Customized Diagnostic Tool for The Security Maturity Level of The Enterprise Information Based on ISO/IEC 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security. One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Download Full-text

AUDIT SISTEM MANAJEMEN KEAMANAN INFORMASI PUSAT TEKNOLOGI INFORMASI DAN KOMUNIKASI PENERBANGAN DAN ANTARIKSA (PUSTIKPAN) MENGGUNAKAN SNI ISO/IEC 27001:2013

Sebatik ◽

10.46984/sebatik.v23i2.782 ◽

2019 ◽

Vol 23 (2) ◽

pp. 352-358

Author(s):

Yudhistira Candra Pradipta ◽

Yani Rahardja ◽

Melkior Nikolar Ngalumsine Sitokdana

Keyword(s):

Corporate Governance ◽

Maturity Level ◽

Good Corporate Governance ◽

Iec 27001

Penerapan tata kelola Teknologi Informasi dan Komunikasi (TIK) saat ini sudah menjadi kebutuhan dan tuntutan di setiap instansi penyelenggara pelayanan publik mengingat peran TIK yang semakin penting bagi upaya peningkatan kualitas layanan sebagai salah satu realisasi dari tata kelola pemerintahan yang baik (Good Corporate Governance). Untuk maksud tersebut maka perlu dilakukan penelitian untuk mengaudit Sistem Manajemen Keamanan Informasi di Pusat Teknologi Informasi dan Komunikasi Penerbangan dan Antariksa (PUSTIKPAN) menggunakan ISO/IEC 27001:2013. Berdasarkan hasil penelitian tersebut ditemukan bahwa bahwa Annex 7 memiliki tingakatan paling rendah diantara Annex lainnyadikarenakan pada dokumen intruksi kerja terkait labeling belum terdaftar dalam dokumen induk sehingga perlu disesuaikan kembali dokumen induknya. Selain itu, masih ada dari klausul dan annex lainnya masih terdapat beberapa dokumen dan formulir yang kurang sesuai antara judul dengan yang tercantum pada kebijakan/prosedur yang ada sehingga kurang adanya sinkronisasi. Kemudian secara keseluruhan penggunaan ISO/IEC 27001:2013 telah terlaksana dengan baik karena memiliki rata-rata nilai maturity level 97,25% dengan level 5 Optimised. Hampir dari seluruh klausul dan annex memenuhi standar ISO/IEC 27001:2013 terlaksana sehingga dari hasil penelitian ini diharapkan PUSTIKPAN dapat meningkatkan kembali dalam pengarsipan dokumen agar memudahkan auditor dalam melakukan audit internal ataupun eksternal serta dapat terlaksananya seluruh kegiatan sesuai dengan standar ISO/IEC 27001:2013.

Download Full-text

Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution

TRIKONOMIKA ◽

10.23969/trikonomika.v17i1.1138 ◽

2018 ◽

Vol 17 (1) ◽

pp. 28

Author(s):

Akmal Zaifullah Maingak ◽

Candiwan Candiwan ◽

Listyo Dwi Harsono

Keyword(s):

Information System ◽

Information Security ◽

Gap Analysis ◽

Maturity Model ◽

Security Assessment ◽

Maturity Level ◽

Capability Maturity ◽

Level 1 ◽

Iec 27001 ◽

Government Institution

The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.

Download Full-text

Pengukuran dan Evaluasi Keamanan Informasi Menggunakan Indeks KAMI - SNI ISO/IEC 27001:2009

Jurnal ULTIMA InfoSys ◽

10.31937/si.v6i1.278 ◽

2015 ◽

Vol 6 (1) ◽

pp. 43-49 ◽

Cited By ~ 1

Author(s):

Irawan Afrianto ◽

Taryana Suryana ◽

Sufa’atin Sufa’atin

Keyword(s):

Information Security ◽

College Environment ◽

Maturity Level ◽

Iso Standard ◽

The Future ◽

Index Terms ◽

Iec 27001

Information is a valuable asset for the college. The need for safeguards against information becomes very necessary thing for a college. One standard that can be used to measure the maturity level of information security in an organization is the KAMI index developed by Depkominfo standards refer to ISO standard ISO / IEC 27001: 2009. This assessment is used to see how far the maturity level of information security in the college environment, which results can be used as a medium for evaluation in order to improve the information security of the college in the future. Index Terms - Assessment, Information security, KAMI Index, Maturity Level, College X

