Manajemen Risiko Teknologi Informasi pada e-Government: Ulasan Literatur Sistematis (Information Technology Risk Management on e-Government: Systematic Literature Review)
Isi Artikel Utama
Abstrak
Manajemen Risiko digunakan sebagai dasar perencanaan dan pengambilan keputusan oleh pimpinan, mengoptimalkan pemanfaatan sumber daya yang dimiliki, serta meminimalisir terjadinya risiko yang dapat merugikan organisasi. Implementasi manajemen risiko pada e-government digunakan untuk meminimalisir risiko serta mengurangi dampak negatif terhadap implementasi e-government. Penelitian ini bermaksud melakukan tinjauan literatur sistematis mengenai implementasi manajemen risiko teknologi informasi yang sesuai standar dalam e-government. Dari hasil analisis konten dan deskriptif terhadap literatur, disimpulkan bahwa implementasi manajemen risiko pada organisasi non-profit (pemerintah) dipengaruhi oleh perencanaan sumber daya teknologi informasi, manajemen, kebijakan dan regulasi serta kinerja organisasi. Proses manajemen risiko pada e-government mengadopsi beberapa standar yang dikeluarkan oleh International Standard Organization (ISO), dan implementasinya dapat diintegrasikan sesuai dengan kondisi dan kebutuhan organisasi.
Rincian Artikel
Jurnal IPTEK-KOM menggunakan kebijakan akses terbuka. Syarat yang harus dipenuhi oleh Penulis sebagai berikut:
- Penulis menyimpan hak cipta dan memberikan jurnal hak penerbitan pertama naskah secara simultan dengan lisensi di bawah Creative Commons Attribution License yang mengizinkan orang lain untuk berbagi pekerjaan dengan sebuah pernyataan kepenulisan pekerjaan dan penerbitan awal di jurnal ini.
- Penulis bisa memasukkan ke dalam penyusunan kontraktual tambahan terpisah untuk distribusi non ekslusif versi kaya terbitan jurnal (contoh: mempostingnya ke repositori institusional atau menerbitkannya dalam sebuah buku), dengan pengakuan penerbitan awalnya di jurnal ini.
- Penulis diizinkan dan didorong untuk mem-posting karya mereka online (contoh: di repositori institusional atau di website mereka) sebelum dan selama proses penyerahan, karena dapat mengarahkan ke pertukaran produktif, seperti halnya sitiran yang lebih awal dan lebih hebat dari karya yang diterbitkan. (Lihat Efek Akses Terbuka).
Referensi
Akkiyat, Ikram, and Nissrine Souissi. 2019. “Modelling Risk Management Process According to ISO Standard.” International Journal of Recent Technology and Engineering (IJRTE) Volume 8 No 2: 5830–35. https://doi.org/10.35940/ijrte.B3751.078219.
Ali, Omar, Anup Shrestha, Akemi Chatfield, and Peter Murray. 2020. “Assessing Information Security Risks in the Cloud: A Case Study of Australian Local Government Authorities.” Government Information Quarterly 37(1). https://doi.org/10.1016/j.giq.2019.101419.
Alreemy, Zyad, Victor Chang, Robert Walters, and Gary Wills. 2016. “Critical Success Factors (CSFs) for Information Technology Governance (ITG).” International Journal of Information Management 36 (6): 907–16. https://doi.org/10.1016/j.ijinfomgt.2016.05.017.
Barafort, Béatrix, Antoni Lluís Mesquida, and Antònia Mas. 2018. “Integrated Risk Management Process Assessment Model for IT Organizations Based on ISO 31000 in an ISO Multi-Standards Context.” Computer Standards and Interfaces 60 (February): 57–66. https://doi.org/10.1016/j.csi.2018.04.010.
Brunner, Michael, Clemens Sauerwein, Michael Felderer, and Ruth Breu. 2020. “Risk Management Practices in Information Security: Exploring the Status Quo in the DACH Region.” Computers and Security. https://doi.org/10.1016/j.cose.2020.101776.
Callahan, Carolyn, and Jared Soileau. 2017. “Does Enterprise Risk Management Enhance Operating Performance?” Advances in Accounting 37: 122-139. https://doi.org/10.1016/j.adiac.2017.01.001.
ERM. 2004. COSO - Enterprise Risk Management – Integrated Framework. USA: John Willey & Sons, Inc.
Fazlida, M.R., and Jamaliah Said. 2015. “Information Security: Risk, Governance and Implementation Setback.” Procedia Economics and Finance 28 (April): 243–48. https://doi.org/10.1016/s2212-5671(15)01106-5.
