EVALUASI MANAJEMEN RISIKO TEKNOLOGI INFORMASI …

EVALUASI MANAJEMEN RISIKO TEKNOLOGI

INFORMASI MENGGUNAKAN FRAMEWORK

COBIT 5 DI PT. XYZ

SKRIPSI

Diajukan Guna Memenuhi Persyaratan Memperoleh

Gelar Sarjana Komputer (S.Kom.)

Kenny Pratama

00000019803

PROGRAM STUDI SISTEM INFORMASI

FAKULTAS TEKNIK DAN INFORMATIKA

UNIVERSITAS MULTIMEDIA NUSANTARA

TANGERANG

2021

ii

PERNYATAAN

iii

HALAMAN PERSETUJUAN

.

iv

HALAMAN PENGESAHAN

v

EVALUASI MANAJEMEN RISIKO TEKNOLOGI

INFORMASI MENGGUNAKAN FRAMEWORK COBIT 5

DI PT. XYZ

ABSTRAK

Oleh: Kenny Pratama

PT. XYZ telah memanfaatkan teknologi informasi agar dapat membantu

perusahaan untuk mencapai tujuan bisnis. Hal tersebut membuat sistem TI pada

perusahaan harus terhindar dari segala risiko yang dapat menghambat proses bisnis

dan berdampak buruk terhadap perusahaan. Untuk meminimalisir risiko yang akan

terjadi dalam perusahaan, PT. XYZ telah melakukan identifikasi, analisis,

pengendalian dan mitigasi terhadap seluruh risiko yang ada. Namun, hal tersebut

dirasa belum cukup untuk menangani risiko yang ada, sehingga perusahaan ingin

mengetahui capability level yang bisa didapatkan oleh perusahaan.

Maka dari itu, diperlukan penilaian terhadap pencapaian penerapan

manajemen risiko TI pada PT. XYZ, penelitian ini dilakukan menggunakan

pendekatan kualitatif yang menganalisa capability level dengan framework COBIT

5 yang berfokus pada 2 proses yang dapat menangani manajemen risiko TI dan

berkaitan dengan tujuan perusahaan dalam penanganan manajemen risiko TI.

Proses tersebut terdiri dari APO 12 ( Manage Risk ) untuk mengidentifikasi resiko

terkait TI, dan DSS 05 ( Manage Security Services ) untuk mengetahui peran

keamanan informasi serta pemantauan terhadap keamanan perusahaan.

Hasil penilaian terhadap pencapaian manajemen risiko TI di PT.XYZ

berhenti di level 3 (Established) untuk proses APO12 dan DSS05. Dan untuk target

yang telah ditentukan perusahaan yaitu pada level 4 (Predictable), sehingga untuk

dapat mencapai target kapabilitas, perusahaan memerlukan beberapa perbaikan

berdasarkan rekomendasi yang diberikan dan berdasar pada framework COBIT 5.

Kata Kunci : capability level, COBIT 5 , manajemen risiko TI

vi

INFORMATION TECHNOLOGY RISK MANAGEMENT

EVALUATION USING COBIT 5 FRAMEWORK AT PT.XYZ

ABSTRACT

By: Kenny Pratama

PT. XYZ has used information technology in order to help companies

achieve business goals. This means that the IT system in the company must be able

to avoid all the risks that can hinder business processes and have a negative impact

on the company. To minimize the risks that will occur in the company, PT. XYZ has

identified, analyzed, controlled and mitigated all existing risks. However, this is not

sufficient to deal with the existing risks, so that the company wants to know the level

of capability that the company can get.

Therefore, it is necessary to assess the achievement of IT risk management

implementation at PT. XYZ,, then a research was carried out using a qualitative

approach that analyzes the capability level with the COBIT 5 framework which

focuses on 3 processes that can handle IT risk management and is related to the

company's objectives in handling IT risk management. The process consists of APO

12 (Manage Risk) to identify risks related to IT, and DSS 05 (Manage Security

Services) to determine the role of information security and monitoring of company

security.

The results of the assessment of the achievement of IT risk management at

PT. XYZ stopped at level 3 (Established) for the APO12 and DSS05 processes. And

for the target that has been determined by the company, namely at level 4

(Predictable), so that in order to achieve the capability target, the company needs

some improvements based on the recommendations given and based on the COBIT

5 framework.

Keywords : capability level, COBIT 5, IT risk management

vii

KATA PENGANTAR

Puji dan syukur kepada Tuhan Yang Maha Esa, karena atas berkat dan

karunia-Nya, skripsi ini dapat selesai dengan lancar dan tepat waktu. Laporan ini

berisi mengenai penilaian terhadap penerapan manajemen risiko teknologi

informasi pada Divisi Teknologi Informasi dan Komunikasi di PT. XYZ. Skripsi

ini dibuat untuk memenuhi persyaratan memperoleh Gelar Sarjana Komputer

(S.Kom.).

