Risk Management of Information Security in Inaportnet Using ISO/IEC 27005:2018

Abstract

This study aims to analyse information security risks in the Inaportnet system at the Port Authority Class II Tanjung Buton using the ISO/IEC 27005:2018 standard. The system is a digital innovation designed to expedite port services but faces significant challenges in information security. The first step involved identifying assets within the Inaportnet system, followed by recognizing potential threats and vulnerabilities associated with these assets. This process is crucial as it lays the groundwork for understanding where risks may arise. The research employs the Failure Mode and Effects Analysis (FMEA) method to identify, assess, and prioritise risks based on assets, threats, vulnerabilities, and existing controls. A total of 17 risks were identified, categorized from "very low" to "low" priority levels. The highest risk involves operational disruption due to sudden power outages, with an RPN score of 72. This study proposes risk mitigation recommendations, including Systems connected to the internet that are vulnerable to cyberattacks, such as hacking or malware, which can result in data theft or service disruptions. Therefore, it is essential to implement firewalls and intrusion detection systems to safeguard the network against external threats. The findings provide practical guidance for improving the information security and operational reliability of the Inaportnet system. By implementing these mitigations, the Port Authority is expected to enhance the reliability of port services and protect critical information.