Information System Life Cycles and Security

2011 ◽  
pp. 274-284
Author(s):  
Albin Zuccato
Keyword(s):  
Information System ◽  
Life Cycle ◽  
Security Management ◽  
System Security ◽  
Life Cycle Stage ◽  
Life Cycles ◽  
Information Security Management ◽  
Legal Provision ◽  
Process Framework ◽  
System Life

Organizations are required by legal provision to include information system security into their day- today management activities. To do this effectively and efficiently, it is necessary that information security management integrates into the overall system life cycle. Here I will present a system life cycle and suggest which aspects of security should be covered at which life cycle stage of the system. Based on this, I will present a process framework that due to its iterativity and detailedness accommodates the needs for life cycle oriented security management.

ISMS Building for SMEs through the Reuse of Knowledge

2012 ◽  
pp. 90-116
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

scholarly journals Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih
Keyword(s):  
Higher Education ◽  
Information System ◽  
Information Security ◽  
Security Management ◽  
System Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Practices ◽  
Level 3 ◽  
Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   

ISMS Building for SMEs through the Reuse of Knowledge

2013 ◽  
pp. 394-419
Author(s):  
Luís Enrique Sánchez ◽  
Antonio Santos-Olmo ◽  
Eduardo Fernandez-Medina ◽  
Mario Piattini
Keyword(s):  
Information System ◽  
Information Systems ◽  
Security Management ◽  
System Security ◽  
Point Of View ◽  
Medium Size ◽  
Information Security Management ◽  
Business Size ◽  
Security Information ◽  
Considerable Experience

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics, and these systems must be optimized from the point of view of the resources necessary to deploy and maintain them. Over the last 10 years, the authors have obtained considerable experience in the establishment of ISMSs, and during this time, they have observed that the structure and characteristics of SMEs as regards security management are frequently very similar (since they can all be grouped by business size and sector), thus signifying that it is possible to construct patterns for ISMSs that can be reused and refined. In this chapter, the authors present the strategy that they have designed to manage and reuse security information in information system security management. This strategy is framed within a methodology designed for integral security management and its information systems maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-size Enterprises (MSM2-SME),” and it is defined in a reusable model called “Reusable Pattern for Security Management (RPSM),” which systematically defines, manages, and reuses the aforementioned methodology through a sub-process denominated as “Generation of Security Management Patterns (GSMP).” This model is currently being applied in real cases, and is thus constantly improving.

ANALISA DAN PERANCANGAN SISTEM INFORMASI AKUNTASI UNTUK PENGELOLAAN KEUANGAN UKM

2018 ◽  
Vol 10 (1) ◽  
pp. 33
Author(s):  
Diana Laily Fithri
Keyword(s):  
Information System ◽  
Life Cycle ◽  
Modelling Language ◽  
System Life

AbstrakSebuah Usaha Kecil Menengah (UKM) yang ada dalam masyarakat merupakan   sebuah usaha yang dirintis oleh masyarakat  dengan beberapa produk maupun usaha yang berbeda-beda. Setiap usaha tersebut memiliki manajemen keuangan yang masih dilakukan secara manual, yaitu pembukuan dan perekapan data yang masih menggunakan buku dengan cara mengumpulkan dan mengelompokkan beberapa nota. Dengan adanya permasalahan tersebut maka dibuatlah analisa dan perancangan sistem informasi akuntansi yang dapat digunakan oleh para pemilik UKM dalam mengelola keuangan serta dapat mengontrol manajemen dalam UKM tersebut.  Karena proses yang manual tersebut, banyak pemilik UKM yang kebingungan dalam mengelola keuangannya, dan tidak dapat mengetahui modal awal ketika mendirikan usaha sampai dengan usaha UKM yang semakin pesat. Oleh karena itu, dibuatlah sebuah analisa dan perancangan sistem informasi  akuntansi yang dapat digunakan oleh banyak pemilik UKM dalam mengelola keuangannya. Tujuan dari penelitian ini adalah untuk mempermudah para pemilik UKM dalam mengelola keuangannya serta dapat mengatur pengelolaan manajemen yang teratur dalam UKM tersebut. Metode pengembangan yang digunakan adalah dengan metode ISLC (Information System Life Cycle) yang nantinya dalam tahapan tersebut juga dilakukan implementasi ke beberapa UKM. Perancangan yang digunakan dengan menggunakan UML (United Modelling Language) dan Database MySQL.Kata kunci— akuntansi, keuangan, , manajemen, produk

scholarly journals Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

2017 ◽  
Vol 23 (2) ◽  
pp. 21
Author(s):  
Aris Tundung ◽  
Tri Kuntoro Priyambodo ◽  
Armaidy Armawi
Keyword(s):  
Information System ◽  
Information Security ◽  
Public Services ◽  
Security Management ◽  
Population Data ◽  
Development Planning ◽  
Maturity Level ◽  
Information Security Management ◽  
Civil Registration ◽  
Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

Enterprise Information System Security

2011 ◽  
pp. 154-168
Author(s):  
Chandan Mazumdar
Keyword(s):  
Information System ◽  
Life Cycle ◽  
Security Policy ◽  
System Security ◽  
Policy Formulation ◽  
Life Cycle Approach ◽  
Security Testing ◽  
Enterprise Information System ◽  
Enterprise Information ◽  
Information System Security

There has been an unprecedented thrust in employing Computers and Communication technologies in all walks of life. The systems enabled by Information Technology are becoming more and more complex resulting in various threats and vulnerabilities. The security properties, like confidentiality, integrity, and availability, are becoming more and more difficult to protect. In this chapter, a life-cycle approach to achieve and maintain security of enterprises has been proposed. First, enterprise information systems are looked at in detail. Then, the need for enterprise information system security and problems associated with security implementation are discussed. The authors consider enterprise information system security as a management issue and detail the information security parameters. Finally, the proposed security engineering life-cycle is described in detail, which includes, Security Requirement Analysis, Security Policy Formulation, Security Infrastructure Advisory Generation, Security Testing and Validation, and Review and Monitoring phases.

Sign in / Sign up

Export Citation Format

Share Document