Garuda - Garba Rujukan Digital

Perancangan Enterprise Architecture untuk Meningkatkan Indeks SPBE Pemerintah Daerah: Studi Kasus Kabupaten Tasikmalaya Yustisiawandana, Fajri Tsani; Aji, Rizal Fathoni
Jurnal Teknologi Dan Sistem Informasi Bisnis Vol 6 No 1 (2024): Januari 2024
Publisher : Prodi Sistem Informasi Universitas Dharma Andalas

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.47233/jteksis.v6i1.1133

Enterprise architecture has become one of the most crucial strategic tools in the development of information technology within an organization, particularly in the public sector such as government, as it can enhance public service performance and reduce costs. In the Regional Medium-Term Development Plan (RPJMD), it was found that the assessment domain index of the National SPBE in Tasikmalaya Regency is 2.0, with the smallest value in the SPBE governance and SPBE management domains. This is partly due to the absence of enterprise architecture as a foundation or reference for implementing SPBE services in Tasikmalaya Regency. Therefore, the research adopts the methodology of the national SPBE framework or master plan as the initial reference in designing enterprise architecture, following the steps outlined in the TOGAF framework. In the business architecture, simplification is applied, reducing seven sub-activities to two new sub-activities, while addressing seven major changes to confront strategic issues. In the data architecture, five significant changes are identified as solutions to data issues in the Tasikmalaya Regency Local Government. The application architecture encompasses six significant solutions to address internal organizational issues and integrate them with the national SPBE architecture. In the technology architecture, two new technologies are added to support business, data, and application processes. In the security architecture domain, nine security additions are implemented to protect the organization from attacks on its information systems. The planning of architectural changes is structured according to the RPJMD period, spanning five years from 2026 to 2030.

Risk Assessment Keamanan Informasi dengan Menggunakan ISO/IEC 27001: Studi Kasus PT Dyandra Promosindo Putra, Mahansa; Aji, Rizal Fathoni
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 8, No 1 (2024): EDISI MARET
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v8i1.775

PT Dyandra Promosindo is a company that operates in the event organizer sector, when carrying out their daily business processes they will always be in contact with important information from their clients. Therefore, it is necessary to carry out a risk assessment to avoid loss of confidentiality, integrity and availability of an information asset. The author wants to know how big the risk impact that threatens the security of information assets and provide control recommendations over these assets. The risk assessment process can be divided into three stages, namely, risk identification through interviews and document review, risk analysis using asset valuation and vulnerability and threat ratings, and finally risk evaluation using risk impact measurements. The results of this research showed that 10 critical information assets were identified and only 1 was in the Tolerable risk mitigation group where the other assets were in the Acceptable group. Recommendations for controls for PT Dyandra Promosindo information assets risk based on Annex A ISO/IEC 27001:2022 show 15 controls consisting of 4 Organizational control, 5 People control, 1 Physical control, and 5 Technological control

Evaluasi Keamanan Informasi Menggunakan ISO/IEC 27001: Studi Kasus PT XYZ Fatih, Dayyan; Aji, Rizal Fathoni
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 8, No 1 (2024): EDISI MARET
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v8i1.767

PT XYZ is one of the government-owned enterprises of the Republic of Indonesia that engaged in agribusiness. PT XYZ already has an information security management system (ISMS), but there are still several obstacles that are found, such as low personnel attention to information security, the need to remain compliant with government regulations, to technical constraints that arise, so PT XYZ wants to improve its information security-related capabilities. This study aims to determine the current condition of the existing ISMS at PT XYZ and provide recommendations for improving the ISMS. This research uses information security controls based on the ISO/IEC 27001: 2022 standard to get the information security condition gap, then divides the information technology (IT) assets owned by the IT division of PT XYZ into several categories using the ISO/IEC 27005: 2018 standard, and conducts a risk assessment using the gap result data, namely the selected information security controls. Then recommendations were made based on the ISO/IEC 27002:2022 standard. The findings of this study were the discovery of 17 ISO/IEC 27001:2022 control activities whose value results were not maximised. These 17 controls are then divided into 3 categories of recommendations based on the urgency, from the results of the risk assessment.

Risk Assessment Keamanan Informasi dengan Menggunakan ISO/IEC 27001: Studi Kasus PT Dyandra Promosindo Putra, Mahansa; Aji, Rizal Fathoni
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 8, No 1 (2024): EDISI MARET
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v8i1.775

PT Dyandra Promosindo is a company that operates in the event organizer sector, when carrying out their daily business processes they will always be in contact with important information from their clients. Therefore, it is necessary to carry out a risk assessment to avoid loss of confidentiality, integrity and availability of an information asset. The author wants to know how big the risk impact that threatens the security of information assets and provide control recommendations over these assets. The risk assessment process can be divided into three stages, namely, risk identification through interviews and document review, risk analysis using asset valuation and vulnerability and threat ratings, and finally risk evaluation using risk impact measurements. The results of this research showed that 10 critical information assets were identified and only 1 was in the Tolerable risk mitigation group where the other assets were in the Acceptable group. Recommendations for controls for PT Dyandra Promosindo information assets risk based on Annex A ISO/IEC 27001:2022 show 15 controls consisting of 4 Organizational control, 5 People control, 1 Physical control, and 5 Technological control

