Hasil Pencarian  ::  Simpan CSV :: Kembali

"The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader’s own organization."

"This comprehensive book instructs IT managers to adhere to federally mandated compliance requirements. FISMA compliance handbook, explains what the requirements are for FISMA compliance and why FISMA compliance is mandated by federal law. The evolution of certification and accreditation is discussed.This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment.Various topics discussed in this book include the NIST risk management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an authority to operate for an information system and what actions to take in regards to vulnerabilities and audit findings.FISMA Compliance Handbook Second Edition, also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government?s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services."

"Kajian ini bertujuan untuk melihat kesiapan penerapan Tata Kelola Keamanan Informasi pada instansi pemerintah baik tingkat kementerian atau daerah dalam rangka implementasi e-govrnment. Analisa dalam kajian ini dilakukan dengan memetakan aspek keamanan informasi terhadap indeks pemeringkatan e-Government Indonesia. Hasil dari Studi ini menyimpulkan bahwa dengan menggunakan kerangka kerja aspek pada indeks keamanan informasi yang dipetakan terhadap indeks pemeringkatan e-Government Indonesia sangat membantu untuk melihat kondisi kesiapan keamanan informasi pada instansi pemerintah."

"Pusat Pelaporan dan Analisis Transaksi Keuangan (PPATK) adalah lembaga pemerintahan Indonesia yang memiliki peran penting dalam melawan tindak pidana pencucian uang dan pendanaan terorisme. Keamanan data di PPATK sangat penting mengingat lebih dari 16 juta laporan transaksi keuangan dan kontribusi dari 37.228 pihak pelapor yang diterima dan perlu dikelola. Meskipun informasi khusus mengenai serangan di PPATK tidak tersedia, namun penting untuk menetapkan regulasi keamanan di lembaga tersebut. Badan Siber dan Sandi Negara (BSSN) telah menetapkan peraturan untuk memastikan keamanan informasi, termasuk Peraturan BSSN Nomor 4 tahun 2021 yang telah dipatuhi oleh PPATK. Penelitian ini dilakukan untuk menganalisis dan mengevaluasi tingkat kepatuhan PPATK terhadap regulasi tersebut dengan menggabungkan pendekatan kuantitatif dan kualitatif. Hasil penelitian menunjukkan tingkat kepatuhan tinggi sekitar 94.7% dengan evaluasi pada 12 fungsi keamanan informasi yang secara keseluruhan baik, namun beberapa fungsi memerlukan perbaikan. Metode penelitian menggunakan skala penilaian dari NIST CRS (Cyber Risk Scoring) dan USG (Urgency, Seriousness, Growth) dengan tujuan memberikan rekomendasi konstruktif untuk meningkatkan Sistem Manajemen Keamanan Informasi (SMKI) di PPATK.

---

The Financial Transaction Reports and Analysis Center (PPATK) is an Indonesian government institution that has an important role in fighting money laundering and terrorism financing. Data security at PPATK is very important considering that there are more than 16 million financial transaction reports and contributions from 37,228 reporters that need to be managed. Although specific information regarding the attack in PPATK is not available, it is important to establish security regulations at the institution. The National Cyber and Crypto Agency (BSSN) has made regulations to ensure information security remains safe, including BSSN Regulation Number 4 of 2021 which has been complied with by PPATK. This research was conducted to analyze and evaluate how well PPATK complies with these regulations, by combining quantitative and qualitative approaches. The research results show that information security systems in PPATK is running very well with a high level of around 94.7%, with an overall good evaluation of 12 information security functions, but there are several functions that require improvement. The research method uses assessment scales from NIST CRS (Cyber Risk Scoring) and USG (Urgency, Seriousness, Growth) with the aim of providing constructive recommendations for improving the Information Security Management System (SMKI) at PPATK."

"Ditjen. Imigrasi sebagai pelaksana tugas dan fungsi Kementerian Hukum dan HAM RI di bidang keimigrasian telah memanfaatkan SI/TI yang mengintegrasikan seluruh fungsi keimigrasian baik di dalam maupun luar negeri, yaitu dengan Sistem Informasi Manajemen Keimigrasian (SIMKIM). Lingkup SIMKIM yang meliputi hampir seluruh aspek layanan keimigrasian menyebabkan ketersediaan layanan SIMKIM menjadi sangat penting. Tidak tersedianya layanan SIMKIM menyebabkan proses pelayanan keimigrasian menjadi tidak berjalan. Terjadinya insiden terkait keamanan informasi dalam organisasi serta maraknya kasus serangan siber di instansi pemerintah Indonesia, menuntut kepastian pengamanan SIMKIM untuk melindungi data krusial yang dimiliki. Tingginya ketergantungan Imigrasi terhadap SIMKIM dan dalam rangka menjaga kredibilitas instansi, dibutuhkan suatu perencanaan manajemen risiko keamanan informasi untuk menjamin kerahasiaan, integritas, dan ketersediaan layanan SIMKIM. Dalam menyusun perencanaan manajemen risiko keamanan informasi SIMKIM, penelitian dilakukan dengan menggunakan kerangka kerja ISO/IEC 27005:2018 sebagai kerangka kerja utama dalam proses manajemen risiko, NIST SP 800-30 Rev. 1 sebagai panduan pelaksanaan aktivitas penilaian risiko, dan NIST SP 800-53 Rev. 5 sebagai acuan penentuan rekomendasi. Dari penilaian risiko, diidentifikasi 23 skenario risiko yang perlu dimitigasi oleh organisasi dan 5 skenario risiko yang dapat dialihkan ke pihak ketiga. Penelitian ini menghasilkan dokumen rancangan manajemen risiko keamanan informasi SIMKIM.

---

The Directorate General of Immigration as the executor of the duties and functions of the Ministry of Law and Human Rights of Republic of Indonesia in the Immigration sector has utilized IS/IT that integrates all immigration functions both at inside and outside territory of Indonesia, namely the Sistem Informasi Manajemen Keimigrasian (SIMKIM). The scope of SIMKIM which covers almost all aspects of immigration services makes the availability of SIMKIM services very important. The unavailability of SIMKIM services causes the immigration service process to not work. The occurrence of incidents related to information security within the organization as well as the rise of cases of cyber attacks in Indonesian government agencies, demands the certainty of SIMKIM security to protect the crucial data held. Immigration's high dependence on SIMKIM and to maintain the credibility of the agency, an information security risk management plan is needed to ensure the confidentiality, integrity, and availability of SIMKIM services. In preparing the information security risk management plan for SIMKIM, the research uses the ISO/IEC 27005 framework as the main framework in the risk management process, NIST SP 800-30 Rev. 1 as a guide for the implementation of risk assessment activities, and NIST SP 800-53 Rev. 5 as a reference for determining recommendations. From the risk assessment, 23 risk scenarios were identified that need to be mitigated by the organization and 5 risk scenarios that can be transferred to third parties. This research produces a SIMKIM information security risk management design document.

"