Information Technology Risk Analysis Using ISO 27005:2022 At Diskominfo Tabanan Regency

Authors

  • Ni Kadek Dheananda Astini Universitas Udayana
  • Gusti Agung Ayu Putri Universitas Udayana
  • Dwi Putra Githa Universitas Udayana
(*) Corresponding Author

DOI:

https://doi.org/10.34288/jri.v7i4.394

Keywords:

Diskominfo Tabanan Regency, Information Security, Information Technology, ISO 27005, Risk Management

Abstract

The advancement of information technology (IT) provides significant benefits for organizational operations, including the Department of Communication and Informatics (Diskominfo) of Tabanan Regency. However, IT implementatiocn also brings security risks, such as hacking and cyberattacks, which can threaten the continuity of public services. This study aims to implement risk management based on ISO/IEC 27005:2022 to protect the IT assets owned by Diskominfo Tabanan Regency. The stages carried out include context establishment, risk identification, risk analysis, risk evaluation, and recommendations. In the risk identification stage, 28 IT assets, 57 threats, existing controls for each asset, vulnerabilities of these controls, and potential consequences were identified. In the risk analysis stage, eight respondents were asked to complete a questionnaire to assess the impact of threats and the likelihood of their occurrence, with the average impact and likelihood scores being 3 and 4, respectively. Based on the questionnaire results, the study will proceed with risk level assessment to determine risk levels based on the previous analysis. Subsequently, a risk evaluation will be conducted to provide recommendations for effective mitigation measures. This IT risk analysis study resulted in mitigation recommendations for threats that could potentially impact Diskominfo Tabanan Regency IT assets. The recommendations were developed based on the severity level of each risk after analysis, referring to common practices in both public and private sectors, as well as sources such as research journals, relevant literature, and the ISO/IEC 27005 standard

Downloads

Download data is not yet available.

References

Azmi, K., & Razi, F. (2022). Studi Penggunaan Dua Isp Dengan Load Balancing Dan Failover Untuk Meningkatkan Kinerja Jaringan Berbasis. 06(02), 176–183.

Badan Standardisasi Nasional (BSN). (2023). SNI ISO/IEC 27005:2022. Badan Standardisasi Nasional (BSN).

Eka, D., Hidayatullah, R., Kunthi, R., & Harwahyu, R. (2024). Design and Analysis of Information Security Risk Management Based on ISO 27005 : Case Study on Audit Management System ( AMS ) XYZ Internal Audit Department. (September), 395–413.

Fathiyana, R. Z. (2021). Analisis Keamanan Perangkat Lunak Enkripsi Media Penyimpanan DiskCryptor. Journal of Informatics and Communication Technology (JICT), 3(1), 20–30. https://doi.org/10.52661/j_ict.v3i1.64

Gina Cahya Utami, Aden Bahtiar Supramaji, & Khairunnisak Nur Isnaini. (2023). Penilaian Risiko Keamanan Informasi pada Website dengan Metode DREAD dan ISO 27005:2018. JUSTINDO (Jurnal Sistem Dan Teknologi Informasi Indonesia), 8(1), 47–56. https://doi.org/10.32528/justindo.v8i1.219

Handoko, D. (2020). Pemanfaatan Voip Phone System Sebagai Sarana Komunikasi Jaringan Lokal. Jurnal Teknik Informatika Kaputama (JTIK), 4(2), 187–193.

Hasnan, A., & Willy, A. (2022). Sistem Pakar Diagnosa Kerusakan Hardware Laptop Menggunakan Meode Forward Chaining Berbasis Web. Jurnal Surya Informatika, 12(2), 1–7. https://doi.org/10.48144/suryainformatika.v12i2.1364

Hikam, M. L. B., Dewi, F., & Praditya, D. (2024). Analisis Manajemen Risiko Informasi Menggunakan Iso/Iec 27005:2018 (Studi Kasus: PT. XYZ). JIPI (Jurnal Ilmiah Penelitian Dan Pembelajaran Informatika), 9(2), 728–734. https://doi.org/10.29100/jipi.v9i2.4709

Isnaini, K., Nofita Sari, G. J., & Kuncoro, A. P. (2023). Analisis Risiko Keamanan Informasi Menggunakan ISO 27005:2019 pada Aplikasi Sistem Pelayanan Desa. Jurnal Eksplora Informatika, 13(1), 37–45. https://doi.org/10.30864/eksplora.v13i1.696

Jonny, Ambarwati, A., & Darujati, C. (2021). Penilaian Risiko Data Sistem Informasi Manajemen Puskesmas dan Aset Menggunakan ISO 27005. Jurnal Sistem Informasi, 13-25. https://doi.org/10.46576/rjpkm.v2i2.1104