Evaluasi Keamanan Informasi Menggunakan ISO/IEC 27001: Studi Kasus PT XYZ Fatih, Dayyan; Aji, Rizal Fathoni
J-SAKTI (Jurnal Sains Komputer dan Informatika) Vol 8, No 1 (2024): EDISI MARET
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/j-sakti.v8i1.767

PT XYZ is one of the government-owned enterprises of the Republic of Indonesia that engaged in agribusiness. PT XYZ already has an information security management system (ISMS), but there are still several obstacles that are found, such as low personnel attention to information security, the need to remain compliant with government regulations, to technical constraints that arise, so PT XYZ wants to improve its information security-related capabilities. This study aims to determine the current condition of the existing ISMS at PT XYZ and provide recommendations for improving the ISMS. This research uses information security controls based on the ISO/IEC 27001: 2022 standard to get the information security condition gap, then divides the information technology (IT) assets owned by the IT division of PT XYZ into several categories using the ISO/IEC 27005: 2018 standard, and conducts a risk assessment using the gap result data, namely the selected information security controls. Then recommendations were made based on the ISO/IEC 27002:2022 standard. The findings of this study were the discovery of 17 ISO/IEC 27001:2022 control activities whose value results were not maximised. These 17 controls are then divided into 3 categories of recommendations based on the urgency, from the results of the risk assessment.

Evaluasi dan Rekomendasi Perbaikan Proses Pemenuhan Permintaan Layanan Teknologi Informasi: Studi Kasus PT Bank XYZ Permatasari, Yuniar; Aji, Rizal Fathoni
Jurnal Teknologi Dan Sistem Informasi Bisnis Vol 7 No 1 (2025): Januari 2025
Publisher : Prodi Sistem Informasi Universitas Dharma Andalas

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.47233/jteksis.v7i1.1769

As digital payments in Indonesia increase, they drive the financial industry, especially banking, to continue their digital transformation. BANK XYZ is one of the banks that is also undergoing digital transformation. To improve banking services that are always available and meet market demand, it is necessary to fulfill the demand for information technology (IT) services. However, there is a problem in this process, namely that many requests are not followed up and closed even though they have been worked on, causing delays in fulfilling user requests. Therefore, this research aims to evaluate the process of fulfilling IT service requests and provide improvement recommendations for the future. The evaluation process in this study uses the COBIT 2019 framework to measure the capability of relevant process areas, and ITIL V4 provides good practices for process improvement recommendations. After data collection and capability measurement on eleven processes, the results showed that three processes were at level two, namely APO09, BAI08, and BAI10. There are five processes at level three, namely BAI07, BAI08, DSS02, DSS03, and DSS04. For the achievement of level four, there are two processes, namely APO14 and BAI06, and one process that has reached the level, namely DSS01. Then, in the gap analysis process, there are three processes that have met the management's targets, namely APO14, BAI06, and DSS01, and eight processes that have not yet met the targets. Recommendations are given for the eight processes that have not yet met the management's expected targets.

Perancangan Manajemen Risiko Keamanan Informasi Menggunakan SNI ISO/IEC 27005: Studi Kasus Integrated School Management System milik PT XYZ Rasyid, Rizky Muhamad; Aji, Rizal Fathoni
Jurasik (Jurnal Riset Sistem Informasi dan Teknik Informatika) Vol 10, No 1 (2025): Edisi Februari
Publisher : STIKOM Tunas Bangsa Pematangsiantar

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30645/jurasik.v10i1.866

The existence of information technology has provided various conveniences and opportunities for conducting business online, one of which is the Software as a Service (SaaS) industry. PT XYZ is one of the startups focused on the SaaS business as a provider of integrated school management system (ISMS) solutions. IT plays a vital role in the operational activities of ISMS. PT XYZ is aware of this and has implemented a zero-security incident policy for its ISMS. However, the ISMS still experiences security incidents due to vulnerabilities in the system that result in losses for PT XYZ. This indicates the need for information security risk management for the ISMS. The purpose of this study is to obtain a design for information security risk management for ISMS. This study uses a qualitative method where data collection is conducted through interviews, observations, and literature reviews. SNI ISO/IEC 27005:2022 is used as the information security risk assessment, while risk control recommendations utilize SNI ISO/IEC 27001:2022. This study resulted in 28 risk scenarios, namely: 12 High risks, 10 Moderate risks, two Low risks, and four Very Low risks. The outcome of this study is the design of information security risk management for PT XYZ's ISMS.

