scholarly journals ANALISIS KEAMANAN INFORMASI DATA CENTER MENGGUNAKAN COBIT 5

2018 ◽  
Vol 10 (2) ◽  
pp. 119-128
Author(s):  
Iik Muhamad Malik Matin ◽  
Arini Arini ◽  
Luh Kesuma Wardhani
Keyword(s):  
Information Security ◽  
Data Center ◽  
Data Validation ◽  
Security Audit ◽  
Validation Process ◽  
Security Service ◽  
Collection Data ◽  
Level 3 ◽  
Level 2 ◽  
Process Attribute

ABSTRAK Data center pada sebuah institusi telah di amati dan dianalisa untuk mendapatkan deskripsi mengenai keamamanan informasinya. Data center pernah mengalami insiden keamanan informasi berupa Shell Injection. Akibatnya, beberapa situs web tidak dapat diakses beberapa saat. Insiden ini dapat memperngaruhi proses bisnis institusi. Untuk menghindari masalah ini di masa depan, diperlukan audit keamanan informasi. Audit ini dapat dilakukan dengan menggunakan framework COBIT 5. Dalam penelitian ini, audit keamanan indormasi dilakukan terhadap keamanan informasi data center dengan fokus pada proses APO13 (Manage Security) dan DSS05 (Manage Security Service). Penelitian ini Penelitian ini dilakukan melalui tahap Initiation, Planning the Assessment, Briefing, Data Collection, Data Validation, Process Attribute Level dan Reporting the Result. Hasil penelitian ini diketahui tingkat kemampuan APO13 dan DSS05 pada saat ini (As Is) bernilai 1,54 dan 1,68 atau pada level 2, yang berarti proses APO13 dan DSS05 telah dilakukan dan dipelihara sesuai dengan rencana kerja. Oleh karena itu tingkat berikutnya (to be) ditetapkan pada level 3. Untuk mencapai level 3, beberapa rekomendasi diberikan untuk menutupi gap yang telah ditentukan dalam proses APO13 dan DSS05. Data center harus membuat rencana kerja yang rinci, data center yang dikelola dengan baik dan memiliki standar yang jelas untuk diterapkan agar dapat mencapai tujuan bisnis   ABSTRACT A data center of an institution was observed and analyzed in order to get description about its information security.  The data center had ever experienced incidents of information security which is shell injection. As a result, some websites were not accessible for a moment. This incidents can affect business processes of the institution. In order to avoid this problem in the future, this institution needs information security audit. This audit can be done by using Framework COBIT 5. In this research,  an information security audit was conducted to Data Center Information Security by using Framework COBIT 5, focus on the process DSS05 (Manage Security Service) and APO13 (Manage Security). This research was conducted through some stages of initiation, planning the assessment, briefing, data collection, data validation, process attribute level and reporting the result. Form this research, the capability level of APO13 and DSS05 at this moment (as is) worth 1.54 and 1.68 or at level 2, which means process of APO13 and DSS05 had been done and maintained in accordance with the work plan. Therefore the next level (to be) set at level 3. In order to achieve level 3, some recommendations provided to cover the gap that has been determined in the process APO13 and DSS05. The data center have to make a detail work plan, well managed data center and have clear standard to be implemented in order to reach the business goal.How to Cite : Martin, I.M. Arini. Wardani, L. K. (2017). ANALISIS KEAMANAN INFORMASI DATA CENTER  MENGGUNAKAN COBIT 5. Jurnal Teknik Informatika, 10(2), 119-128. doi: 10.15408/jti.v10i2.7026Permalink/DOI: http://dx.doi.org/10.15408/jti.v10i2.7026

Evaluasi Manajemen Risiko Teknologi Informasi Menggunakan Framework COBIT 5 (Studi Kasus: PT PLN P2B Jawa Bali)

