An Overview of the IT Risk Management Methodologies for Securing Information Assets

Effective information asset management is the basis of information security as well as many other issues. IT risk assessments work well with the proper handling of asset values, and also it is for effectively securing information assets. There is also a wide variety of risk assessment methodologies. This chapter presents information about the overall IT risk management process and methodologies. Best practices are mentioned and occasionally compared based on the requirements of the information technology (IT) sector in practice. This chapter will provide deep knowledge about the IT risk management approach and construction to implementers, risk owners, IT auditors, executive managers, and other IT staff.

IT Risk Management dalam Operasional untuk Peningkatan Layanan Informasi Pesanan

<p><em>Seharusnya dampak risiko IT yang timbul pada operasional di sebuah organisasi yang terjadi tidak bisa diabaikan begitu saja. Tak terkecuali yang sering terjadi pada restoran atau kafe. Masalah operasional yang sering ditemui adalah masalah jaminan informasi terkait pelayanan. Karena mempengaruhi tingkat kepercayaan pelanggan terhadap setiap layanan yang diberikan pihak restoran atau kafe. Setelah dilakukan manajemen tersebut, ternyata didapat bahwa kepercayaan pelanggan terkait jaminan informasi dapat diturunkan lagi menjadi 2 problems research yaitu terkait informasi yang pasti mengenai informasi status layanan, dan yang kedua terkait informasi seberapa cepat layanan yang akan pelanggan dapatkan. Sehingga di rancanglah sebuah sistem layanan informasi pesanan yang dapat menjamin kepercayaan pelanggan akan layanan informasi untuk setiap prosesnya. sehingga restoran akhirnya dapat mengurangi risiko yang dapat terjadi pada operasionalnya. Dari hasil mitigasi telah menghasilkan evaluasi bahwa risiko R2, R3, R4, R5, R6, dan R7 telah berhasil di mitigasi dengan hasil Eliminate. Dan untuk R1 dengan hasil Reduce. Dari hasil ini disimpulkan bahwa sistem yang diusulkan sebagai sebuah mitigation action plan telah terbukti dapat memitigasi risiko operasional terkait proses pesanan.</em></p>

JURNAL IT RISK MANAGEMENT ANALISIS RESIKO TEKNOLOGI INFORMASI PADA TOKO PUNTADEWA OUTDOOR

Puntadewa outdoor merupakan sebuah perusahaan yang bergerak dalam bidang penyediaan dan penjualan perlengkapan luar ruangan, toko tersebut sudah menggunakan penerapan SI/TI dalam menunjang aktivitas bisnis yang dijalankan. Toko tersebut menggunakan aplikasi SmartConsole yang digunakan untuk menunjang penjualan, mendata stok barang, serta mendata pengeluaran sehari-hari yang dibutuhkan. Namun dalam dunia manajemen pasti selalu ada kemungkinan risiko yang mungkin dapat terjadi dan dapat mengganggu aktivitas bisnis dalam penggunaan sistem tersebut. Dengan begitu analisis risiko sangat diperlukan terhadap sumber daya SI/TI yang terdapat pada toko tersebut. Dengan menggunakan ISO 31000 diharapkan dapat meminimalisir risiko yang terdapat pada aplikasi SmartConsole. Hasil dari analisis risiko ini berupa analisis kemungkinan risiko, mengelompokkan kemungkinan – kemungkinan risiko berdasarkan dampak nya sehingga menghasilkan usulan tindakan risiko terhadap kemungkinan risiko yang terdapat pada aplikasi SmartConsole, dengan begitu toko tersebut dapat memperlakukan kemungkinan risiko yang ada sesuai dengan prioritas level risikonya dan dapat mencegah serta meminimalisir sehinga tidak mengganggu aktivitas bisnis.

Measurement of IT Risk Management Maturity Level in CEC Using IT Domain Risk Governance Framework

IT Risk Management has long been adopted and implemented in CEC. This is inseparable from the high need for reliable and trusted information technology services at CEC as a government institution that has primary task for eradicating corruption. With a good IT risk management is expected to reduce the impact if the IT risk occurs and impacted to overall business process in CEC. However, up to 15 years after the implementation of IT risk management has never been measured how the level of IT maturity risk management. In this research, Author will use the IT Risk Framework with the risk governance domain approach as a standard IT risk management framework to evaluate the implementation of IT risk management in CEC. The process of evaluating the level of IT maturity is based on the maturity model that has been defined in the IT risk framework.

