The Implementation of Personal Data Protection Law on Information System Security Risks Using OCTAVE-S

Gita Nurul Aini; Muhammad Jazman; Angraini; Mona Fronita

doi:10.30865/klik.v3i6.848

Authors

Gita Nurul Aini Universitas Islam Negeri Sultan Syarif Kasim, Pekanbaru, Indonesia
Muhammad Jazman Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
Angraini Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia
Mona Fronita Universitas Islam Negeri Sultan Syarif Kasim Riau, Pekanbaru, Indonesia

DOI:

https://doi.org/10.30865/klik.v3i6.848

Keywords:

Hitmi System; Information Technology Assets; OCTAVE-S; Personal Data Protection Act; Risk Assessment; Risk Mitigation

Abstract

This research focuses on the risk assessment and mitigation of the Hitmi system, an information system used by PT Perkebunan Nusantara (PTPN V) for calculating employee premiums. The study aims to identify and evaluate the risks associated with the system's information technology assets and provide risk mitigation recommendations in accordance with information security practices and the Personal Data Protection Act. The research methodology includes several stages: Planning, Data Collection, Analysis and Data Processing, and Final Phase. In the Planning Stage, the problem is identified through observations and interviews, and the research purpose is defined. The Data Collection Phase involves literature studies, observations, interviews, and the use of OCTAVE-S sheets to collect relevant data. The Analysis and Data Processing stage focuses on analyzing the collected data and processing it for conclusions and problem resolution. The OCTAVE-S framework is used to identify assets, vulnerabilities, and develop security strategies and plans. The results and discussion section presents the mapping of the OCTAVE-S analysis with the Personal Data Protection Act, identifying organizational information, and assessing organizational security practices. The risk impact assessment criteria are used to evaluate the risks, and the assets of the organization are identified. The assessment of security practices reveals areas of improvement and areas where good security practices are already implemented. Based on the findings, recommendations for risk mitigation are provided. These recommendations include security awareness and training programs for employees, improved resource allocation for security activities, regular updates to security policies, and the implementation of access control measures, incident management procedures, and encryption techniques.This research contributes to enhancing information security practices and reducing risks associated with the Hitmi system at PTPN V. The findings can guide the organization in implementing effective security controls, complying with the Personal Data Protection Act, and ensuring the confidentiality, integrity, and availability of sensitive data.

Downloads

Download data is not yet available.

References

and security,” Information Processing & Management, vol. 58, no. 1, p. 102397, 2021.

W. J. Gordon and C. Catalini, “Blockchain Technology for Healthcare: Facilitating the Transition to Patient-Driven Interoperability,” Computational and Structural Biotechnology Journal, vol. 16, pp. 224–230, 2018, doi: 10.1016/j.csbj.2018.06.003.

S. Otoum, B. Kantarci, and H. Mouftah, “Empowering Reinforcement Learning on Big Sensed Data for Intrusion Detection,” in ICC 2019 - 2019 IEEE International Conference on Communications (ICC), Shanghai, China: IEEE, May 2019, pp. 1–7. doi: 10.1109/ICC.2019.8761575.

I. Setiawan, A. R. Sekarini, R. Waluyo, and F. N. Afiana, “Manajemen Risiko Sistem Informasi Menggunakan ISO 31000 dan Standar Pengendalian ISO/EIC 27001 di Tripio Purwokerto,” MATRIK: Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, vol. 20, no. 2, pp. 389–396, 2021.

D. Susanto, “URGENSI PENGATURAN DATA DIGITAL/ELEKTRONIK PRIBADI,” Bureaucracy Journal: Indonesia Journal of Law and Social-Political Governance, vol. 2, no. 3, pp. 1140–1148, 2022.

UU No. 27 Tahun 2022. Accessed: Nov. 24, 2022. [Online]. Available: https://peraturan.bpk.go.id/Home/Details/229798/uu-no-27-tahun-2022

W. He, Z. J. Zhang, and W. Li, “Information technology solutions, challenges, and suggestions for tackling the COVID-19 pandemic,” International journal of information management, vol. 57, p. 102287, 2021.