2021 ◽  
Vol 3 (2) ◽  
pp. 101-106
Author(s):  
Muhammad Kamal Sani Firdaus
Keyword(s):  
Data Collection ◽  
Assessment Model ◽  
Process Assessment ◽  
Data Validation ◽  
Validation Process ◽  
Database Server ◽  
Risk Appetite ◽  
Collection Data ◽  
Level 3 ◽  
Process Attribute

Kemungkinan adanya ancaman dan risiko TI (Teknologi Informasi) yang muncul seiring dengan penerapan IT Governance dapat menganggu proses bisnis yang berjalan. Hal ini penting bagi suatu perusahaan untuk menerapkan manajemen risiko TI. Dalam penerapannya, PLN P2B  didukung oleh Divisi Teknologi Informasi dan Telekomunikasi sebagai penyedia layanan TI. Diketahui permasalahan yang sedang dialami PLN P2B adalah insiden kehilangan data yang diakibatkan adanya kegagalan dalam migrasi data ketika PLN P2B mengupgrade server dari 3-node clusters menjadi 6-node clusters. Oleh karena itu, diperlukan adanya evaluasi terhadap manajemen risiko TI sesuai dengan standar yang ada. Penelitian ini bertujuan untuk mengetahui tingkat kapabilitas manajemen risiko TI menggunakan metodologi Process Assessment Model (PAM) COBIT 5 yang terdiri dari tahapan Initiation, Planning the Assesment, Briefing, Data Collection, Data Validation, Process Attribute Level dan Reporting the Result. Hasil dari penelitian ini menunjukan tingkat pengelolaan risiko dan pengoptimalan risiko saat ini berada pada level 3 (Established Process) dan berdasarkan hasil penilaian risiko terdapat 6 risk issue yang tingkat risikonya di atas batas risk appetite. Sehingga PLN P2B direkomendasikan untuk menerapkan dan mengemb    angkan DRP (Disaster Recovery Plan) berdasarkan kerangka kerja yang didesain untuk mengurangi dampak terhadap fungsi dan proses bisnis utamanya. Selain itu PLN P2B direkomendasikan menentukan dan mengimplementasikan langkah pengamanan fisik sesuai dengan persyaratan. Salah satunya dengan menempatkan database server di tempat yang aman. Dengan demikian diharapkan hasil penelitian ini dapat dijadikan bahan pertimbangan PLN P2B dalam melakukan perbaikan tata kelola TI agar dapat berjalan lebih optimal.

scholarly journals Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05

2020 ◽  
Vol 1 (2) ◽  
pp. 124-135
Author(s):  
Yoga Megasyah ◽  
Adi Arga Arifnur
Keyword(s):  
Information System ◽  
Information Security ◽  
System Security ◽  
Security Audit ◽  
Technology Process ◽  
Collection Data ◽  
Level 3 ◽  
Academic Information ◽  
Security Audits ◽  
Level 2

Academic information system in an institution is very important for the administration of lectures. The fore need for a system security audit so that the administration runs without obstacles. This audit can be carried out using the COBIT 5 framework, in this research an information security audit was carried out on academic information security. by focusing on the APO12 (Manage Risk), APO13 (Manage Risk), and DSS05 (Manage Security Service) domains. The stages in this research are initiation, planning the assessment, data collection, data validation, process attribute level and reporting the result. The results of this research note that the ability level of APO12 is at level 1, APO13 at level 2 and DSS05 at level 2, which means that the institution has carried out and implemented the information technology process and achieved its objectives. To reach level 3 some recommendations are given to cover the gaps that have been determined in the APO12, APO13 and DSS05 processes.

scholarly journals Audit Sistem Keamanan TI Menggunakan Domain DSS05 Pada Framework COBIT 5 (Studi Kasus: Diskominfo Kabupaten Karawang)

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Dea Valenska Gusman ◽  
Fajar Hari Prasetyo ◽  
K Adi
Keyword(s):  
Information Security ◽  
Data Collection ◽  
Assessment Process ◽  
Data Validation ◽  
Process Definition ◽  
Digital Era ◽  
Collection Data ◽  
Process Deployment ◽  
Capability Level ◽  
Process Attribute

