Litcius/Paper detail

Designing Information Security Risk Management on Bali Regional Police Command Center Based on ISO 27005

I Made Martadi Putra, Kusprasapta Mutijarsa

202118 citationsDOI

Abstract

The application of information technology in government agencies is in line with Indonesian Presidential Regulation 95/2018 concerning Electronic-Based Government Systems (EBGS). Information in the digital form generated from the application of EBGS is a precious asset that must be protected from risk. This makes an organization need information security risk management (ISRM) to control the risk. This study aims to design ISRM in a government agency as a non-profit organization, especially in a Police Command Center. The design is carried out by integrating two standards to manage information security risks. ISO 27005: 2018, which can be applied to government organizations and non-profit organizations, is used as a base of information security management, and NIST SP 800-30 revision 1 standard is used as a method in conducting information risk assessments. From this research, an information security risk management's design is produced, and the results of risk identification and recommendations for handling it. ISO 27002 is used as reference for control recommendation. The validation results concluded that the ISRM design results equipped with policy for the Indonesian national Police Command Center have been able to meet organizational needs in identifying and managing risks in carrying out operational tasks.

Topics & Concepts

Information securityRisk managementComputer securityAsset (computer security)Information security managementInformation security management systemRisk analysis (engineering)Information systemGovernment (linguistics)Information technologyStandard of Good PracticeBusinessComputer scienceProcess managementKnowledge managementSecurity information and event managementEngineeringSecurity serviceCloud computing securityFinanceCloud computingNetwork security policyElectrical engineeringLinguisticsPhilosophyOperating systemInformation and Cyber SecurityCybercrime and Law Enforcement StudiesDigital and Cyber Forensics