Manajemen Risiko Infrastruktur Cloud Pemerintah Menggunakan Nist Framework Studi Kasus Lembaga Ilmu Pengetahuan Indonesia (LIPI)

Article Sidebar

PDF Hasil Seleksi Kontrol Keamanan Data
Published: Sep 14, 2017
DOI: https://doi.org/10.17933/jppi.v7i1.97
Keywords:
cloud computing manajemen risiko keamanan NIST framework LIPI

Main Article Content

Wahyu Setyo Prabowo
Universitas Gadjah Mada
Widyawan .
Departemen Teknik Elektro dan Teknologi Informasi Fakultas Teknik Universitas Gadjah Mada
Noor A Setiawan
Departemen Teknik Elektro dan Teknologi Informasi Fakultas Teknik Universitas Gadjah Mada
M. Hanif Muslim
Biro Umum Lembaga Ilmu Pengetahuan Indonesi (LIPI)
Yoga S Utama
Biro Umum Lembaga Ilmu Pengetahuan Indonesi (LIPI)

Abstract

Lembaga Ilmu Pengetahuan Indonesia (LIPI) sejak tahun 2015 telah menggunakan teknologi cloud computing sebagai pengganti infrastruktur data center yang mengalami kerusakan. Teknologi ini merupakan hal baru bagi LIPI. Setiap penerapan teknologi baru, organisasi dihadapkan berbagai peluang dan risiko yang dapat mempengaruhi kinerja organisasi tersebut baik positif maupun negatif. Terlebih cloud computing merupakan salah satu skema outsourcing TIK sehingga manajemen risiko yang tepat harus dilaksanakan. Tujuan penelitian ini adalah melakukan manajemen risiko terhadap penggunaan teknologi cloud computing menggunakan framework yang tepat sehingga manfaat dari teknologi tersebut dapat diperoleh secara maksimal. Penelitian ini menggunakan framework NIST SP800-37 revision 1 Guide for Applying the Risk Management Framework to Federal Information Systems. Pemilihan framework ini karena sudah banyak diterima berbagai institusi baik pemerintah maupun profesional. Selain itu framework ini telah diadaptasi untuk bisa menyesuaikan dengan lingkungan cloud. Enam tahapan dalam framework ini hanya dapat dilaksanakan sampai tahapan ketiga karena keterbatasan penelitian. Hasil dari penelitian yang telah terlaksana sampai tahap ketiga adalah tersusunnya dokumen rencana keamanan yang merupakan bagian dari proses manajemen risiko. Diharapkan dokumen rencana keamanan yang berisi kategorisasi sistem informasi, tipe informasi, dan kontrol keamanan yang terpilih dapat diimplementasikan sehingga keamanan lingkunga cloud dapat terjamin.

Article Details

Issue
Vol. 7 No. 1 (2017): September 2017
Section
Informatics

JPPI provides immediate open access to its content on the principle that making research freely available to the public to supports a greater global exchange of knowledge.


Creative Commons License
JPPI by MCIT/Kemenkominfo is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at https://kominfo.go.id/.

References

Ackermann, T. (2012). IT Security Risk.

Alnuem, M., Alrumaih, H., & Al-Alshaikh, H. (2015). A Comparison Study of Information Security Risk Management Frameworks in Cloud Computing. International Journal On Advances in Software, 6, 103–109.

Andriyani, R., Ulfa, M., & Cholil, W. (2013). PENGUKURAN RISIKO PADA PENERAPAN CLOUD COMPUTING UNTUK SISTEM INFORMASI (Studi Kasus Universitas Bina Darma). Prosiding Seminar Nasional Teknologi Informasi Komunikasi Dan Manajemen, 53(9), 1689–1699. https://doi.org/10.1017/CBO9781107415324.004

Ardagna, D. (2015). Cloud and Multi-cloud Computing: Current Challenges and Future Applications. 2015 IEEE/ACM 7th International Workshop on Principles of Engineering Service-Oriented and Cloud Systems, 1–2. https://doi.org/10.1109/PESOS.2015.8

Avram, M. G. (2014). Advantages and Challenges of Adopting Cloud Computing from an Enterprise Perspective. Procedia Technology, 12, 529–534. https://doi.org/10.1016/j.protcy.2013.12.525

Carstensen, J., Golden, B., & Morgenthal, J. (2012). Cloud Computing Assessing The Risk. Cambridgeshire: IT Governance Publishing.

Catteddu, D., & Hogben, G. (2009). Cloud Computing: Benefit, Risk and Recommendations for Infomation Security. ENISA.

