<![CDATA[Malang State Polytechnic is a state university that is committed to the implementation and development of information technology. This commitment is realized with the existence of the Computer Center UPT (Puskom) as a unit responsible for technology. So far, the UPT Puskom has implemented ISO 9001: 2008 as a supplier service management standard. Regarding security responsibilities for the requirements of ISO 9001: 2008. However, this aspect of risk management is only a remedial program related to nonconformities. With the existence of risk management, this information is expected to strengthen the risk management aspects. Can reduce the risk that occurs. Based on the existing problems, it is necessary to do risk management using the OCTAVE-S method. This method uses the knowledge of UPT Puskom staff on the organization's security practices and processes, as well as evaluating the current security at the UPT Puskom. In applying the OCTAVE-S method, an interview process is needed to request information about the current Puskom requirements, find out important assets, as well as infrastructure related to important assets. Meanwhile, the questionnaire was carried out to implement the security practices that have been applied by the Center at present. And observations made to obtain more information that has been obtained to strengthen the information. The results of this study prove that Puskom has 2 important assets, namely academic information systems and Puskom information systems. In addition, there are 5 areas out of 15 security practice areas at the UPT Puskom that do not meet OCTAVE-S standards. From this area, 2 security practice areas have yellow traffic light status, and 3 security practice areas have red traffic light status. Areas of security practice that do not meet OCTAVE-S standards are then mitigated. Based on the law, there are 4 mitigation points, the access control area is 4 mitigation points, the management area considers 3 mitigation points, the design & security architecture area is provided 1 mitigation point, the management area reports 3 mitigation points.]]>
Copyrights © 2020
