Assessing the Information Security Awareness of Employees in PT ABC Against International Organization for Standardization (ISO) 27001:2013

2020 ◽  
Vol 17 (2) ◽  
pp. 1441-1446
Author(s):  
Risma Lukitowati ◽  
Kalamullah Ramli
Keyword(s):  
Information Security ◽  
International Organization ◽  
International Electrotechnical Commission ◽  
Security Awareness ◽  
Information Security Awareness ◽  
International Organization For Standardization ◽  
Information Security Management System ◽  
Information Assets ◽  
Iec 27001 ◽  
Iso 27001

The main purpose of information security is maintaining information assets that are owned by an organization, such as confidentiality, integrity, and availability (known as CIA). In maintaining information assets, a company usually manages information security by making and implementing an Information Security Management System (ISMS) policy. A widely used and applied ISMS policy in Indonesia is ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission). Indonesian telecommunications company PT ABC has implemented the ISO/IEC 27001:2013 standards and procedures. The company conducts an audit once a year to maintain the level of compliance with ISO/IEC 27001:2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of the company’s information security. This research focused on assessing how much information security awareness exists within PT ABC. Questionnaires were distributed in two departments of the company: supply chain management and service delivery of the Jakarta operations network. This research also examined company documents and surveillance audits in 2018. The employees were grouped based on their length of employment. The results of the questionnaires, with an error margin of 6%, were further compared with the results of the surveillance audit. Our data show that most employees who have worked at the company for more than six years understood and implemented ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked at the company for just one to two years.

Evaluasi Keamanan Informasi Pada Perguruan Tinggi Bina Insani Berdasarkan Indeks Keamanan Informasi SNI ISO/IEC 27001

2018 ◽  
Vol 6 (1) ◽  
pp. 95-104
Author(s):  
Mardi Yudhi Putra ◽  
Djajasukma Tjahjadi
Keyword(s):  
Higher Education ◽  
Information Security ◽  
Private Higher Education ◽  
Security Requirements ◽  
Probability Sampling ◽  
Low Level ◽  
Information Security Management System ◽  
Security Index ◽  
Iec 27001 ◽  
Iso 27001

Abstract   Efforts to improve information security are so important to an organization that not only in planning but up to the stage of information security. In reality, there is a lack of awareness of the organization of its importance that it causes the occurrence of security issues such as spam so that it affects the business process of the organization. This study examines the evaluation of the completeness (readiness and maturity) of the Information Security Management System (SMKI) at the Private Higher Education Institution of Bina Insani as measured using the Information Security Index (KAMI). Evaluation carried out refers to the ISO / IEC 27001 information security standard regarding information security requirements. Population and sample of this research consist of 4 working unit that is BAAK, BKEU, PMB and BSIJ & UPT so total amount 20. Sampling technique used is non probability sampling that is saturated sampling. The evaluation results of both the preparedness and maturity of the ISMS are at a very low level with the dependence on the role of information and communication technology at the organization at a moderate level. The level of completeness is at a low level with a score of 167 out of a total of 588 and the level of maturity is at level II. Meanwhile, to obtain ISO / IEC 27001: 2009 certification minimum level of information security is at level III. To achieve the level of maturity of Higher Education Bina Insani need to make improvements gradually starting from kesadaraan importance of information security, such as knowledge sharing and information security related training.   Keywords: Information Security, Index KAMI, ISO 27001     Abstrak   Upaya meningkatkan keamanan informasi sangat penting pada sebuah organisasi, tidak hanya dalam perencanaan akan tetapi sampai dengan tahap penerapan keamanan informasi. Pada kenyataannya ditemukan kurangnya kesadaran dari organisasi akan pentingnya hal tersebut sehingga menyebabkan terjadinya masalah keamanan informasi sehingga berdampak pada proses bisnis organisasi. Penelitian ini membahas tentang evaluasi kelengkapan (kesiapan dan kematangan) Sistem Manajemen Keamanan Informasi (SMKI) yang ada pada Lembaga Pendidikan Swasta Perguruan Tinggi Bina Insani yang dievaluasi menggunakan Indeks Keamanan Informasi (KAMI). Evaluasi yang dilakukan mengacu pada standar keamanan informasi ISO/IEC 27001 mengenai persyaratan keamanan informasi. Populasi dan sampel penelitian ini terdiri dari 4 unit kerja yakni BAAK, BKEU, PMB dan BSIJ & UPT sehingga jumlah secara keseluruhan 20. Teknik sampling yang digunakan adalah non probability sampling yakni sampling jenuh. Hasil evaluasi baik kesiapan dan kematangan SMKI berada pada tingkat yang sangat rendah dengan ketergantungan peran teknologi informasi dan komunikasi pada organisasi pada tingkat sedang. Untuk tingkat kelengkapan berada pada tingkat yang rendah dengan skor 167 dari total 588 dan tingkat kematangan berada pada tingkat II. Sementara untuk mendapatkan sertifikasi ISO/IEC 27001:2009 minimal level keamanan informasi adalah berada pada tingkat III. Untuk mencapai tingkat kematangan tersebut Perguruan Tinggi Bina Insani perlu melakukan perbaikan secara bertahap mulai dari kesadaraan pentingnya kemanan informasi, seperti sharing knowledge dan pelatihan terkait keamanan informasi.   Kata kunci: Keamanan Informasi, Indeks KAMI, ISO 27001

Raising information security awareness in the academic setting

VINE ◽  
2001 ◽  
Vol 31 (2) ◽  
pp. 11-16 ◽  
Author(s):  
Andrew Cox ◽  
Sarah Connolly ◽  
James Currall
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Academic Setting ◽  
Information Security Awareness

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Sign in / Sign up

Export Citation Format

Share Document