DOI: https://doi.org/10.21456/vol14iss4pp375-384

Pengukuran Tingkat Risiko dan Keamanan Informasi Menggunakan Metode FMEA Berbasis ISO/IEC 27001 pada Instansi XYZ untuk Keamanan Sistem Informasi

*Aris Kusnandar  -  Magister Sistem Informasi, Sekolah Pascasarjana, Universitas Diponegoro, Semarang, Indonesia
Adian Fatchur Rochim  -  Magister Sistem Informasi, Sekolah Pascasarjana, Universitas Diponegoro, Semarang, Indonesia
Vincensius Gunawan  -  Magister Sistem Informasi, Sekolah Pascasarjana, Universitas Diponegoro, Semarang, Indonesia
Open Access Copyright (c) 2024 Jurnal Sistem Informasi Bisnis

Citation Format:
Abstract

The more information stored in an organization, the higher the risks that may arise, such as damage, loss, or the exposure of personal information to irresponsible parties. XYZ Institution faces information security threats from various sources, including data theft, damage, and computer hacking. It is essential for the organization to understand the level of information security risk to ensure information remains secure. Therefore, this study proposes measuring information security risk using the FMEA method and analyzing information security risks based on ISO/IEC 27001:2013. The aim of this study is to identify and assess the level of information security risk at XYZ Institution to provide recommendations for information security. The study's results revealed 4 high-risk information security threats, 9 medium-risk threats, and 16 low-risk threats. The findings demonstrate that the organization needs to pay more attention to information security to ensure its smooth operation in the future.

Fulltext View|Download
Keywords: Information Security; FMEA; ISO 27001; Risk Measurement

Article Metrics:

