Manajemen Risiko Infrastruktur Cloud Pemerintah Menggunakan Nist Framework Studi Kasus Lembaga Ilmu Pengetahuan Indonesia (LIPI)
Main Article Content
Abstract
Article Details
JPPI provides immediate open access to its content on the principle that making research freely available to the public to supports a greater global exchange of knowledge.
JPPI by MCIT/Kemenkominfo is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at https://kominfo.go.id/.
References
Ackermann, T. (2012). IT Security Risk.
Alnuem, M., Alrumaih, H., & Al-Alshaikh, H. (2015). A Comparison Study of Information Security Risk Management Frameworks in Cloud Computing. International Journal On Advances in Software, 6, 103–109.
Andriyani, R., Ulfa, M., & Cholil, W. (2013). PENGUKURAN RISIKO PADA PENERAPAN CLOUD COMPUTING UNTUK SISTEM INFORMASI (Studi Kasus Universitas Bina Darma). Prosiding Seminar Nasional Teknologi Informasi Komunikasi Dan Manajemen, 53(9), 1689–1699. https://doi.org/10.1017/CBO9781107415324.004
Ardagna, D. (2015). Cloud and Multi-cloud Computing: Current Challenges and Future Applications. 2015 IEEE/ACM 7th International Workshop on Principles of Engineering Service-Oriented and Cloud Systems, 1–2. https://doi.org/10.1109/PESOS.2015.8
Avram, M. G. (2014). Advantages and Challenges of Adopting Cloud Computing from an Enterprise Perspective. Procedia Technology, 12, 529–534. https://doi.org/10.1016/j.protcy.2013.12.525
Carstensen, J., Golden, B., & Morgenthal, J. (2012). Cloud Computing Assessing The Risk. Cambridgeshire: IT Governance Publishing.
Catteddu, D., & Hogben, G. (2009). Cloud Computing: Benefit, Risk and Recommendations for Infomation Security. ENISA.
Chan, W., Leung, E., & Pili, H. (2012). Enterprise risk management for cloud computing. Committee of Sponsoring Organizations of the Treadway Commission, 4. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:COSO+Enterprise+Risk+Management+for+Cloud+Computing#0
Cloud Security Alliance. (2013). The Notorious Nine. Cloud Computing Top Threats in 2013. Security, (February), 1–14. Retrieved from http://www.cloudsecurityalliance.org
Cordero, S. (2016). Cloud Controls Matrix Working Group. Retrieved April 22, 2016, from https://cloudsecurityalliance.org/group/cloud-controls-matrix/
Djemame, K., Armstrong, D., Guitart, J., & Macias, M. (2014). A Risk Assessment Framework for Cloud Computing. IEEE Transactions on Cloud Computing, PP(99), 1–1. https://doi.org/10.1109/TCC.2014.2344653
Erl, T., Mahmood, Z., & Puttini, R. (2014). Cloud Computing : Concept, Technology, and Architecture (Fourth). Massachusetts: Prentice Hall.
Frantsvog, D., Seymour, T., & John, F. (2012). Cloud Computing. International Journal of Management & Information Systems – Fourth Quarter, 16(4), 317–324. Retrieved from http://cgi.di.uoa.gr/~ad/MDE556/Papers/palis-ic10.pdf
Frost, & Sullivan. (2015). The New Language of Cloud Computing. Retrieved from https://dailysocial.net/wire/hasil-studi-f5-dan-frost-sullivan-merangkum-tren-serta-perkembangan-pemanfaatan-solusi-berbasis-cloud-di-asia-pasifik-dalam-kerangka-a-b-c-d
Furht, B. (2010). Cloud Computing Fundamentals. In Handbook of Cloud Computing (pp. 3–19). Boston, MA: Springer US. https://doi.org/10.1007/978-1-4419-6524-0_1
Hardy, K. (2015). Enterprise Risk Management: A Guide for Government Professionals.
Hausman, K., Cook, S. L., & Sampaio, T. (2013). Cloud Essential. Canada: SYBEX. https://doi.org/10.1073/pnas.0703993104
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems Research 1. Design Science in IS Research MIS Quarterly, 28(1), 75–105. https://doi.org/10.2307/25148625
Hidayat, E. W. (2013). Risk Assessment pada Manajemen Resiko Penerapan Teknologi Cloud Computing bagi Pemerintah Daerah. Jurnal LPKIA, 2(2).
Hsu, P.-F., Ray, S., & Li-Hsieh, Y.-Y. (2014). Examining cloud computing adoption intention, pricing mechanism, and deployment model. International Journal of Information Management, 34(4), 474–488. https://doi.org/10.1016/j.ijinfomgt.2014.04.006
Hubbard, D. W. (2009). The Failure of Risk Management: Why It’s Broken and How to Fix It. Journal of Chemical Information and Modeling (Vol. 53). New Jersey: Wiley - John Wiley & Sons, Inc. https://doi.org/10.1017/CBO9781107415324.004
Iorga, M. (2015). Cloudy with Showers of Business Opportunities adn a Good Chance of Security and Accountability.
Iorga, M., & Karmel, A. (2015). Managing Risk in a Cloud Ecosystem. IEEE Cloud Computing, 2, 51–57.
Iorga, M., & Scarfone, K. (2016). Using a Capability-Oriented Methodology to Build Your Cloud Ecosystem. IEEE Cloud Computing, 58–63.
Kauffman, R. J., Ma, D., & Yu, M. (2014). A metrics suite for firm-level cloud computing adoption readiness. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 8914, 19–35. https://doi.org/10.1007/978-3-319-14609-6_2
Khrisna, A., & Harlili. (2014). Risk Management Framework With COBIT 5 And Risk Management Framework for Cloud Computing Integration, 103–108.
