Pemetaan Resiko Teknologi Informasi dengan Integrasi IT Balanced Scorecard dan NIST SP 800-34 Rev.1
Abstract
Resiko Teknologi Informasi (TI) di lingkungan pendidikan tinggi merupakan suatu kejadian yang potensial untuk mengganggu berjalannya proses bisnis. Masih banyak resiko-resiko TI yang belum terpetakan sehingga masih ada ketidakseimbangan dalam proses identifikasi resiko yang menyebabkan tidak tercapainya tujuan visi misi pada Unit TI pendidikan tinggi. Untuk mengatasi ketidakseimbangan tersebut maka diperlukan untuk mengidentifikasi resiko TI untuk meningkatkan layanan TI agar tidak terhentinya proses bisnis pendidikan tinggi. Tujuan dari penelitian ini adalah untuk melakukan pemetaan yang terintegrasi antara tujuan dan risk, yaitu dengan menggunakan IT Balanced Scorecard dan NIST SP 800-34 Rev.1. Metode dari penelitian ini adalah dengan mengumpulkan beberapa data informasi terkait IT Balanced Scorecard dan NIST SP 800-34 Rev.1 lalu dianalisa untuk membuat sebuah perencanaan resiko Teknologi Informasi. Hasil dari penelitian ini dapat memberikan gambaran bahwa resiko dapat dipetakan ke dalam sasaran strategis yang ada dalam IT Balanced Scorecard, sehingga dapat menyeimbangkan antara kinerja dan resikonya agar dapat tercapainya visi misi Unit TI pendidikan tinggi.
Keywords
Full Text:
PDFReferences
J. W. Toigo, “Disaster Recovery: Not Dead Yet,” Virtualization Rev., no. Jul, 2015.
S. Snedaker and C. Rima, Business Continuity and Disaster Recovery Planning for IT Professionals: Second Edition. 2013.
R. Cegieta, “Selecting technology for disaster recovery,” in Proceedings of International Conference on Dependability of Computer Systems, DepCoS-RELCOMEX 2006, 2006, pp. 160–167, doi: 10.1109/DEPCOS-RELCOMEX.2006.49.
M. Woods, “Linking risk management to strategic controls: A case study of Tesco plc,” Int. J. Risk Assess. Manag., vol. 7, no. 8, pp. 1074–1088, 2007, doi: 10.1504/IJRAM.2007.015295.
A. Campbell and M. Jones, “Rethinking business risk,” 2007.
G. Ireland, “Rethink Your Disaster Recovery Plan,” Credit Union Times, 2014.
H.-P. Berg, “Risk management: procedures, methods and experiences,” Risk Manag., vol. 1, no. 17, pp. 79–95, 2010.
M. Wu, D. Nurhadi, and S. Zahro, “Developing Risk Management as New Concept to Manage Risks in Higher Educational Institutions,” Int. J. Risk Conting. Manag., vol. 6, no. 1, pp. 43–53, 2016, doi: 10.4018/ijrcm.2017010103.
P. Tufano, “Managing risk in higher education,” Forum Futur., pp. 58–61, 2011.
I. Helsloot and W. Jong, “Risk management in higher education and research in the Netherlands,” J. Contingencies Cris. Manag., vol. 14, no. 3, pp. 142–159, 2006, doi: 10.1111/j.1468-5973.2006.00490.x.
J. Branchesi, “Human Being @ Risk. Enhancement, Technology , and the Evaluation of Vulnerability,” Journal of Philosophical Studies, vol. 26. pp. 271–275, 2014.
Abdul Kadir, “Pengenalan Sistem Informasi Edisi Revisi,” Edisi Revisi. 2014.
Kurniawati, “Integrasi Balanced Scorecard Dengan Coso Enterprise Risk Management Framework,” J. Akunt. Bisnis, vol. 4, no. 2, pp. 41–55, 2017.
R. Sheikhpour and N. Modiri, “A best practice approach for integration of ITIL and ISO/IEC 27001 services for information security management,” Indian J. Sci. Technol., vol. 5, no. 2, pp. 2170–2176, 2012, doi: 10.17485/ijst/2012/v5i3.1.
S. Kumsuprom, B. Corbitt, and S. Pittayachawan, “ICT risk management in organizations: Case studies in Thai business,” in ACIS 2008 Proceedings - 19th Australasian Conference on Information Systems, 2008, pp. 513–522.
W. Van Grembergen, “The balanced scorecard and IT governance,” ISACA J., vol. 2, pp. 1–6, 2000, [Online]. Available: http://cab.org.in/IT Documents/The Balanced Scorecard and IT Governance.pdf%5Cn http://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study-Materials/Documents/The-Balanced-Scorecard-and-IT-Governance.p.
T. B. Addo, C. Chow, and K. Haddad, “Development of an IT Balanced Scorecard,” J. Int. Technol. Inf. Manag., vol. 13, no. 4, p. 1, 2004.
N. E. Vincent and V. U. Vincent, “The Non-IT Manager ’ s Role in Enterprise IT Risk Management,” vol. 3, pp. 1–8, 2019.
A. R. Ahlan and Y. Arshad, “Information technology risk management: the case of the International Islamic University Malaysia,” J. Inf. Syst. Res. Innov., vol. 1, pp. 58–67, 2012.
J. B. Barney, Gaining and sustaining competitive advantage, vol. 104. 2002.
M. Lallmahamood, “An Examination of Individual’s Perceived Security and Privacy of the Internet in Malaysia and the Influence of This on Their Intention to Use E-Commerce: Using An Extension of the Technology Acceptance Model,” J. Internet Bank. Commer., vol. 12, pp. 1–26, 2007.
T. Pal, S. Brar, D. Sharma, and S. S. Khurmi, “Disaster Recovery and Business Continuity Planning for Electronic Banking : A Comparative Study,” vol. 5976, pp. 64–71, 2015.
K.-M. Osei-Bryson, H. Millar, A. Joseph, and A. Mobolurin, “Using formal MS/OR modeling to support disaster recovery planning,” Eur. J. Oper. Res., vol. 141, pp. 679–688, 2002, doi: 10.1016/S0377-2217(01)00275-2.
B. W. Boehm, “Software risk management: Principles and practices,” Softw. Manag. Seventh Ed., pp. 365–374, 2007, doi: 10.1109/9780470049167.ch11.
M. A. Rahman, R. Razali, and D. Singh, “A risk model of requirements change impact analysis,” J. Softw., vol. 9, no. 1, pp. 76–81, 2014, doi: 10.4304/jsw.9.1.76-81.
DOI: http://dx.doi.org/10.26418/jp.v6i3.40717
Refbacks
- There are currently no refbacks.