Analisis dan Manajemen Risiko Keamanan Aset Teknologi Informasi Menggunakan Metode OCTAVE dan FMEA Berbasis ISO 27001:2022

Studi Kasus : Perusahaan XYZ

Authors

  • Ajeng Wahyuningtyas Universitas Udayana
  • Ni Made Ika Marini Mandenni Universitas Udayana
  • Muhammad Alam Pasirulloh Universitas Udayana

DOI:

https://doi.org/10.61132/neptunus.v3i2.796

Keywords:

Information-Technology, Information-Security, Risk-Management, OCTAVE, FMEA

Abstract

The advancement of information technology has driven companies to adopt technology-based systems to enhance operational efficiency while also increasing the complexity of information security risks. This study aims to analyse risk factors associated with information security assets, identify potential threats, assess risks, and provide mitigation recommendations. The OCTAVE method was applied to identify threats, vulnerabilities, and critical information technology assets, while FMEA was used to determine risk mitigation priorities based on the Risk Priority Number (RPN). The mitigation recommendations were developed in accordance with ISO 27001:2022 standards. Data collection was conducted through interviews with XYZ company representatives, identifying 34 information security asset risks, including 6 hardware failure potentials, 6 software failure potentials, 14 data failure potentials, 4 human resource failure potentials, and 4 network failure potentials. The risk categorisation results revealed 5 high-level risks, 6 moderate-level risks, 20 low-level risks, and 3 very low-level risks. The mitigation recommendations include three ISO/IEC 27001:2022 clauses: Human Resource Controls, Physical Controls, and Information Technology Controls.

References

Anshori, F. A., Suprapto, S., & Perdanakusuma, A. R. (2019). Perencanaan Keamanan Informasi Berdasarkan Analisis Risiko Teknologi Informasi Menggunakan Metode OCTAVE dan ISO 27001 (Studi Kasus Bidang IT Kepolisian Daerah Banten). Jurnal Pengembangan Teknologi Informasi Dan Ilmu Komputer, 3(2), 1701–1707. https://j- ptiik.ub.ac.id/index.php/j-ptiik/article/view/4551

Fadilla, I., Sartika, N., & Bisma, R. (2021). Perancangan Sistem Informasi Manajemen Risiko berdasarkan ISO 27001 : 2013 (Sistem Manajemen Keamanan Informasi). 02(03), 81–86.

Handayani, N. U., Wibowo, M. A., Sari, D. P., Satria, Y., & Gifari, A. R. (2018). Penilaian Risiko Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Metode Failure Mode Effect And Analysis Berbasis Framework ISO 27001. TEKNIK, 39(2), 78–85. https://doi.org/10.14710/TEKNIK.V39I2.15918

hanifah, P. (puja), & Suroso, J. S. (Jarot). (2020). Analisis Risiko Sistem Informasi pada RSIA Eria Bunda Menggunakan Metode FMEA. Jurnal Komputer Terapan, 6(2), 210–221. https://doi.org/10.35143/JKT.V6I2.3728

Islam, U., Ampel, N. S., Surabaya, S., & Timur, J. (2021). Pengukuran Risiko Keamanan Aset TI Menggunakan Metode FMEA dan Standar ISO/IEC 27001:2013. Technomedia Journal, 5(2 Februari), 167–181. https://doi.org/10.33050/TMJ.V5I2.1377

Mutiah, N., Rusi, I., Sistem Informasi, J., & MIPA UniversitasTanjungpura Jalan Hadari Nawawi, F. H. (2022). Analisis dan Manajemen Risiko Keamanan Informasi Menggunakan Metode Failure Mode And Effects Analysis (FMEA) Dan Kontrol ISO/IEC 27001:2013 (Studi Kasus : Dinas Komunikasi dan Informatika Kabupaten Sambas). Coding Jurnal Komputer Dan Aplikasi, 10(02), 249–261. https://doi.org/10.26418/CODING.V10I02.55082

Pakarbudi, A., Piay, D. T., Nurmadewi, D., & Rachman, A. (2023). Analisa Efektivitas Metode Octave Allegro dan Fmea Dalam Penilaian Risiko Aset Informasi Pada Institusi Pendidikan Tinggi. JURIKOM (Jurnal Riset Komputer), 10(2), 488–496. https://doi.org/10.30865/JURIKOM.V10I2.5950

Puspita Ningsih, K., Tunnisa, U., Erviana, N., Rekam Medis dan Informasi Kesehatan, P., Jenderal Ahmad Yani, U., Jl Brawijaya, I., Barat, R., & Korespondensi, I. (2020). Manajemen Resiko Redesign Sistem Penjajaran Rekam Medis dengan Metode Failure Mode and Effect Analysis (FMEA). Indonesian of Health Information Management Journal (INOHIM), 8(1), 08–20. https://doi.org/10.47007/INOHIM.V8I1.204

Rohman, A. F., Ambarwati, A., & Setiawan, E. (2020). Analisis Manajemen Risiko IT dan Keamanan Aset Menggunakan Metode Octave-S. INTECOMS: Journal of Information Technology and Computer Science, 3(2), 298–310. https://doi.org/10.31539/INTECOMS.V3I2.1854

Rosmiati, I., & Kuraesin, A. D. (2021). Pengaruh Struktur Organisasi Terhadap Kualitas Sistem Informasi Akuntansi Pada Pt. Kunci Inti Transindo Jakarta. Jurnal Ilmiah Akuntansi Kesatuan, 9(2), 389–398. https://doi.org/10.37641/jiakes.v9i2.875

Setia, H. A., Safitri, E. M., Putri, V. R., & Wibowo, C. P. (2023). Analisis Keamanan Website Dinas Perhubungan Provinsi Jawa Timur Menggunakan Metode Octave Allegro dan FMEA. Prosiding

Surya, M., Setiawan, A., Safitri, E. M., Asyam, M., Taufiqurahman, T., & Pratama, M. A. (2023). Analisis Manajemen Risiko Keamanan Sistem Informasi Rocketic.id menggunakan Metode OCTAVE dan FMEA. JUSTIN (Jurnal Sistem Dan Teknologi Informasi), 11(3), 504–514. https://doi.org/10.26418/JUSTIN.V11I3.66628

Downloads

Published

2025-05-28

How to Cite

Ajeng Wahyuningtyas, Ni Made Ika Marini Mandenni, & Muhammad Alam Pasirulloh. (2025). Analisis dan Manajemen Risiko Keamanan Aset Teknologi Informasi Menggunakan Metode OCTAVE dan FMEA Berbasis ISO 27001:2022: Studi Kasus : Perusahaan XYZ. Neptunus: Jurnal Ilmu Komputer Dan Teknologi Informasi, 3(2), 65–76. https://doi.org/10.61132/neptunus.v3i2.796

Issue

Vol. 3 No. 2 (2025): Mei : Neptunus : Jurnal Ilmu Komputer Dan Teknologi Informasi

Section

Articles

License

Copyright (c) 2025 Neptunus: Jurnal Ilmu Komputer Dan Teknologi Informasi

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.