Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM

The objective of this research is to find out the level of information security in the academic information system to give recommendations improvements in information security management. The method used is qualitative research method, which data obtained based on the results of questionnaires distributed to respondents with the Guttmann scale. Based on the analysis results, 13 objective controls and 43 security controls were scattered in 3 clauses. From the analysis, it was concluded that the maturity level of information system security governance was 2.51, which means the level of maturity is still at level 2 but is approaching level 3 well defined.

Download Full-text

Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

International Journal of Engineering & Technology ◽

10.14419/ijet.v9i2.30581 ◽

2020 ◽

Vol 9 (2) ◽

pp. 429

Author(s):

IGN Mantra ◽

Aedah Abd. Rahman ◽

Hoga Saragih

Keyword(s):

Higher Education ◽

Information System ◽

Information Security ◽

Security Management ◽

System Security ◽

Maturity Level ◽

Information Security Management ◽

Security Practices ◽

Level 3 ◽

Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.

Download Full-text

Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05

Journal of Applied Engineering and Technological Science (JAETS) ◽

10.37385/jaets.v1i2.79 ◽

2020 ◽

Vol 1 (2) ◽

pp. 124-135

Author(s):

Yoga Megasyah ◽

Adi Arga Arifnur

Keyword(s):

Information System ◽

Information Security ◽

System Security ◽

Security Audit ◽

Technology Process ◽

Collection Data ◽

Level 3 ◽

Academic Information ◽

Security Audits ◽

Level 2

Academic information system in an institution is very important for the administration of lectures. The fore need for a system security audit so that the administration runs without obstacles. This audit can be carried out using the COBIT 5 framework, in this research an information security audit was carried out on academic information security. by focusing on the APO12 (Manage Risk), APO13 (Manage Risk), and DSS05 (Manage Security Service) domains. The stages in this research are initiation, planning the assessment, data collection, data validation, process attribute level and reporting the result. The results of this research note that the ability level of APO12 is at level 1, APO13 at level 2 and DSS05 at level 2, which means that the institution has carried out and implemented the information technology process and achieved its objectives. To reach level 3 some recommendations are given to cover the gaps that have been determined in the APO12, APO13 and DSS05 processes.

Download Full-text

Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

JURNAL SISTEM INFORMASI BISNIS ◽

10.21456/vol6iss1pp38-45 ◽

2016 ◽

Vol 6 (1) ◽

pp. 38

Author(s):

Yuni Cintia Yuze ◽

Yudi Priyadi ◽

Candiwan .

Keyword(s):

Information Security ◽

Asset Management ◽

Management System ◽

Security Management ◽

Maturity Level ◽

Information Security Management ◽

Capability Maturity ◽

Information Security Management System ◽

Level 3 ◽

Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security. One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Download Full-text

Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

Jurnal Ketahanan Nasional ◽

10.22146/jkn.26345 ◽

2017 ◽

Vol 23 (2) ◽

pp. 21

Author(s):

Aris Tundung ◽

Tri Kuntoro Priyambodo ◽

Armaidy Armawi

Keyword(s):

Information System ◽

Information Security ◽

Public Services ◽

Security Management ◽

Population Data ◽

Development Planning ◽

Maturity Level ◽

Information Security Management ◽

Civil Registration ◽

Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

Download Full-text

EVALUASI TINGKAT KEMATANGAN PROSES DELIVERY AND SUPPORT PADA IMPLEMENTASI SISTEM INFORMASI AKADEMIK UNIVERSITAS NEGERI PADANG BERDASARKAN KERANGKA KERJA COBIT 4.0

10.31219/osf.io/s5nx8 ◽

2018 ◽

Author(s):

Syukhri ◽

Nizwardi Jalinus ◽

Ganefri

Keyword(s):

Information System ◽

Information Systems ◽

Direct Observation ◽

State University ◽

Research Subjects ◽

Maturity Level ◽

Service Desk ◽

Continuous Service ◽

Level 3 ◽

Academic Information

This study was conducted to determine maturity level of Delivery and Support process on the implementation of the Academic Information System Padang State University, according to the criteria in the Control Objectives for Information and Related Technology (COBIT). Processes evaluated were (1) Ensure Continuous Service, (2) Manage Service Desk and Incidents, and (3) Manage Data. The method used in this study is a questionnaire with the appropriate research subjects RACI diagram mapping, and direct observation of Academic Information Systems, State University of Padang. The findings showed the maturity level of the process ensure continuous service, manage service desk and incidents, and manage data in the implementation of the Academic Information System Padang State University is located on level 3 (the process is defined). Results of evaluation of the maturity level is fundamental in determining the proposed improvements to the management of the State University of Padang in order to improve the service.