Khaeruman, Mukhlis, A., Bahits, A., & Tabroni. (2023). Strategi Perencanaan Sumber Daya Manusia Untuk Meningkatkan Kinerja Organisasi. Jurnal Riset Bisnis Dan Manajemen Tirtayasa (JRBMT), 7(1), 41–50. http://dx.doi.org/10.48181/jrbmt.v7i1.23910

Kheradmand, Y., Honarbakhsh, A., Movahedifar, S. M., & Afshari, A. R. (2020). Development of a risk management model for using interpretive structural modeling. International Journal of Nonlinear Analysis and Applications, 11(Special Issue), 31–52. https://doi.org/10.22075/ijnaa.2020.4486

Mardivta, H., Izman Herdiansyah, M., Bina Darma, U., Jenderal Ahmad Yani No, J., & Sur-el, P. (2022). Analisis Dan Perancangan Sistem Informasi Pengelolaan Aset (Studi Kasus: Satuan Kerja Teknologi Informasi PT. Bukit Asam, TBK). Jurnal Ilmiah MATRIK, 24(1). https://doi.org/10.33557/jurnalmatrik.v24i1.1634

Marwati, F. (2023). Penerapan Manajemen Risiko Keamanan Smartphone Menggunakan ISO/IEC 270005 Di Organisasi. Engineering and Technology International Journal, 5(02), 126–137. https://doi.org/10.55642/eatij.v5i02.348

Novinaldi, N., & Putra, I. (2023). Implementasi Teknologi Biometrical Identification untuk Login Hotspot. Jurnal Pustaka Robot Sister (Jurnal Pusat Akses Kajian Robotika, Sistem Tertanam, Dan Sistem Terdistribusi), 1(1), 11–13. https://doi.org/10.55382/jurnalpustakarobotsister.v1i1.358

Nursetyawati, E., Fauzi, R., & Nugraha, R. A. (2020). Perancangan Manajemen Keamanan Informasi Menggunkan Metode Analisis Risiko ISO 27005:2008 Pada Dinas Komunikasi Dan Informatika Jawa Barat.

Padmi, I. A. A., Githa, D. P., & Susila, A. A. N. H. (2022). Audit Tata Kelola Teknologi Informasi Rumah Sakit Umum X Menggunakan Framework Cobit 2019. JITTER-Jurnal Ilmiah Teknologi Dan Komputer, 3(1), 894–901.

Putri, E. N., Sukarsa, I. M., & Susila, A. A. N. H. (2020). IT Governance Improvement at Communication and Information Office using COBIT 5. International Journal of Recent Technology and Engineering (IJRTE), 9(1), 1402–1408. https://doi.org/10.35940/ijrte.a2396.059120

Rozak, O. A., Kiswanta, Setiawan, J., Triyanto, A., & Nurtiyanto, W. A. (2021). Implementasi Automatic Switching Genset PLN di Masjid Al Hikam Putat Nutug Ciseeng Bogor. https://doi.org/10.46576/rjpkm.v2i2.1104

Sahira, S., Fauzi, R., & Santosa, I. (2020). Analisis Manajemen Risiko Pada Aplikasi E-Office Yang Dikelola Oleh Pt Telkom Indonesia Menggunakan Standar ISO/IEC 27005:2018 Analysis Of Risk Management In E-Office Application Managed By Pt Telkom Indonesia Using Iso/Iec 27005:2018 Standard.

Sarjana, S., Nardo, R., Hartono, R., Siregar, Z. H., Irmal, Sohilauw, M. I., … Badrianto, Y. (2022). Manajemen Risiko (H. Fajar Ningrum, Ed.). Media Sains Indonesia.

Setia Sandi, A. A. (2022). Manajemen Risiko TI (H. Jayusman, Ed.). CV. Elvaretta Buana.

Tsany, M., Nur, M. A., Darmawan, I., & Fauzi, R. (2020). Implementation Of Risk Assessment On Information Technology Division In PT. XYZ Uses ISO 27005:2008.

Downloads

Published

2025-09-12

How to Cite

Astini, N. K. D., Gusti Agung Ayu Putri, & Dwi Putra Githa. (2025). Information Technology Risk Analysis Using ISO 27005:2022 At Diskominfo Tabanan Regency. Jurnal Riset Informatika, 7(4), 307–316. https://doi.org/10.34288/jri.v7i4.394

Issue

Vol. 7 No. 4 (2025): September 2025

Section

Articles

License

Copyright (c) 2025 Ni Kadek Dheananda Astini, Gusti Agung Ayu Putri, Dwi Putra Githa

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

The Jurnal Riset Informatika has legal rules for accessing digital electronic articles uunder a Creative Commons Attribution-NonCommercial 4.0 International License . Articles published in Jurnal Riset Informatika, provide Open Access, for the purpose of scientific development, research, and libraries.

Crossref
Scopus
Google Scholar
Europe PMC