Assessing Information Security Awareness Among Indonesian Government Employees: A Case Study of the Meteorology, Climatology, and Geophysics Agency Prasetyo, Aji; Aji, Rizal Fathoni; Wibowo, Wahyu Setiawan
Journal of Information Systems Engineering and Business Intelligence Vol. 11 No. 2 (2025): June
Publisher : Universitas Airlangga

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.20473/jisebi.11.2.126-142

Background: Cybersecurity is important for government agencies and the usefulness shows the need for a thorough understanding of information security awareness (ISA) among employees in order to enhance protective measures and ensure compliance with regulations. The Meteorology, Climatology, and Geophysical Agency (BMKG) of Indonesia is very important in providing essential national data and this responsibility shows the need to assess and promote ISA among the employees. The efforts to ensure a robust ISA culture can allow BMKG to safeguard sensitive meteorological and geophysical data, strengthen operational resilience, maintain public trust, and mitigate potential cyber threats that are capable of compromising national security. Objective: This study aimed to evaluate the level of organizational ISA among employees at BMKG and to improve measures considered important. Methods: The Human Aspects of Information Security Questionnaire (HAIS-Q) was administered as the reference model to assess the knowledge, attitudes, and behaviors of employees regarding information security. A descriptive statistical analysis and Partial Least Squares Structural Equation Modelling (PLS-SEM) were further applied to analyze data from 459 BMKG employees across various security domains, including password management, email use, internet use, social media use, mobile device security, and incident reporting. Results: The results showed that BMKG employees possessed a high overall level of ISA (88.06%) with the average knowledge, attitudes, and behaviors recorded to be 88.06%, 81.89%, and 80.74%, respectively. Meanwhile, specific areas such as email use (78.70%) and mobile device use (73.19%) had only moderate awareness. The structural model analysis also showed that behavior exerted the most significant influence on ISA (β = 0.423), followed by attitude (β = 0.289) and knowledge (β = 0.214). Conclusion: The overall awareness level was positive but there was a need for targeted efforts in password management, email use, and mobile device security to improve ISA practices. Moreover, the implementation of comprehensive information security policies, regular training, and organizational support was suggested to be important for fostering a robust security culture within BMKG. Keywords: Information Security Awareness, Cybersecurity, BMKG, PLS-SEM, Government Employees, Indonesia

Evaluasi Evaluasi Implementasi Scrum dengan SMM dan AMM: Studi Kasus Perusahaan Telekomunikasi PT XYZ: Atissalam, Lintang Wisesa; Aji, Rizal Fathoni
The Indonesian Journal of Computer Science Vol. 13 No. 3 (2024): The Indonesian Journal of Computer Science (IJCS)
Publisher : AI Society & STMIK Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.33022/ijcs.v13i3.3962

PT XYZ is a telco company with more than 34.3 million users in Indonesia. PT XYZ adopted the Scrum framework in 3 projects of MyXYZ application development. The percentage of completion of each project in each sprint during the last year didn't reach 100%. This indicates there are problems in each sprint that could be slow down the release time of the newest feature and waste higher revenue potential. The Scrum Maturity Model is used to measure the maturity level of Scrum implementation. Data collection was carried out using the Scrum Assessment Questionnaire which consists of 70 questions. The questionnaires were given to 1 Scrum Master, 2 Product Owners and 4 Development Team members from each project. The data was then analyzed using the Agile Maturity Model key process area rating. As a result, Scrum implementation at PT XYZ is at level 3. Standardization and disciplined implementation of Scrum retrospectives are needed to be able to raise the maturity level to the next level.

Design of GeoAi-Based Control Tower Dashboard Application Infrastructure at PT. XYZ Siregar, Maulana Bobby Rakhman; Aji, Rizal Fathoni
Sistemasi: Jurnal Sistem Informasi Vol 13, No 1 (2024): Sistemasi: Jurnal Sistem Informasi
Publisher : Program Studi Sistem Informasi Fakultas Teknik dan Ilmu Komputer

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32520/stmsi.v13i1.3466

The increasing demand for technology and data necessitates the enhancement of infrastructure for the Control Tower Dashboard Geographic Information System (CTD GIS) application at PT XYZ. The current system operates within a Virtual Private Server (VPS) Cloud environment but faces challenges such as data loading delays and increasing demands for broader functionalities. To address these issues, a comprehensive future infrastructure recommendation is outlined, including upgrading ArcGIS Server, integrating with Portal for ArcGIS, implementing ArcGIS Datastore, utilizing NAS Storage, and incorporating Script & VGA Server. Through the proposed infrastructure changes, the CTD GIS application is poised to navigate the dynamics of data growth, providing geospatial insights to support better decision-making processes at PT XYZ.

Title

Found 12 Documents
Search

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Title Search

Found 12 Documents Search

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Abstract

Title

Found 12 Documents
Search