ENHANCING ENTERPRISE SECURITY POSTURE: DESIGN IT/OT RISK MANAGEMENT ON XYZ ORGANIZATION USING MULTI-CRITERIA DECISION ANALYSIS APPROACH

Abstract

This thesis supports the Indonesian government’s "Making Indonesia 4.0" initiative by addressing cybersecurity challenges in XYZ Organization, a state-owned manufacturer facing IT/OT convergence risks. With no defined maturity model or clear risk prioritization, the study develops a strategic IT/OT risk management framework using ISO/IEC 27005 and NIST SP 800-30. Applying STRIDE to the SAP-MES integration identified 34 threats, evaluated through a 5x5 likelihood-impact matrix aligned with COSO standards, highlighting 10 critical risks—such as equipment damage and backup failure—scoring 20/25. Mapped to ISO 27001 controls, tailored mitigation strategies are proposed, resulting in a structured, repeatable framework that strengthens cybersecurity governance and aligns with digital transformation and national mandates.