scholarly journals Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City)

2020 ◽  
Vol 1 (1) ◽  
pp. 1-11
Author(s):  
Adrian Fathurohman ◽  
R. Wahjoe Witjaksono
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Business Processes ◽  
City Government ◽  
Regional Government ◽  
Government Information ◽  
Analysis And Design ◽  
Information Security Management System ◽  
Regional Service ◽  
Iso 27001

The Department of Communication and Information (Diskominfo) of the Bandung City Government is an agency that has the responsibility of carrying out several parts of the Regional Government in the field of communication and informatics. Based on the composition of the regional service organization Bandung City Diskominfo has five fields and two UPTs which are part of the Bandung City Diskominfo. Bandung City Diskominfo in implementing work programs has IT as a supporter of business processes in government agencies. Based on the results of research conducted that IT management in Bandung City Government Diskominfo found several clauses that were still unfulfilled in this Diskominfo impact on the management of government information security institutions that can affect the performance of Bandung City Government. Therefore, there is a need for standardization that needs to be implemented as a guide that examines the direction in safeguarding information or assets that are considered sensitive to an organization. With the existence of these problems pushed to design information security recommendations based on ISO 27001: 2013 standards at Diskominfo. Also makes the design of IT information security systems that are focused on the control of Annex Information Security Policies, Human Resource Security, Operational Security, Communication Security and Asset Management so that business IT processes can run in accordance with the objectives of the organization. The results of this study are expected to help in securing IT information at the Bandung Diskominfo City and can also improve the goals of an organization.

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals ANALISA TINGKAP KESIAPAN PENERAPAN KEAMANAN TEKNOLOGI INFORMASI DALAM PELAKSANAAN e-GOVERNMENT BERBASIS INDEKS KEAMANAN INFORMASI (KAMI) STUDI KASUS PEMERINTAH KOTA KEDIRI

2019 ◽  
Vol 5 (1) ◽  
Author(s):  
I Gede Putu Krisna Juliharta
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Asset Management ◽  
Electronic System ◽  
City Government ◽  
The Public ◽  
A Value ◽  
The Government ◽  
Iec 27001 ◽  
The City

ABSTRACT e-Governement in Indonesia is a must this time. Good E-Governments certainly have the ability to provide good information to the public and fulfill aspects of confidentiality, integrity and availability, Kediri in East Java is one of the government that use e-Government. To measure these three aspects the system must be measured. Indeks KAMI (Keamanan Informasi) is an application that is used as a tool to analyze and evaluate the level of readiness (completeness and maturity) for implementing information security in an organization in accordance with SNI ISO / IEC 27001 criteria. Government of Kediri the score for the electronic system category was 20, for the governance assessment the score was 75, risk management score 18, the information security framework was 58, asset management 74, and the application of security and information technology had a value of 83, and the results measurement says the City Government of Kediri needs to improve the system management.<br />Keywords: Index, KAMI , Security, Information Technology<br />ABSTRAK Penerapan e-Governement dalam tata kelola Pemerintahan di Indonesia saat ini merupakan sebuah keharusan. E-Governement yang baik tentu memiliki kemampuan untuk memberikan Informasi yang baik kepada masyarakat dan memenuhi aspek kerahasiaan (confidentiality), keutuhan (integrity) dan ketersediaan (availability), Pemerintah Kota (Pemkot) Kediri adalah salah lembaga pemerintah yang menggunakan e-Government. Untuk mengukur ketiga aspek tersebut sistem haruslah diukur. Indeks KAMI (Keamanan Informasi) merupakan aplikasi yang digunakan sebagai alat bantu untuk menganalisa dan mengevalusi tingkat kesiapan (kelengkapan dan kematangan) penerapan keamanan informasi di sebuah organisasi sesuai dengan kriteria pada SNI ISO/IEC 27001. Untuk Pemkot Kediri didapatkan skor kategori sistem elektronik (SE) adalah 20, untuk penilaian tata kelola skornya adalah 75, pengelolaan resiko skornya 18, kerangka kerja keamanan informasi nilainya 58, pengelolaan asset 74, dan penerapan teknologi keamanan dan informasi memiliki nilai 83, dan hasil pengukuran menyebutkan Pemkot Kediri perlu meningkatkan system pengelolaan system yang dimiliki.<br />Kata Kunci : indeks, KAMI, keamanan, teknologi informas

scholarly journals ANALISIS DAN PENERAPAN SISTEM MANAJEMEN KEAMANAN INFORMASI SIMHP BPKP MENGGUNAKAN STANDAR ISO 27001

2017 ◽  
Vol 11 (2) ◽  
pp. 41
Author(s):  
Muhammad Bakri ◽  
Nia Irmayana
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Management System ◽  
Iso 27001

