Information Security Risk Management Planning of Digital Certificate Management Case Study: Balai Sertifikasi Elektronik

Otoritas Sertifikat Digital (OSD) is a certificate authority held by Balai Sertifikasi Elektronik (BSrE) of the Badan Siber dan Sandi Negara (BSSN). Digital certificate management is the primary business process of Otoritas Sertifikat Digital Layanan Universal (OSD LU), which, if it is interrupted, the OSD business process cannot run smoothly and has an impact on the digital certification process. With the problem of maintaining the reliability and security of the system it there is a need to classify, analyzed, and carried these risks correctly to diminish the negative repercussions that may arise at an agreeable level. The main goal is to address the issues about risk management planning, particularly in the absence of an information security risk management plans within BSrE. We carried the process of risk assessment utilizing the ISO 27005 framework combined with NIST SP 800–30 revision 1 in assessing the security risks. The results of the risk assessment of the 27 assets identified and 26 risk scenarios that must be mitigated and 38 risk scenarios acceptable to the organization. We hope with this study it can help the BSrE in analyzing and to maintaining the security management plan within the OSD LU system and to provides control recommendations as an effort to minimize information security risks in data communication application within the business processes and produce a strategic plan for handling and accepting risk accompanied by a person in charge of the risk scenario