A Structured Comparison of the Corporate Information Security Maturity Level

2019 ◽  
pp. 223-237 ◽  
Author(s):  
Michael Schmid ◽  
Sebastian Pape
Keyword(s):  
Information Security ◽  
Maturity Level ◽  
Corporate Information

scholarly journals Data Mining Usage in Corporate Information Security: Intrusion Detection Applications

2017 ◽  
Vol 8 (1) ◽  
pp. 51-59 ◽  
Author(s):  
Masoud Al Quhtani
Keyword(s):  
Data Mining ◽  
Information Security ◽  
Intrusion Detection ◽  
Mining System ◽  
Systematic Analysis ◽  
New Methods ◽  
Use Of Data ◽  
Efficient Data ◽  
Abuse Risk ◽  
Corporate Information

AbstractBackground: The globalization era has brought with it the development of high technology, and therefore new methods of preserving and storing data. New data storing techniques ensure data are stored for longer periods of time, more efficiently and with a higher quality, but also with a higher data abuse risk. Objective: The goal of the paper is to provide a review of the data mining applications for the purpose of corporate information security, and intrusion detection in particular. Methods/approach: The review was conducted using the systematic analysis of the previously published papers on the usage of data mining in the field of corporate information security. Results: This paper demonstrates that the use of data mining applications is extremely useful and has a great importance for establishing corporate information security. Data mining applications are directly related to issues of intrusion detection and privacy protection. Conclusions: The most important fact that can be specified based on this study is that corporations can establish a sustainable and efficient data mining system that will ensure privacy and successful protection against unwanted intrusions.

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

2017 ◽  
Vol 23 (2) ◽  
pp. 21
Author(s):  
Aris Tundung ◽  
Tri Kuntoro Priyambodo ◽  
Armaidy Armawi
Keyword(s):  
Information System ◽  
Information Security ◽  
Public Services ◽  
Security Management ◽  
Population Data ◽  
Development Planning ◽  
Maturity Level ◽  
Information Security Management ◽  
Civil Registration ◽  
Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

USING BLOCKCHAIN TECHNOLOGY TO DEVELOP A CORPORATE INFORMATION SYSTEM IN A PROTECTION PERFORMANCE

2020 ◽  
pp. 399-408
Author(s):  
Петр Юрьевич Филяк ◽  
Максим Константинович Постников ◽  
Семен Евгеньевич Федоров ◽  
Александр Григорьевич Остапенко ◽  
Андрей Петрович Преображенский
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Business Processes ◽  
Corporate Information System ◽  
Blockchain Technology ◽  
Block Chain ◽  
Corporate Information Systems ◽  
Corporate Information

В условиях развития информационного общества (Knowledgeable society - KS) информационные системы стали неотъемлемой частью любой организации, даже самой малой, независимо от реализуемых ими бизнес-процессов. Такие информационные системы принято называть корпоративными информационными системами (КИС), или Corporate Information System (CIS). Особые требования при разработке КИС предъявляются к обеспечению их информационной безопасности, что может быть реализовано путем разработки КИС в защищенном исполнении. Технологии blockchain являются очень перспективными не только при применении их в традиционных сферах - производстве, сервисе, на транспорте, но и для решения проблем безопасности и информационной, в частности. Анализу данной проблемы и подходам к ее решению и посвящена данная статья. At present, in the context of the development of Knowledgeable society, information systems are at now an integral part of any organization, even the smallest, regardless of the business processes they implement. Such information systems are commonly referred to as Corporate Information Systems (CIS). Special requirements for the development of CIS are made to ensure their information security, which can be achieved by developing a protected version of the CIS. In this article is considered the analysis of this problem and approaches to its solution. Block Chain technologies are very promising not only when applying them in traditional spheres - manufacturing, service, transport, but also to solve security and information problems, in particular.

Sign in / Sign up

Export Citation Format

Share Document