Ucapan terima kasih kepada berbagai pihak atas pembelajaran , arahan dan

dukungan yang telah diberikan. Pihak-pihak tersebut antara lain:

1. PT. XYZ yang telah memberikan kesempatan dan kerjasama

sehingga penelitian ini dapat berjalan dengan baik.

2. Melissa Indah Fianty, S.Kom., M.MSI. selaku dosen pembimbing

yang telah membantu dan memberikan arahan.

3. Ririn Ikana Desanti, S.Kom., M.Kom. selaku Ketua Prodi Sistem

Informasi.

4. Orang tua dan teman yang telah memberikan dukungan sehingga

proposal ini dapat selesai tepat waktu.

Tangerang, 4 Juni 2021

Kenny Pratama

viii

DAFTAR ISI

PERNYATAAN .................................................................................................. ii

HALAMAN PERSETUJUAN ............................................................................ iii

HALAMAN PENGESAHAN ............................................................................. iv

ABSTRAK .......................................................................................................... v

ABSTRACT ......................................................................................................... vi

KATA PENGANTAR ....................................................................................... vii

DAFTAR ISI .................................................................................................... viii

DAFTAR GAMBAR .......................................................................................... xi

DAFTAR TABEL ............................................................................................. xii

BAB I PENDAHULUAN ................................................................................... 1

1.1 Latar Belakang....................................................................................... 1

1.2 Rumusan Masalah .................................................................................. 5

1.3 Batasan Masalah .................................................................................... 5

1.4 Tujuan dan Manfaat Penelitian ............................................................... 6

1.4.1 Tujuan Penelitian ............................................................................ 6

1.4.2 Manfaat Penelitian .......................................................................... 6

BAB II LANDASAN TEORI .............................................................................. 7

2.1 Teknologi Informasi .............................................................................. 7

2.2 Tata Kelola TI........................................................................................ 7

2.3 Manajemen Risiko TI ............................................................................ 9

2.4 COBIT 5 .............................................................................................. 10

2.5 Prinsip Dasar COBIT 5 ........................................................................ 12

2.6 Process Reference Model COBIT 5 ..................................................... 15

ix

2.6.1 Governance .................................................................................. 16

2.6.2 Management ................................................................................. 16

2.7 COBIT 5 Implementation Lifecycle ...................................................... 19

2.8 COBIT 5 Process Assessment Model (PAM) ....................................... 21

2.9 Skala Penilaian Proses COBIT 5 .......................................................... 23

2.10 Penelitian Terdahulu ............................................................................ 23

BAB III METODOLOGI PENELITIAN........................................................... 31

3.1 Gambaran Umum Objek Penelitian ...................................................... 31

3.1.1 Struktur Organisasi Perusahaan ..................................................... 32

3.1.2 Struktur Organisasi Divisi TI ........................................................ 34

3.1.3 Visi & Misi Perusahaan ................................................................ 34

3.2 Metode Penelitian ................................................................................ 35

3.2.1 Metode Penyelesaian Masalah ...................................................... 37

3.3 Variabel Penelitian............................................................................... 51

3.3.1 Variabel Dependen ....................................................................... 51

3.3.2 Variabel Independen ..................................................................... 52

3.4 Teknik Pengumpulan Data ................................................................... 53

3.4.1 Kuisioner ..................................................................................... 53

3.4.2 Wawancara ................................................................................... 54

3.5 Teknik Pengumpulan Sampel ............................................................... 54

3.6 Teknik Analisis Data ........................................................................... 54

BAB IV ANALISIS DAN HASIL PENELITIAN ............................................. 56

4.1 Analisa Tujuan Perusahaan .................................................................. 56

4.2 Pemetaan Enterprise Goals dengan IT-Related Goals .......................... 58

4.3 Pemetaan IT-Related Goals dengan Enabler Goals ............................... 61

x

4.4 Identifikasi IT Pain Point dan Trigger Events ...................................... 63

4.5 Pemetaan IT Pain Point dengan proses COBIT 5 ................................. 64

4.6 Pengukuran Tingkat Kapabilitas Proses COBIT 5 ................................ 65

4.6.1 Pengukuran Kapabilitas Proses APO12 ......................................... 65

4.6.2 Pengukuran Kapabilitas Proses DSS05 ......................................... 80

4.6.3. Hasil Pengukuran Tingkat Kapabilitas COBIT 5 ........................... 96

4.7. Gap Analysis........................................................................................ 97

4.8. Rekomendasi Perbaikan ..................................................................... 100

4.8.1. Rekomendasi Perbaikan APO12 ................................................. 100

4.8.2. Rekomendasi Perbaikan DSS05 .................................................. 101

4.9. Rekomendasi Peningkatan Level........................................................ 101

BAB V KESIMPULAN DAN SARAN ........................................................... 105

5.1 Kesimpulan........................................................................................ 105

5.2 Saran ................................................................................................. 106

DAFTAR PUSTAKA ....................................................................................... xiv

LAMPIRAN .................................................................................................... xvii

xi

DAFTAR GAMBAR

Gambar 2.1. Prinsip Dasar COBIT 5 .................................................................. 12

