Cyber Risk Mitigation Strategy for Cybernetic PC Gaming Based on the NIST 800-30 Framework
Manajemen resiko
DOI:
https://doi.org/10.33197/justinfo.v3i1.2544Keywords:
Risk Management, NIST 800-30, Internet Cafe, Information Security, MitigationAbstract
The operational dependency of internet cafes (gaming centers) on Information Technology (IT) infrastructure creates significant risk exposure to business continuity and data security. Cybernetic PC Gaming, a gaming service provider in Bandung, faces challenges in the form of cyber threats and physical disruptions that have the potential to damage its reputation and financial standing. This study aims to identify, analyze, and evaluate the level of information security risk by applying the National Institute of Standards and Technology (NIST) Special Publication 800-30 framework. The research method employed is descriptive qualitative, encompassing the nine stages of risk management, from system characterization to mitigation results documentation. The study successfully identified five primary risk profiles. Based on risk matrix calculations, two threats were classified at a "High" level: power outages lacking adequate backup power support and the risk of malware infection from customers downloading harmful files. Meanwhile, internet connection disruptions, natural disasters, and hardware dust accumulation were rated at a "Moderate" level. As a solution, this research formulates strategic control recommendations, including the procurement of a backup generator, internet service provider (ISP) redundancy, and the implementation of web filtering and enterprise-grade antivirus software. In conclusion, the systematic application of the NIST 800-30 standard can transform risk management at Cybernetic PC Gaming from a reactive to a proactive approach, thereby ensuring operational resilience and sustainable protection of digital assets.
References
[1] T. O. Wibowo, W. Udasmoro, and R. Noviani, “Understanding new consumption sites of internet cafe in Yogyakarta, Indonesia,” J. Ilmu Sos. dan Ilmu Polit., vol. 23, no. 3, pp. 237–249, 2020, doi: 10.22146/jsp.51707.
[2] Istikhomah and Y. N. Kunang, “Analisis Manajemen Risiko Sistem Informasi Akademik Dengan Menggunakan Metode NIST SP 800-30 Revisi 1 (Studi Kasus: Universitas Bina Darma),” vol. 1, pp. 1–10, 2023, [Online]. Available: http://repository.binadarma.ac.id/7632/
[3] U. Nugraha and R. Istambul, “Implementation of ISO 31000 for information technology risk management in the government environment,” Int. J. Innov. Creat. Chang., vol. 6, no. 5, pp. 219–231, 2019.
[4] C. Asari and Yulhendri, “Manajemen Risiko Sistem Informasi Mengacu pada NIST SP 800-30 dan NIST SP 800-53 rev.5,” J. Teknol. Dan Sist. Inf. Bisnis, vol. 5, no. 4, pp. 420–430, 2023, doi: 10.47233/jteksis.v5i4.898.
[5] R. Gimnastiar, R. Nursyanti, and S. Sardjono, “Audit Keamanan Dan Manajemen Risiko Dengan Menggunakan Framework NIST (Studi Kasus: E-Learning UNIBI),” in Seminar Nasional Corisindo, Bandung: Universitas Teknologi Bandung, 2024, pp. 148–153. [Online]. Available: https://corisindo.utb-univ.ac.id/index.php/penelitian/article/view/61%0Ahttps://corisindo.utb-univ.ac.id/index.php/penelitian/article/download/61/25
[6] V. ÇAKMAK and E. AKTAN, “Internet Cafes, Young People and Game Interaction: a Study in the Context of Subculture,” MANAS Sos. Araştırmalar Derg., vol. 7, no. 3, pp. 0–0, 2018.
[7] M. A. Yuwono and L. Ellitan, “Implementation of Enterprise Risk Management As a Strategy for Increasing Competitive Advantage: Study At Companies in Central Kalimantan,” J. Bus. Manag. Account., vol. 15, no. 1, pp. 55–78, 2025, [Online]. Available: https://doi.org/10.32890/jbma2025.15.1.4
[8] I. Hermawan, B. T. Hanggara, and A. R. Perdanakusuma, “Manajemen Risiko Sistem Informasi Menggunakan Metode NIST SP 800 – 30 Studi Kasus Pada Dinas Komunikasi dan Informatika Kabupaten Sidoarjo,” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 9, no. 6, pp. 1–10, 2025, [Online]. Available: http://j-ptiik.ub.ac.id
[9] A. Elanda and R. L. Buana, “Analisis Manajemen Risiko Infrastruktur Dengan Metode NIST (National Institute of Standards and Technology) SP 800-30 (Studi Kasus : STMIK Rosma),” Elkom J. Elektron. dan Komput., vol. 14, no. 1, pp. 141–151, 2021, doi: 10.51903/elkom.v14i1.387.
[10] H. Ben Ameur, Z. Ftiti, and W. Louhichi, “Do ESG investments improve portfolio diversification and risk management during times of uncertainty,” J. Int. Financ. Mark. Institutions Money, vol. 103, p. 102199, 2025, doi: https://doi.org/10.1016/j.intfin.2025.102199.
[11] M. L. Gathigia and M. A.-M. Wairimu, “RISK MANAGEMENT PRACTICES AND PERFORMANCE OF INFRASTRUCTURAL PROJECTS IN NAKURU COUNTY, KENYA,” Int J. Soc. Sci. Manag. Entrep., vol. 7, no. 1, pp. 457–469, 2023, [Online]. Available: www.sagepublishers.com
[12] Ö. Aslan, S. S. Aktuğ, M. Ozkan-Okay, A. A. Yilmaz, and E. Akin, “A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions,” Electron., vol. 12, no. 6, 2023, doi: 10.3390/electronics12061333.
[13] A. A. Arifnur, H. Heryanto, and Y. Megasyah, “Manajemen Risiko Sistem Informasi Pengarsipan menggunakan NIST SP 800-30 pada Kopertis Wilayah IV Bandung,” J. Nas. Teknol. dan Sist. Inf., vol. 9, no. 2, pp. 208–217, 2023, doi: 10.25077/teknosi.v9i2.2023.208-217.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Jurnal Sistem Informasi dan Teknologi Informasi
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