Analisis Manajemen Risiko Startup pada Masa Pandemi COVID-19 Menggunakan COBIT® 2019

<p>Perkembangan <em>startup </em>berbasis teknologi informasi (TI) semakin meningkat dewasa ini. Sebagai penunjang keberhasilan bisnis perusahaan, TI memiliki risiko yang timbul di berbagai keadaan terutama di era pandemi COVID-19. Salah satu alternatif yang dapat dimanfaatkan untuk mengelola dan menjamin usaha yang lebih kondusif dan kredibel yaitu manajemen risiko yang tepat. Hal ini karena manejemen risiko menjadi hal yang penting pada bisnis dalam meningkatkan keuntungan dan mempertahankan kontinuitas bisnis, terutama dalam kondisi pandemi COVID-19. Pembahasan manajemen risiko TI secara umum sudah cukup banyak, namun penelitian manajemen risiko dalam menghadapi masa pandemi perlu dipertimbangkan. Hal ini dikarenakan pada masa pandemi ini, TI menjadi salah satu kunci agar bisnis dapat bertahan dan memenangkan kompetisi. Selain itu, pandemi COVID-19 termasuk dalam kasus luar biasa yang belum pernah terjadi dalam kurun waktu ratusan tahun, sehingga secara teknis risiko dari pandemi ini termasuk dalam risiko yang tidak terpikirkan sebelumnya oleh perusahaan. Tujuan penelitian ini untuk mengidentifikasi kondisi implementasi manajamen dan ancaman risiko terhadap proses bisnis pada sebuah perusahaan <em>startup </em>terutama di masa pandemi. Penelitian ini menggunakan metode kualitatif dengan mengacu pada COBIT® 2019 fokus domain DSS04 <em>Manage Continuity </em>dengan melakukan observasi awal terhadap kondisi perusahaan dan wawancara terhadap pemangku kepentingan perusahaan. Hasil penelitian menunjukkan bahwa perusahaan telah melakukan penyesuaian terhadap kebutuhan bisnis selama masa pandemi COVID-19 untuk memastikan keberlangsungan bisnis. Namun dalam pelaksanaannya belum ada pengukuran <em>risk management</em> untuk mengontrol apakah manajemen risiko yang dijalankan sudah tepat, sehingga diperlukan penerapan COBIT® 2019 dalam tata kelola bisnis perusahaan.</p><p> </p><p><em><strong>Abstract</strong></em></p><p><em>The development of information technology (IT) based startups is increasing nowadays. To support the company's business success, IT has risks arising from various circumstances, especially in the era of the COVID-19 pandemic. One alternative that can be used to manage and ensure a conducive and credible business is proper risk management. This is because risk management is important for businesses in increasing profits and maintaining business continuity, especially in the conditions of the COVID-19 pandemic. There is a lot of discussion about IT risk management in general, but research on risk management in dealing with the pandemic needs to be considered. This is because during this pandemic, IT is one of the keys for businesses to survive and win the competition. In addition, the COVID-19 pandemic is included in an extraordinary case that has not occurred in hundreds of years, so that technically the risks from this pandemic are included in risks that were not thought of before by the company. The purpose of this study is to identify the conditions of management implementation and risk threats to business processes at a company startup, especially during the pandemic. This study uses a qualitative method with reference to COBIT® 2019 focused on the DSS04 Manage Continuity domain by conducting initial observations of the company's condition and interviews with company stakeholders. The results show that the company has made adjustments to business needs during the COVID-19 pandemic to ensure business continuity. However, in practice there is no risk management measurement to control whether the risk management is carried out properly, so it is necessary to implement COBIT® 2019 in corporate business governance.</em></p><p><em><strong><br /></strong></em></p>

Design an IT Policy Implementation Plan

Information technology (IT) companies implement multi-dimensional policy plans that include procedures, sub-plans, and instructions to outline their business scopes, targets, and communications. This work outlined the IT policy implementation plan designed by an imaginary company with a random name called Northcentral Cloud Consulting Firm (NCCF), containing proposed IT policies, milestones and roadmaps, control framework, stakeholder responsibilities, knowledge transfer plan, and leadership roles. As NCCF’s major customers seek data-driven solutions in cloud computing, the NCCF IT policy plan provides various data policies, including security and proper usage of machine learning services. The plan offers a detailed roadmap of its financial, geographical, and reputational expansion within three years. The IT policy plan also compromises an IT risk management, contingency, and emergency communication plan, mainly for protecting data and business continuity. Stakeholder responsibilities are incorporated into the IT policy plan, as NCCF considers any engagement with its customers as a collaborative effort in which both parties have and share several responsibilities.

