<![CDATA[The application of Information Technology (IT) often poses risks, such as incorrect application processes, data theft and data corruption. With the increasing risk, greater control is needed. For this reason, it is necessary to see whether the running system is equipped with adequate control. The Regional Revenue Management Agency (BAPENDA) of Central Java Province has utilized IT in its activities. The absence of adequate information security standards impacts data or information that is less secure, both in terms of confidentiality, integrity, and availability. The aims and objectives of the research are to measure KAMI risk maturity, such as conducting an IT assessment managed by BAPENDA. For example, vehicle tax payment service application, Android (New Sakpole), and IT infrastructure. The results of KAMI Maturity Level at BAPENDA in security policy clauses were 0.76, organization KAMI 1.24, control asset classification 0.63, personnel security 1.12, incident management KAMI 1.21, business continuity management 0.51, physical and environmental security 1.61, system development and maintenance 2.94, access control 4.18, communications and operations management 4.58 and, compliance 2.07. Mapping asset identification with NIST-CSF obtained several assets: hardware, software, employee, and information/data. The results show that assets in BAPENDA have a high risk (High) Risk Avoidance, so they require mitigation using NIST controls and Annex ISO-IEC 27001:2013.]]>
Copyrights © 2024