Article Info
Section: Research Articles
Language : EN
Recent articles
Penerapan Metode Case-Based Reasoning pada Website SORTING (Sorong Atasi Stunting) Sebagai Implementasi Smart City (Studi Kasus: Distrik Sorong Timur) A Novel Fusion of Machine Learning Methods for Enhancing Named Entity Recognition in Indonesian Language Text Evaluating the Success of Learning Management Systems using the EESS Model and Expected Confirmation Theory More recent articles
Most cited articles
Metode Jaringan Syaraf Tiruan Untuk Prediksi Performa Mahasiswa Pada Pembelajaran Berbasis Problem Based Learning (PBL) Support Vector Machine Untuk Klasifikasi Citra Jenis Daging Berdasarkan Tekstur Menggunakan Ekstraksi Ciri Gray Level Co-Occurrence Matrices (GLCM) Penerapan Model Human Computer Interaction (HCI) Dalam Analisis Sistem Informasi APLIKASI DIAGNOSA GEJALA DEMAM PADA BALITA MENGGUNAKAN METODE CERTAINTY FACTOR (CF) DAN JARINGAN SYARAF TIRUAN (JST) Sistem Informasi Pengukuran Kinerja Pada Perkebunan Kelapa Sawit Dengan Menggunakan Metode Balanced Scorecard More cited articles
  1. Achmadi, D., Suryanto, Y., Ramli, K., 2018. On Developing Information Security Management System (ISMS) Framework for ISO 27001-based Data Center. 2018 International Workshop on Big Data and Information Security, IWBIS 2018, 149-157. https://doi.org/10.1109/IWBIS.2018.8471700
  2. Aldenny, M., Kristian, H., Gaol, F.L., Matsuo, T., Nugroho, A., 2022. The Implementation of Failure Mode and Effects Analysis (FMEA) of the Information System Security on the Government Electronic Procurement Service (LPSE) System. Lecture Notes in Networks and Systems, 317, 1-12. http://dx.doi.org/10.1007/978-981-16-5640-8_1
  3. Anggraini, D., Bisma, R., 2021. Perencanaan Tata Kelola Keamanan Informasi dalam Penerapan Cloud Computing Menggunakan ISO 27001:2013 pada PT.SPINDO,Tbk. Journal of Informatics and Computer Science (JINACS), 3(1), 46-54. https://doi.org/10.26740/jinacs.v3n01.p46-54
  4. Aprianto, T., Setiawan, I., Purba, H.H., 2021. Implementasi Metode Failure Mode and Effect Analysis pada Industri di Asia – Kajian Literature. Matrik, 21(2), 165-174. http://dx.doi.org/10.30587/matrik.v21i2.2084
  5. Balaraju, J., Raj, M.G., Murthy, C.S., 2019. Fuzzy-FMEA Risk Evaluation Approach for LHD Machine-A Case Study’, Journal of Sustainable Mining, 18(4), 257-268. https://doi.org/10.1016/j.jsm.2019.08.002
  6. Carvalho, C., Marques, E., 2019. Adapting ISO 27001 to a Public Institution. Iberian Conference on Information Systems and Technologies (CISTI), 19-22. https://doi.org/10.23919/CISTI.2019.8760870
  7. Culot, G., Nassimbeni, G., Podrecca, M., Sartor, M., 2021. The ISO/IEC 27001 information security Management Standard: Literature Review and Theory-Based Research Agenda. TQM Journal, 33(7), 76-105. https://doi.org/10.1108/TQM-09-2020-0202
  8. Eskaluspita, A.Y., 2020. ISO 27001:2013 for Laboratory Management Information System at School of Applied Science Telkom University. IOP Conf. Ser.: Mater. Sci. Eng., 879, 012074. http://dx.doi.org/10.1088/1757-899X/879/1/012074
  9. Hakim, A.R., Wijaya, R.A.P., 2020. Perancangan Perangkat Audit Internal untuk Sistem Keamanan Informasi pada Organisasi XYZ. Jurnal Teknologi Informasi dan Ilmu Komputer, 7(3), 435-442 https://doi.org/10.25126/jtiik.2020701940
  10. Hartanti, L.P.S., Mulyono, J., Mayang, V., 2022. Penerapan FMEA dan Fuzzy FMEA dalam Penilaian Risiko Lean Waste di Industri Manufaktur. JST (Jurnal Sains dan Teknologi), 11(2), 293-304. http://dx.doi.org/10.23887/jstundiksha.v11i2.50552
  11. Herkules, Putra, C., Hadi, A., 2023. Tata Kelola Data Center Berbasis ISO 27001 dan ISO 20000 pada DISKOMINFOSANTIK Kalimantan Tengah. Jurnal Sistem Informasi, Manajemen dan Teknologi Informasi, 1(2), 203-219. https://doi.org/10.33020/jsimtek.v1i2.429
  12. Hisprastin, Y., Musfiroh, I., 2020. Ishikawa Diagram dan Failure Mode Effect Analysis (FMEA) sebagai Metode yang Sering Digunakan dalam Manajemen Risiko Mutu di Industri. Majalah Farmasetika, 6(1), 1-9. http://dx.doi.org/10.24198/mfarmasetika.v6i1.27106
  13. Jauhary, H., Pratiwi, G.E., Salim, A.Z., Fitroh, 2022. Penerapan ISO27001 dalam Menjaga dan Meminimalisir Risiko Keamanan Informasi : Literatur Review’. Media Jurnal Informatika, 14(1), 43-49. https://doi.org/10.35194/mji.v14i1.1581
  14. Kamil, Y., Lund, S., Islam, M.S., 2023. Information Security Objectives and the Output Legitimacy of ISO/IEC 27001: Stakeholders’ Perspective on Expectations in Private Organizations in Sweden. Inf Syst E-Bus Manage, 21, 699-722. https://doi.org/10.1007/s10257-023-00646-y
