Kajian Strategi Pengamanan Infrastruktur Sumber Daya Informasi Kritis [Study of Critical Information Resources Infrastructure Security Strategy]

Main Article Content

Ahmad Budi Setiawan

Abstract

Infrastruktur informasi kritis merupakan salah satu infrastruktur kritis yang menggabungkan antara infrastruktur telekomunikasi serta jaringan internet yang digunakan dalam pelayanan publik. Dengan demikian, infrastruktur informasi kritis  harus beroperasi dengan aman dan memenuhi aspek keamanan informasi. Kajian ini adalah studi kasus pada infrastruktur informasi kritis sebagai salah satu infrastruktur kritis Nasional yang digunakan dalam pelayanan publik. Adapun infrastruktur informasi kritis yang dijadikan studi kasus adalah pada bidang energi ketenagalistrikan. Tujuan kajian ini adalah memberikan masukan pada kebijakan pengamanan infrastruktur kritis berdasarkan studi kasus yang dilakukan. Kajian ini dilakukan dengan metode gabungan kuantitatif dan kualitatif yang mengkombinasikan hasil penilaian risiko pada obyek riset dengan pendapat pengambil kebijakan, akademisi, pakar dan praktisi. Hasil kajian ini adalah masukan untuk kebijakan dan kerangka kerja pengamanan infrastruktur kritis khususnya sector TIK.

 

*****

Critical information infrastructure is one of the critical infrastructure that combines telecommunications infrastructure and Internet networks used in the public service. Thus, the critical information infrastructure must operate safely and meet the aspects of information security. This study is a case study on critical information infrastructure as one of the critical national infrastructure used in public service. The critical information infrastructure which is used as a case study is in the field of electricity energy. The purpose of this sudy is to provide input on critical infrastructure security policy based on case studies conducted. This study was conducted with the combined quantitative and qualitative method that combines the results of the risk assessment on the research object with the opinion of policy makers, academics, experts and practitioners. These results are input to the policy framework and securing critical infrastructure, especially the ICT sector.

Dimensions

Article Details

Section
Telecommunication

References

M. Henderson. (2007). “Protecting Critical Infrastructure from Cyber Attacks,” Department of Homeland Security-USA, 2007.

J. W. Cresswell. (2008). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, Third Edition, SAGE Publications, Inc, 2008.

ISO/IEC, ISO/IEC 27002:2013, ISO/IEC, 2013.

ISO/IEC, ISO/IEC 27001:2013, ISO/IEC, 2013.

ISO/IEC, ISO/IEC 27000:2014, ISO/IEC, 2014.

Department of Defense. (2012) DoD Policy and Responsibilities for Critical Infrastructure, Department of Defense USA.

Federal Energy Regulatory Commission. (2013). “Critical Infrastructure Protection Reliability Standards,” Federal Energy Regulatory Commission-USA.

Ko, M. dan Dorantes, C. (2006), The Impact of Information Security Breaches on Financial Performance of The Breached Firms: an Empirical Investigation, Journal of Information Technology Management, vol. XVII, pp. 13-22.

Nickolov, Eugene. (2005), Critical Information Infrastructure Protection: Analysis, Evaluation and Expectations, INFORMATION & SECURITY. An International Journal, Vol.17, pp. 105-119

Su, X. (2006), An Overview of Economic Approaches to Information Security Management, University of Twente, Information Systems Group, Enschede, The Netherlands.

Suter, Manuel. (2007), A Generic National Framework For Critical Information Infrastructure Protection (CIIP), Center for Security Studies, ETH Zurich.

National Institute of Standard dan Technology (NIST), (2007), NISTIR 7628 Guidelines for Smart Grid Cyber Security, Smart Grid Interoperable Panel (SGIP) Cyber Security Working Group, NIST, US Depertement of Commerce.

National Institute of Standard dan Technology (NIST), (2007), Framework for Improving Critical Infrastructure Cybersecurity, NIST, US Depertement of Commerce, v. 1.0

OECD, (2006), Recomendation of The Council on The Protection of Critical Information Infrastructure, OECD Ministerial Meeting on The Future of Internet Economy, Seoul, South Korea

Whitman, M. E. (2004), In defense of the realm: understanding the threats to information security, International Journal of Information Management,vol. 24, no. 1.

Cashell, B., Jackson, W. D., Jickling, M. dan Webel, B. (2004), The Economic Impact of Cyber-Attacks, CISCO.

Dey, M. (2007), Information security management - a practical approach, AFRICON 2007.

Norman, A. dan Yasin, N. (2009), An analysis of Information Systems Security Management (ISSM): The hierarchical organizations vs. emergent organization, ICITST International Conference on Internet Technology and Secured Transactions.

Chang, H., Kwon, H., Lee, C. dan Kang, J. (2010), The Weighted Industrial Security Management System for SMBs, 5th International Conference on Future Information Technology (FutureTech).

Gorman, Sean P. and Schintler, Laurie and Kulkarni, Rajendra and Stough, Roger R., (2004), The Revenge of Distance: Vulnerability Analysis of Critical Information Infrastructure. Journal of Contingencies and Crisis Management, Vol. 12, No. 2, pp. 48-63, June 2004. Available at SSRN: http://ssrn.com/abstract=549768