Fikri, Muhamad Al, Fandi Aditya Putra, Yohan Suryanto, and Kalamullah Ramli. 2019. “Risk Assessment Using NIST SP 800-30 Revision 1 and ISO 27005 Combination Technique in Profit-Based Organization: Case Study of ZZZ Information System Application in ABC Agency.” Procedia Computer Science 161: 1206–15. https://doi.org/10.1016/j.procs.2019.11.234.
Fraser, John R.S., and Betty J. Simkins. 2016. “The Challenges of and Solutions for Implementing Enterprise Risk Management.” Business Horizons 59 (6): 689–98. https://doi.org/10.1016/j.bushor.2016.06.007.
ISO. 2016. “ISO/IEC 27000:2016(E) Information Technology — Security Techniques — Information Security Management Systems — Overview and Vocabulary.” www.iso.org.
ISO. 2018. BS ISO 31000 : 2018. Risk Management — Guidelines. BSI Standards Publication.
Joshi, Anant, Laury Bollen, Harold Hassink, Steven De Haes, and Wim Van Grembergen. 2018. “Explaining IT Governance Disclosure through the Constructs of IT Governance Maturity and IT Strategic Role.” Information and Management Vol 55 Issue 3: 368-380. https://doi.org/10.1016/j.im.2017.09.003.
Kasma, Vira Septiyana, Sarwono Sutikno, and Kridanto Surendro. 2019. “Design of E-Government Security Governance System Using COBIT 2019: (Trial Implementation in Badan XYZ).” In Proceeding - 2019 International Conference on ICT for Smart Society: Innovation and Transformation Toward Smart Region, ICISS 2019. https://doi.org/10.1109/ICISS48059.2019.8969808.
Kementerian PAN RB. 2020. Pedoman Manajemen Risiko SPBE.
Kementerian PAN RB. 2020. “Tim Koordinasi SPBE Nasional
Sampaikan Capaian 2019 Dan Rencana 2020.” Accessed October 4, 2020. http://spbe.go.id/blog/tim-koordinasi-spbe-nasional-sampaikan-capaian-2019-dan-rencana-2020.
Kitchenham, Barbara, and Stuart Charters. 2007. Guidelines for Performing Systematic Literature Reviews in Software Engineering. UK: Keele University and Durham University Joint Report.
Maingak, Akmal Zaifullah, and Listyo Dwi Harsono. 2018. “Information Security Assessment Using Iso / Iec 27001 : 2013 Standard.” Trikonomika 17 (1): 28–37. http://journal.unpas.ac.id/index.php/trikonomika/article/view/1138/618.
Masso, Jhon, Francisco J. Pino, César Pardo, Félix García, and Mario Piattini. 2020. “Risk Management in the Software Life Cycle: A Systematic Literature Review.” Computer Standards and Interfaces 71 (March 2019): 103431. https://doi.org/10.1016/j.csi.2020.103431.
Olechowski, A., J. Oehmen, W. Seering, and M. Ben-Daya. 2016. “The Professionalization of Risk Management: What Role Can the ISO 31000 Risk Management Principles Play?” International Journal of Project Management 34 (8): 1568–78. https://doi.org/10.1016/j.ijproman.2016.08.002.
Oliveira, De, Fernando Augusto, and Silva Marins. 2017. “The ISO 31000 Standard in Supply Chain Risk Management” Journal of Cleaner Production 151: 616-633. https://doi.org/10.1016/j.jclepro.2017.03.054.
Rampini, Gabriel Henrique Silva, Harmi Takia, and Fernando Tobal Berssaneti. 2019. “Critical Success Factors of Risk Management with the Advent of ISO 31000 2018 - Descriptive and Content Analyzes.” Procedia Manufacturing 39: 894–903. https://doi.org/10.1016/j.promfg.2020.01.400.
Shakibazad, Mohammad, and Ali Jabbar Rashidi. 2020. “New Method for Assets Sensitivity Calculation and Technical Risks Assessment in the Information Systems.” IET Information Security 14 (1): 133–45. https://doi.org/10.1049/iet-ifs.2018.5390.
Shameli-Sendi, Alireza, Rouzbeh Aghababaei-Barzegar, and Mohamed Cheriet. 2016. “Taxonomy of Information Security Risk Assessment (ISRA).” Computers and Security 57. https://doi.org/10.1016/j.cose.2015.11.001.
Simota, Jan, Jiri Tupa*, and Frantisek Steiner. 2018. “Risk Management to Enhance Performance in the Construction SME Sector; Theory and Case Study.” In Risk Management Treatise for Engineering Practitioners. https://doi.org/10.5772/intechopen.68798.
Tupa, Jiri, Jan Simota, and Frantisek Steiner. 2017. “Aspects of Risk Management Implementation for Industry 4.0.” Procedia Manufacturing 11 (December): 1223–30. https://doi.org/10.1016/j.promfg.2017.07.248.