Kuligowski, C. (2009). Comparison of IT Security Standards. Masters of Science Information Security and Assurance, 65. Retrieved from http://www.federalcybersecurity.org/CourseFiles/WhitePapers/ISOvNIST.pdf
Kundra, V. (2011). Federal Cloud Computing Strategy. Washington: U.S. Chief Information Officer.
Luna, J., Suri, N., Iorga, M., & Karmel, A. (2015). Leveraging the Potential of Cloud Security Service-Level Agreements through Standards. IEEE Cloud Computing, 2(3), 32–40. https://doi.org/10.1109/MCC.2015.52
Meiningsih, S., Rianto, Y., Idris, H. M., Samekto, I., Sari, D., A, V. H., … Maharani, D. A. (2013). Komunikasi dan Informatika Indonesia - Buku Putih 2013.
National Institute of Standards and Technology. (2011). Managing Information Security Risk. NIST Special Publication 800-39, (March), 88. https://doi.org/10.6028/NIST.SP.800-39
NIST. (2010). Guide for Applying the Risk Management Framework to Federal Information Systems. NIST Special Publication 800-37, Rev 1(February), 93. https://doi.org/NIST Special Publication 800-37 R1
NIST. (2015). Security and privacy controls for federal information systems and organizations. NIST Special Publication 800-53, (800–53 revision 4). https://doi.org/http://dx.doi.org/10.6028/NIST.SP.800-53r4
Obi, T. (2014). 2014 WASEDA – IAC 10th International E-Government Ranking Survey. Tokyo.
Obi, T. (2015). 2015 WASEDA – IAC International E-Government Ranking Survey. Tokyo.
Obi, T. (2016). 2016 WASEDA – IAC INTERNATIONAL E-GOVERNMENT RANKING SURVEY.
Paquette, S., Jaeger, P. T., & Wilson, S. C. (2010). Identifying the security risks associated with governmental use of cloud computing. Government Information Quarterly, 27(3), 245–253. https://doi.org/10.1016/j.giq.2010.01.002
Prabowo, W. S., Muslim, M. H., & Iryanto, S. B. (2015). Government Virtual Private Data Center based on Cloud Computing ( Empirical Study on Indonesian Institute of Sciences - LIPI ). Jurnal Penelitian Dan Pengembangan Komunikasi Dan Informatika2, 6(2), 1–14.
Ravi, T. N., & Sankar, S. (2015). Measuring the Security Compliance Using Cloud Control Matrix. Middle-East Journal of Scientific Research, 23(8), 1797–1803. https://doi.org/10.5829/idosi.mejsr.2015.23.08.22482
Samani, R., Honan, B., & Reavis, J. (2015). CSA Guide to Cloud Computing. CSA Guide to Cloud Computing. https://doi.org/10.1016/B978-0-12-420125-5.00008-X
Sendi, A. S., & Cheriet, M. (2014). Cloud Computing: A Risk Assessment Model. 2014 IEEE Int. Conf. Cloud Eng., 147–152. https://doi.org/10.1109/IC2E.2014.17
Spafford, G. (2003). The benefits of standard IT governance frameworks. IT Management. April, 11–12. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:The+Benefits+of+Standard+IT+Governance+Frameworks#0
Stine, K., Kissel, R., Barker, W. C., Lee, A., & Fashlsing, J. (2008). SP 800-60 Volume I : Guide for Mapping Types of Information and Information Systems to Security Categories. National Institute of Standards and Technology, II(August).
Susanto, H., Almunawar, M., & Tuan, Y. (2011). Information security management system standards: A comparative study of the big five. International Journal of Electrical Computer Sciences IJECS-IJENS, 11(5), 23–29.
Tim Mell, P. G. (2009). Draft NIST Working Definition of Cloud Computing. National Institute of Standards and Technology, 53, 50. https://doi.org/10.1136/emj.2010.096966
Viega, J. (2009). Cloud computing and the common man. Computer, 42(8), 106–108. https://doi.org/10.1109/MC.2009.252
Xie, F., Peng, Y., Zhao, W., Chen, D., Wang, X., & Huo, X. (2012). A risk management framework for cloud computing. 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems, 476–480. https://doi.org/10.1109/CCIS.2012.6664451
Yaumi, N., & Kridanto, S. (2012). Risiko pada Penerapan Cloud Computing untuk Sistem Informasi di Perguruan Tinggi Menggunakan Framework COSO ERM dan FMEA (studi kasus: ITB. ITB, 1(2), 1–6. Retrieved from http://scholar.google.com/scholar?hl=en&btnG=Search&q=intitle:Model+Manajemen+Risiko+pada+Penerapan+Cloud+Computing+untuk+Sistem+Informasi+di+Perguruan+Tinggi+Menggunakan+Framework+COSO+ERM+dan+FMEA+(+studi+kasus+:+ITB+)#0
Zhang, W., & Chen, Q. (2010). From E-government to C-government via Cloud Computing. 2010 International Conference on E-Business and E-Government, 679–682. https://doi.org/10.1109/ICEE.2010.177
Zhao, G. (2012). Holistic framework of security management for cloud service providers. IEEE 10th International Conference on Industrial Informatics, 852–856. https://doi.org/10.1109/INDIN.2012.6301237
Zissis, D., & Lekkas, D. (2011). Securing e-Government and e-Voting with an open cloud computing architecture. Government Information Quarterly, 28(2), 239–251. https://doi.org/10.1016/j.giq.2010.05.010