scholarly journals Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih
Keyword(s):  
Higher Education ◽  
Information System ◽  
Information Security ◽  
Security Management ◽  
System Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Practices ◽  
Level 3 ◽  
Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

2017 ◽  
Vol 23 (2) ◽  
pp. 21
Author(s):  
Aris Tundung ◽  
Tri Kuntoro Priyambodo ◽  
Armaidy Armawi
Keyword(s):  
Information System ◽  
Information Security ◽  
Public Services ◽  
Security Management ◽  
Population Data ◽  
Development Planning ◽  
Maturity Level ◽  
Information Security Management ◽  
Civil Registration ◽  
Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

scholarly journals Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM

2018 ◽  
Vol 2 (1) ◽  
pp. 12
Author(s):  
Endang Kurniawan ◽  
Imam Riadi
Keyword(s):  
Information System ◽  
Information Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Governance ◽  
Security Controls ◽  
Level 3 ◽  
Academic Information ◽  
Iec 27002 ◽  
Level 2

  The objective of this research is to find out the level of information security in the academic information system to give recommendations improvements in information security management. The method used is qualitative research method, which data obtained based on the results of questionnaires distributed to respondents with the Guttmann scale. Based on the analysis results, 13 objective controls and 43 security controls were scattered in 3 clauses. From the analysis, it was concluded that the maturity level of information system security governance was 2.51, which means the level of maturity is still at level 2 but is approaching level 3 well defined.

ISMS Building for SMEs through the Reuse of Knowledge

2012 ◽  
pp. 90-116
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

Information System Life Cycles and Security

2011 ◽  
pp. 274-284
Author(s):  
Albin Zuccato
Keyword(s):  
Information System ◽  
Life Cycle ◽  
Security Management ◽  
System Security ◽  
Life Cycle Stage ◽  
Life Cycles ◽  
Information Security Management ◽  
Legal Provision ◽  
Process Framework ◽  
System Life

Organizations are required by legal provision to include information system security into their day- today management activities. To do this effectively and efficiently, it is necessary that information security management integrates into the overall system life cycle. Here I will present a system life cycle and suggest which aspects of security should be covered at which life cycle stage of the system. Based on this, I will present a process framework that due to its iterativity and detailedness accommodates the needs for life cycle oriented security management.

scholarly journals Wahyudi

2019 ◽  
Author(s):  
Wahyudi
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Business Process ◽  
Security Management ◽  
Information Security Management ◽  
Security Control ◽  
Iso 31000 ◽  
Lawful Interception ◽  
Iso 27001

Menanggapi isu penyadapan yang dilakukan oleh Australia terhadap jaringan Indosat, manajemen Indosat mengatakan telah memiliki audit atas sistem keamanan jaringannya. Sistem tersebut sudah berstandard internasional yakni ISO 27001 dan ISO31000."Kami mempunyai manajemen tata laksana kebijakan dan pengendalian operasional dalam bentuk penerapan sistem manajemen standard ISO 27001 (Information Security Management) dan ISO 31000 (Risk Management) yang juga menyangkut audit keamanan sistem jaringan. Indosat juga mematuhi ketentuan lawful interception sesuai ketetuan dan Indosat menyatakan dengan tegas tidak memiliki kerjasama dengan pihak asing yang bertujuan untuk melakukan penyadapan," ujar President Director & CEO Indosat Alexander Rusli dalam keterangannya di Jakarta.Lebih lanjut dijelaskan, sistem adalah jaringan publik yang menggunakan standar seperti yang ditentukan oleh pemerintah. Dan satu-satunya tindakan penyadapan yang diizinkan adalah yang dilakukan oleh lembaga resmi negara berdasarkan aturan hukum yang berlaku. Bagaimana tanggapan anda mengenai artikel ini?Sesuai dengan UU No 36 Tahun 1999 tentang Telekomunikasi, Indosat hanya menyediakan fasilitas penyadapan kepada Aparat Penegak Hukum. Tidak hanya itu, seluruh perangkat Indosat telah memiliki sertifikat dari Kementerian Kominfo sesuai PM No. 29 Tahun 2008 tentang Sertifikasi Alat dan Perangkat Telekomunikasi dan sebagaimana telah disebutkan di atas bahwa keamanan jaringan Indosat sudah berstandar internasional sesuai ISO 27001.Bahkan, Indosat memiliki standard audit yang meliputi penerapan security control, business process, kepatuhan terhadap kebijakan serta pengujian teknis terhadap kerentanan jaringan, sehingga keamanan jaringan tetap terpelihara. Dalam hal ini, Indosat secara tegas menyatakan bahwa tidak ada kerjasama penyadapan dengan pihak luar terutama dengan pihak asing karena jelas hal tersebut melanggar Undang-undang yang berlaku serta merugikan kepentingan negara dan bangsa Indonesia sendiri.

scholarly journals ANALISIS DAN PENERAPAN SISTEM MANAJEMEN KEAMANAN INFORMASI SIMHP BPKP MENGGUNAKAN STANDAR ISO 27001

2017 ◽  
Vol 11 (2) ◽  
pp. 41
Author(s):  
Muhammad Bakri ◽  
Nia Irmayana
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Management System ◽  
Iso 27001

Kantor bagian Program dan Pelaporan (Prolap) menggunakan beberapa sistem untuk melaporkan hasil pengawasan salah satunya Sistem Informasi Manajemen Hasil Pengawasan (SIMHP). Kompleksitas pada SIMHP harus dipandang dari berbagai sudut pandang, terutama aspek keamanan yang nantinya mendukung ketahanan aplikasi SIMHP tersebut. Salah satu pengendalian yang secara khusus mengedepankan faktor keamanan informasi saat ini adalah ISO (Intenational Organization for Standardization) 27001. ISO 27001 merupakan standar untuk mengaudit keamanan sebuah sistem informasi dan digunakan sebagai acuan untuk menghasilkan dokumen (temuan dan rekomendasi). ISO 27001 memiliki kelebihan yaitu standar ini sangat fleksibel yang dikembangkan tergantung kebutuhan organisasi, tujuan organisasi, persyaratan keamanan dan juga SNI ISO 27001 menyediakan sertifikat implementasi Sistem Manajemen Keamanan Informasi (SMKI) yang diakui secara nasional dan internasional yang disebut Information Security Management System (ISMS). Penelitian ini berfokus pada penilaian dan pemetaan permasalahan keamanan terhadap aset informasi pada SIMHP. Pendekatan tersebut akan digunakan sebagai pedoman dalam membuat rancangan model pengendalian keamanan informasi menggunakan ISO 27001.

Sign in / Sign up

Export Citation Format

Share Document