Download Full-text

Audit Keamanan Aplikasi E-Cash Menggunakan Iso 27001

Creative Information Technology Journal ◽

10.24076/citec.2018v5i4.209 ◽

2020 ◽

Vol 5 (4) ◽

pp. 243

Author(s):

Paradise Paradise ◽

Kusrini Kusrini ◽

Asro Nasiri

Keyword(s):

Information Systems Security ◽

Maturity Level ◽

Electronic Money ◽

Systems Security ◽

Technology Applications ◽

Iec 27001 ◽

Or Organization ◽

Financial Transactions ◽

A Company ◽

Iso 27001

Mandiri e-cash adalah uang elektronik yang dikeluarkan oleh Bank Mandiri, berbasis server yang memanfaatkan teknologi aplikasi di handphone atau yang disebut sebagai uang tunai di handphone. Dalam pelaksanaannya, mandiri e-cash memberikan kemudahan kepada pengguna dalam proses transaksi keuangan, akan tetapi disamping itu banyak juga keluhan masyarakat akan maraknya tindak kejahatan dunia maya melalui mandiri e-cash. Keamanan adalah hal penting yang harus diperhatikan oleh pihak bank, mengingat pentingnya data-data yang ada pada aplikasi ini. Untuk mengukur keamanan informasi tersebut penulis akan melakukan audit menggunakan ISO 27001 untuk memastikan Bank Mandiri bekerja sesuai dengan procedure yang ada. ISO/IEC 27001:2005 adalah standar keamanan sistem informasi yang mempunyai 27 klausul untuk mengukur tingkat keamanan bank. Hasil audit didapatkan dari observasi, wawancara, dan pembagian kuisoner kepada responden yang telah dipilih. Hasil yang didapat dari penelitian ini adalah tingkat maturity level dari hasil perhitungan beberapa klausul yang dipilih. Dari hasil tersebut akan ditemukan rekomendasi dan saran untuk aplikasi Mandiri E-Cash.Kata Kunci — Audit, E-Cash, ISO 27001Mandirie-cash is an electronic money issued by Bank Mandiri, a server-based technology applications in mobile phones or called as cash in mobile. In practice, independent e-cash provides convenience to users in the process of financial transactions, but also many complaints besides communities will be rampant cyberspace crimes through mandiri e-cash. Security is important things that must be considered by the bank, given the importance of the existing data on this application. To measure the information security writers will use ISO 27001 audit to ensure Bank Mandiri working in accordance with the existing procedure. ISO/IEC 27001:2005 information systems security is a standard which has 27 clauses to measure the level of security of a company or organization. Audit results obtained from observation, interview, and Division kuisoner to selected respondents. The results obtained from this research is the level of maturity level of the results of the calculations of some of the selected clause. The results will be found from recommendations and suggestions for the standalone application E-Cash.Keyword — Auditing, E-Cash, ISO 27001

Download Full-text

The Elicited Language Analysis Procedure

Language Speech and Hearing Services in Schools ◽

10.1044/0161-1461.1301.37 ◽

1982 ◽

Vol 13 (1) ◽

pp. 37-41

Author(s):

Larry J. Mattes

Keyword(s):

Diagnostic Tool ◽

Descriptive Analysis ◽

Quality Measures ◽

Analysis Procedure ◽

Elicited Imitation ◽

Response Quality ◽

Semantic Relationships ◽

Language Analysis

Elicited imitation tasks are frequently used as a diagnostic tool in evaluating children with communication handicaps. This article presents a scoring procedure that can be used to obtain an in-depth descriptive analysis of responses produced on elicited imitation tasks. The Elicited Language Analysis Procedure makes it possible to systematically evaluate responses in terms of both their syntactic and semantic relationships to the stimulus sentences presented by the examiner. Response quality measures are also included in the analysis procedure.

Download Full-text