Abstrak—Keamanan informasi pada era digital sangat penting, sehingga menjadi masalah penting bagi perusahaan, organisasi, serta lembaga pemerintahan. Dinas Komunikasi serta Informatika Kabupaten Karawang didirikan berdasarkan Peraturan Daerah No.14 pada Tahun 2016 mengenai Pembentukan serta Susunan Perangkat Daerah Kabupaten Karawang. Pemanfaatan teknologi informasi sudah diterapkan dalam sistem keamanan informasi pemerintah Kabupaten Karawang. namun dalam mewujudkan hal itu, belum sepenuhnya berhasil dalam pengambilan nilai serta manfaatnya. Riset ini mempunyai tujuan untuk melakukan evaluasi keamanan sistem informasi yang telah diimplementasikan pada institusi untuk menilai level kapabilitas menggunakan domain DSS05 pada COBIT 5. Metode yang dipakai yaitu Assesment Process Activities COBIT 5 antara lain Initiation Programme, Define Problems and Opportunities, Data Collection, Data Validation serta Process Atribut Level. Hasil riset ini didapatkan nilai kapabilitas 3,4 (as is) serta 4.1 (to be) maka proses yang telah diimplementasikan secara garis besar tercapai. Pada domain DSS05 mendapatkan capaian sebesar 92% berarti pada proses atribut 3.1 process definition tercapai penuh, sehingga penilaian dapat dilanjutkan ke level berikutnya yaitu (PA) 3.2 Process Deployment.Abstract—Information security in the digital era is very important, so it becomes a critical problem for enterprise, organizations and governments. The Communication and Informatics Office of Karawang Regency was formed based on Peraturan Daerah No. 14 of 2016 concerning the Formation and Composition of the Karawang Regency Regional Apparatus. Information technology is already implememted in the information security system of the Karawang Regency government. However, in realizing this, the value and benefits have not been fully succeeded. This study aims to evaluate the security of information systems that have been implemented in institutions to assess Capability Level using the DSS05 domain at COBIT 5. The method used is the Assessment Process Activities of COBIT 5, including Initiation Program, Define Problems and Opportunities, Data Collection, Data Validation and Process Attribute Level. The results of this study obtained the capability value of 3,4 (as is) and 4.1 (to be) of the two values, so the process that has been implemented in outline is achieved. In the DSS05 domain, the achievement was 92%, meaning that the 3.1 process definition attribute process was fully achieved, so that the assessment could be continued to the next level, namely (PA) 3.2 Process Deployment.

scholarly journals Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM

2018 ◽  
Vol 2 (1) ◽  
pp. 12
Author(s):  
Endang Kurniawan ◽  
Imam Riadi
Keyword(s):  
Information System ◽  
Information Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Governance ◽  
Security Controls ◽  
Level 3 ◽  
Academic Information ◽  
Iec 27002 ◽  
Level 2

  The objective of this research is to find out the level of information security in the academic information system to give recommendations improvements in information security management. The method used is qualitative research method, which data obtained based on the results of questionnaires distributed to respondents with the Guttmann scale. Based on the analysis results, 13 objective controls and 43 security controls were scattered in 3 clauses. From the analysis, it was concluded that the maturity level of information system security governance was 2.51, which means the level of maturity is still at level 2 but is approaching level 3 well defined.

scholarly journals Epidemiology of Crimean-Congo Hemorrhagic Fever (CCHF) in Africa—Underestimated for Decades

2021 ◽  
Author(s):  
Ahmet Irfan Temur ◽  
Jens H. Kuhn ◽  
David B. Pecor ◽  
Dmitry A. Apanaskevich ◽  
Maryam Keshtkar-Jahromi
Keyword(s):  
Local Governments ◽  
Case Reports ◽  
Hemorrhagic Fever ◽  
Level Of Evidence ◽  
Crimean Congo Hemorrhagic Fever ◽  
Cchf Virus ◽  
Collection Data ◽  
Level 3 ◽  
The Impact ◽  
Level 2

