Simatupang, Agustin (2024) Manajemen Risiko Keamanan Informasi pada Sistem Informasi Pelanggan dan Billing Perusahaan (Studi Kasus Perusahaan Pengelola Air Minum). S2 thesis, Universitas Kristen Indonesia.
Text (Hal_Judul_Daftar_Isi_Abstrak)
HalJudulDaftarIsiAbstrak.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (1MB) |
|
Text (BAB_I)
BABI.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (140kB) |
|
Text (BAB_II)
BABII.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (265kB) |
|
Text (BAB_III)
BABIII.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (694kB) |
|
Text (BAB_IV)
BABIV`.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (2MB) |
|
Text (BAB_V)
BABV.pdf Restricted to Registered users only Available under License Creative Commons Attribution Non-commercial Share Alike. Download (121kB) |
|
Text (Daftar_Pustaka)
DaftarPustaka.pdf Available under License Creative Commons Attribution Non-commercial Share Alike. Download (62kB) |
Abstract
Penelitian di dalam tesis ini adalah tentang Manajemen risiko keamanan informasi pada sistem informasi pelanggan dan billing perusahaan. (Studi kasus perusahaan pengelola air minum). Analisis difokuskan terhadap bisnis proses pengelolaan sistem informasi pelanggan dan billing perusahaan. Tujuan penelitian ini adalah untuk mengurangi risiko kebocoran data pribadi pelanggan dan data rahasia perusahaan (1) Mengetahui proses bisnis dan tujuan pengelolaan sistem pelanggan dan billing pelanggan dan (2) Melakukan identifikasi dan analisis risiko keamanan informasi pada sistem pelanggan dan billing perusahaan serta (3) Merumuskan strategi mitigasi risiko keamanan informasi sistem pelanggan dan billing pelanggan sesuai tujuan Perusahaan. Terdapat 53 risiko inheren dari bisnis proses pengelolaan sistem pelanggan dan billing perusahaan, dan 10 risiko yang berapa di atas garis risk appetite perusahaan adalah (1) Kebocoran data pelanggan dan informasi sensitif; (2) Pihak ketiga membocorkan data atas layanan penyimpanan data dan sistem perusahaan; (3) Serangan phishing melalui serangan social engineering; (4) Server Downtime. Sistem tidak bisa di akses (availability); (5) Serangan Advanced Persistent Threat (APT); (6) Aplikasi pelanggan dan billing dieksploitasi oleh hacker; (7) Pelanggan komplain atas layanan sistem dan pembayaran; (8) Karyawan menyalahgunakan akses untuk mencuri data; (9) Serangan malware dan ransomware; (10) Manajemen patch yang buruk. Menerapkan strategi komprehensif berdasarkan prioritas nilai dampak & kemudahan implementasi mitigasi dengan 5 langkah utama: komitmen dari manajemen melalui alokasi anggaran, SDM, dan kebijakan yg diperlukan; melibatkan seluruh karyawan untuk membangun budaya keamanan yang kuat; memanfaatkan teknologi yang canggih; melakukan audit dan review berkala; dan membangun kolaborasi strategis dgn pihak ketiga. Dengan strategi ini, diharapkan risiko keamanan informasi dapat dimitigasi secara efektif untuk melindungi data pribadi pelanggan, dan menjaga informasi rahasia perusahaan. / The research in this thesis is about Information Security Risk Management in Customer and Billing Systems. (Case Study of a Water Utility Company). The analysis focuses on the business processes of managing the company's customer and billing systems. The objectives of this research are to reduce the risk of leakage of customers' personal data and the company's confidential data by (1) Understanding the business processes and management objectives of the customer and billing systems, (2) Identifying and analyzing information security risks in the customer and billing systems, and (3) Formulating risk mitigation strategies for information security in the customer and billing systems in line with the company's goals. There are 53 inherent risks in the business processes of managing the customer information and billing systems, with 10 risks above the company's risk appetite line: (1) Leakage of customer data and sensitive information; (2) Third parties leaking data from storage services and company systems; (3) Phishing attacks through social engineering; (4) Server downtime. System unavailability; (5) Advanced Persistent Threat (APT) attacks; (6) Customer and billing applications exploited by hackers; (7) Customer complaints about system and payment services; (8) Employees misusing access to steal data; (9) Malware and ransomware attacks; (10) Poor patch management. Implementing a comprehensive strategy based on the impact value and ease of mitigation implementation with 5 main steps: commitment from management through budget allocation, HR, and necessary policies; involving all employees to build a strong security culture; utilizing advanced technology; conducting regular audits and reviews; and building strategic collaborations with third parties. With this strategy, it is expected that information security risks can be effectively mitigated to protect customers' personal data and safeguard the company's confidential information.
Item Type: | Thesis (S2) | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Contributors: |
|
||||||||||||
Subjects: | TECHNOLOGY > Technology (General) > Communication of technical information TECHNOLOGY > Technology (General) > Technological change |
||||||||||||
Divisions: | PROGRAM PASCASARJANA > Magister Manajemen | ||||||||||||
Depositing User: | Mr Agustin Simatupang | ||||||||||||
Date Deposited: | 05 Aug 2024 10:50 | ||||||||||||
Last Modified: | 05 Aug 2024 10:50 | ||||||||||||
URI: | http://repository.uki.ac.id/id/eprint/15399 |
Actions (login required)
View Item |