Analisis Risiko dan Kontrol Perlindungan Data Pribadi pada Sistem Informasi Administrasi Kependudukan

Sistem Informasi Administrasi Kependudukan (SIAK) is an application used in managing personal data of residents in all cities/districts in Indonesia. Personal data becomes the public attention because if it is not managed properly it will have an impact on one's legal protection and non-compliance with regulations, i.e. Permenkominfo Nomor 20 tahun 2016 about Protection of Personal Data in the Electronic System. Risk analysis and control of personal data protection on SIAK applications are needed so that the personal data management can be carried out properly and comply with regulatory requirements. Data collected for this study are primary data, sourced from direct observations on the application, interview about assets related to SIAK along with possible risks, and also internal organizations documents. Data analysis was performed with a risk analysis using the ISO 31000: 2018 risk management process approach, where the identification of relevant risks refers to the Generic Risk Scenarios COBIT 5 For Risk, and the determination of relevant controls refers to the Department of Defense Instruction 8500.2 and NIST 800-53. This research involves the Head of Department and employees of Disdukcapil XYZ City that are related to the strategic and operational aspects of SIAK. The results of this study are the identification of 23 possible risks that are spread over 5 processes of personal data protection that classified into the medium-high risk level, and proposed risk control consisting of 19 preventive controls, 6 detective controls, and 2 corrective control.