Download Full-text

Maturity Level Analysis of Inventory Information Systems Using COBIT 4.1 Framework at PT. MEDISTA UTAMA

IJISTECH (International Journal Of Information System & Technology) ◽

10.30645/ijistech.v5i1.108 ◽

2021 ◽

Vol 5 (1) ◽

pp. 1

Author(s):

Susi Susilowati

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Medical Devices ◽

Business Processes ◽

It Governance ◽

Maturity Level ◽

A Company ◽

Level 2 ◽

Level Analysis

PT. Medista Utama is a company engaged in the distribution of medical devices. We have implemented an information system in the inventory section that is used to control the movement of products in the company. The system used must be able to manage, convey and maintain information security properly. So it is necessary to carry out an audit that aims to evaluate the information system governance that is running and ensure that the existing procedures support the existing business processes in the company. The audits were conducted following the standards of the COBIT 4.1 Framework for IT governance. This study will focus on the Delivery Service and Support (DSS) domain to analyze several aspects of IT that are currently running in this company, from the level of system security used to the management carried out by the system. In this domain, the research is focused on the DS5, DS10, and DS11 sub-domains. From the research results it is known that DS5 is at the level of 1.3; DS10 and DS11 are at level 2 (Repetitive but Intuitive). The conclusion is the level of capability obtained from the inventory information system of PT. Medista Utama is still below the expected level. And many improvements are needed to maximize the company's performance to achieve the expected Maturity Level value.

Download Full-text

Evaluasi Tata Kelola TI Berdasarkan Perspektif Internal Balance Scorecard dan Framework Cobit 4.1 (Studi Kasus: Institut Teknologi Budi Utomo Jakarta Timur)

Respati ◽

10.35842/jtir.v15i2.346 ◽

2020 ◽

Vol 15 (2) ◽

pp. 37

Author(s):

Febrian Destyanto ◽

Kusrini Kusrini ◽

Henderi Henderi

Keyword(s):

Information System ◽

Information Systems ◽

Balanced Scorecard ◽

Business Processes ◽

Maturity Level ◽

Model Framework ◽

The Balanced Scorecard ◽

Business Goals ◽

Level 3 ◽

Level 2

INTISARITata kelola sistem informasi menentukan tingkat pencapaian dari tujuan bisnis perusahaan. Semakin baik tata kelola sistem informasi berdampak pada keberhasilan mengelola proses dan tujuan bisnis dalam aspek akuntabilitas, resposibilitas dan transparansi. Model COBIT 4.1 digunakan untuk dapat mengukur tingkat keberhasilan suatu tata kelola sistem informasi sesuai dengan tujuan bisnis perusahaan. penelitian ini dilakukan untuk mengetahui tingkat kematangan tata kelola sistem informasi dari institut teknologi budi utomo dengan menggunakan perspektif internal dengan focus peningkatan dan pemeliharaan fungsionalitas proses bisnis pada model Balanced Scorecard sebagai alat untuk memetakan rencana strategis perusahaan, lalu dilakukan pengukuran tingkat kematangan menggunakan sub domain terpilih pada COBIT 4.1. Dari pemetaan Balanced Scorecard dan COBIT4.1 diperoleh sub domain PO2, PO3, AI2, AI4, dan AI7 yang digunakan untuk mengevaluasi tata kelola sistem informasi pada institut teknologi budi utomo berdasarkan model framework COBIT 4.1. Hasil pengukuran tingkat kematangan sub domain terpilih didapatkan hasil tingkat kematangan level 2 atau proses sudah dilakukan namun belum baku dan terdokumentasi secara terstruktur. Sedangkan tingkat kematangan yang diharapkan berada pada level 3 atau proses sudah terdefinisi baku dan terdokumentasi dengan struktur yang jelas dan baik. Hasil akhir dari penelitian berupa rekomendasi perbaikan untuk menuju tingkat kematangan yang diharapkan. Kata Kunci : Tingkat Kematangan, Balanced Scorecard (BSC), Perspektif Internal, COBIT 4.1, Tata Kelola Sistem Informasi ABSTRACTInformation system governance determines the level of achievement of the company's business goals. The better governance of information systems affects the success of managing business processes and objectives in aspects of accountability, resposibility and approval. The COBIT 4.1 model is used to measure the success of an information system governance in accordance with the company's business goals. This research was conducted to study the maturity level of information systems governance Institut Teknologi Budi Utomo using an internal perspective with a focus on improving and maintaining business process functionality in the Balanced Scorecard model as a tool to map out the company's strategic plan, then measuring the maturity level using sub domains obtained in COBIT 4.1. From the mapping of the Balanced Scorecard and COBIT4.1, PO2, PO3, AI2, AI4, and AI7 sub-domains are used to collect information systems governance at the utmost Budi technology institution based on the framework of the COBIT 4.1 model. The results of the measurement of the level of maturity of the sub domain are taken the level 2 maturity level results or the process has been carried out but not yet standardized and structured documented. While the expected level of maturity at level 3 or process is standard and documented with a clear and good structure. The final results of the study consisted of improvements to achieve the expected level of maturity. Keywords: Maturity Level, Balanced Scorecard (BSC), Internal Perspective, COBIT 4.1, Information System Governance