Crimean-Congo hemorrhagic fever (CCHF) is endemic in Africa, but the epidemiology remains to be defined. Using a broad database search, we reviewed the literature to better define CCHF evidence in Africa. We used a One Health approach to define the impact of CCHF by reviewing case reports, human and animal serology, and records of CCHF virus (CCHFV) isolations (1956–mid-2020). In addition, published and unpublished collection data were used to estimate the geographic distribution of Hyalomma ticks and infection vectors. We implemented a previously proposed classification scheme for organizing countries into five categories by the level of evidence. From January 1, 1956 to July 25, 2020, 494 CCHF cases (115 lethal) were reported in Africa. Since 2000, nine countries (Kenya, Mali, Mozambique, Nigeria, Senegal, Sierra Leone, South Sudan, Sudan, and Tunisia) have reported their first CCHF cases. Nineteen countries reported CCHF cases and were assigned level 1 or level 2 based on maturity of their surveillance system. Thirty countries with evidence of CCHFV circulation in the absence of CCHF cases were assigned level 3 or level 4. Twelve countries for which no data were available were assigned level 5. The goal of this review is to inform international organizations, local governments, and healthcare professionals about shortcomings in CCHF surveillance in Africa to assist in a movement toward strengthening policy to improve CCHF surveillance.

Historical text archives and prosopography: the COEL database system

1998 ◽  
Vol 10 (1-3) ◽  
pp. 57-72 ◽  
Author(s):  
K. S. B. Keats-Rohan
Keyword(s):  
Research Tool ◽  
Direct Access ◽  
Specific Situation ◽  
Core Data ◽  
Secondary Sources ◽  
The Core ◽  
Level 3 ◽  
Full Discussion ◽  
Available Information ◽  
Level 2

The COEL database and database software, a combined reference and research tool created by historians for historians, is presented here through Screenshots illustrating the underlying theoretical model and the specific situation to which that has been applied. The key emphases are upon data integrity, and the historian's role in interpreting and manipulating what is often contentious data. From a corpus of sources (Level 1) certain core data are extracted for separate treatment at an interpretive level (Level 3), based upon a master list of the core data (Level 2). The core data are interdependent: each record in Level 2 is of interest in itself; and it either could or should be associated with an(other) record(s) as a specific entity. Sometimes the sources are ambiguous and the association is contentious, necessitating a probabilty-coding approach. The entities created by the association process can then be treated at a commentary level, introducing material external to the database, whether primary or secondary sources. A full discussion of the difficulties is provided within a synthesis of available information on the core data. Direct access to the source texts is only ever a mouse click away. Fully query able, COEL is formidable look-up and research tool for users of all levels, who remain free to exercise an alternative judgement on the associations of the core data. In principle, there is no limit on the type of text or core data that could be handled in such a system.

Determination of the weight of audit evidence by the method of point ratings in the information security audit

2020 ◽  
Vol 7 (1) ◽  
pp. 57-62
Author(s):  
Vladislav A. Voevodin ◽  
◽  
Maria S. Markina ◽  
Pavel V. Markin ◽  
◽  
...  
Keyword(s):  
Information Security ◽  
Security Audit ◽  
Audit Evidence

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

EVALUASI PELATIHAN DI PT. PUPUK KUJANG CIKAMPEK

2018 ◽  
Vol 3 (2) ◽  
Author(s):  
Lania Muharsih ◽  
Ratih Saraswati
Keyword(s):  
Training Evaluation ◽  
Work Productivity ◽  
Learning Behavior ◽  
Level 3 ◽  
Level 1 ◽  
Four Levels ◽  
A Company ◽  
Level 2 ◽  
Evaluation Sheet ◽  
Assessment Factor

