ENHANCING ENTERPRISE SECURITY POSTURE: DESIGN IT/OT RISK MANAGEMENT ON XYZ ORGANIZATION USING MULTI-CRITERIA DECISION ANALYSIS APPROACH

Thumbnail Image

Files

COVER.pdf (215.06 KB)
 CHAPTER 1.pdf (246.64 KB)
 CHAPTER 2.pdf (863.98 KB)
 CHAPTER 3.pdf (243.44 KB)
 CHAPTER 4.pdf (218.97 KB)

Date

2025-08-13

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Swiss German University

Abstract

This thesis supports the Indonesian government’s "Making Indonesia 4.0" initiative by addressing cybersecurity challenges in XYZ Organization, a state-owned manufacturer facing IT/OT convergence risks. With no defined maturity model or clear risk prioritization, the study develops a strategic IT/OT risk management framework using ISO/IEC 27005 and NIST SP 800-30. Applying STRIDE to the SAP-MES integration identified 34 threats, evaluated through a 5x5 likelihood-impact matrix aligned with COSO standards, highlighting 10 critical risks—such as equipment damage and backup failure—scoring 20/25. Mapped to ISO 27001 controls, tailored mitigation strategies are proposed, resulting in a structured, repeatable framework that strengthens cybersecurity governance and aligns with digital transformation and national mandates.

Description

Keywords

IT/OT Convergence, Risk Management, Cybersecurity, Industry 4.0, STRIDE, Risk Prioritization, Multi-Criteria Decision Analysis (MCDA), Manufacturing

Citation

URI

https://dspace-repository.sgu.ac.id/handle/123456789/77

Collections

Thesis

Endorsement

Review

Supplemented By

Referenced By