Analisis Disaster Recovery Plan Keamanan Data dan Informasi Menggunakan NIST Framework (Studi Kasus: Biro Teknologi Informasi Yayasan Pendidikan Internal Audit)
Keywords:
Plan, Disaster Recovery, Data Security, NIST FrameworkAbstract
Disasters are unexpected and potentially significant risks to the continuity of company and organization operations, especially those related to information systems and information technology (IS/IT). The Internal Audit Education Foundation (YPIA) in handling disasters related to data and information security often faces obstacles that cause problems that become more widespread in the future. Therefore, a disaster recovery plan (DRP) becomes an urgent need. The purpose of this study is to evaluate resilience to disasters and data and information security attacks, and to ensure better business continuity in the face of emergency situations. Researchers use the National Institute of Standards and Technology (NIST) Framework in conducting a DRP analysis of security and data. The study begins by identifying and evaluating risks, conducting risk assessments, conducting Business Impact Analysis (BIA) determining preventive controls, and formulating contingency strategies. This study produces priority handling of high maturity risks in data damage, with an initial risk value of 3.8 and an impact of 4.4. After the control was carried out, there was a residual risk with a risk value of 1.6 and an impact of 3, with a very low maturity level and a residual value of 13.5 (80%). The reduction in the risk of data damage was significant with a very low residual value, indicating that the implementation of DRP using the NIST Framework in risk mitigation on critical assets of the Internal Audit Education Foundation was quite effective.
References
[1] H. G. Afiansyah, S. U. Sunaringtyas, and A. Amiruddin, “Perancangan Rencana Pemulihan Bencana Menggunakan NIST SP 800-34 REV 1, NIST SP 800-53 REV 5 DAN SNI 8799 (Studi Kasus: UNIT TI XYZ),” Jurnal Teknologi Informasi dan Ilmu Komputer (JTIIK), vol. 10, no. DRP, pp. 329–338, Apr. 2023, doi: 10.25126/jtiik.20231026507.
[2] D. Amanda, N. Mutiah, and S. Rahmayudha, “Analisis Tingkat Kematangan Keamanan Informasi Menggunakan NIST Cybersecurity Framework dan CMMI,” 2023. doi: 10.26418/coding.v11i2.65088.
[3] Zulkarnain, “Analisa Penerapan Disaster Recovery Plan Pada Data Center Perusahaan,” CBIS Journal, vol. 10, no. DRP, pp. 1–6, 2022, doi: 10.33884/cbis.v10i2.5774.
[4] R. Von Solms and J. Van Niekerk, “From Information Security to Cyber Security,” Comput Secur, vol. 38, pp. 97–102, 2013, doi: 10.1016/j.cose.2013.04.004.
[5] Muhaemin, “Mengembangkan Busines Continuity Planning (BCP)dengan Pendekatan Kuantitatif Studi Kasus: SIAK –DITJEN ADMINDUK KEMENDAGRI,” Jurnal Sistem Informasi, Teknologi Informatika dan Komputer, vol. 9, no. BCP, DRP, SIAK, pp. 1–11, 2018, doi: 10.24853/justit.9.1.1-11.
[6] NIST, “https://www.nist.gov/cyberframework,” cyberframework@nist.gov.
[7] Unitrends, “What is a Business Continuity plan and how can it improve business resilience?,” Unitrends. Accessed: Sep. 20, 2023. [Online]. Available: https://www-unitrends-com.translate.goog/blog/business-continuity-plan?_x_tr_sl=en&_x_tr_tl=id&_x_tr_hl=id&_x_tr_pto=tc
[8] N. at al Musyaffa, “Disaster Recovery Plan Jaringan dengan Sistem Backup Otomatis Mikrotik Menggunakan Metode File Transfer Protocol (FTP) pada Jaringan WAN PT. INDOTRANS DATA,” Jurnal Khatulistiwa Informatika, vol. VIII, no. DRP, pp. 1–7, 2020, doi: 10.31294/jki.v8i1.7724.
[9] A. A. Kuncoro, “Prinsip Dasar Keamanan Informasi Dalam Jaringan Komputer,” https://teknik-informatika-s1.stekom.ac.id/informasi/baca/Prinsip-Dasar-Keamanan-Informasi-dalam-Jaringan-Komputer/d8584ee4d4e39c8139bdd6b69154fb9f61e7ab6d.
[10] A. Jain, A. Ross, and S. Pankanti, “Biometrics: a tool for information security. IEEE Tran Inform Forensics Secur,” Information Forensics and Security, IEEE Transactions on, vol. 1, pp. 125–143, Jun. 2006, doi: 10.1109/TIFS.2006.873653.
[11] Rubiyanto, Selo, and Widyawan, “Implementasi Role-Based Access Control (RBAC) pada Pemanfaatan Data Kependudukan Ditingkat Kabupaten,” Poster 021, pp. 1–10, 2017, Accessed: Jul. 18, 2024. [Online]. Available: https://api.semanticscholar.org/CorpusID:86815480
[12] NIST, “Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1,” Gaithersburg, MD, Apr. 2018. doi: 10.6028/NIST.CSWP.04162018.
[13] I. G. T. Isa, “Implementasi Pendekatan Kerangka Kerja NIST 800-34 dalam Perancangan Disaster Recovery Plan pada Sistem Informasi Akademik Universitas Muhammadiyah Sukabumi,” Informatika Mulawarman : Jurnal Ilmiah Ilmu Komputer, vol. 15, no. 2, p. 103, Sep. 2020, doi: 10.30872/jim.v15i2.3724.
[14] Moh. S. Arifin et al., Sistem Informasi Manajemen, Maret 2023., vol. Pertama. Padang: PT Global Eksekutif Teknologi, 2023.
[15] A. Oktaviyana, M. B. Aritonang, and E. S. Sembiring, “Analisis dan Pengembangan Sistem Informasi Manajemen,” 2023. doi: 10.31219/osf.io/emw2r.
[16] A. Sadikin and N. Wiranda, “Sistem Informasi Manajemen,” Book, vol. 1, no. SIM, pp. 1–112, Mar. 2022, Accessed: Dec. 15, 2023. [Online]. Available: http://digilib.iain-palangkaraya.ac.id/3890/
[17] Nurhanudin, “Designing a Disaster Recovery Plan using NIST 800-34 Framework on the Information System of the Directorate General of Hajj and Umrah,” 2021. doi: 10.38101/sisfotek.v11i2.391.
[18] I. R. Yunita and N. Syafi’ah, “Pengembangan Disaster Recovery Plan Menghadapi Pandemi,” 2021. doi: 10.51903/jtikp.v12i1.220.
[19] B. F. Aprilla and D. Yulhendra, “Penerapan Metode HIRARC dalam Menganalisis Risiko Bahaya dan Upaya Pengendalian Kecelakaan Kerja di Area Crusher dan Belt Conveyor PT. Semen Padang,” Jurnal Bina Tambang, vol. 8, no. 1, 2023, Accessed: Aug. 07, 2024. [Online]. Available: https://ejournal.unp.ac.id/index.php/mining/article/download/122189/107468
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Faruk Muhamad, Tukiyat, Sajarwo Anggai
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
