Information Security Maturity Level: A Fast Assessment Methodology

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security. One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Download Full-text

Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

Jurnal Ketahanan Nasional ◽

10.22146/jkn.26345 ◽

2017 ◽

Vol 23 (2) ◽

pp. 21

Author(s):

Aris Tundung ◽

Tri Kuntoro Priyambodo ◽

Armaidy Armawi

Keyword(s):

Information System ◽

Information Security ◽

Public Services ◽

Security Management ◽

Population Data ◽

Development Planning ◽

Maturity Level ◽

Information Security Management ◽

Civil Registration ◽

Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

Download Full-text

Global Information Security Assessment Methodology (GISAM™)

Information Security ◽

10.1201/9781420013412-8 ◽

2016 ◽

pp. 55-86

Keyword(s):

Information Security ◽

Global Information ◽

Security Assessment ◽

Assessment Methodology

Download Full-text

A Structured Comparison of the Corporate Information Security Maturity Level

ICT Systems Security and Privacy Protection - IFIP Advances in Information and Communication Technology ◽

10.1007/978-3-030-22312-0_16 ◽

2019 ◽

pp. 223-237 ◽

Cited By ~ 2

Author(s):

Michael Schmid ◽

Sebastian Pape

Keyword(s):

Information Security ◽

Maturity Level ◽

Corporate Information

Download Full-text

Maturity Level Analysis of Inventory Information Systems Using COBIT 4.1 Framework at PT. MEDISTA UTAMA

IJISTECH (International Journal Of Information System & Technology) ◽

10.30645/ijistech.v5i1.108 ◽

2021 ◽

Vol 5 (1) ◽

pp. 1

Author(s):

Susi Susilowati

Keyword(s):

Information System ◽

Information Systems ◽

Information Security ◽

Medical Devices ◽

Business Processes ◽

It Governance ◽

Maturity Level ◽

A Company ◽

Level 2 ◽

Level Analysis

PT. Medista Utama is a company engaged in the distribution of medical devices. We have implemented an information system in the inventory section that is used to control the movement of products in the company. The system used must be able to manage, convey and maintain information security properly. So it is necessary to carry out an audit that aims to evaluate the information system governance that is running and ensure that the existing procedures support the existing business processes in the company. The audits were conducted following the standards of the COBIT 4.1 Framework for IT governance. This study will focus on the Delivery Service and Support (DSS) domain to analyze several aspects of IT that are currently running in this company, from the level of system security used to the management carried out by the system. In this domain, the research is focused on the DS5, DS10, and DS11 sub-domains. From the research results it is known that DS5 is at the level of 1.3; DS10 and DS11 are at level 2 (Repetitive but Intuitive). The conclusion is the level of capability obtained from the inventory information system of PT. Medista Utama is still below the expected level. And many improvements are needed to maximize the company's performance to achieve the expected Maturity Level value.

Download Full-text

Semi-automated Information Security Risk Assessment Framework for Analyzing Enterprises Security Maturity Level

Lecture Notes in Business Information Processing - Research and Practical Issues of Enterprise Information Systems ◽

10.1007/978-3-030-37632-1_13 ◽

2019 ◽

pp. 141-152

Author(s):

Blerton Abazi ◽

Andrea Kő

Keyword(s):

Risk Assessment ◽

Information Security ◽

Assessment Framework ◽

Security Risk ◽

Maturity Level ◽

Information Security Risk ◽

Security Risk Assessment

Download Full-text

Practical Align Overview of the Main Frameworks Used by the Companies to Prevent Cyber Incidents

10.4018/978-1-6684-3698-1.ch022 ◽

2022 ◽

pp. 471-499

Author(s):

Rogério Yukio Iwashita ◽

Luiz Camolesi Junior

Keyword(s):

Information Security ◽

Maturity Level ◽

Security Challenges ◽

Huge Challenge

Among the biggest cybercrime or information security challenges, the information security professionals must be up to date with the new risks, cases, and different ways of attacks. Being up to date in this complex and aggressive scenario is a huge challenge and is a necessity to the security professional to fight against the cybercriminals. Additionally, based on this standard of requisites to start an information security program, an immature professional may be confused on the different frameworks used by the industries, mainly ISO/IEC 27000 family, NIST 800-53, NIST Cybersecurity Framework, COBIT, etc. This chapter will help the information security professional to decide where is important to focus efforts, to decide what is feasible and which control does not demand any additional investment. Additionally, this grade helps the InfoSec professionals to compare the information security maturity level within the companies and between the companies, comparing with benchmarks.

Download Full-text

Assessment Methodology on Maturity Level of ISMS

Lecture Notes in Computer Science - Knowledge-Based Intelligent Information and Engineering Systems ◽

10.1007/11553939_87 ◽

2005 ◽

pp. 609-615 ◽

Cited By ~ 2

Author(s):

Choon Seong Leem ◽

Sangkyun Kim ◽

Hong Joo Lee

Keyword(s):

Assessment Methodology ◽

Maturity Level

Download Full-text

Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM

INTENSIF Jurnal Ilmiah Penelitian dan Penerapan Teknologi Sistem Informasi ◽

10.29407/intensif.v2i1.11830 ◽

2018 ◽

Vol 2 (1) ◽

pp. 12

Author(s):

Endang Kurniawan ◽

Imam Riadi

Keyword(s):

Information System ◽

Information Security ◽

Maturity Level ◽

Information Security Management ◽

Security Governance ◽

Security Controls ◽

Level 3 ◽

Academic Information ◽

Iec 27002 ◽

Level 2

The objective of this research is to find out the level of information security in the academic information system to give recommendations improvements in information security management. The method used is qualitative research method, which data obtained based on the results of questionnaires distributed to respondents with the Guttmann scale. Based on the analysis results, 13 objective controls and 43 security controls were scattered in 3 clauses. From the analysis, it was concluded that the maturity level of information system security governance was 2.51, which means the level of maturity is still at level 2 but is approaching level 3 well defined.

Download Full-text

A Maturity Level Framework for Measurement of Information Security Performance

International Journal of Computer Applications ◽

10.5120/ijca2016907930 ◽

2016 ◽

Vol 141 (8) ◽

pp. 1-6

Author(s):

Rosmiati R ◽

Imam Riadi ◽

Yudi Prayudi

Keyword(s):

Information Security ◽

Maturity Level

Download Full-text