Risk Analysis and Control of Personal Data Protection in the Population Administration Information System
Analisis Risiko dan Kontrol Perlindungan Data Pribadi pada Sistem Informasi Administrasi Kependudukan
Abstract
Sistem Informasi Administrasi Kependudukan (SIAK) is an application used in managing personal data of residents in all cities/districts in Indonesia. Personal data becomes the public attention because if it is not managed properly it will have an impact on one's legal protection and non-compliance with regulations, i.e. Permenkominfo Nomor 20 tahun 2016 about Protection of Personal Data in the Electronic System. Risk analysis and control of personal data protection on SIAK applications are needed so that the personal data management can be carried out properly and comply with regulatory requirements. Data collected for this study are primary data, sourced from direct observations on the application, interview about assets related to SIAK along with possible risks, and also internal organizations documents. Data analysis was performed with a risk analysis using the ISO 31000: 2018 risk management process approach, where the identification of relevant risks refers to the Generic Risk Scenarios COBIT 5 For Risk, and the determination of relevant controls refers to the Department of Defense Instruction 8500.2 and NIST 800-53. This research involves the Head of Department and employees of Disdukcapil XYZ City that are related to the strategic and operational aspects of SIAK. The results of this study are the identification of 23 possible risks that are spread over 5 processes of personal data protection that classified into the medium-high risk level, and proposed risk control consisting of 19 preventive controls, 6 detective controls, and 2 corrective control.
Downloads
References
S. Dewi, 2016, Konsep Perlindungan Hukum atas Privasi dan Data Pribadi Dikaitkan dengan Penggunaan Cloud Computing di Indonesia, Yustisia, vol.5 no.1, hal. 22–30.
Anggara, 2015, Menyeimbangkan Hak : Tantangan Perlindungan Privasi dan Menjamin Akses Keterbukaan Informasi dan Data di Indonesia, hal. 1–19.
Latumahina, R.E., 2014. Aspek Hukum Perlindungan Data Pribadi di Dunia Maya, Jurnal GEMA AKTUALITA, vol.3 no.2, hal. 14–25.
Menteri Komunikasi dan Informatika Republik Indonesia, 2016, Peraturan Menteri Komunikasi dan Informatika Nomor 20 tahun 2016 Tentang Perlindungan Data Pribadi, hal. 1-24.
Agustinus, Nugroho, Cahyono, 2017, Analisis Risiko Teknologi Informasi Menggunakan ISO 31000 pada Program HRMS, Jurnal RESTI, vol.1 no.3, hal. 250-258.
Iin, Tjahyanto, 2017, Manajemen Risiko Teknologi Informasi Pada Proyek Perusahaan XYZ Melalui Kombinasi COBIT, PMBOK, dan ISO 31000, DINAMIKA TEKNOLOGI, vol.9 no.2, hal. 43-50.
Hevner, March, Park, Ram, 2004, Design Science in Information Systems Research, MIS Quarterly, vol. 28 no. 1, hal. 75.
ISACA, 2013, COBIT 5 for Risk, hal. 67-74.
US Department of Defense Instruction Number 8500.2, 2003. Information Assurance (IA) Implementation [online]. Available at: https://fas.org/irp/doddir/dod/d8500_2.pdf. [Accessed 20 July 2019]
NIST Special Publication 800-53 Revision 4, 2013. Security and Privacy Controls for Federal Information Systems and Organizations [online]. Available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. [Accessed 20 July 2019]
International Organization for Standarization, 2018, ISO 31000 Second Edition 2018-02. Risk Management – Guidelines.
Menteri Keuangan Republik Indonesia, 2016, Keputusan Menteri Keuangan Republik Indonesia Nomor 845/KMK.01/2016 tentang Petunjuk Pelaksanaan Manajemen Risiko di Lingkungan Kementerian Keuangan, hal. 1-34.
Copyright (c) 2019 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright in each article belongs to the author
- The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
- Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;