scholarly journals Academic Information System Security Audits Using COBIT 5 Framework Domains APO12, APO13 AND DSS05

2020 ◽  
Vol 1 (2) ◽  
pp. 124-135
Author(s):  
Yoga Megasyah ◽  
Adi Arga Arifnur
Keyword(s):  
Information System ◽  
Information Security ◽  
System Security ◽  
Security Audit ◽  
Technology Process ◽  
Collection Data ◽  
Level 3 ◽  
Academic Information ◽  
Security Audits ◽  
Level 2

Academic information system in an institution is very important for the administration of lectures. The fore need for a system security audit so that the administration runs without obstacles. This audit can be carried out using the COBIT 5 framework, in this research an information security audit was carried out on academic information security. by focusing on the APO12 (Manage Risk), APO13 (Manage Risk), and DSS05 (Manage Security Service) domains. The stages in this research are initiation, planning the assessment, data collection, data validation, process attribute level and reporting the result. The results of this research note that the ability level of APO12 is at level 1, APO13 at level 2 and DSS05 at level 2, which means that the institution has carried out and implemented the information technology process and achieved its objectives. To reach level 3 some recommendations are given to cover the gaps that have been determined in the APO12, APO13 and DSS05 processes.

scholarly journals Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM

2018 ◽  
Vol 2 (1) ◽  
pp. 12
Author(s):  
Endang Kurniawan ◽  
Imam Riadi
Keyword(s):  
Information System ◽  
Information Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Governance ◽  
Security Controls ◽  
Level 3 ◽  
Academic Information ◽  
Iec 27002 ◽  
Level 2

  The objective of this research is to find out the level of information security in the academic information system to give recommendations improvements in information security management. The method used is qualitative research method, which data obtained based on the results of questionnaires distributed to respondents with the Guttmann scale. Based on the analysis results, 13 objective controls and 43 security controls were scattered in 3 clauses. From the analysis, it was concluded that the maturity level of information system security governance was 2.51, which means the level of maturity is still at level 2 but is approaching level 3 well defined.

scholarly journals ANALISIS KEAMANAN INFORMASI DATA CENTER MENGGUNAKAN COBIT 5

2018 ◽  
Vol 10 (2) ◽  
pp. 119-128
Author(s):  
Iik Muhamad Malik Matin ◽  
Arini Arini ◽  
Luh Kesuma Wardhani
Keyword(s):  
Information Security ◽  
Data Center ◽  
Data Validation ◽  
Security Audit ◽  
Validation Process ◽  
Security Service ◽  
Collection Data ◽  
Level 3 ◽  
Level 2 ◽  
Process Attribute

ABSTRAK Data center pada sebuah institusi telah di amati dan dianalisa untuk mendapatkan deskripsi mengenai keamamanan informasinya. Data center pernah mengalami insiden keamanan informasi berupa Shell Injection. Akibatnya, beberapa situs web tidak dapat diakses beberapa saat. Insiden ini dapat memperngaruhi proses bisnis institusi. Untuk menghindari masalah ini di masa depan, diperlukan audit keamanan informasi. Audit ini dapat dilakukan dengan menggunakan framework COBIT 5. Dalam penelitian ini, audit keamanan indormasi dilakukan terhadap keamanan informasi data center dengan fokus pada proses APO13 (Manage Security) dan DSS05 (Manage Security Service). Penelitian ini Penelitian ini dilakukan melalui tahap Initiation, Planning the Assessment, Briefing, Data Collection, Data Validation, Process Attribute Level dan Reporting the Result. Hasil penelitian ini diketahui tingkat kemampuan APO13 dan DSS05 pada saat ini (As Is) bernilai 1,54 dan 1,68 atau pada level 2, yang berarti proses APO13 dan DSS05 telah dilakukan dan dipelihara sesuai dengan rencana kerja. Oleh karena itu tingkat berikutnya (to be) ditetapkan pada level 3. Untuk mencapai level 3, beberapa rekomendasi diberikan untuk menutupi gap yang telah ditentukan dalam proses APO13 dan DSS05. Data center harus membuat rencana kerja yang rinci, data center yang dikelola dengan baik dan memiliki standar yang jelas untuk diterapkan agar dapat mencapai tujuan bisnis   ABSTRACT A data center of an institution was observed and analyzed in order to get description about its information security.  The data center had ever experienced incidents of information security which is shell injection. As a result, some websites were not accessible for a moment. This incidents can affect business processes of the institution. In order to avoid this problem in the future, this institution needs information security audit. This audit can be done by using Framework COBIT 5. In this research,  an information security audit was conducted to Data Center Information Security by using Framework COBIT 5, focus on the process DSS05 (Manage Security Service) and APO13 (Manage Security). This research was conducted through some stages of initiation, planning the assessment, briefing, data collection, data validation, process attribute level and reporting the result. Form this research, the capability level of APO13 and DSS05 at this moment (as is) worth 1.54 and 1.68 or at level 2, which means process of APO13 and DSS05 had been done and maintained in accordance with the work plan. Therefore the next level (to be) set at level 3. In order to achieve level 3, some recommendations provided to cover the gap that has been determined in the process APO13 and DSS05. The data center have to make a detail work plan, well managed data center and have clear standard to be implemented in order to reach the business goal.How to Cite : Martin, I.M. Arini. Wardani, L. K. (2017). ANALISIS KEAMANAN INFORMASI DATA CENTER  MENGGUNAKAN COBIT 5. Jurnal Teknik Informatika, 10(2), 119-128. doi: 10.15408/jti.v10i2.7026Permalink/DOI: http://dx.doi.org/10.15408/jti.v10i2.7026