Kantor bagian Program dan Pelaporan (Prolap) menggunakan beberapa sistem untuk melaporkan hasil pengawasan salah satunya Sistem Informasi Manajemen Hasil Pengawasan (SIMHP). Kompleksitas pada SIMHP harus dipandang dari berbagai sudut pandang, terutama aspek keamanan yang nantinya mendukung ketahanan aplikasi SIMHP tersebut. Salah satu pengendalian yang secara khusus mengedepankan faktor keamanan informasi saat ini adalah ISO (Intenational Organization for Standardization) 27001. ISO 27001 merupakan standar untuk mengaudit keamanan sebuah sistem informasi dan digunakan sebagai acuan untuk menghasilkan dokumen (temuan dan rekomendasi). ISO 27001 memiliki kelebihan yaitu standar ini sangat fleksibel yang dikembangkan tergantung kebutuhan organisasi, tujuan organisasi, persyaratan keamanan dan juga SNI ISO 27001 menyediakan sertifikat implementasi Sistem Manajemen Keamanan Informasi (SMKI) yang diakui secara nasional dan internasional yang disebut Information Security Management System (ISMS). Penelitian ini berfokus pada penilaian dan pemetaan permasalahan keamanan terhadap aset informasi pada SIMHP. Pendekatan tersebut akan digunakan sebagai pedoman dalam membuat rancangan model pengendalian keamanan informasi menggunakan ISO 27001.

Assessing Privileged Access Management (PAM) using ISO 27001:2013 Control

2019 ◽  
Vol 5 (1) ◽  
pp. 65-76
Author(s):  
Anton Purba ◽  
Mohammad Soetomo
Keyword(s):  
Information Security ◽  
International Standards ◽  
Base Line ◽  
Access Management ◽  
Compliance Matrix ◽  
Privileged Access ◽  
Information Security Management System ◽  
Access Controls ◽  
Security Standards ◽  
Iso 27001

ISO 27001 is one of the most widely adopted and respected information security standards in use today. It is promulgated by the International Standards Organization (ISO). Many organizations seek to be certified for the standard, which provides a framework for implementing an Information Security Management System (ISMS). The standard touches on virtually every aspect of information security. Access controls - including Privileged Access Management (PAM), thus figure prominently into the ISO 27001 certification and audit processes. In order to manage their privileged accounts, organization should be use PAM to protect critical IT assets, meet the compliance regulation and to prevent data breaches. But unfortunately many organizations do not have enough knowledge when they plan to build PAM solutions. Many organization do not have base-line when they acquire new PAM technology. This paper will help organization to acquire PAM solution that meet the ISO 27001 control. Our compliance matrix give organization a guideline to achieving the implementation of ISMS framework with PAM technology.

Implementation: Information Security Management System (ISMS) ISO 27001:2005 at Perbanas University

2014 ◽  
Vol 1 (1) ◽  
pp. 46-58
Author(s):  
IGN Mantra
Keyword(s):  
Information Security ◽  
Management System ◽  
It Governance ◽  
Security Management ◽  
Main Interest ◽  
Information Security Management ◽  
Information Security Management System ◽  
Security Standard ◽  
Iso 27001

There is a need for an Information Security Management System Standard (ISO 27001:2005) at Perbanas University in general. Particularly ABFII Perbanas needs IT governance on Information Security. ISO 27001:2005 is an Information Security Standard that widely used as Information Security Management System (ISMS). IT Governance approach is the main interest within ISO 27001:2005 for Perbanas University.

Assessing the Information Security Awareness of Employees in PT ABC Against International Organization for Standardization (ISO) 27001:2013

2020 ◽  
Vol 17 (2) ◽  
pp. 1441-1446
Author(s):  
Risma Lukitowati ◽  
Kalamullah Ramli
Keyword(s):  
Information Security ◽  
International Organization ◽  
International Electrotechnical Commission ◽  
Security Awareness ◽  
Information Security Awareness ◽  
International Organization For Standardization ◽  
Information Security Management System ◽  
Information Assets ◽  
Iec 27001 ◽  
Iso 27001

The main purpose of information security is maintaining information assets that are owned by an organization, such as confidentiality, integrity, and availability (known as CIA). In maintaining information assets, a company usually manages information security by making and implementing an Information Security Management System (ISMS) policy. A widely used and applied ISMS policy in Indonesia is ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission). Indonesian telecommunications company PT ABC has implemented the ISO/IEC 27001:2013 standards and procedures. The company conducts an audit once a year to maintain the level of compliance with ISO/IEC 27001:2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of the company’s information security. This research focused on assessing how much information security awareness exists within PT ABC. Questionnaires were distributed in two departments of the company: supply chain management and service delivery of the Jakarta operations network. This research also examined company documents and surveillance audits in 2018. The employees were grouped based on their length of employment. The results of the questionnaires, with an error margin of 6%, were further compared with the results of the surveillance audit. Our data show that most employees who have worked at the company for more than six years understood and implemented ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked at the company for just one to two years.

Sign in / Sign up

Export Citation Format

Share Document