<![CDATA[This research focuses on the risk assessment and mitigation of the Hitmi system, an information system used by PT Perkebunan Nusantara (PTPN V) for calculating employee premiums. The study aims to identify and evaluate the risks associated with the system's information technology assets and provide risk mitigation recommendations in accordance with information security practices and the Personal Data Protection Act. The research methodology includes several stages: Planning, Data Collection, Analysis and Data Processing, and Final Phase. In the Planning Stage, the problem is identified through observations and interviews, and the research purpose is defined. The Data Collection Phase involves literature studies, observations, interviews, and the use of OCTAVE-S sheets to collect relevant data. The Analysis and Data Processing stage focuses on analyzing the collected data and processing it for conclusions and problem resolution. The OCTAVE-S framework is used to identify assets, vulnerabilities, and develop security strategies and plans. The results and discussion section presents the mapping of the OCTAVE-S analysis with the Personal Data Protection Act, identifying organizational information, and assessing organizational security practices. The risk impact assessment criteria are used to evaluate the risks, and the assets of the organization are identified. The assessment of security practices reveals areas of improvement and areas where good security practices are already implemented. Based on the findings, recommendations for risk mitigation are provided. These recommendations include security awareness and training programs for employees, improved resource allocation for security activities, regular updates to security policies, and the implementation of access control measures, incident management procedures, and encryption techniques.This research contributes to enhancing information security practices and reducing risks associated with the Hitmi system at PTPN V. The findings can guide the organization in implementing effective security controls, complying with the Personal Data Protection Act, and ensuring the confidentiality, integrity, and availability of sensitive data.]]>
Copyrights © 2023