scholarly journals AUDIT KEAMANAN SISTEM INFORMASI AKADEMIK DENGAN KERANGKA KERJA ISO 27001 DI PROGRAM STUDI SISTEM INFORMASI UNIKOM

2018 ◽  
Vol 16 (2) ◽  
pp. 121-131
Author(s):  
Marliana Budhiningtias Winanti ◽  
Ismail Dzulhan
Keyword(s):  
Information System ◽  
Information Systems ◽  
System Security ◽  
Primary System ◽  
Process Data ◽  
Security Audit ◽  
Information System Security ◽  
Security Controls ◽  
Academic Information ◽  
Iso 27001

Academic Information Systems Prodi UNIKOM Information System is the primary system used in the Information Systems Prodi process data and information about lectures and students. But in this system still found a lack of control of physical and logical security. To find out how your system security in organizations, information systems need security audit to determine whether security information is in accordance with the security procedures of management. Standardization used here is ISO 27001, this standards have been an international standards organization that is structured on the management of information security systems. Implementation of academic information system security audit is done by using the Audit Checklist ISO 27001: 2005. Audit results found security controls are still less well as the roles and responsibilities of employee safety, physical protection from disasters and power failures, data validation, and data backup are less regular. So the academic information system security controls is still need to be repairs in accordance with the recommendation.

scholarly journals Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih
Keyword(s):  
Higher Education ◽  
Information System ◽  
Information Security ◽  
Security Management ◽  
System Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Practices ◽  
Level 3 ◽  
Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   

scholarly journals KAMI index as an evaluation of academic information system security at XYZ university

2021 ◽  
Vol 11 (2) ◽  
pp. 55-62
Author(s):  
Andi Sofyan Anas ◽  
◽  
I Gusti Ayu Sri Devi Gayatri Utami ◽  
Adam Bachtiar Maulachela ◽  
Akbar Juliansyah ◽  
...  
Keyword(s):  
Information Technology ◽  
Information System ◽  
Information Security ◽  
System Security ◽  
Security Evaluation ◽  
Management Service ◽  
Maturity Level ◽  
Information System Security ◽  
Technology Governance ◽  
Academic Information

XYZ University is one of the universities that has used information technology to create quality service for students and the entire academic community. This Information technology service is managed by Information Technology and Communication Center (PUSTIK) which is responsible to carry out the development, management, service, and maintaining the security of information and communication technology. Good information technology governance should be able to maintain information security. Therefore, it is necessary to evaluate information system security especially the security of academic information systems. This information system security evaluation uses Keamanan Informasi (KAMI) Index which refers to the ISO/IEC 27001:2013 standard to be able to determine the maturity level of information security. An evaluation of five areas of the KAMI Index shows the Information Security Risk Management area gets the lowest score at 10 out of a total of 72. The result of the KAMI Index dashboard shows that the maturity level of each area of information security is at levels I and I+ with a total score of 166. This means that the level of completeness of implement ISO 27001:2013 standard is in the inadequate category.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals EVALUASI TINGKAT KEMATANGAN PROSES DELIVERY AND SUPPORT PADA IMPLEMENTASI SISTEM INFORMASI AKADEMIK UNIVERSITAS NEGERI PADANG BERDASARKAN KERANGKA KERJA COBIT 4.0

2018 ◽  
Author(s):  
Syukhri ◽  
Nizwardi Jalinus ◽  
Ganefri
Keyword(s):  
Information System ◽  
Information Systems ◽  
Direct Observation ◽  
State University ◽  
Research Subjects ◽  
Maturity Level ◽  
Service Desk ◽  
Continuous Service ◽  
Level 3 ◽  
Academic Information

This study was conducted to determine maturity level of Delivery and Support process on the implementation of the Academic Information System Padang State University, according to the criteria in the Control Objectives for Information and Related Technology (COBIT). Processes evaluated were (1) Ensure Continuous Service, (2) Manage Service Desk and Incidents, and (3) Manage Data. The method used in this study is a questionnaire with the appropriate research subjects RACI diagram mapping, and direct observation of Academic Information Systems, State University of Padang. The findings showed the maturity level of the process ensure continuous service, manage service desk and incidents, and manage data in the implementation of the Academic Information System Padang State University is located on level 3 (the process is defined). Results of evaluation of the maturity level is fundamental in determining the proposed improvements to the management of the State University of Padang in order to improve the service.

scholarly journals Maturity Level Analysis of Inventory Information Systems Using COBIT 4.1 Framework at PT. MEDISTA UTAMA

