| Resumo: | Information asset is a part of the information technology governance that has value and worth to the organization. Therefore, the organization needs the information technology governance. BPK RI currently has information technology governance, but does not contain the risks faced by IT BPK RI, the process of physical security in information assets, compliance assurance user to participate committed to protect the security of information assets, monitoring of IT Bureau of the BPK RI�s information security and electronic document management processes such as recovery, back up and restore, extermination, security and retention. This study will complement the information technology governance.
This research uses approach to determine the risk of a significant problem, the impacts, and mitigation required. The problem that arises is used to determine the priority procedures to minimize risk. Determination of the issue was conducted by delivering questionnaires to employees of IT Bureau BPK RI. The questionnaire was adopted 22 indicators in ISO 27001:2005. The results of the questionnaire were analyzed to obtain a significant issue in accordance with a risk map.
The result of this study is a regulation governing the impelementation of information security. This regulation consists of a collection of procedures relates to the information security and information asset management that has been considered a significant problem. The elements of information security governance regulations consists of a commitment statement, objectives, scope, policy details, definitions, release notes and Standard Operating Procedure (SOP).
|
|---|