This study aims to determine the training evaluation at PT. Kujang Fertilizer. PT. Pupuk Kujang is a company engaged in the field of petrochemicals. Evaluation sheet of PT. Fertilizer Kujang is made based on Kirkpatrick's theory which consists of four levels of evaluation, namely reaction, learning, behavior, and results. At level 1, namely reaction, in the evaluation sheet is in accordance with the theory of Kirkpatrick, at level 2 that is learning should be held pretest and posttest but only made scale. At level 3, behavior, according to theory, but on assessment factor number 3, quantity and work productivity should not need to be included because they are included in level 4. At level 4, that is the result, here is still lacking to get a picture of the results of the training that has been carried out because only based on answers from superiors without evidence of any documents.   Keywords: Training Evaluation, Kirkpatrick Theory.    Penelitian ini bertujuan mengetahui evaluasi training di PT. Pupuk Kujang. PT. Pupuk Kujang merupakan perusahaan yang bergerak di bidang petrokimia. Lembar evaluasi PT. Pupuk Kujang dibuat berdasarkan teori Kirkpatrick yang terdiri dari empat level evaluasi, yaitu reaksi, learning, behavior, dan hasil. Pada level 1 yaitu reaksi, di lembar evaluasi tersebut sudah sesuai dengan teori dari Kirkpatrick, pada level 2 yaitu learning seharusnya diadakan pretest dan posttest namun hanya dibuatkan skala. Pada level 3 yaitu behavior, sudah sesuai teori namun pada faktor penilaian nomor 3 kuantitas dan produktivitas kerja semestinya tidak perlu dimasukkan karena sudah termasuk ke dalam level 4. Pada level 4 yaitu hasil, disini masih sangat kurang untuk mendapatkan gambaran hasil dari pelatihan yang sudah dilaksanakan karena hanya berdasarkan dari jawaban atasan tanpa bukti dokumen apapun.   Kata kunci: Evaluasi Pelatihan, Teori Kirkpatrick.

Variation in antibiotic use across intensive care units (ICU): A population-based cohort study in Ontario, Canada

2020 ◽  
Vol 41 (9) ◽  
pp. 1035-1041
Author(s):  
Erika Y. Lee ◽  
Michael E. Detsky ◽  
Jin Ma ◽  
Chaim M. Bell ◽  
Andrew M. Morris
Keyword(s):  
Cohort Study ◽  
Intensive Care ◽  
Intensive Care Units ◽  
Ventilatory Support ◽  
Severity Of Illness ◽  
Antibiotic Use ◽  
Patient Factors ◽  
Days Of Therapy ◽  
Level 3 ◽  
Level 2

AbstractObjectives:Antibiotics are commonly used in intensive care units (ICUs), yet differences in antibiotic use across ICUs are unknown. Herein, we studied antibiotic use across ICUs and examined factors that contributed to variation.Methods:We conducted a retrospective cohort study using data from Ontario’s Critical Care Information System (CCIS), which included 201 adult ICUs and 2,013,397 patient days from January 2012 to June 2016. Antibiotic use was measured in days of therapy (DOT) per 1,000 patient days. ICU factors included ability to provide ventilator support (level 3) or not (level 2), ICU type (medical-surgical or other), and academic status. Patient factors included severity of illness using multiple-organ dysfunction score (MODS), ventilatory support, and central venous catheter (CVC) use. We analyzed the effect of these factors on variation in antibiotic use.Results:Overall, 269,351 patients (56%) received antibiotics during their ICU stay. The mean antibiotic use was 624 (range 3–1460) DOT per 1,000 patient days. Antibiotic use was significantly higher in medical-surgical ICUs compared to other ICUs (697 vs 410 DOT per 1,000 patient days; P < .0001) and in level 3 ICUs compared to level 2 ICUs (751 vs 513 DOT per 1,000 patient days; P < .0001). Higher antibiotic use was associated with higher severity of illness and intensity of treatment. ICU and patient factors explained 47% of the variation in antibiotic use across ICUs.Conclusions:Antibiotic use varies widely across ICUs, which is partially associated with ICUs and patient characteristics. These differences highlight the importance of antimicrobial stewardship to ensure appropriate use of antibiotics in ICU patients.

Sign in / Sign up

Export Citation Format

Share Document