PENYUSUNAN STANDAR OPERASI PROSEDUR KENDALI KEAMANAN INFORMASI BERDASARKAN ISO 27001:2005 PADA PROSES PERWALIAN DAN PERKULIAHAN DI FAKULTAS TEKNIK UNIVERSITAS PASUNDAN
TUGAS AKHIR
Disusun sebagai salah satu syarat untuk kelulusan Program Strata 1, Program Studi Teknik Informatika, Universitas Pasundan Bandung
oleh : Sholehudin Nrp. 08.304.0092
ROGRAM STUDI TEKNIK INFORMATIKA FAKULTAS TEKNIK UNIVERSITAS PASUNDAN BANDUNG DESEMBER 2016
DAFTAR ISI LEMBAR PERNYATAAN KEASLIAN TUGAS AKHIR.................................................................. i ABSTRAK ......................................................................................................................................... ii ABSTRACT ..................................................................................................................................... III KATA PENGANTAR ....................................................................................................................... iv DAFTAR ISI .................................................................................................................................... vv DAFTAR ISTILAH ...................................................................................................................... viiiiii DAFTAR TABEL.............................................................................................................................. ix DAFTAR GAMBAR .......................................................................................................................... x DAFTAR SIMBOL ........................................................................................................................... xi BAB 1 PENDAHULUAN............................................................................................................... 1-1 1.1 Latar Belakang ...................................................................................................................... 1-1 1.2 Identifikasi Masalah .............................................................................................................. 1-2 1.3 Tujuan Tugas Akhir............................................................................................................... 1-2 1.4 Lingkup Tugas Akhir ............................................................................................................ 1-2 1.5 Metodologi Tugas akhir......................................................................................................... 1-2 1.6 Sistematika Penulisan ............................................................................................................ 1-6 BAB 2 LANDASAN TEORI .......................................................................................................... 2-1 2.1 Tinjauan Standar Operasi Prosedur (SOP) ............................................................................. 2-1 A. Pengertian Standar Operasi Prosedur (SOP) ........................................................................ 2-1 B. Manfaat Standar Operasi Prosedur (SOP) ............................................................................ 2-2 C. Waktu Standar Operasi Prosedur (SOP) .............................................................................. 2-2 D. Metode Penyusunan Standar Operasi Prosedur (SOP) ......................................................... 2-3 E. Format Standar Operasi Prosedur (SOP).............................................................................. 2-5 F. Diagram Alir Standar Operasi Prosedur (SOP) .................................................................... 2-6 G. Dokumen Narasi Standar Operasi Prosedur (SOP) ............................................................ 2-10 2.2 Risiko Teknologi Informasi ................................................................................................. 2-13 A. Penilaian Risiko................................................................................................................ 2-14 2.3 Aset Teknologi Informasi .................................................................................................... 2-14 A. Definisi Aset .................................................................................................................... 2-14 2.4 Informasi ............................................................................................................................. 2-17 2.5 ISO 27001:2005 .................................................................................................................. 2-17 A. Umum .............................................................................................................................. 2-20 B. Istilah dan Definisi dalam ISO/IEC 27001:2005 ................................................................ 2-20 v
C. Penetapan dan Pengelolaan SMKI .....................................................................................2-21 D. Pengendalian Dokumen .....................................................................................................2-23 E. Sasaran Pengendalian dan Pengendalian ISO 27001:2005 ..................................................2-24 F. Lampiran A Sasaran Pengendalian Pengendalian ................................................................2-24 2.6 Proses Bisnis ........................................................................................................................2-33 2.7 Metode FMEA (Failure Mode and Effect Analysis) ..............................................................2-36 2.8 Penelitian Terdahulu ............................................................................................................2-38 BAB 3 METODE PENYUSUNAN STANDAR OPERASI PROSEDUR .........................................3-1 3.1 Kerangka Tugas Akhir ...........................................................................................................3-1 3.2 Skema Analisis Tugas Akhir .................................................................................................3-2 3.3 Pendekatan dan Jenis Penelitian .............................................................................................3-4 3.4 Kontek Organisasi yang Diteliti ..............................................................................................3-4 A. Profil Organisasi..................................................................................................................3-5 B. Visi Organisasi ....................................................................................................................3-5 C. Misi Organisasi ...................................................................................................................3-5 D. Tujuan.................................................................................................................................3-5 E. Faktor-Faktor Pendukung Dan Strategi Umum .....................................................................3-6 F. Struktur Organisasi ..............................................................................................................3-6 3.5 Objek Penelitian .....................................................................................................................3-7 A. Perwalian ............................................................................................................................3-7 B. Perkuliahan........................................................................................................................3-10 3.6 Hasil Analisis Penelitian.......................................................................................................3-13 A. Keterlibatan Aset IT Terhadap Risiko ................................................................................3-18 B. Standar Operasi Prosedur yang akan dibuat ........................................................................3-19 BAB 4 PENYUSUNAN STANDAR OPERASI PROSEDUR..........................................................4-1 4.1 Analisis Pengurangan Risiko ..................................................................................................4-1 4.2 Rekomendasi Usulan Kendali Keamanan Informasi ................................................................4-5 4.3 Penyusunan Standar Operasi Prosedur ....................................................................................4-8 A. Template Standar Operasi Prosedur .....................................................................................4-8 4.4 Standar Operasi Prosedur Yang dibuat..................................................................................4-10 A. SOP Sinkronisasi Waktu Mesin Fingerprint Dengan Server...............................................4-12 B. SOP Penanganan Kesalahan Presensi Mahasiswa ...............................................................4-17 C. SOP Backup Database Presensi Mahasiswa .......................................................................4-23 D. SOP Backup Database DPP...............................................................................................4-19 E. SOP Pemeliharaan Mesin Fingerprint ................................................................................4-35 vi
4.5 Contoh Implementasi SOP................................................................................................... 4-42 BAB 5 KESIMPULAN DAN SARAN ............................................................................................ 5-1 5.1 Kesimpulan ........................................................................................................................... 5-1 5.2 Saran ..................................................................................................................................... 5-2 DAFTAR PUSTAKA ..........................................................................................................................
