Institut Teknologi Nasional Bandung
  • NUR FITRIANTI FAHRUDIN Sistem Informasi Institut Teknologi Nasional Bandung

Keywords:

Risiko, Sistem Informasi, NIST SP 800-30, Data Karyawan, Penilaian Risiko, Risk, Information System, Employee Data, Risk Assessment

Abstract

ABSTRAK
NIST 800-30 merupakan sebuah kerangka kerja yang biasa digunakan untuk melalukan manajemen risiko. Secara umum manajemen risiko dibagi kedalam tiga tahapan yaitu risk assesment, risk mitigation dan risk evaluation. Pada paper ini peneliti hanya berfokus kepada risk assesment yang terdiri dari sembilan tahapan yaitu System Characterization, Threat Identification, Vulnerability Identification, Control Analysis, Likelihood Determination, Impact Analysis, Risk Determination, Control Recommendations, Results Documentation. Tahapan risk assesment ini di implementasikan terhadap sebuah sistem informasi yang terdapat pada sebuah perusahaan dengan mengidentifikasi ancaman teknis seperti jaringan rusak dan kebakaran. Hasil yang didapat adalah risiko rendah 29%, risiko sedang 71% dan risiko tinggi 0%

 

ABSTRACT
NIST 800-30 is a framework commonly used to perform risk management. In general, risk management is divided into three stages, namely risk assessment, risk mitigation and risk evaluation. In this paper, researchers only focus on risk assessment, which consists of nine stages, namely System Characterization, Threat Identification, Vulnerability Identification, Control Analysis, Likelihood Determination, Impact Analysis, Risk Determination, Control Recommendations, Results Documentation. This risk assessment stage is implemented on an information system contained in a company by identifying technical threats such as damaged networks and fires. The results obtained are low risk 29%, moderate risk 71% and high risk 0%

Published

2022-06-21 — Updated on 2022-07-06

Versions