The Design of Information Technology Risk Management of The Secretariat of The Cabinet of The Republic of Indonesia

Authors

  • Wahyu Arief Budiman Faculty of Computer Science, Universitas Indonesia
  • Yekti Wirani Faculty of Computer Science, Universitas Indonesia
  • Yudho Giri Sucahyo Faculty of Computer Science, Universitas Indonesia

DOI:

https://doi.org/10.33022/ijcs.v13i4.4171

Keywords:

Risk Management, Information Technology, ISO 31000:2018, ISO/IEC 27005:2022, ISO/IEC 27002:2022

Abstract

The Cabinet Secretariat of the Republic of Indonesia (Setkab) as a government institution that is responsible for managing cabinet management needs to implement information technology risk management effectively. In line with the Regulation of the Minister for Empowerment of State Apparatus and Bureaucratic Reform (PermenPAN RB) number 5 of 2020 concerning Guidelines for Risk Management of Electronic-Based Government Systems (SPBE), it is necessary to have a design for handling information technology risks. However, Setkab has not yet implemented information technology risk management, resulting in information technology-related risks are not being identified. This study aims to develop a design for information technology risk management that is suitable for the needs and context of Setkab. The method used in the study is qualitative, collecting data through interviews, document analysis, and observation of information technology risks in the Setkab environment. Data analysis uses thematic analysis method. In developing the design for information technology risk management for Setkab, ISO 31000:2018 standard will be used as the main framework, then referring to ISO/IEC 27005:2022, as guidelines for risk assessment and risk treatment activities, and ISO/IEC 27002:2022 as the information security control reference. This research found 340 risk scenarios, 93 of which needed to be mitigated and 247 risks were acceptable. This research produced a risk management design using a combination of ISO 31000:2018 as a general guide for the risk management framework, ISO/IEC 27005:2022 for guidelines on the information technology risk management process, and ISO/IEC 27002:2022 for determining recommendations for risk treatment controls that is expected to help Setkab manage information technology risks systematically.

Downloads

Published

25-07-2024