2021 ◽  
Vol 5 (1) ◽  
pp. 1
Author(s):  
Susi Susilowati
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Medical Devices ◽  
Business Processes ◽  
It Governance ◽  
Maturity Level ◽  
A Company ◽  
Level 2 ◽  
Level Analysis

PT. Medista Utama is a company engaged in the distribution of medical devices. We have implemented an information system in the inventory section that is used to control the movement of products in the company. The system used must be able to manage, convey and maintain information security properly. So it is necessary to carry out an audit that aims to evaluate the information system governance that is running and ensure that the existing procedures support the existing business processes in the company. The audits were conducted following the standards of the COBIT 4.1 Framework for IT governance. This study will focus on the Delivery Service and Support (DSS) domain to analyze several aspects of IT that are currently running in this company, from the level of system security used to the management carried out by the system. In this domain, the research is focused on the DS5, DS10, and DS11 sub-domains. From the research results it is known that DS5 is at the level of 1.3; DS10 and DS11 are at level 2 (Repetitive but Intuitive). The conclusion is the level of capability obtained from the inventory information system of PT. Medista Utama is still below the expected level. And many improvements are needed to maximize the company's performance to achieve the expected Maturity Level value.

scholarly journals Evaluasi Tata Kelola TI Berdasarkan Perspektif Internal Balance Scorecard dan Framework Cobit 4.1 (Studi Kasus: Institut Teknologi Budi Utomo Jakarta Timur)

Respati ◽  
2020 ◽  
Vol 15 (2) ◽  
pp. 37
Author(s):  
Febrian Destyanto ◽  
Kusrini Kusrini ◽  
Henderi Henderi
Keyword(s):  
Information System ◽  
Information Systems ◽  
Balanced Scorecard ◽  
Business Processes ◽  
Maturity Level ◽  
Model Framework ◽  
The Balanced Scorecard ◽  
Business Goals ◽  
Level 3 ◽  
Level 2

INTISARITata kelola sistem informasi menentukan tingkat pencapaian dari tujuan bisnis perusahaan. Semakin baik tata kelola sistem informasi berdampak pada keberhasilan mengelola proses dan tujuan bisnis dalam aspek akuntabilitas, resposibilitas dan transparansi. Model COBIT 4.1 digunakan untuk dapat mengukur tingkat keberhasilan suatu tata kelola sistem informasi sesuai dengan tujuan bisnis perusahaan. penelitian ini dilakukan untuk mengetahui tingkat kematangan tata kelola sistem informasi dari institut teknologi budi utomo dengan menggunakan perspektif internal dengan focus peningkatan dan pemeliharaan fungsionalitas proses bisnis pada model Balanced Scorecard sebagai alat untuk memetakan rencana strategis perusahaan, lalu dilakukan pengukuran tingkat kematangan menggunakan sub domain terpilih pada COBIT 4.1. Dari pemetaan Balanced Scorecard dan COBIT4.1 diperoleh sub domain PO2, PO3, AI2, AI4, dan AI7 yang digunakan untuk mengevaluasi tata kelola sistem informasi pada institut teknologi budi utomo berdasarkan model framework COBIT 4.1. Hasil pengukuran tingkat kematangan sub domain terpilih didapatkan hasil tingkat kematangan level 2 atau proses sudah dilakukan namun belum baku dan terdokumentasi secara terstruktur. Sedangkan tingkat kematangan yang diharapkan berada pada level 3 atau proses sudah terdefinisi baku dan terdokumentasi dengan struktur yang jelas dan baik. Hasil akhir dari penelitian berupa rekomendasi perbaikan untuk menuju tingkat kematangan yang diharapkan. Kata Kunci : Tingkat Kematangan, Balanced Scorecard (BSC), Perspektif Internal, COBIT 4.1, Tata Kelola Sistem Informasi ABSTRACTInformation system governance determines the level of achievement of the company's business goals. The better governance of information systems affects the success of managing business processes and objectives in aspects of accountability, resposibility and approval. The COBIT 4.1 model is used to measure the success of an information system governance in accordance with the company's business goals. This research was conducted to study the maturity level of information systems governance Institut Teknologi Budi Utomo using an internal perspective with a focus on improving and maintaining business process functionality in the Balanced Scorecard model as a tool to map out the company's strategic plan, then measuring the maturity level using sub domains obtained in COBIT 4.1. From the mapping of the Balanced Scorecard and COBIT4.1, PO2, PO3, AI2, AI4, and AI7 sub-domains are used to collect information systems governance at the utmost Budi technology institution based on the framework of the COBIT 4.1 model. The results of the measurement of the level of maturity of the sub domain are taken the level 2 maturity level results or the process has been carried out but not yet standardized and structured documented. While the expected level of maturity at level 3 or process is standard and documented with a clear and good structure. The final results of the study consisted of improvements to achieve the expected level of maturity. Keywords: Maturity Level, Balanced Scorecard (BSC), Internal Perspective, COBIT 4.1, Information System Governance

Sign in / Sign up

Export Citation Format

Share Document