Chan, W., Leung, E., & Pili, H. (2012). Enterprise risk management for cloud computing. Committee of Sponsoring Organizations of the Treadway Commission, 4. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:COSO+Enterprise+Risk+Management+for+Cloud+Computing#0

Cloud Security Alliance. (2013). The Notorious Nine. Cloud Computing Top Threats in 2013. Security, (February), 1–14. Retrieved from http://www.cloudsecurityalliance.org

Cordero, S. (2016). Cloud Controls Matrix Working Group. Retrieved April 22, 2016, from https://cloudsecurityalliance.org/group/cloud-controls-matrix/

Djemame, K., Armstrong, D., Guitart, J., & Macias, M. (2014). A Risk Assessment Framework for Cloud Computing. IEEE Transactions on Cloud Computing, PP(99), 1–1. https://doi.org/10.1109/TCC.2014.2344653

Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud Computing : Concept, Technology, and Architecture (Fourth). Massachusetts: Prentice Hall.

Frantsvog, D., Seymour, T., & John, F. (2012). Cloud Computing. International Journal of Management & Information Systems – Fourth Quarter, 16(4), 317–324. Retrieved from http://cgi.di.uoa.gr/~ad/MDE556/Papers/palis-ic10.pdf

Frost, & Sullivan. (2015). The New Language of Cloud Computing. Retrieved from https://dailysocial.net/wire/hasil-studi-f5-dan-frost-sullivan-merangkum-tren-serta-perkembangan-pemanfaatan-solusi-berbasis-cloud-di-asia-pasifik-dalam-kerangka-a-b-c-d

Furht, B. (2010). Cloud Computing Fundamentals. In Handbook of Cloud Computing (pp. 3–19). Boston, MA: Springer US. https://doi.org/10.1007/978-1-4419-6524-0_1

Hardy, K. (2015). Enterprise Risk Management: A Guide for Government Professionals.

Hausman, K., Cook, S. L., & Sampaio, T. (2013). Cloud Essential. Canada: SYBEX. https://doi.org/10.1073/pnas.0703993104

Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems Research 1. Design Science in IS Research MIS Quarterly, 28(1), 75–105. https://doi.org/10.2307/25148625

Hidayat, E. W. (2013). Risk Assessment pada Manajemen Resiko Penerapan Teknologi Cloud Computing bagi Pemerintah Daerah. Jurnal LPKIA, 2(2).

Hsu, P.-F., Ray, S., & Li-Hsieh, Y.-Y. (2014). Examining cloud computing adoption intention, pricing mechanism, and deployment model. International Journal of Information Management, 34(4), 474–488. https://doi.org/10.1016/j.ijinfomgt.2014.04.006

Hubbard, D. W. (2009). The Failure of Risk Management: Why It’s Broken and How to Fix It. Journal of Chemical Information and Modeling (Vol. 53). New Jersey: Wiley - John Wiley & Sons, Inc. https://doi.org/10.1017/CBO9781107415324.004

Iorga, M. (2015). Cloudy with Showers of Business Opportunities adn a Good Chance of Security and Accountability.

Iorga, M., & Karmel, A. (2015). Managing Risk in a Cloud Ecosystem. IEEE Cloud Computing, 2, 51–57.

Iorga, M., & Scarfone, K. (2016). Using a Capability-Oriented Methodology to Build Your Cloud Ecosystem. IEEE Cloud Computing, 58–63.

Kauffman, R. J., Ma, D., & Yu, M. (2014). A metrics suite for firm-level cloud computing adoption readiness. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8914, 19–35. https://doi.org/10.1007/978-3-319-14609-6_2

Khrisna, A., & Harlili. (2014). Risk Management Framework With COBIT 5 And Risk Management Framework for Cloud Computing Integration, 103–108.

Kuligowski, C. (2009). Comparison of IT Security Standards. Masters of Science Information Security and Assurance, 65. Retrieved from http://www.federalcybersecurity.org/CourseFiles/WhitePapers/ISOvNIST.pdf

Kundra, V. (2011). Federal Cloud Computing Strategy. Washington: U.S. Chief Information Officer.

Luna, J., Suri, N., Iorga, M., & Karmel, A. (2015). Leveraging the Potential of Cloud Security Service-Level Agreements through Standards. IEEE Cloud Computing, 2(3), 32–40. https://doi.org/10.1109/MCC.2015.52

Meiningsih, S., Rianto, Y., Idris, H. M., Samekto, I., Sari, D., A, V. H., … Maharani, D. A. (2013). Komunikasi dan Informatika Indonesia - Buku Putih 2013.