Design an IT Policy Implementation Plan

Information technology (IT) companies implement multi-dimensional policy plans that include procedures, sub-plans, and instructions to outline their business scopes, targets, and communications. This work outlined the IT policy implementation plan designed by an imaginary company with a random name called Northcentral Cloud Consulting Firm (NCCF), containing proposed IT policies, milestones and roadmaps, control framework, stakeholder responsibilities, knowledge transfer plan, and leadership roles. As NCCF’s major customers seek data-driven solutions in cloud computing, the NCCF IT policy plan provides various data policies, including security and proper usage of machine learning services. The plan offers a detailed roadmap of its financial, geographical, and reputational expansion within three years. The IT policy plan also compromises an IT risk management, contingency, and emergency communication plan, mainly for protecting data and business continuity. Stakeholder responsibilities are incorporated into the IT policy plan, as NCCF considers any engagement with its customers as a collaborative effort in which both parties have and share several responsibilities.

RISK MANAGEMENT ANALYSIS OF BUS TRANSPORTATION APPLICATION USING COBIT 4.1

The role of information technology in transportation increases, namely in enjoying transportation services. One way to provide the best service for a transportation company to customers is to provide a bus booking application service. One of the companies that offer service applications is a bus transportation application located in Yogyakarta. Because the application system is considered necessary, stakeholders need IT risk management for the bus booking application. The purpose of this research is to analyze the risk management of the bus transportation application. In measuring IT risk management, the author uses the Control Objective for information and Related Technology (COBIT) 4.1 domain Plan and Organize (PO) framework, especially PO9 (Assess and Manage IT risk). The analysis results show that if the bus transportation application is at level 2 in maturity level. It means that the company knows that there are problems that need resolving. Standard risk management in bus transportation applications tends to provide failed access in the progress of its service. The problem is solving individually and not yet at the integrated completion stage. In general, the application management approach needs to improve better management in the field of information technology. Keywords: COBIT; plan and organize; risk management Abstrak: Peran teknologi informasi dalam meningkatnya angkutan yaitu dalam menikmati layanan angkutan. Salah satu cara untuk memberikan layanan terbaik bagi perusahaan angkutan kepada pelanggan adalah dengan menyediakan layanan aplikasi pemesanan bus. Salah satu perusahaan yang menawarkan aplikasi jasa adalah aplikasi angkutan bus yang berlokasi di Yogyakarta. Karena sistem aplikasi dirasa perlu, maka stakeholders membutuhkan manajemen risiko TI untuk aplikasi pemesanan bus tersebut. Tujuan dari penelitian ini adalah menganalisis manajemen risiko pada aplikasi angkutan bus. Dalam mengukur manajemen risiko TI, penulis menggunakan framework Control Objective for Information and Related Technology (COBIT) 4.1 domain Plan and Organize (PO), khususnya PO9 (Assessment and Manage IT risk). Hasil analisis menunjukkan bahwa penerapan angkutan bus berada pada level 2 pada tingkat kematangan. Artinya perusahaan mengetahui bahwa ada masalah yang perlu diselesaikan. Manajemen resiko standar dalam aplikasi transportasi bus cenderung memberikan akses yang gagal dalam kemajuan layanannya. Masalahnya diselesaikan secara individu dan belum pada tahap penyelesaian terintegrasi. Secara umum, pendekatan manajemen aplikasi perlu meningkatkan manajemen yang lebih baik di bidang teknologi informasi. Kata kunci: COBIT; plan and organize; risk management

Recursive and Convergence Methodology of the Investment Management of the Enterprise Digitalization Processes

The article investigates the problems of the investment management digital transformations at the enterprise, where the instrumental basis based on the system economic theory and integrated IT risk management theory are allocated. The purpose of the study is to develop a recursive and convergence methodology of the investment management of the enterprise digitalization processes. The components of the process of investment digitalization of enterprises are structurally reflected and a deterministic 5-component model of developing a recursive and convergence management methodology based on the digital economy is formed. It is determined that the recursive and conversion methodology is based on the understanding of investment management digital transformations at an enterprise as a complex system, characterized primarily by the diversity and heterogeneity of the constituent elements, numerous internal and external connections, which causes a variety of their interaction, changes in the composition and state of the system. The recursive model provides management of the investment of digitalization in the enterprise as a sequential transition between processes of one level only after all the cycles provided for the current process are implemented. However, such a coherent sequence is possible at the expense of effective information support of each process, which should be implemented on a convergence basis. The precondition for its implementation in the field of digital technologies is civilizational development, consequences of globalization and digitalization.