Designing Information Security Risk Management on Bali Regional Police Command Center Based on ISO 27005
I Made Martadi Putra, Kusprasapta Mutijarsa
Abstract
The application of information technology in government agencies is in line with Indonesian Presidential Regulation 95/2018 concerning Electronic-Based Government Systems (EBGS). Information in the digital form generated from the application of EBGS is a precious asset that must be protected from risk. This makes an organization need information security risk management (ISRM) to control the risk. This study aims to design ISRM in a government agency as a non-profit organization, especially in a Police Command Center. The design is carried out by integrating two standards to manage information security risks. ISO 27005: 2018, which can be applied to government organizations and non-profit organizations, is used as a base of information security management, and NIST SP 800-30 revision 1 standard is used as a method in conducting information risk assessments. From this research, an information security risk management's design is produced, and the results of risk identification and recommendations for handling it. ISO 27002 is used as reference for control recommendation. The validation results concluded that the ISRM design results equipped with policy for the Indonesian national Police Command Center have been able to meet organizational needs in identifying and managing risks in carrying out operational tasks.