Information Security Risk Management Planning of Digital Certificate Management Case Study: Balai Sertifikasi Elektronik

Sensuse, Dana Indra; Syahrizal, Andy; Aditya, Faizan; Nazri, Muhammad

doi:10.1109/icic50835.2020.9288593

Cited by 4 publications

(3 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the fourth stage, the interview results that had been conducted were processed into data that was a risks and findings identification of problems occurring in the SIASAT. The risk was measured based on the generated impact or influence on the likelihood of risk [14]. Thus, based on the findings, recommendations for improvement can be given, and the conclusions from the study results can also be drawn.…”

Section: B Research Stagesmentioning

confidence: 99%

Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

Tanaamah

Indira

2021

IJITEE

View full text Add to dashboard Cite

IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

show abstract

Section: B Research Stagesmentioning

confidence: 99%

Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

Tanaamah

Indira

2021

IJITEE

View full text Add to dashboard Cite

show abstract

“…The National Cyber and Crypto Agency through the ECO manages this task to provide e-certification services in Indonesia. Previous studies on e-certification have focused more on the management and business aspects such as information security risk management planning of digital certificate management (Hermawan, 2019;Sensuse et al, 2020), e-commerce (Setiawan, 2015), and the preparation of Certificate Policy documents and Certification Practice Statements as basic standards in building Indonesia National Public Key Infrastructure (Gandhi et al, 2016).…”

Section: Introductionmentioning

confidence: 99%

Impacts and constraints on implementing e-certification policies in Indonesia

2022

KJSS

View full text Add to dashboard Cite

Electronic certification (e-certification) is an implementation of information technology developed to improve various services, including license issuance, correspondence between agencies, exchange of information, and other public services. In Indonesia, the Electronic Certification Office (ECO) of the National Cyber and Crypto Agency (NCCA) manages e-certification for government agencies. This study aimed to describe the impact and constraints of implementing government policies in e-certification led by ECO. This study adopted the mixed method of qualitative and quantitative approaches. Sources of qualitative data were collected from informants. This study selected the informants based on their relevant knowledge or experience related to the subject. There were six informants from ECO and other offices in NCCA and four informants from other institutions who participated in the interviews. To support qualitative results, quantitative data and information were obtained from other relevant government agencies. The implementation of the e-certification policy has had positive impacts including, the impact on reducing the counterfeiting of information in digital documents, preventing corruption and bureaucratic efficiency. However, the implementation of these policies also had constraints, including limitation of ECO authority in managing the required resources, insufficient human resources, and responsibility overlapping. This study recommends the need for harmonization and synchronization of e-certification policies with other relevant laws and regulations, the need to strengthen organizational capacity, resources, utilize social media for widening the customer base and improve services according to national standards.

show abstract

“…The organization ensures that repeated information security risk assessments will provide consistent, valid and comparable results. ISO 27001 regulates the information security risk management process which includes four stages: Plan, Do, Check, and Act (ISO/IEC 27001 2013) (ISO/IEC 27005 2018).The information security risk management process is based on ISO 27001 and Plan-Do-Check-Act (PDCA) model (Sensuse et al 2020). The following is alignment between information security risk management processes and management systems; (1) The Plan activity process is in line with the context establishment, risk assessment, develop a risk management plan, risk acceptance stages.…”

Section: Introductionmentioning

confidence: 99%

Impact of Implementation of Information Security Risk Management and Security Controls on Cyber Security Maturity (A Case Study at Data Management Applications of XYZ Institute)

Wibowo

Ramli²

2022

J. Sistem Inf. (J. Inf. Sys.)

View full text Add to dashboard Cite

Information security is an important concern for governments and industry due to the increase in cyber attacks during Covid-19. The government is obliged to maintain information security in implementing an Electronic-Based Government System following Presidential Regulation of the Republic of Indonesia Number 95 of 2018. To overcome this problem, the XYZ Institute needs an approach to implementing information security risk management and information security controls. This study aims to risk identification, risk analysis, risk evaluation, risk treatment, risk acceptance, risk control, and analysis of cyber security maturity gaps in the domain of governance, identification, protection, detection, and response. ISO/IEC 27005:2018 as guidance for conducting risk assessments. The code of practice for information security control uses the ISO/IEC 27002:2013 standard and assessing maturity using the cyber security maturity model version 1.10 developed by the National Cyber and Crypto Agency of the Republic of Indonesia. The results show that the cyber maturity value increased from 3.19 to 4.06 after implementing 12 new security controls.

show abstract

Information Security Risk Management Planning of Digital Certificate Management Case Study: Balai Sertifikasi Elektronik

Cited by 4 publications

References 10 publications

Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

Impacts and constraints on implementing e-certification policies in Indonesia

Impact of Implementation of Information Security Risk Management and Security Controls on Cyber Security Maturity (A Case Study at Data Management Applications of XYZ Institute)

Contact Info

Product

Resources

About