Information Security Risk Analysis and Identification in the Tulang Bawang Data Portal Application Using the OCTAVE Allegro Method

Authors

  • Wahyu Aji Pulungan Universitas Lampung, Bandar Lampung
  • Allwine Universitas Lampung, Bandar Lampung

DOI:

https://doi.org/10.30865/jurikom.v13i3.9335

Keywords:

Data, Portal Data, Risk, Octave Allegro

Abstract

Information technology has become an essential component in supporting organizational and governmental operations. In line with the implementation of E-Government and the Satu Data Indonesia initiative, the Tulang Bawang Regency Government, through its Communications and Information Office (Diskominfo), developed the Tulang Bawang Data Portal to facilitate centralized data management. Despite its strategic role, the system is exposed to various information security risks that may threaten the confidentiality, integrity, and availability of data if not properly addressed. This study aims to systematically identify, assess, and prioritize information security risks within the Tulang Bawang Data Portal using the OCTAVE Allegro method. A qualitative risk assessment approach was employed, incorporating asset identification, threat analysis, impact evaluation, and risk prioritization based on defined risk measurement criteria. The findings indicate the presence of four significant risks, with Risk Relative Scores (RRS) ranging from 14 to 23. Notably, 75% of the identified risks are classified as high priority. The most critical risk is associated with database misuse, which poses a substantial threat to sensitive government data. To address these risks, several mitigation strategies are recommended, including the enhancement of access control mechanisms, periodic security audits, user awareness programs, and the establishment of comprehensive data governance policies. This study contributes to the field by providing a structured and practical risk assessment framework tailored to government-based data portal systems, thereby supporting more effective and informed decision-making in information security management.

References

[1] Pemerintah Republik Indonesia, “Perpres Nomor 95 Tahun 2018,” 2018.

[2] Pemerintah Republik Indonesia, Perpres Nomor 81 Tahun 2010 tentang Grand Design Reformasi Birokrasi 2010 - 2025. Indonesia: https://peraturan.bpk.go.id/Details/41084/perpres-no-81-tahun-2010, 2010.

[3] Pemerintah Republik Indonesia, Peraturan Menteri Komunikasi dan Informatika Nomor 1 Tahun 2023 tentang Interoperabilitas Data Dalam Penyelenggaraan Sistem Pemerintahan Berbasis Elektronik dan Satu Data Indonesia. Indonesia: https://peraturan.bpk.go.id/Details/255562/permenkominfo-no-1-tahun-2023, 2023.

[4] Diskominfo TUBA, “Struktur Organisasi | Dinas Komunikasi dan Informatika.” Accessed: Jun. 07, 2022. [Online]. Available: http://diskominfo.tulangbawangkab.go.id/informasi/struktur-organisasi

[5] SDI, “Satu Data Portal.” Accessed: Jun. 07, 2022. [Online]. Available: https://data.go.id/home

[6] M. J. Islami, “Implementasi Satu Data Indonesia: Tantangan dan Critical Success Factors (CSFs),” Jurnal Komunika, vol. 10, no. 1, pp. 13–23, Jun. 2021.

[7] Pemerintah Pusat, “Perpres Nomor 39 Tahun 2019 Tentang Satu Data Indonesia,” 2019.

[8] Diskominfo TUBA, “Tentang Kami | Portal Data Tulang Bawang.” Accessed: Jun. 06, 2022. [Online]. Available: http://portaldata.tulangbawangkab.go.id/feature/about

[9] R. Maulidya and M. Rozikin, “Analisis Retrospektif Kebijakan Satu Data Indonesia,” Dinamika : Jurnal Ilmiah Ilmu Administrasi Negara, vol. 9, no. 2, p. 273, Aug. 2022, doi: 10.25157/dak.v9i2.7884.

[10] Pemerintah Pusat, “Undang-undang nomor 14 Tahun 2008 tentang Keterbukaan Informasi Publik,” 2008.

[11] B. Rahardjo, Kemanan Sistem Informasi Berbasis Internet, 5.1. PT. Insan Infonesia, 2002.

[12] S. A. Grishaeva and V. I. Borzov, “Information security risk management,” in Proceedings of the 2020 IEEE International Conference “Quality Management, Transport and Information Security, Information Technologies”, IT and QM and IS 2020, Institute of Electrical and Electronics Engineers Inc., Sep. 2020, pp. 96–98. doi: 10.1109/ITQMIS51053.2020.9322901.

[13] KOMINFO, “Panduan Penerapan Tata Kelola Keamanan Informasi Bagi Penyelenggara Pelayanan Publik,” 2011. Accessed: Jun. 08, 2022. [Online]. Available: https://perpustakaan.kominfo.go.id/index.php?p=show_detail&id=2242

[14] R. Pompon, IT security risk control management: An audit preparation plan. Apress Media LLC, 2016. doi: 10.1007/978-1-4842-2140-2.

[15] W. Sardjono and M. I. Cholik, “Information Systems Risk Analysis Using Octave Allegro Method Based at Deutsche Bank,” in 2018 International Conference on Information Management and Technology (ICIMTech), IEEE, Sep. 2018, pp. 38–42. doi: 10.1109/ICIMTech.2018.8528108.

[16] National Institute of Standards and Technology, “Minimum security requirements for federal information and information systems,” 2006. doi: 10.6028/NIST.FIPS.200.

[17] J. S. Suroso and M. A. Fakhrozi, “Assessment of Information System Risk Management with Octave Allegro at Education Institution,” Procedia Comput Sci, vol. 135, pp. 202–213, 2018, doi: 10.1016/j.procs.2018.08.167.

[18] R. A. Caralli, J. F. Stevens, L. R. Young, and W. R. Wilson, “Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process,” May 2007. [Online]. Available: http://www.sei.cmu.edu/publications/pubweb.html

[19] A. Dorofee, “Managing Information Security Risks across the Enterprise,” in Guarding Your Business, B., Boston: Kluwer Academic Publishers, 2005, pp. 151–172. doi: 10.1007/0-306-48638-5_9.

[20] G. Sitorus, R. Fauzi, and R. A. Nugraha, “Analisis Risiko Keamanan Informasi Menggunakan Metode OCTAVE Allegro pada Dinas Komunikasi dan Informatika Jawa Barat,” in eProceedings of Engineering Vol. 7 No. 2, Telkom University, Aug. 2020, pp. 7003–7008.

Additional Files

Published

2026-06-30

How to Cite

Aji Pulungan, W., & Allwine. (2026). Information Security Risk Analysis and Identification in the Tulang Bawang Data Portal Application Using the OCTAVE Allegro Method . JURIKOM (Jurnal Riset Komputer), 13(3), 846–854. https://doi.org/10.30865/jurikom.v13i3.9335

Issue

Section

Articles