Risk Analysis and Control of Personal Data Protection in the Population Administration Information System

Analisis Risiko dan Kontrol Perlindungan Data Pribadi pada Sistem Informasi Administrasi Kependudukan

  • Iqbal Santosa Telkom University
  • Raras Yusvinindya Universitas Telkom
Keywords: Data Pribadi, ISO 31000, Perlindungan Data Pribadi, Sistem Informasi Administrasi Kependudukan, SIAK

Abstract

Sistem Informasi Administrasi Kependudukan (SIAK) is an application used in managing personal data of residents in all cities/districts in Indonesia. Personal data becomes the public attention because if it is not managed properly it will have an impact on one's legal protection and non-compliance with regulations, i.e. Permenkominfo Nomor 20 tahun 2016 about Protection of Personal Data in the Electronic System. Risk analysis and control of personal data protection on SIAK applications are needed so that the personal data management can be carried out properly and comply with regulatory requirements. Data collected for this study are primary data, sourced from direct observations on the application, interview about assets related to SIAK along with possible risks, and also internal organizations documents. Data analysis was performed with a risk analysis using the ISO 31000: 2018 risk management process approach, where the identification of relevant risks refers to the Generic Risk Scenarios COBIT 5 For Risk, and the determination of relevant controls refers to the Department of Defense Instruction 8500.2 and NIST 800-53. This research involves the Head of Department and employees of Disdukcapil XYZ City that are related to the strategic and operational aspects of SIAK. The results of this study are the identification of 23 possible risks that are spread over 5 processes of personal data protection that classified into the medium-high risk level, and proposed risk control consisting of 19 preventive controls, 6 detective controls, and 2 corrective control.

Downloads

Download data is not yet available.

References

S. Dewi, 2016, Konsep Perlindungan Hukum atas Privasi dan Data Pribadi Dikaitkan dengan Penggunaan Cloud Computing di Indonesia, Yustisia, vol.5 no.1, hal. 22–30.

Anggara, 2015, Menyeimbangkan Hak : Tantangan Perlindungan Privasi dan Menjamin Akses Keterbukaan Informasi dan Data di Indonesia, hal. 1–19.

Latumahina, R.E., 2014. Aspek Hukum Perlindungan Data Pribadi di Dunia Maya, Jurnal GEMA AKTUALITA, vol.3 no.2, hal. 14–25.

Menteri Komunikasi dan Informatika Republik Indonesia, 2016, Peraturan Menteri Komunikasi dan Informatika Nomor 20 tahun 2016 Tentang Perlindungan Data Pribadi, hal. 1-24.

Agustinus, Nugroho, Cahyono, 2017, Analisis Risiko Teknologi Informasi Menggunakan ISO 31000 pada Program HRMS, Jurnal RESTI, vol.1 no.3, hal. 250-258.

Iin, Tjahyanto, 2017, Manajemen Risiko Teknologi Informasi Pada Proyek Perusahaan XYZ Melalui Kombinasi COBIT, PMBOK, dan ISO 31000, DINAMIKA TEKNOLOGI, vol.9 no.2, hal. 43-50.

Hevner, March, Park, Ram, 2004, Design Science in Information Systems Research, MIS Quarterly, vol. 28 no. 1, hal. 75.

ISACA, 2013, COBIT 5 for Risk, hal. 67-74.

US Department of Defense Instruction Number 8500.2, 2003. Information Assurance (IA) Implementation [online]. Available at: https://fas.org/irp/doddir/dod/d8500_2.pdf. [Accessed 20 July 2019]

NIST Special Publication 800-53 Revision 4, 2013. Security and Privacy Controls for Federal Information Systems and Organizations [online]. Available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf. [Accessed 20 July 2019]

International Organization for Standarization, 2018, ISO 31000 Second Edition 2018-02. Risk Management – Guidelines.

Menteri Keuangan Republik Indonesia, 2016, Keputusan Menteri Keuangan Republik Indonesia Nomor 845/KMK.01/2016 tentang Petunjuk Pelaksanaan Manajemen Risiko di Lingkungan Kementerian Keuangan, hal. 1-34.

Published
2019-12-11
How to Cite
Santosa, I., & Raras Yusvinindya. (2019). Risk Analysis and Control of Personal Data Protection in the Population Administration Information System. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 3(3), 496 - 504. https://doi.org/10.29207/resti.v3i3.1068
Section
Artikel Rekayasa Sistem Informasi