J. Hom, B. Anong, K. B. Rii, L. K. Choi, and K. Zelina, “The Octave Allegro Method in Risk Management Assessment of Educational Institutions,” Aptisi Transactions on Technopreneurship (ATT), vol. 2, no. 2, pp. 167–179, 2020.

G. Stoneburner, A. Goguen, and A. Feringa, “Risk management guide for information technology systems,” Nist special publication, vol. 800, no. 30, pp. 800–30, 2002.

R. L. Krutz and R. D. Vines, The CISSP prep guide: mastering the ten domains of computer security. New York: Wiley, 2001.

R. Rosmala, “Fungsi komunikasi korporat Humas PT. Perkebunan Nusantara V Pekanbaru,” PRofesi Humas, vol. 5, no. 2, pp. 143–164, 2021.

C. Alberts, A. Dorofee, J. Stevens, and C. Woody, “Introduction to the OCTAVE Approach,” Carnegie-Mellon Univ Pittsburgh Pa Software Engineering Inst, 2003.

J. S. Suroso and M. A. Fakhrozi, “Assessment of information system risk management with octave allegro at education institution,” Procedia Computer Science, vol. 135, pp. 202–213, 2018.

R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson, “Introducing octave allegro: Improving the information security risk assessment process,” Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst, 2007.

C. Woody, J. Coleman, M. Fancher, C. Myers, and L. Young, “Applying OCTAVE: Practitioners Report,” CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST, 2006.

C. Alberts, A. Dorofee, J. Stevens, and C. Woody, “OCTAVE-S implementation guide, Version 1.0,” Manuel électronique. Pittsburg, PA,: Software Engineering Institute, Carbegie Mellon university, 2005.

J. P. SARI, “ANALISIS RESIKO KEAMANAN SISTEM E-PROCUREMENT MENGGUNAKAN METODE OCTAVE-S (Studi Kasus: Unit Layanan Pengadaan Provinsi Riau),” skripsi, Universitas Islam Negeri Sultan Syarif Kasim Riau, 2018. doi: 10/10.%20BAB%20V_2018267SIF.pdf.

F. A. Anshori and A. R. P. Suprapto, “Perencanaan Keamanan Informasi Berdasarkan Analisis Risiko Teknologi Informasi Menggunakan Metode OCTAVE dan ISO 27001 (Studi Kasus Bidang IT Kepolisian Daerah Banten),” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer e-ISSN, vol. 2548, p. 964X, 2019.

A. F. Rohman, A. Ambarwati, and E. Setiawan, “Analisis Manajemen Risiko IT dan Keamanan Aset Menggunakan Metode Octave-S,” INTECOMS: Journal of Information Technology and Computer Science, vol. 3, no. 2, pp. 298–310, 2020.

R. J. Gagas, I. Syah, and F. Febryanto, “ANALISIS, EVALUASI, DAN MITIGASI RISIKO ASET TEKNOLOGI INFORMASI MENGGUNAKAN FRAMEWORK OCTAVE DAN FMEA (STUDI KASUS: UNIT PENGELOLA TEKNIS TEKNOLOGI INFORMASI DAN KOMUNIKASI UNIVERSITAS XYZ),” Jurnal Khatulistiwa Informatika, vol. 9, no. 2, 2021.

M. Megawati and M. L. Hamzah, “Analisis Manajemen Risiko Keamanan Sistem BMKGSoft Menggunakan Metode OCTAVE-S,” Jurnal Ilmiah Rekayasa dan Manajemen Sistem Informasi, vol. 8, no. 1, pp. 62–67.

LintangSetianti, “Urgensi Regulasi Perlindungan Data Pribadi di Indonesia - Analisis - www.indonesiana.id,” https://www.indonesiana.id/profil/read/68772/urgensi-regulasi-perlindungan-data-pribadi-di-indonesia, Apr. 27, 2019. https://www.indonesiana.id/read/68772/urgensi-regulasi-perlindungan-data-pribadi-di-indonesia (accessed Nov. 24, 2022).

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel The Implementation of Personal Data Protection Law on Information System Security Risks Using OCTAVE-S