Manajamen Risiko SIMRS Menggunakan Metode OCTAVE-S dan Standar Pengendalian ISO/EIC 27001

  • Ito Setiawan Universitas Amikom Purwokerto


 Wishnu Husada Banyumas Hospital has applied information technology in the service process, but the problems that arise in the application of information systems often occur such as human error, server problems and other risks. Lack of documentation in managing risks results in the same risks being repeated often in the future. The purpose of this study is to evaluate risk using the OCTAVE-S method and control standards referring to ISO 27001 in hospitals. This research is a qualitative research using a case study approach. The data collection method uses literature studies and field studies. The results achieved from this research are knowing critical information systems in the form of a database server and also SIMRS, knowing the threat to critical assets in the form of the absence of some standard procedures in the 6 parts of security practices. There are 6 security practices that get a red stoplight, 9 yellow stoplight security practices and 1 green stoplight security practice referring to the OCTAVE-S method. The risk mitigation plan refers to ISO 27001 to help the organization map according to the assessment of safety practices that have been carried out


[1]. Idroes, Ferry, 2008. Manajemen Risiko Perbankan. Jakarta: PT. Raja Grafindo Persada
[2]. Sanyoto Gondodiyoto. 2007,Audit Sistem Informasi. Mitra Wacana Media. Indonesia
[3]. Purtell, T, (2007). A New View on IT Risk Management. 54(10)
[4]. Suroso & Fakhrozi. 2018. Assessment Of Information System Risk Management with Octave Allegro At Education Institution. Universitas Bina Nusantara. Jakarta
[5]. B. Barafort, A. L. Mesquida, and A. Mas. 2017. “Integrating risk management in IT settings from ISO standards and management systems perspectives,” Comput. Stand. Interfaces, vol. 54, pp. 176–185.
[6]. ENISA. 2006. Risk Management: Implementation principles and Inventories for Risk Management/Risk Assesment method and tools. USA: ENISA
[7]. Serumena dkk. 2019. Understanding the Risk Model to the ManagementInformation System of the Supply Chain in the Company's Logistics Process. Universitas Atma Jaya. Yogyakarta
[8]. C. Preda, “Implementing a Risk Management Standard,” J. Def. Resour. Manag., vol. 4, no. 1, pp. 111–120, 2013
[9]. Safa’a I. Hajeer. 2012. Critical Risk Factors for Information System (IS) Projects (IS) Projects between Sink and Swim. Department of Computer Information Systems. vol. 2, pp. 1270–1279
[10]. Kemenkes. 2011. SIKDA Generik. diakses 5 april 2016 dari pemanfaatan-teknologi-informasi-dan-komunikasi-tik-di-bidang-kesehatan/?print=pdf
[11]. Anderes Gui, Dkk. 2008. Pengukuran resiko teknologi informasi (TI) Dengan metode OCTAVE-S. Universitas Bina Nusantara. Jakarta
[12]. Alberts C, Dorofee A, Stevens J, Woody C. 2005. OCTAVE-S Implementation Guide, Ver 1.0.Januari 2005. Pittsburgh :.Carnegie Mellon University
[13]. Hakemi, Aida, Dkk. 2014. Enhancement of Vector Method by adapting OCTAVE for Risk Analysis in Lagecy System Migration. Universitas Teknologi Malaysia.
[14]. ISO/IEC 27001. 2005, Information Technology - Security Techniques – Information Security Management Systems - Requirements.
[15]. Stephanus. 2016. Manajemen Resiko Sistem Informasi Menggunakan Metode OCTAVE-S Dan ISO 27001 Pada Pdam Tirta Kerta Rahardja. Universitas Bina Nusantara. Jakarta
[16]. Sarno, R. dan Iffano, I. 2009. Sistem Manajemen Keamanan Informasi. Surabaya: ITS Press