ANALISIS KEAMANAN FISIK DI LABORATORIUM TEKNIK INFORMATIKA UNIVERSITAS PASUNDAN BERDASARKAN STANDART ISO 27001
TUGAS AKHIR
Disusun sebagai salah satu syarat untuk kelulusan Program Strata 1, Program Studi Teknik Informatika, Universitas Pasundan Bandung
Oleh :
Ridwan Fauzi NRP.10.304.0161
PROGRAM STUDI TEKNIK INFORMATIKA FAKULTAS TEKNIK UNIVERSITAS PASUNDAN JUNI 2017
DAFTAR ISI
ABSTRAK .............................................................................................Error! Bookmark not defined. ABSTRACK ..........................................................................................Error! Bookmark not defined. KATA PENGANTAR ...........................................................................Error! Bookmark not defined. UCAPAN TERIMA KASIH..................................................................Error! Bookmark not defined. DAFTAR ISI........................................................................................................................................... ii DAFTAR TABEL.................................................................................................................................. vi DAFTAR GAMBAR .............................................................................................................................. 7 BAB 1
PENDAHULUAN ..................................................................Error! Bookmark not defined. 1.1 Latar Belakang..................................................................Error! Bookmark not defined. 1.2 Identifikasi Masalah..........................................................Error! Bookmark not defined. 1.3 Tujuan Tugas Akhir..........................................................Error! Bookmark not defined. 1.4 Lingkup Tugas Akhir........................................................Error! Bookmark not defined. 1.5 Metodelogi Tugas Akhir...................................................Error! Bookmark not defined. 1.6 Sistematika Penulisan Tugas Akhir ..................................Error! Bookmark not defined.
BAB 2
LANDASAN TEORI..............................................................Error! Bookmark not defined. 2.1 Definisi Analisis ...............................................................Error! Bookmark not defined. 2.2 Pengertian Keamanan Fisik ..............................................Error! Bookmark not defined. 2.3 Pengertian Teknologi Informasi .......................................Error! Bookmark not defined. 2.4 Pengertian Infrastruktur Teknologi Informasi .................Error! Bookmark not defined. 2.5 Pengertian Keamanan Informasi.......................................Error! Bookmark not defined. 2.6 ISO/IEC 27001:2005 ........................................................Error! Bookmark not defined. 2.6.1 Physical and Environmental Security..................Error! Bookmark not defined. 2.6.2 Pengertian ISMS..................................................Error! Bookmark not defined. 2.6.3 Prinsip Keamanan Informasi ...............................Error! Bookmark not defined. 2.6.4 Kebijakan keamanan informasi ...........................Error! Bookmark not defined. 2.7 Manajemen Resiko ...........................................................Error! Bookmark not defined. 2.7.1 Tujuan Managemen Resiko .................................Error! Bookmark not defined. 2.7.2 Resiko Keamanan Informasi ...............................Error! Bookmark not defined. 2.7.3 Penilaian Resiko ..................................................Error! Bookmark not defined. 2.7.4 Identifikasi Aset (asset identification).................Error! Bookmark not defined. 2.7.5 Identifikasi Ancaman (Threat Identification)......Error! Bookmark not defined. 2.7.6 Identifikasi Kelemahan(vullnerability)................Error! Bookmark not defined. 2.7.7 Menentukan Kemungkinan Ancaman (Probability) .......... Error! Bookmark not defined. 2.7.8 Analisa Dampak ..................................................Error! Bookmark not defined. ii
