Manajemen Risiko Keamanan Informasi: Studi Kasus Pusat Data Dinas XYZ

Abstract

The increasing number of cyber attacks on government institutions in Indonesia demands assurance of security to protect crucial data. Given the high dependence on data centers and in order to maintain the credibility of these institutions, a comprehensive information security risk management plan is required to ensure the confidentiality, integrity, and availability of data center services. In developing the information security risk management plan for data centers, this research utilizes the ISO/IEC 27005:2018 framework as the primary framework in the risk management process, NIST SP 800-30 Rev. 1 as a guide for conducting risk assessment activities, and CIS CSC as a reference for determining recommendations. From the risk assessment, 47 risks were identified. Out of these 47 risks, 30 require mitigation, while the remaining 17 can be accepted by the organization