Gambar 2.2. Meeting Stakeholder Needs ............................................................ 13

Gambar 2.3. Business Needs .............................................................................. 14

Gambar 2.4. Process Reference Model COBIT 5 ............................................... 15

Gambar 2.5. COBIT 5 Implementation Lifecycle ................................................ 19

Gambar 2.6. Process Assessment Model ............................................................. 21

Gambar 3.1. Struktur Organisasi PT. XYZ ......................................................... 32

Gambar 3.2. Struktur Organisasi Divisi TIK PT. XYZ ....................................... 34

Gambar 3.3. Kerangka pikir ............................................................................... 38

Gambar 3.4. Enterprise Goals ............................................................................ 42

Gambar 3.5. IT-Related Goals............................................................................ 44

Gambar 3.6. Mapping Proses COBIT 5 .............................................................. 46

Gambar 3.7. Tingkat Kapabilitas ........................................................................ 48

Gambar 3.8. Gap Analysis.................................................................................. 50

Gambar 4.1. Pemetaan IT-Related Goals ............................................................ 59

Gambar 4.2. Pemetaan Enabler Goals ................................................................ 61

Gambar 4.3. Hasil Enabler Goals COBIT 5 ....................................................... 62

Gambar 4.4. Grafik Gap Analysis..................................................................... 100

xii

DAFTAR TABEL

Tabel 1.1. Permasalahan pada PT. XYZ ............................................................... 2

Tabel 2.1. Proses EDM ...................................................................................... 16

Tabel 2.2. Proses APO ....................................................................................... 17

Tabel 2.3. Proses BAI ........................................................................................ 17

Tabel 2.4. Proses DSS ........................................................................................ 18

Tabel 2.5. Proses MEA ...................................................................................... 19

Tabel 2.6. Tingkatan kapabilitas COBIT 5 ......................................................... 22

Tabel 2.7. Jurnal Terdahulu 1 ............................................................................. 24



Tabel 2.10. Jurnal Terdahulu 4 ........................................................................... 26






Tabel 3.1. Perbandingan framework COBIT 5.0, ITIL, COSO, dan ISO 27001 .. 36

Tabel 3.2. Daftar Narasumber dan Wawancara ................................................... 41

Tabel 3.3. Tabel penilaian kuisioner ................................................................... 53

Tabel 4.1. Enterprise Goals PT.XYZ ................................................................. 57

Tabel 4.2. Hasil IT-Related Goals COBIT 5 ....................................................... 60

Tabel 4.3. Pemetaan IT Pain Point dengan proses COBIT 5 ............................... 64

Tabel 4.4. Rincian Hasil Pengukuran Proses APO12 Level 1 ............................. 66

Tabel 4.5. Rincian penilaian proses APO12 Level 1 ........................................... 73





Tabel 4.10. Hasil Pengukuran Proses APO12 ..................................................... 79

xiii

Tabel 4.11. Rincian Hasil Pengukuran Proses DSS05 Level 1 ............................ 80

Tabel 4.12. Rincian penilaian proses DSS05 Level 1 .......................................... 89

Tabel 4.13. Rincian penilaian proses DSS05 Level 1 ( Lanjutan )....................... 89





Tabel 4.18. Hasil Pengukuran Proses DSS05...................................................... 95

Tabel 4.19. Hasil Pengukuran Tingkat Kapabilitas COBIT 5 .............................. 96

Tabel 4.20. Hasil Pengukuran Kapabilitas (Persentase) ...................................... 97

Tabel 4.21. Kondisi perusahaan proses APO12 .................................................. 98

Tabel 4.22. Kondisi perusahaan proses DSS05 ................................................... 98

Tabel 4.23. Gap Analysis ................................................................................... 99

Tabel 4.24. Rekomendasi Peningkatan Level APO12 – Level 4 ....................... 102

Tabel 4.25. Rekomendasi Peningkatan Level DSS05 – Level 4 ........................ 103

EVALUASI MANAJEMEN RISIKO TEKNOLOGI INFORMASI …

Documents

Transcript of EVALUASI MANAJEMEN RISIKO TEKNOLOGI INFORMASI …