Download Full-text

Investigation into the State-of-Practice of Operations Security Management Based on ISO/IEC 27002

International Journal of Technology Diffusion ◽

10.4018/ijtd.2016010104 ◽

2016 ◽

Vol 7 (1) ◽

pp. 53-72 ◽

Cited By ~ 1

Author(s):

Winfred Yaokumah

Keyword(s):

Information Security ◽

Organizational Performance ◽

Security Management ◽

Educational Institutions ◽

Special Focus ◽

Cross Sectional ◽

Security Controls ◽

Level 3 ◽

Iec 27002 ◽

Insight Into

This study assessed information security management in organizations through a questionnaire based on the ISO/IEC 27002, with special focus on operations security. A survey with cross-sectional research design was conducted and data collected from 223 participants from 56 organizations. Overall, the level of operations security maturity was 61.2%, which is the maturity Level 3 (well-defined). This level suggested that operations security controls and processes were documented, approved, and implemented organization-wide. Backups and malware protection were the most implemented security controls, while logging, auditing and monitoring were the least implemented controls. Assessment of inter-organizational operations security found significant differences among the organizations. Financial and Health Care Institutions outperform Educational Institutions and Government Public Service. The study provided insight into maturity levels of operations security controls and the results useful for benchmarking inter-organizational performance, competitiveness and improvement in information security.

Download Full-text

KAMI index as an evaluation of academic information system security at XYZ university

Matrix Jurnal Manajemen Teknologi dan Informatika ◽

10.31940/matrix.v11i2.2447 ◽

2021 ◽

Vol 11 (2) ◽

pp. 55-62

Author(s):

Andi Sofyan Anas ◽

◽

I Gusti Ayu Sri Devi Gayatri Utami ◽

Adam Bachtiar Maulachela ◽

Akbar Juliansyah ◽

...

Keyword(s):

Information Technology ◽

Information System ◽

Information Security ◽

System Security ◽

Security Evaluation ◽

Management Service ◽

Maturity Level ◽

Information System Security ◽

Technology Governance ◽

Academic Information

XYZ University is one of the universities that has used information technology to create quality service for students and the entire academic community. This Information technology service is managed by Information Technology and Communication Center (PUSTIK) which is responsible to carry out the development, management, service, and maintaining the security of information and communication technology. Good information technology governance should be able to maintain information security. Therefore, it is necessary to evaluate information system security especially the security of academic information systems. This information system security evaluation uses Keamanan Informasi (KAMI) Index which refers to the ISO/IEC 27001:2013 standard to be able to determine the maturity level of information security. An evaluation of five areas of the KAMI Index shows the Information Security Risk Management area gets the lowest score at 10 out of a total of 72. The result of the KAMI Index dashboard shows that the maturity level of each area of information security is at levels I and I+ with a total score of 166. This means that the level of completeness of implement ISO 27001:2013 standard is in the inadequate category.

