ANALISIS KEAMANAN SISTEM INFORMASI PELAYANAN PELANGGAN MENGGUNAKAN PENDEKATAN FMEA DAN ISO/IEC 27001:2013 PADA PT PLN UP3 GRESIK
Article Sidebar
Main Article Content
Abstract
This study aims to analyze and mitigate information security risks in the customer service information system at PT PLN UP3 Gresik using the Failure Mode and Effects Analysis (FMEA) approach combined with security controls from the ISO/IEC 27001: 2013 Annex A standard. A total of 33 potential risks were identified and evaluated based on the Risk Priority Number (RPN) value, which is calculated from severity, likelihood, and detectability. Risks categorized as Very High (RPN ≥ 200), such as hardware failure, weak password policies, and network security system weaknesses, were addressed through risk avoidance strategies, with reference to controls A.8.1.1, A.9.2.4, and A.10.1.1. Risks with High category (RPN 151-200), such as Stored XSS and SQL Injection, are handled through risk reduction or risk transfer strategies, referring to controls A.14.2.8, A.12.6.1, and A.14.2.5. Risks with Medium to Low categories are handled through risk reduction and risk acceptance strategies by considering relevant ISO controls. The results show that the integration of the FMEA method with ISO/IEC 27001:2013 can provide a systematic, standardized, and adaptive risk mitigation approach to information system conditions. This approach is expected to strengthen information security resilience and improve the reliability of digital customer services at PT PLN UP3 Gresik.
Article Details
Section
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.