Hasil Pencarian  ::  Simpan CSV :: Kembali

"Teknologi Informasi harus ditata dan dikelola dengan baik sehingga dapat menghasilkan manfaat berupa keuntungan perusahaan. Namun pada kenyataannya penatakelolaan TI Perum BULOG saat ini masih belum memenuhi target perusahaan yang ditetapkan oleh Kementerian BUMN sebagai pemangku kepentingan. Penelitian ini bertujuan untuk melakukan evaluasi terhadap tata kelola TI yang dijalankan di Perum BULOG. Evaluasi tersebut menggunakan kerangka kerja COBIT 2019 sesuai arahan pemangku kepentingan. Penelitian menggunakan pendekatan kuantitatif dan kualitatif dengan metode kuesioner dan wawancara. Data primer diperoleh dari 12 responden di Divisi Teknologi Informasi Perum BULOG. Hasil penelitian menunjukkan terdapat 17 dari total 24 area proses tata kelola TI yang dijalankan dengan optimal dan memenuhi target stakeholder yaitu tingkat kapabilitas TI di level 3 (Established). Terdapat 7 area proses yang memerlukan perbaikan karena masih belum optimal dalam memenuhi target stakeholder atau masih mencapai tingkat kapabilitas TI di level 2 (Managed). Ketujuh area proses tersebut adalah Ensured Resource Optimization, Managed Enterprise Architecture, Managed Requirement Definition, Managed Solutions Identification and Build, Managed Knowledge, Managed Configuration dan Managed Continuity. Hasil evaluasi dan rekomendasi sangat penting untuk mengoptimalkan Tata Kelola TI di Perum BULOG, memungkinkan perusahaan memenuhi ekspektasi pemangku kepentingan dan memberikan nilai tambah serta manfaat bagi perusahaan. Manfaat penelitian ini bagi akademis dapat memberikan perspektif terhadap tata kelola TI menggunakan kerangka kerja COBIT 2019. Bagi praktisi dan perusahaan juga dapat mendapatkan manfaat dari penelitian ini dengan menggunakan rekomendasi yang dihasilkan melalui penelitian ini terhadap perbaikan tata kelola TI. Penelitian selanjutnya dapat mengintegrasikan kerangka kerja lain untuk peningkatan nilai dan kualitas tata kelola TI, misalnya mengadopsi standar layanan internasional seperti ISO/IEC 20000 atau juga meningkatkan perspektif keamanan dengan menggunakan standar ISO/IEC 27001.

---

Well-managed IT can generate benefits in terms of corporate profits. However, in reality, current IT management of Perum BULOG still falls short of the targets set by the Ministry of State-Owned Enterprises as stakeholders. This research aims to evaluate the IT Capabilities implemented in Perum BULOG. The evaluation will utilize the COBIT 2019 frameworks as guided by stakeholders. The research employed a mixed-methods approach, utilizing both quantitative and qualitative methods through the use of questionnaires and interviews. Primary data were obtained from 12 respondents in the Information Technology Division of Perum BULOG. The research findings indicate the presence of 17 IT governance processes out of a total of 24 processes that are optimally executed, thus meeting the stakeholder's target of achieving IT capability at level 3 (Established). Seven processes require improvement to meet stakeholder targets as they are currently suboptimal, resulting in an attainment of IT capability at level 2 (Managed). These seven processes are Ensured Resource Optimization, Managed Enterprise Architecture, Managed Requirement Definition, Managed Solutions Identification and Build, Managed Knowledge, Managed Configuration dan Managed Continuity. The evaluation results and recommendations are crucial for optimizing IT Governance in Perum BULOG, enabling it to meet stakeholder expectations and deliver added value and benefits to the company. The benefits of this research for academia are to provide a perspective on IT Governance by utilizing the COBIT 2019 frameworks. For practitioners and companies, they can also benefit from this research by implementing the recommendations generated through this study to improve IT Governance. Future research can integrate other frameworks to enhance the value and quality of IT Governance, such as adopting international service standards like ISO/IEC 20000 or expanding the security perspective by incorporating ISO/IEC 27001 standards."

