Abstract
Sistem Informasi Administrasi Kependudukan (SIAK) is an application used in managing personal data of residents in all cities/districts in Indonesia. Personal data becomes the public attention because if it is not managed properly it will have an impact on one's legal protection and non-compliance with regulations, i.e. Permenkominfo Nomor 20 tahun 2016 about Protection of Personal Data in the Electronic System. Risk analysis and control of personal data protection on SIAK applications are needed so that the personal data management can be carried out properly and comply with regulatory requirements. Data collected for this study are primary data, sourced from direct observations on the application, interview about assets related to SIAK along with possible risks, and also internal organizations documents. Data analysis was performed with a risk analysis using the ISO 31000: 2018 risk management process approach, where the identification of relevant risks refers to the Generic Risk Scenarios COBIT 5 For Risk, and the determination of relevant controls refers to the Department of Defense Instruction 8500.2 and NIST 800-53. This research involves the Head of Department and employees of Disdukcapil XYZ City that are related to the strategic and operational aspects of SIAK. The results of this study are the identification of 23 possible risks that are spread over 5 processes of personal data protection that classified into the medium-high risk level, and proposed risk control consisting of 19 preventive controls, 6 detective controls, and 2 corrective control.
Highlights
an application used in managing personal data of residents
Data collected for this study are primary data
interview about assets related to Sistem Informasi Administrasi Kependudukan (SIAK)
Summary
Perkembangan teknologi memberikan dampak yang besar bagi kehidupan sosial. Terutama kontribusinya dalam kemudahan penyebaran informasi. Pasal 26 ayat (1) bahwa dalam pemanfaatan teknologi informasi, perlindungan data pribadi merupakan salah satu bagian dari hak pribadi (privacy rights); Permendagri No 25 Tahun 2011 tentang Pedoman. Terdapat penelitian lain terkait analisis risiko pada suatu proses seperti pada penelitian yang berjudul Manajemen Risiko Teknologi Informasi Pada Proyek Perusahaan XYZ Melalui Kombinasi COBIT, PMBOK, dan ISO 31000. Berdasarkan ulasan tersebut, belum terdapat penelitian yang menggabungkan penggunaan ISO 31000:2018 sebagai tahapan proses analisis risiko, juga Generic Risk Scenarios COBIT 5 dalam identifikasi risiko, serta penggunaan standar tertentu dalam pemilihan kontrol penanganan risiko seperti Department of Defense Instruction 8500.2 dan NIST 800-5. Penelitian yang dilakukan ini akan sangat membantu dalam pengelolaan data pribadi di Indonesia karena Sistem Informasi Administrasi Kependudukan (SIAK) tak hanya digunakan untuk mengelola data pribadi penduduk di suatu kota/kabupaten tertentu akan tetapi seluruh kota/kabupaten di Indonesia. Harapannya dengan diterapkannya kontrol yang dihasilkan dari penelitian ini maka pengelolaan data pribadi dapat dilakukan dengan baik dan sesuai dengan ketentuan regulasi
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