National Institute of Standards and Technology. (2011). Managing Information Security Risk. NIST Special Publication 800-39, (March), 88. https://doi.org/10.6028/NIST.SP.800-39

NIST. (2010). Guide for Applying the Risk Management Framework to Federal Information Systems. NIST Special Publication 800-37, Rev 1(February), 93. https://doi.org/NIST Special Publication 800-37 R1

NIST. (2015). Security and privacy controls for federal information systems and organizations. NIST Special Publication 800-53, (800–53 revision 4). https://doi.org/http://dx.doi.org/10.6028/NIST.SP.800-53r4

Obi, T. (2014). 2014 WASEDA – IAC 10th International E-Government Ranking Survey. Tokyo.

Obi, T. (2015). 2015 WASEDA – IAC International E-Government Ranking Survey. Tokyo.

Obi, T. (2016). 2016 WASEDA – IAC INTERNATIONAL E-GOVERNMENT RANKING SURVEY.

Paquette, S., Jaeger, P. T., & Wilson, S. C. (2010). Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly, 27(3), 245–253. https://doi.org/10.1016/j.giq.2010.01.002

Prabowo, W. S., Muslim, M. H., & Iryanto, S. B. (2015). Government Virtual Private Data Center based on Cloud Computing ( Empirical Study on Indonesian Institute of Sciences - LIPI ). Jurnal Penelitian Dan Pengembangan Komunikasi Dan Informatika2, 6(2), 1–14.

Ravi, T. N., & Sankar, S. (2015). Measuring the Security Compliance Using Cloud Control Matrix. Middle-East Journal of Scientific Research, 23(8), 1797–1803. https://doi.org/10.5829/idosi.mejsr.2015.23.08.22482

Samani, R., Honan, B., & Reavis, J. (2015). CSA Guide to Cloud Computing. CSA Guide to Cloud Computing. https://doi.org/10.1016/B978-0-12-420125-5.00008-X

Sendi, A. S., & Cheriet, M. (2014). Cloud Computing: A Risk Assessment Model. 2014 IEEE Int. Conf. Cloud Eng., 147–152. https://doi.org/10.1109/IC2E.2014.17

Spafford, G. (2003). The benefits of standard IT governance frameworks. IT Management. April, 11–12. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:The+Benefits+of+Standard+IT+Governance+Frameworks#0

Stine, K., Kissel, R., Barker, W. C., Lee, A., & Fashlsing, J. (2008). SP 800-60 Volume I : Guide for Mapping Types of Information and Information Systems to Security Categories. National Institute of Standards and Technology, II(August).

Susanto, H., Almunawar, M., & Tuan, Y. (2011). Information security management system standards: A comparative study of the big five. International Journal of Electrical Computer Sciences IJECS-IJENS, 11(5), 23–29.

Tim Mell, P. G. (2009). Draft NIST Working Definition of Cloud Computing. National Institute of Standards and Technology, 53, 50. https://doi.org/10.1136/emj.2010.096966

Viega, J. (2009). Cloud computing and the common man. Computer, 42(8), 106–108. https://doi.org/10.1109/MC.2009.252

Xie, F., Peng, Y., Zhao, W., Chen, D., Wang, X., & Huo, X. (2012). A risk management framework for cloud computing. 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, 476–480. https://doi.org/10.1109/CCIS.2012.6664451

Yaumi, N., & Kridanto, S. (2012). Risiko pada Penerapan Cloud Computing untuk Sistem Informasi di Perguruan Tinggi Menggunakan Framework COSO ERM dan FMEA (studi kasus: ITB. ITB, 1(2), 1–6. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:Model+Manajemen+Risiko+pada+Penerapan+Cloud+Computing+untuk+Sistem+Informasi+di+Perguruan+Tinggi+Menggunakan+Framework+COSO+ERM+dan+FMEA+(+studi+kasus+:+ITB+)#0

Zhang, W., & Chen, Q. (2010). From E-government to C-government via Cloud Computing. 2010 International Conference on E-Business and E-Government, 679–682. https://doi.org/10.1109/ICEE.2010.177

Zhao, G. (2012). Holistic framework of security management for cloud service providers. IEEE 10th International Conference on Industrial Informatics, 852–856. https://doi.org/10.1109/INDIN.2012.6301237

Zissis, D., & Lekkas, D. (2011). Securing e-Government and e-Voting with an open cloud computing architecture. Government Information Quarterly, 28(2), 239–251. https://doi.org/10.1016/j.giq.2010.05.010