"Dalam keamanan informasi, aspek paling kompleks seperti sosioteknis dan faktor manusia, masih menjadi “rantai terlemah” dan paling sulit dipahami dalam menciptakan lingkungan digital yang aman. Sehingga, evaluasi kesadaran keamanan perlu dilakukan berkala untuk memastikan bahwa seluruh anggota Settama Badan XYZ, yang setiap harinya memiliki tugas dan tanggung jawab terhadap pengelolaan data strategis organisasi, dapat memahami risiko keamanan hingga konsekuensi dari perilaku/tindakan yang dilakukan di pekerjaan. Tujuan penelitian ini adalah untuk mengevaluasi kesadaran keamanan informasi personel Settama Badan XYZ. Penelitian dilakukan dengan pendekatan kuantitatif melalui kuesioner dan eksperimen melalui simulasi phishing. Kuesioner yang digunakan mengadopsi framework Knowledge, Attitude, dan Behavior (KAB), yang dikombinasikan dengan Human Aspects of Information Security Questionnaire (HAIS-Q), Indeks KAMI, dan masukan pakar dengan total 81 pertanyaan. Sedangkan untuk pendekatan eksperimen menggunakan framework dan simulator Gophish. Sampel penelitian adalah pegawai Settama Badan XYZ yang dipilih secara acak, dengan jumlah 200 orang untuk pengisian kuesioner dan 100 orang untuk simulasi phishing. Sebelum dilakukan perhitungan skor akhir, dilakukan kalkulasi pembobotan prioritas dengan pendekatan analytic hierarchy process (AHP), untuk setiap fokus dan subfokus area yang diteliti. Skor akhir kesadaran keamanan informasi pegawai Sekretariat Utama adalah 83,74%, dan dapat dikategorikan baik berdasarkan skala Kruger. Namun, masih terdapat dua fokus area yang berada dalam kategori menengah, yaitu penggunaan internet (77,73%) dan komputasi seluler (76,21%), serta satu subfokus area yaitu mengklik tautan e-mail dari pengirim yang dikenal (62,04%). Di sisi lain, hasil simulasi phishing menunjukkan success rate yang cukup tinggi untuk kedua skenario simulasi. Pada skenario simulasi pertama, diantara 30 pegawai yang membuka e-mail, 100% pegawai (30 orang) mengklik link umpan ke landing page decoy, dan 80% pegawai (24 orang) mengisikan kredensial mereka disana. Sedangkan pada skenario kedua, masih ditemukan 95,5% pegawai (21 orang) diantara 22 pegawai yang membuka e-mail, mengklik link umpan ke landing page decoy, dan 45,5% pegawai (10 orang) memasukkan kredensial mereka. Perbedaan pada hasil kuesioner dan hasil simulasi menunjukkan bahwa masih terdapat gap antara pengetahuan, sikap, dan perilaku pegawai Settama Badan XYZ. Terlihat bahwa pegawai sebenarnya telah memiliki pondasi pengetahuan dan pemahaman yang baik terkait cybersecurity/information security awareness, namun belum benar-benar termanifestasi dalam bentuk tindakan/perilaku saat di pekerjaan.

---

In information security, the most complex aspects, such as sociotechnical and human factors, are still the “weakest link” and most difficult to understand when creating a secure digital environment. Thus, security awareness evaluations need to be carried out periodically to ensure that all personnels of the Principal Secretariat of XYZ Agency, who have duties and responsibilities for managing the organization's strategic data every day, could understand security risks and the consequences of behavior/actions established inherently at work. Therefore, the purpose of this research is to evaluate the information security awareness of The Principal Secretariat’s personnel. The study was carried out using a quantitative and experimental-based approach through questionnaires and phishing simulations, respectively. Our questionnaire used the Knowledge, Attitude and Behavior (KAB) framework, which was then combined with the Human Aspects of Information Security Questionnaire (HAIS-Q), the KAMI Index, and expert’s input with a total of 81 questions. At the same time, the experimental approach used the open-source Gophish framework and simulator. The research sample was XYZ agency’s Principal Secretariat employees who were randomly selected, with 200 personnels to fill out the questionnaire and 100 personnels for the phishing simulation. Before calculating the final score, priority weighting calculations were first carried out using the analytic hierarchy process (AHP) approach, for each focus and sub-focus area used in this study. The final score for information security awareness of Principal Secretariat’s employees is then calculated using a simple scorecard method, resulted in 83.74%, thus can be categorized as good based on the Kruger scale. However, there are still two focus areas classified in the middle category, namely internet use (77.73%) and mobile computing (76.21%), as well as one sub-focus area, namely clicking on e-mail links from known senders (62, 04%). On the other hand, the phishing simulation results show a fairly high success rate for both scenarios. In the first simulation scenario, among 30 employees who opened e-mail, 100% of employees (30 personnels) clicked on the false link to the decoy landing page, and 80% of employees (24 personnels) actually filled in their credentials. Meanwhile, in the second scenario, it was still found that 95.5% of employees (21 personnels) among 22 employees who opened the e-mail, clicked on the fake link to the decoy landing page, and 45.5% of employees (10 personnels) still entered their credentials. The difference between the results of the questionnaire and the simulation shows that there is still a gap between the knowledge, attitudes and actual behavior of XYZ agency’s Principal Secretariat employees. It is shown that employees can in fact, have sufficient amount of knowledge and understanding regarding cybersecurity/information security awareness, but at the same time, couldn’t apply those knowledge in the form of actions during work."