PENILAIAN RESIKO TEKNOIOGI INFORMASI & KEAMANAN SISTEM INFORMASI DENGAN MENGGUNAKAN FRAMEWORK COBIT 4.1 DAN GUIDELINES NIST SP 800-30 ( Studi Kasus : Rumah Sakit Umum Dr Slamet Garut )


Yana aditia gerhana(1*), Erdiansyah Erdiansyah Erdiansyah(2), Undang Syarifudin(3)

(1) Teknik Informatika UIN SGD Bandung, Indonesia
(2) Teknik Mesin Universitas Kebangsaan, Indonesia
(3) Teknik Informatika UIN SGD Bandung, Indonesia
(*) Corresponding Author

Abstract


Every organization have a goal. In the digital era, organization use automated information technology to process their information for better support for their goals, and risk management plays and important role to protect information assets of organization and for that purpose can be accomplished.
An effective risk management process is an important component of the success of information technology security program. The principle objectives of an organization’s risk management should be protect organization and the ability to perform their purpose is not to protect information technology assets only. For this risk management process should not be treated purely as a function but the technique is the basis of the management functions of the organization.

Full Text:

PDF

References


An Introductory Overview of ITIL V3 – The IT Service Management Service.

CISA (Certified Information Systems Auditor) Study Guide, 2008

CEH (Certified Ethical Hacker) Study Guide V.5, 2008.

COBIT 4.1 – IT Governance Implementation Guide.

COBIT - Implementation Set.

COBIT - Security Baseline 2004-Rec.

Computer Security, NIST (National Institute of Standard and Technology) SP 800-30, 2002 – United State Department of Commerce.

Hack Attack Testing – How to Conduct Your Own Security Audit, Jhon Chirillo.

Information Security, NIST (National Institute of Standard and Technology) 2004 – United State Department of Commerce.

Information System Risk Assesment – Practice of Leading Organizations, GAO – US General Accounting Office, 1998.

ISO/IEC 17799 – Information Technology – Security Techniques – Code of practice for Information Security Management, ISO / IEC 2006.

Maximum Security : A Hacker’s Guide to Protecting Your Internet Site and Network.

Technical Guide to Information Security Testing and Assesment, NIST (National Institute of Standard and Technology) 2004 – United State Department of Commerce.

The CISSP Prep Guide – Mastering the Ten Domains of Computer Security, Ronald L Krutz dan Russell Dean Vines -2002.

The Ethical Hack : A Framework for Business Value Penetration Testing, James S Tiller.

The Hacker Handbook, The Strategy behind Breaking into Defending Network.