2.7.9 Menentukan Nilai Resiko ....................................Error! Bookmark not defined. 2.8 Keamanan Fisik Menurut ISO/IEC 27001.......................Error! Bookmark not defined. 2.8.1 Melindungi terhadap ancaman eksternal dan lingkungan.. Error! Bookmark not defined. 2.8.2 Bekerja di daerah aman .......................................Error! Bookmark not defined. 2.8.3 Peralatan tapak dan perlindungan........................Error! Bookmark not defined. 2.8.4 Pemeliharaan Peralatan........................................Error! Bookmark not defined. 2.8.5 Keamanan tempat peralatan.................................Error! Bookmark not defined. 2.8.6 pembuangan aman atau penggunaan kembali peralatan.... Error! Bookmark not defined. 2.8.7 keamanan kabel ...................................................Error! Bookmark not defined. 2.8.9 Hak Pemindahan peralatan (Removal of Property) ........... Error! Bookmark not defined. 2.8.10 Kontrol Masuk Fisik ( Physical Entry Control) Error! Bookmark not defined. 2.8.11 Pembatas Keamanan Fisik (Physical Security Perimeter) .... Error! Bookmark not defined. 2.8.12 Keamanan Peralatan Di Luar Tempat Kerja......Error! Bookmark not defined. 2.8.13 utilitas pendukung (supporting utilities)............Error! Bookmark not defined. BAB 3
SKEMA PENELITIAN ..........................................................Error! Bookmark not defined. 3.1 Kerangka Tugas Akhir......................................................Error! Bookmark not defined. 3.2 Skema Analisis Tugas Akhir ............................................Error! Bookmark not defined. 3.3 Tempat Penelitian ............................................................Error! Bookmark not defined. 2.3.1 pengumpulan data dan wawancara ...............................Error! Bookmark not defined. 3.3.2 Menentukan Standart Keamanan Di Laboratorium .......Error! Bookmark not defined. 3.3.3 Menentukan Kebijakan Keamanan Fisik......................Error! Bookmark not defined. 3.3.4 Kesimpulan Hasil Wawancara......................................Error! Bookmark not defined. 3.4 Objek Penelitian................................................................Error! Bookmark not defined. 3.5 Analisis Solusi ..................................................................Error! Bookmark not defined. 3.6 Analisis Manfaat Tugas Akhir ..........................................Error! Bookmark not defined. 3.7 Gambaran Struktur Organisasi..........................................Error! Bookmark not defined. 3.8 Deskripsi Dan Wewenang Tanggung Jawab ....................Error! Bookmark not defined. 3.9 Aturan Jam Kerja..............................................................Error! Bookmark not defined.
BAB 4
ANALISIS DAN HASIL ANALISIS.....................................Error! Bookmark not defined. 4.1
Analisis Keamanan Fisik Pada Bagian Physical And Enviromental Security...... Error!
Bookmark not defined. 4.1.2 Perangkat Keras(Hardware).........................................Error! Bookmark not defined. 4.2
Identifikasi Aset............................................................Error! Bookmark not defined.
iii
4.3
Perhitungan Aset ..........................................................Error! Bookmark not defined.
4.4
Identifikasi Ancaman (Threat Identification)...............Error! Bookmark not defined. 4.4.1 Nilai Ancaman..................................................Error! Bookmark not defined. 4.4.2 Identifikasi Kelemahan Dan Nilai Kelemahan (Vulnerability Identification) Error! Bookmark not defined. 4.4.3 Nilai Kelemahan ...............................................Error! Bookmark not defined. 4.4.4 Identifikasi Risiko ............................................Error! Bookmark not defined. 4.4.5 Identifikasi Dampak .........................................Error! Bookmark not defined. 4.4.6 Identifikasi Ancaman (Threat Identification) dan Kelemahan (Vulnerability Identification) ...............................................................Error! Bookmark not defined. 4.4.7 Kemungkinan Gangguan Keamanan (Probability of Occurence) ........... Error! Bookmark not defined. 4.4.8 Menghitung Nilai Busines Impact Analysis (BIA) ........ Error! Bookmark not defined. 4.4.9 Menentukan Nilai Resiko .................................Error! Bookmark not defined.
4.5
Keamanan Fisik Di Laboratorium informatika Saat IniError! Bookmark not defined.
4.6
Rekomendasi Keamanan Fisik Di Laboratorium Informatika.... Error! Bookmark not
defined. BAB 5
KESIMPULAN DAN SARAN ..............................................Error! Bookmark not defined. 4.1
Kesimpulan...................................................................Error! Bookmark not defined.
4.2
Saran.............................................................................Error! Bookmark not defined.