Download Full-text

EVALUASI TATAKELOLA SISTEM INFORMASI AKADEMIK STMIK PRIMAKARA MENGGUNAKAN FRAMEWORK COBIT 5

Jurnal Teknologi Informasi dan Komputer ◽

10.36002/jutik.v5i1.636 ◽

2019 ◽

Vol 5 (1) ◽

Author(s):

I Gusti Lanang Agung Raditya ◽

I Wayan Diana Putra Adnyana

Keyword(s):

Information System ◽

Data Analysis ◽

Data Collection ◽

Gap Analysis ◽

Descriptive Analysis ◽

It Governance ◽

Maturity Level ◽

Governance System ◽

Level 3 ◽

Academic Information

ABSTRACT Primakara information system services implemented by STMIK Primakara have not been optimal as expected. The problem that occurs especially in academic information systems is the delay in the download process and lecture registration. Looking at these conditions there appears to be a gap between what is planned and the reality that occurs. The gap that occurs cannot be separated from the governance system implemented. This study aims to evaluate the maturity level of information technology (IT) governance and provide recommendations for improvements in the application of academic information system services at STMIK Primakara. The research steps are as follows: 1) examine the problems that occur, 2) preparation of instruments 3) data collection, 4) data analysis, 5) gap analysis, 6) preparation of recommendations for improvement. The domains studied were EDM 4, APO 4, and APO 7. The research method was conducted in a qualitative interpretive manner. Data collection is done by survey techniques, interviews, and documentation studies to obtain accurate data by triangulation of methods and data sources. The data analysis technique is done by interpretive qualitative descriptive analysis with steps, namely data collection, data reduction, data presentation, data interpretation, and drawing conclusions or verification. Based on the results of the analysis obtained the level of maturity and maturity level gap on level 3 (established). Then a gap analysis is carried out between the current maturity level and the expected maturity level. The results of the analysis will produce recommendations for improvement from each domain. Keywords: IT Governance, Academic Information System, COBIT 5. ABSTRAK Layanan sistem informasi Primakara (SIP) yang di laksanakan oleh STMIK Primakara belum optimal seperti yang diharapkan. Masalah yang terjadi khusunya pada sistem informasi akademik adalah keterlambatan proses unduh nilai dan registrasi perkuliahan (KRS). Mencermati kondisi tersebut nampak ada kesenjangan antara yang direncanakan dengan realitas yang terjadi. Kesenjangan yang terjadi tidak bisa dilepaskan dari sistem tata kelola yang dilaksanakan. Penelitian ini bertujuan untuk mengevaluasi tingkat kematangan tata kelola teknologi informasi (TI) dan memberikan rekomendasi perbaikan dalam penerapan layanan sistem informasi akademik di STMIK Primakara. Langkah-langkah penelitian sebagai berikut: 1) menelaah masalah yang terjadi, 2) penyusunan instrumen 3) pengumpulan data, 4) analisis data, 5) analisis kesenjangan, 6) penyusunan rekomendasi perbaikan. Domain yang diteliti adalah EDM 4, APO 4, serta APO 7. Metode penelitian dilakukan secara kualitatif interpretatif. Pengumpulan data dilakukan dengan teknik survei, wawancara, dan studi dokumentasi untuk mendapat data yang akurat dilakukan dengan triangulasi metode dan sumber data. Teknik analisis data dilakukan dengan analisis deskriptif kualitatif interpretatif dengan langkah, yaitu pengumpulan data, reduksi data, penyajian data, interpretasi data, dan penarikan simpulan atau verifikasi. Berdasarkan hasil analisis diperoleh tingkat kematangan dan kesenjangan tingkat kematangan pada level 3 (established). Selanjutnya dilakukan analisis kesenjangan antara tingkat kematangan saat ini dan tingkat kematangan yang diharapkan. Hasil analisis akan menghasilkan rekomendasi perbaikan dari masing-masing domain. Kata Kunci : Tatakelola TI, Sistem Informasi Akademik, COBIT 5.

Download Full-text