vii
DAFTAR ISTILAH
No 1 2 3 4 5 6
Nama Istilah SOP TI PUSDATIN FMEA Anek SITU
Istilah Indonesia Standar Operasi Prosedur Teknologi Informasi untuk aset yang dipakai Pusat Data dan Informasi yang menjadi pusat TI Failure Mode and Effect Analysis untuk metode penilaian resiko keamanan informasi Lampiran A pada ISO dan sasaran pengendalian resiko Sistem Informasi Terpadu yaitu website untuk akademik
viii
DAFTAR TABEL
Tabel 2.1 Simbil yang digunakan dalam Diagram Alir..................................................................... 2-7 Tabel 2.2 Lampiran A anek ISO 27001:2005 [SNI09] ................................................................... 2-24 Tabel 2.3 Level tingkat FMEA ...................................................................................................... 2-37 Tabel 2.4 Skala Nilai RPN FMEA................................................................................................. 2-38 Tabel 2.5 Penelitian Terdahulu ...................................................................................................... 2-38 Tabel 3.1 Penjelasan Skema Analisis.............................................................................................. 3-3 Tabel 3.2 Hasil Penilaian Risiko (Hasil Penelitian Sebelumnya) [FIR10]Error! Bookmark not defined. ..................................................................................................................................................... 3-13 Tabel 3.3 Hasil Perengkingan Risiko ............................................................................................. 3-15 Tabel 3.4 Hasil Pengurangan Risiko setelah SOP di Terapkan ....................................................... 3-16 Tabel 3.5 Keterlibatan Aset IT Terhadap Risiko ............................................................................ 3-18 Tabel 3.6 SOP yang akan dibuat .................................................................................................... 3-19 Tabel 4.1 Analisis Pengurangan Risiko ........................................................................................... 4-1 Tabel 4.2 Rekomendasi Usulan Kendali Keamanan Informasi ......................................................... 4-6
ix
DAFTAR GAMBAR
Gambar 1.1 Metodologi Penelitian .................................................................................................. 1-3 Gambar 2.1 Model PDCA ............................................................................................................. 2-19 Gambar 2.2 Work System Framework [ALT13] ............................................................................. 2-36 Gambar 3.1 Kerangka Tugas Akhir ................................................................................................. 3-1 Gambar 3.2 Kerangka Tugas Akhir (lanjutan) ................................................................................. 3-2 Gambar 3.3 Skema Analisis ............................................................................................................ 3-3 Gambar 3.4 Struktur Organisasi FT UNPAS .................................................................................. 3-7 Gambar 3.5 Flowmap Perwalian ..................................................................................................... 3-9 Gambar 3.6 Flowmap Perkuliahan ................................................................................................ 3-11 Gambar 3.7 Flowmap Perkuliahan (lanjutan) ................................................................................. 3-12 Gambar 4.1 Templete SOP ............................................................................................................ 4-10
x
DAFTAR SIMBOL Diagram Alir Berikut dibawah ini merupakan tabel yang mendeskripsikan simbol-simbol yang digunakan dalam penggambaran diagram alir.
No.
Nama
Fungsi
Terminal/ Terminator
Memulai dan mengakhiri sebuah proses
2
Proses/ Process
Menunjukan aktivitas yang dilakukan sebuah fungsi/unit kerja/jabataan. Proses ini menghasilkan barang, jasa, konsep, dokumen, saran, dan sebagainya. Dalam diagram alir, simbol ini juga bias digunakan untuk melintasi beberapa unit kerja, untuk menggambarkan bahwa terjadi kerjasama antar unit kerja. Misal dalam bentuk koordinasi atau rapat.
3
Keputusan/ Decision
Menggambarkan proses pengambilan keputusan yang diambil oleh unit kerja/jabatan. Hasilnya bias berupa “Ya”/”Tidak”, atau memungkinkan beberapa alternative jawaban.
4
Dokumen/ Document
5
Penghubung/ Connector
6
Arah Panah/ Connector
Menunjukan arah aliran dari suatu proses ke proses lain, atau menunjukan arah pilihan yang dapat diambil.
7
Masukan/ Input atau Keluaran/ Output
Masukan atau keluaran bukan berbentuk dokumen, data, barang, atau jasa. Masukan atau keluaran kegiatan manual, mekanisasi atau komputer.
8
Sub-Proses/ Sub-Process
Menunjukan bahwa dalam aktivitas tersebut terdapat prosedur atau intruksi kerja yang lebih rinci, untuk dijadikan sebagai referensi atau ditindaklanjuti.
1
Simbol
Data yang berbentuk informasi, bias dalam bentuk dokumen tertulis atau softcopy. Bisa merupakan hasil sebuah proses, atau merupakan masukan proses. Penghubung digunakan jika alir tidak dapat ditampung dalam satu bagan atau satu halaman, mnunjukan penyambungan ke bagian lain atau halaman lain. Penghubung biasanya diidentifikasikan dengan nomor atau huruf atau gabungan keduanya, dengan kode yang sama antara bagian yang terputus dengan sambungannya.
xi