DAFTAR PUSTAKA LAMPIRAN
iv
DAFTAR ISTILAH NO 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
Istilah Asing
Istilah indonesia
TI secuirity user Biologic safety Providing for safety backteriologis electris Human resources security Asset management Physical and environmental security Organization of information security Security policy Communications and operations management Business continuity management Information security incident management Acces control LAN (local area network) Confidentiality Availability Integrity threat ulnerability probability impact analysis hacker terorist Power failure Physical Entry Control Removal of Property supporting utilities Physical Security Perimeter risk assesment asset identification Threat Identification interface protect Physiical security
v
Teknologi infoormasi keamanan pengguna Keamanan secara biologi Menyediakan untuk keamanan bakteriologis elektris Keamanan sumber daya manusia Managemen aset Keamanan fisik dan lingkungan Organisasi keamanan informasi Kebijakan keamana informasi Manajemen operasi dan komunikasi Manajemen kelansungan usaha Manajemen insiden keamanan informasi Kontrol akses Area jaringan lokal kerahasiaan ketersediaan integritas ancaman Identifikasi kelemahan Kemungkinan ancaman Dampak analisis penyusup teroris Kegagalan sumber daya Kontrol masuk fisik Hak pemindahan peralatan Utilitas pendukung Pembatas keamanan fisik Penilaian resiko Identifikasi aset Identifikasi ancaman Antar muka melindungi Keamanan secara fisik
DAFTAR TABEL Tabel 2-1 Kebutuhan Kontrol Keamanan...............................................Error! Bookmark not defined. Tabel 2-2 Hubungan Klausul Keamanan Dengan Aspek Keamanan Informasi .. Error! Bookmark not defined. Tabel 2-3 Nilai Aspek Berdasarkan Aspek Keamanan ..........................Error! Bookmark not defined. Tabel 2-4 identifikasi ancaman...............................................................Error! Bookmark not defined. Tabel 2-5 Identifikasi Kelemahan(Vullnerability) .................................Error! Bookmark not defined. Tabel 2-6 Kriteria Nilai BIA. .................................................................Error! Bookmark not defined. Tabel 3-1 Jabatan Dan Tugas Pokok ......................................................Error! Bookmark not defined. Tabel 3-2 Aturan Jam Kerja ...................................................................Error! Bookmark not defined. Tabel 4-1 perangkat yang digunakan......................................................Error! Bookmark not defined. Tabel 4-2 Identifikasi Perangkat Keras ..................................................Error! Bookmark not defined. Tabel 4-3 Perhitungan Aset ....................................................................Error! Bookmark not defined. Tabel 4-4 Identifikasi Ancaman .............................................................Error! Bookmark not defined. Tabel 4-5 Nilai Ancaman .......................................................................Error! Bookmark not defined. Tabel 4-6 Identifikasi Kelemahan ..........................................................Error! Bookmark not defined. Tabel 4-7 Identifikasi Nilai Kelemahan .................................................Error! Bookmark not defined. Tabel 4-8 Identifikasi Resiko .................................................................Error! Bookmark not defined. Tabel 4-9 Identifikasi Dampak ...............................................................Error! Bookmark not defined. Tabel 4-10 Identifikasi Ancaman dan Identifikasi Kelemahan ..............Error! Bookmark not defined. Tabel 4-11 Kemungkinan Gangguan Pada Keamanan...........................Error! Bookmark not defined. Tabel 4-12 Nilai BIA..............................................................................Error! Bookmark not defined. Tabel 4-13 Bobot Level Resiko Berdasarkan Probabilitas Ancaman.....Error! Bookmark not defined. Tabel 4-14 Bobot Level Resiko Berdasarkan Dampak Resiko ..............Error! Bookmark not defined. Tabel 4-15 Matriks Level Nilai Resiko ..................................................Error! Bookmark not defined. Tabel 4-16 Nilai BIA Aset .....................................................................Error! Bookmark not defined. Tabel 4-17 Nilai Resiko..........................................................................Error! Bookmark not defined. Tabel 4-18 Level Resiko Terhadap Aset ................................................Error! Bookmark not defined. Tabel 4-19 Kebijakan keamanan Fisik di Laboratorium Saat ini ...........Error! Bookmark not defined. Tabel 4-20 Rekomendasi Keamanan Fisik Berdasarkan Standart Iso 27001....... Error! Bookmark not defined.
vi
DAFTAR GAMBAR Gambar 1-1 Metodelogi Pengerjaan Tugas Akhir ...............................Error! Bookmark not defined. Gambar 2-1 Kelompok Kebutuhan Kontrol Keamanan........................Error! Bookmark not defined. Gambar 3-1 Skema Penelitian Tugas Akhir ..........................................Error! Bookmark not defined. Gambar 3-2 Skema Analisis .................................................................Error! Bookmark not defined. Gambar 3-3 Struktur Organisasi Lab .....................................................Error! Bookmark not defined.
7
