Analisa Risiko Kelangsungan Bisnis, Pengawasan dan Evaluasi Teknologi Informasi di PT ABC
Keywords:
Konfusius, Nilai-nilai pendidikan, Pendidikan bahasa Tionghoa, Lembaga Kursus CHHS, Guru pengajar bahasa TionghoaAbstract
PT ABC is a company engaged in the production of reinforced
concrete. In carrying out its business processes, the company is
using the server, network, software, hardware, PC software. With
the disruption of one of these systems, the data processing will be
annoyed at having to manually process data and perform the
input to the database after the system can run normally again.
Looking at the situation and condition of PT ABC, did not rule out
the occurrence of risks such as damage to data integrity and
continuity disruption of business processes.
In this thesis conducted a risk analysis of the IT continuity and
monitoring of PT ABC. Risk analysis using the framework of ISO
31000, for process analysis and its use COBIT 4.1 control
practices, and use risk rating methodology (OWASP) for
calculating the value of risk. There are 7 risks found from analysis. One risk that has high
severity is the company did not have those who has responsibility
to monitor irregularities. Two medium risks are the company did
not have business continuity plan, and also a framework to build
that plan. Four risks with low severity are the company did not
have an offsite backup, did not have a priority plan, no training
for employees to upgrade analysis skills, and never update IT
continuity plan.
References
[1] International Organizasion for Standarization. 2005.
Information technology – Security techniques – Code of
practice for information security management. USA:
International Organizasion for Standarization
[2] International Organizasion for Standarization. 2008. Risk
management - Principles and guidelines on implementation.
Case Postale: International Organizasion for Standarization
[3] International Organizasion for Standarization. 2011. Societal
security - Business continuity management systems. Case
Postale: International Organizasion for Standarization
[4] International Organizasion for Standarization. 2013.
Information technology – Security techniques – Information
security management systems - Requirements. Case Postale:
International Organizasion for Standarization
[5] IT Governance Institute. 2007. CobiT Control Practices:
Guidance to Achieve Control Objectives for Successful IT
Governance, 2nd Edition. Rolling Meadows: IT Governance
Institute
[6] IT Governance Institute. 2007. CobiT 4.1. Rolling Meadows:
IT Governance Institute
[7] The OWASP Risk Rating Methodology. Retrieved May 23,
2014, from
https://www.owasp.org/index.php/OWASP_Risk_Rating_M
ethodology.
[8] Queensland government. Business Continuity Management
Framework. Queensland Government
[9] Wanarta, C. 2013. IT Risk Assessment di PT X. Surabaya:
Universitas Kristen Petra.