  15. Kristanto, T., Sholik, M., Rahmawati, D., Nasrullah, M., 2019. Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001:2005 pada Staff IT Support di Instansi XYZ. JISA(Jurnal Informatika dan Sains), 2(2), 30-33. https://doi.org/10.31326/jisa.v2i2.497
  16. Mirtsch, M., Kinne, J., Blind, K., 2021. Exploring the Adoption of the International Information Security Management System Standard ISO/IEC 27001: A Web Mining-Based Analysis. IEEE Transactions on Engineering Management, 68(1), 87-100. https://doi.org/10.1109/TEM.2020.2977815
  17. Musyarofah, S.R., Bisma, R., 2021. Analisis Kesenjangan Sistem Manajemen Keamanan Informasi (SMKI) Sebagai Persiapan Sertifikasi ISO/IEC 27001:2013 pada Institusi Pemerintah. Teknologi, 11(1), 1-15. https://doi.org/10.26594/teknologi.v11i1.2152
  18. Nuchpho, P., Nansaarng, S., Pongpullponsak, A., 2019. Modified Fuzzy FMEA Application in the Reduction of Defective Poultry Products. Engineering Journal, 23(1), 171-190. https://doi.org/10.4186/ej.2019.23.1.171
  19. Nurkertamanda, D., Wulandari, F.T., 2019. Analisa Moda dan Efek Kegagalan (Failure Mode and Effect Analysis/FMEA) pada Produk Kursi Lipat Chitose Yamamoto HAA’, J@ti Undip: Jurnal Teknik Industri, 4(1), 49-64. https://doi.org/10.12777/jati.4.1.49-64
  20. Panjaitan, B., Abdurrahman, L., Mulyana, R., 2021. Pengembangan Implementasi Sistem Manajemen Keamanan Informasi Berbasis ISO 27001:2013 Menggunakan Kontrol Annex: Studi Kasus Data Center PT. XYZ. e-Proceeding of Engineering, 8(2), 2813-2825
  21. Paradise, Kusrini, K., Nasiri, A., 2020. Audit Keamanan Aplikasi E-Cash Menggunakan Iso 27001. Creative Information Technology Journal, 5(4), 243-253. https://doi.org/10.24076/citec.2018v5i4.209
  22. Podrecca, M., Sartor, M., 2023. Forecasting the Diffusion of ISO/IEC 27001: a Grey Model Approach. TQM Journal, 35(9), 123-151. https://doi.org/10.1108/TQM-07-2022-0220
  23. Pribadi, H.I., Ernastuti, 2020. Manajemen Risiko Teknologi Informasi pada Penerapan E-Recruitment Berbasis ISO 31000:2018 dengan FMEA (Studi Kasus PT Pertamina). Jurnal Sistem Informasi Bisnis, 10(1), 28-35. https://doi.org/10.21456/vol10iss1pp28-35
  24. Rahayu, S.F., Prawira, D., Rusi, I., 2021. Pengukuran Tingkat Keamanan Informasi Menggunakan Metode Indeks Kami (Studi Kasus: Dinas Komunikasi dan Informatika Kota Pontianak. Coding : Jurnal Komputer dan Aplikasi, 09(3), 468-477. https://dx.doi.org/10.26418/coding.v9i03.51126
  25. Roy, P.P., 2020. A High-Level Comparison between the NIST Cyber Security Framework and the ISO 27001 Information Security Standard. 2020 National Conference on Emerging Trends on Sustainable Technology and Engineering Applications(NCETSTEA), 53, 27001-27003. https://doi.org/10.1109/NCETSTEA48365.2020.9119914
  26. Ruiz, L.C., Amado, M.L., Carrasco, J.R., Arenas, L.A., 2022. Implementation of Information Security Audit for the Sales System in a Peruvian Company. International Journal on Advanced Science, Engineering and Information Technology, 12(3), 1189–1195. https://doi.org/10.18517/ijaseit.12.3.13969
  27. Safitri, E.M., Sesha, P.S.K., Ningtias, J.P., 2020. Analisis Penilaian Risiko pada Keamanan Sistem Informasi: Studi Literatur. Jurnal Informatika dan Sistem Informasi (JIFoSI), 1(2), 601-607
  28. Suwarsono, L. W., Aisha, A. N., Nugraha, F.N., 2022. The Role of E-Learning Readiness on Workload: Perspective Engineering and non-Engineering Students. International Journal of Innovation in Enterprise System, 6(1), 85-94. https://doi.org/10.25124/ijies.v6i01.165
  29. Triantono, H.B., 2007. Kebijakan Keamanan dengan Standar BS 7799/ISO 17799 pada Sistem Manajemen Keamanan Informasi Organisasi. Seminar Nasional Aplikasi Teknologi Informasi, 2007(SNATI), 1907-5022
  30. Wicaksono, A. C., Prabowo, S., Oktaria, D., 2022. Risk and Security Measurement Based on ISO 27001 using FMEA Methodology Case Study: National Government Agency. 2022 1st International Conference on Software Engineering and Information Technology, ICoSEIT 2022, (95), 6-11. https://doi.org/10.1109/ICoSEIT55604.2022.10029988
  31. Yuwono, S.T., Pratama, N., Afifah, V., 2022. Re-Assessment Konsistensi Dokumen Kontrol Sertifikasi ISO 27001: 2013 (ISMS) di Bagian Komunikasi Satelit Monitoring PT. Bank BRI, TBK. Jurnal IKRAITH-Informatika, 6(2), 21-28
  32. Zilfianah, K., Ismiyah, E., Rizqi, AW., 2022. Quality Control Analysis on Steel Construction Projects Using the Method Statistical Quality Control and Failure Mode and Effects Analysis. MOTIVECTION : Journal of Mechanical, Electrical and Industrial Engineering, 5(1), 13-32. https://doi.org/10.46574/motivection.v5i1.174

Last update:

No citation recorded.

Last update: 2024-11-20 02:59:49

No citation recorded.