Penilaian IT Governance dalam Manajemen Risiko IT Menggunakan Metode Quantitative dan Qualitative Risk Analysis
Abstract
IT Governance is the structure of process relationships that guide and control an organization to achieve its vision and mission by adding value that will balance risks with IT and its processes. The analytical method used in this research is quantitative and qualitative risk analysis. The Quantitative Risk Analysis (QRA) approach focuses on analyzing the maintenance of IT resources to find risk factors that need serious consideration and treatment. For the qualitative risk analysis method, NIST SP 800-30 is used to analyze the various threat and risk attributes to provide guidelines for managing IT installations at XYZ Campus. Based on the QRA risk assessment, Internal HR who has access to the server is calculated as the highest potential campus loss. This can be seen in the risk aspect where losses caused by Internal HR who play the role of server admins have the greatest potential for losses. Qualitative assessment of risk management finds sources of threats with high risk are Internal HR and IT Infrastructure Systems. This level of risk can be detected during the hazard source classification process. The presentation of all risk analysis results can provide risk recommendations that will be communicated to campus IT management. To then be able to assist the campus in making a decision that includes policies, procedures, budgets, system operations, and change management.
References
A. Syaputra, “Aplikasi E-Kelurahan Untuk Peningkatan Pelayanan Administrasi Dalam Mendukung Penerapan E-Government,” MATRIK J. Manajemen, Tek. Inform. dan Rekayasa Komput., vol. 20, no. 2, pp. 379–388, 2021.
F. Febrianty et al., Manajemen Perubahan Perusahaan Di Era Transformasi Digital. Yayasan Kita Menulis, 2020.
D. Antoni, A. Syaputra, and M. Nasir, “A literature review of infrastructure capabilities in shared e-Government concept,” in 2019 International Conference on Electrical Engineering and Computer Science (ICECOS), 2019, pp. 117–121.
R. S. Aranov, D. Witarsyah, and L. Abdurrahman, “Perancangan Tata Kelola Manajemen Teknologi Informasi Smk N 4 Bandung Menggunakan Framework Cobit 5 Domain Evaluate, Direct And Monitor (edm) & Build, Acquire And Implement (bai),” eProceedings Eng., vol. 5, no. 2, 2018.
M. Anhar And S. U. Kalsum, “Penerapan Metode Service Quality & Quality Function Deployment (Qfd) Dalam Upaya Peningkatan Pelayanan Kepada Mahasiswa Politeknik Ketapang,” J. Sist. Tek. Ind., Vol. 18, No. 2, Pp. 75–83, 2018.
B. Muslim, “Analisis Sistem Informasi (SI) Terintegrasi di Perguruan Tinggi (PT)(Studi Kasus: STT Pagar Alam),” J. Teknol. Inf. MURA, vol. 10, no. 2, pp. 83–91, 2018.
D. Pasha, A. Thyo Priandika, And Y. Indonesian, “Analisis Tata Kelola It Dengan Domain Dss Pada Instansi Xyz Menggunakan Cobit 5,” J. Ilm. Infrastruktur Teknol. Inf., Vol. 1, No. 1, Pp. 7–12, 2020.
S. Susilo, “Analisa Tingkat Risiko Tata Kelola Teknologi Informasi Perguruan Tinggi Menggunakan Model Framework National Institute of Standards & Technology (NIST) Special Publication 800-30 dan IT General Control Questionnaire (ITGCQ),” J. Ind. Serv., vol. 3, no. 1c, 2019.
J. Simarmata et al., Teknologi Informasi: Aplikasi dan Penerapannya. Yayasan Kita Menulis, 2020.
H. C. Chotimah, “Tata Kelola Keamanan Siber dan Diplomasi Siber Indonesia di Bawah Kelembagaan Badan Siber dan Sandi Negara [Cyber Security Governance and Indonesian Cyber Diplomacy by National Cyber and Encryption Agency],” J. Polit. Din. Masal. Polit. Dalam Negeri dan Hub. Int., vol. 10, no. 2, pp. 113–128, 2019.
A. Elanda and R. L. Buana, “Analisis Manajemen Risiko Infrastruktur Dengan Metode NIST (National Institute of Standards and Technology) SP 800-30 (Studi Kasus: STMIK Rosma),” Elkom J. Elektron. dan Komput., vol. 14, no. 1, pp. 141–151, 2021.
B. Muslim, “Quantitative Risk Analysis of Asset Information Technology at STT Pagaralam,” Pros. STTA Yogyakarta (Senatik 2018), STTA, pp. 501–509, 2018.
L. Maulida, “Analisis risiko aset teknologi informasi menggunakan metode quantitative risk analys (QRA).” UIN Sunan Ampel Surabaya, 2021.
J. Jonny and C. Darujati, “Penilaian Risiko Data Sistem Informasi Manajemen Puskesmas dan Aset Menggunakan ISO 27005,” Sist. J. Sist. Inf., vol. 10, no. 1, pp. 1–12, 2021.
S. O. D. Ningsih and S. W. Hati, “Analisis Risiko Keselamatan Dan Kesehatan Kerja (K3) Dengan Menggunakan Metode Hazard and Operability Study (Hazop) Pada Bagian Hydrotest Manual Di Pt. Cladtek Bi Metal Manufacturing,” J. Appl. Bus. Adm., vol. 3, no. 1, pp. 29–39, 2019.
F. Mahardika, “Manajemen Risiko Keamanan Informasi Menggunakan Framework NIST SP 800-30 Revisi 1 (Studi Kasus: STMIK Sumedang),” J. Inform. J. Pengemb. IT, vol. 2, no. 2, pp. 1–8, 2020.
A. G. R. Padang, A. Ambarwati, and E. Setiawan, “Penilaian Manajemen Risiko TI Menggunakan Quantitative dan Qualitative Risk Analysis,” Sist. J. Sist. Inf., vol. 10, no. 3, pp. 527–537, 2021.
M. A. Dewi, A. Ambarwati, And C. Darujati, “Analisis Risiko Kuantitatif Aset Ti Pada Blc E-Gov Dinkominfo Surabaya,” In Prosiding Semnas Inotek (Seminar Nasional Inovasi Teknologi), 2018, Vol. 2, No. 1, Pp. 7–12.
K. Ahdieh Sadat, “An enhanced risk identification and assessment model to improve software risk management/Ahdieh Sadat Khatavakhotan.” University of Malaya, 2021.
B. L. Mahersmi, F. A. Muqtadiroh, and B. C. Hidayanto, “Analisis Risiko Keamanan Informasi Dengan Menggunakan Metode Octave Dan Kontrol Iso 27001 Pada Dishubkominfo Kabupaten Tulungagung,” SESINDO 2020, vol. 2020, 2020.
A. Asrofi and D. S. Hadmoko, “Strategi Adaptasi Masyarakat Pesisir Dalam Penanganan Bencana Banjir Rob Dan Implikasinya Terhadap Ketahanan Wilayah (Studi Di Desa Bedono Kecamatan Sayung Kabupaten Demak Jawa Tengah),” J. Ketahanan Nas., vol. 23, no. 2, pp. 125–144, 2019.
