Perancangan Manajemen Risiko Keamanan Informasi Menggunakan SNI ISO/IEC 27005:2022 pada Aplikasi One Data Instansi XYZ
Abstract
The One Data application at XYZ Agency is a strategic data portal that supports bureaucratic reform and civil service governance. The high strategic value of the managed data has implications for increasing information security risks. This study aims to design information security risk management in the One Data Application at XYZ Agency by referring to SNI ISO/IEC 27005:2022, prioritizing risk treatment, and validating the design through control alignment with the IKASANDI guidelines. The research methods include inventorying application-related assets, identifying threats and vulnerabilities, formulating risk scenarios, and analyzing and evaluating risks using consequence-likelihood criteria and a 5x5 risk matrix referring to PermenPANRB Number 43 of 2021. The design results produce a risk register covering 30 assets, 21 types of threats, and 61 risk scenarios, consisting of 33 risks requiring mitigation and 28 risks in the acceptable category. High-priority risks primarily relate to service availability, dependence on supporting infrastructure, and human factors, including potential insider threats and limited personnel availability. The risk treatment recommendations are mapped against SNI ISO/IEC 27002:2022 controls and aligned with IKASANDI controls; design validation is demonstrated by an increase in the IKASANDI score from 1,65 to 2,24. The proposed risk treatment plan also targets a decrease in the average risk score from 12,07 to 6,31, placing all scenarios in the acceptance category. The study concludes that the implementation of SNI ISO/IEC 27005:2022, validated through an increase in the IKASANDI score, results in a structured risk management design, and supports continuous monitoring and improvement of the information security management system in the XYZ Agency's One Data Application.
Keywords
References
B. D. Kencono, H. H. Putri, and T. W. Handoko, “Transformasi Pemerintahan Digital: Tantangan dalam Perkembangan Sistem Pemerintahan Berbasis Elektronik (SPBE) di Indonesia.” [Online]. Available: http://Jiip.stkipyapisdompu.ac.id
Nuryana and Junaidi, “Implementasi Kebijakan Penyelenggaraan Satu Data Indonesia di Dinas Komunikasi dan Informatika Provinsi Kepulauan Bangka Belitung,” Jurnal Pemerintahan dan Politik, vol. 10, no. 2, pp. 356–383, Apr. 2025, doi: 10.36982/jpp.v10i2.5266.
D. Wulandari, S. F. S. Gumilang, and R. Mulyana, “PERANCANGAN ENTERPRISE ARCHITECTURE LAYANAN SPBE (E-GOVERNMENT) DI LINGKUNGAN PEMKAB SUKABUMI,” JURTEKSI (Jurnal Teknologi dan Sistem Informasi), vol. 8, no. 1, pp. 19–26, Dec. 2021, doi: 10.33330/jurteksi.v8i1.1204.
P. Amalia Fakultas Ekonomi Dan Bisnis Islam and M. Irwan Padli Nasution Fakultas Ekonomi Dan Bisnis Islam, “TANTANGAN TERKINI DALAM KEAMANAN INFORMASI ANALISIS RESIKO DAN UPAYA PERLINDUNGAN,” Jurnal Ekonomi Bisnis dan Manajemen, vol. 2, no. 1, 2024, doi: 10.59024/jise.v2i1.5279.
Badan Standardisasi Nasional, “SNI ISO/IEC 27005:2022 Keamanan informasi, keamanan siber, dan proteksi privasi—Panduan manajemen risiko keamanan informasi,” 2022.
Badan Standardisasi Nasional, “SNI ISO/IEC 27002:2022 Keamanan informasi, keamanan siber, dan proteksi privasi—Kontrol keamanan informasi,” 2022.
R. Muhamad Rasyid and R. Fathoni Aji, “Perancangan Manajemen Risiko Keamanan Informasi Menggunakan SNI ISO/IEC 27005: Studi Kasus Integrated School Management System milik PT XYZ,” Jurnal Riset Sistem Informasi Dan Teknik Informatika (JURASIK), vol. 10, pp. 226–235, [Online]. Available: https://tunasbangsa.ac.id/ejurnal/index.php/jurasik
J. V. Barraza de la Paz, L. A. Rodríguez-Picón, V. Morales-Rocha, and S. V. Torres-Argüelles, “A Systematic Review of Risk Management Methodologies for Complex Organizations in Industry 4.0 and 5.0,” May 01, 2023, MDPI. doi: 10.3390/systems11050218.
T. Hardiana and S. Suhardi, “Desain Instrumen Pengukuran Tingkat Kematangan Keamanan Siber Sektor Pemerintahan,” Jurnal Pendidikan dan Teknologi Indonesia, vol. 5, no. 11, pp. 3393–3310, Nov. 2025, doi: 10.52436/1.jpti.1124.
Badan Siber dan Sandi Negara, “Peraturan Badan Siber dan Sandi Negara Nomor 4 Tahun 2021,” 2021.
M. Syaeful Bahry and B. Sugiantoro, “Evaluasi Tingkat Keamanan Indeks KAMI (Studi Kasus : Universitas X),” 2024.
Kementerian Pendayagunaan Aparatur Negara dan Reformasi Birokrasi, “Peraturan Menteri PANRB Nomor 43 Tahun 2021 tentang Manajemen Risiko di Lingkungan Kementerian PANRB,” 2021.
Asriyanik and Prajoko, “PENGEMBANGAN APLIKASI PENILAIAN RISIKO KEAMANAN INFORMASI BERBASIS ISO 27005 MENGGUNAKAN METODE PROTOTYPING,” Jurnal Ilmiah SANTIKA, vol. 8, 2018.
Gina Cahya Utami, Aden Bahtiar Supramaji, and Khairunnisak Nur Isnaini, “Penilaian Risiko Keamanan Informasi pada Website dengan Metode DREAD dan ISO 27005:2018,” JUSTINDO (Jurnal Sistem dan Teknologi Informasi Indonesia), vol. 8, no. 1, pp. 47–56, Feb. 2023, doi: 10.32528/justindo.v8i1.219.
H. D. Hadmanto, R. Fathoni Aji, J. P. Nurahman, * Hendra, and D. Hadmanto, “Jurnal Restikom : Riset Teknik Informatika dan Komputer,” vol. 3, no. 2, pp. 60–69, 2021, [Online]. Available: https://restikom.nusaputra.ac.id
G. Gioferi and Y. Yulhendri, “Penilaian Risiko TI Pada Website DosenIT Dengan Framework ISO 31000 Dan ISO 27002,” Jurnal Teknologi Dan Sistem Informasi Bisnis, vol. 5, no. 4, pp. 409–419, Oct. 2023, doi: 10.47233/jteksis.v5i4.897.
M. Andriana, I. Sembiring, and K. D. Hartomo, “SOP of Information System Security on Koperasi Simpan Pinjam Using ISO/IEC 27002:2013,” TRANSFORMATIKA, vol. 18, no. 1, pp. 25–35, 2020.
DOI: https://doi.org/10.30591/jpit.v11i2.10391
Refbacks
- There are currently no refbacks.

This work is licensed under a Creative Commons Attribution 4.0 International License.
JPIT INDEXED BY
![]() | ![]() | ![]() | ![]() |
![]() | ![]() | ![]() | |

This work is licensed under a Creative Commons Attribution 4.0 International License.








