scholarly journals EVALUASI KEMANANAN SISTEM INFORMASI PASDEAL BERDASARKAN INDEKS KEAMANAN INFORMASI (KAMI) ISO/IEC 27001:2013

2021 ◽  
Vol 4 (2) ◽  
pp. 115-130
Author(s):  
Yahya Dwi Wijaya
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Electronic Commerce ◽  
Physical World ◽  
Security Evaluation ◽  
World Information ◽  
Iec 27001 ◽  
Iso 27001 ◽  
Reference Tool

Information systems are a valuable asset for business actors, one of which is engaged in e-commerce. Pasdeal is a credit distributor and server service that implements an e-commerce information system. The use of information systems in the field of sales or electronic commerce is considered efficient because it has become a platform for media and services and new and unique capabilities that are not found in the physical world. Information security factor is a very important aspect to consider considering the performance of ICT governance. For this reason, information systems need an information security evaluation in order to find out the gaps and deficiencies in information security in the information system. The KAMI index is a reference tool to evaluate the level of readiness of information system security in an organization. Evaluation is carried out on various areas that are the target of information security implementation based on the ISO/IEC 27001:2013 standard. Based on the results of the KAMI index assessment, it was found that Pasdeal got a score of 591 points from the application of the ISO 27001 standard with a pretty good predicate.

scholarly journals Evaluasi Tingkat Kesiapan Keamanan Informasi Pada Lembaga Pendidikan Menggunakan Indeks Kami 4.0

2019 ◽  
Vol 1 (2) ◽  
pp. 53-62
Author(s):  
Pramudhita Ferdiansyah ◽  
Subektiningsih Subektiningsih ◽  
Rini Indrayani
Keyword(s):  
Information System ◽  
Information Security ◽  
Electronic System ◽  
Third Parties ◽  
Security Evaluation ◽  
Security Systems ◽  
Collection Method ◽  
System Requirements ◽  
Security Index ◽  
Iec 27001

Evaluasi keamanan sistem informasi sangat diperlukan bagi sebuah organisasi, instansi, maupun perusahaan guna mencegah kebocoran data ataupun kerusakan sistem informasi. Penelitian ini dilakukan di sektor pendidikan pada lembaga UPTD XYZ di bawah kuasa Dinas Pendidikan Provinsi Daerah Istimewa Yogyakarta. Evaluasi kematangan dan tata kelola keamanan informasi diterapkan berdasarkan standar ISO/IEC 27001:2017 dengan menggunakan indeks keamanan informasi KAMI versi 4.0. Metode pengumpulan data dilakukan dengan cara observasi langsung dan interview terhadap penanggungjawab sistem informasi. Hasil yang didapatkan dari evaluasi untuk kebutuhan sistem elektronik sebesar 20, sedangkan tingkat kelengkapan informasi mendapatkan skor 245. Dari hasil tersebut dapat disimpulkan bahwa tingkat keamanan informasi masih sangat rendah dan diperlukan perbaikan sistem keamanan informasi dengan bekerja sama dengan pengembang keamanan informasi dari pihak ketiga. Information system security evaluation is indispensable for an organization, agency, or company to prevent data leakage or damage to information systems. This research was conducted in the education sector at the UPTD XYZ institution under the authority of the Yogyakarta Provincial Education Office. Information security maturity and governance evaluation is implemented based on ISO / IEC 27001: 2017 standard by using the WE information security index version 4.0. The data collection method is done by direct observation and interviews with the person in charge of the information system. The results obtained from the evaluation for electronic system requirements were 20, while the level of completeness of information got a score of 245. From these results it can be concluded that the level of information security is still very low and it is necessary to improve information security systems in collaboration with information security developers from third parties.

scholarly journals Model and Technique for Abonent Address Masking in Cyberspace

2020 ◽  
pp. 2-13
Author(s):  
Vadim Kuchurov ◽  
◽  
Roman Maximov ◽  
Roman Sherstobitov ◽  
◽  
...  
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Information Exchange ◽  
Information Technologies ◽  
System Structure ◽  
Security Requirements ◽  
Kolmogorov Equation ◽  
Basic Set ◽  
Technical Solutions

Regulators charge to counter information security threats against the structural and functional characteristics of the information system to ensure the information security requirements. These requirements include information system structure and composition, information technologies and functioning characteristics, physical and logical, functional and technological interconnections between information system segments. They order false components of information system emulation as a basic step of protection, as well as information technologies hiding, information system configuration management and its switching to predetermined configuration that provides a protection. However that steps are not included into basic set and they protection aims are reached with compensative assets, formalizing and implementing inhibitory orders and set of organizational and technical measures on threat source. The purpose of research – to disclose and to state main ways of search of new technical solutions for structure masking of distributed information systems in cyberspace implementing masking traffic taking into account the requirements for the timeliness of information exchange. The method of research – operations research in the face of uncertainty, the application of the theory of Markov processes and Kolmogorov equation for solving the problem of increasing the efficiency of masking exchange. The result of research – finding the probabilistic and temporal characteristics of the functioning process of the data transmission network when applying technical solutions for information systems masking in cyberspace. The results obtained make it possible to explicitly implement protection measures aimed at forming persistent false stereotypes among violators about information systems and control processes implemented with their help.

USING BLOCKCHAIN TECHNOLOGY TO DEVELOP A CORPORATE INFORMATION SYSTEM IN A PROTECTION PERFORMANCE

2020 ◽  
pp. 399-408
Author(s):  
Петр Юрьевич Филяк ◽  
Максим Константинович Постников ◽  
Семен Евгеньевич Федоров ◽  
Александр Григорьевич Остапенко ◽  
Андрей Петрович Преображенский
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Business Processes ◽  
Corporate Information System ◽  
Blockchain Technology ◽  
Block Chain ◽  
Corporate Information Systems ◽  
Corporate Information

В условиях развития информационного общества (Knowledgeable society - KS) информационные системы стали неотъемлемой частью любой организации, даже самой малой, независимо от реализуемых ими бизнес-процессов. Такие информационные системы принято называть корпоративными информационными системами (КИС), или Corporate Information System (CIS). Особые требования при разработке КИС предъявляются к обеспечению их информационной безопасности, что может быть реализовано путем разработки КИС в защищенном исполнении. Технологии blockchain являются очень перспективными не только при применении их в традиционных сферах - производстве, сервисе, на транспорте, но и для решения проблем безопасности и информационной, в частности. Анализу данной проблемы и подходам к ее решению и посвящена данная статья. At present, in the context of the development of Knowledgeable society, information systems are at now an integral part of any organization, even the smallest, regardless of the business processes they implement. Such information systems are commonly referred to as Corporate Information Systems (CIS). Special requirements for the development of CIS are made to ensure their information security, which can be achieved by developing a protected version of the CIS. In this article is considered the analysis of this problem and approaches to its solution. Block Chain technologies are very promising not only when applying them in traditional spheres - manufacturing, service, transport, but also to solve security and information problems, in particular.

scholarly journals Information Security of Critically Important Information Systems

2019 ◽  
Vol 8 (4) ◽  
pp. 9030-9034
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Legal Regulation ◽  
Security Threats ◽  
Legal Basis ◽  
Sources Of Information ◽  
Effective Mechanism ◽  
System Information

The article provides a comprehensive analysis of the concepts related to the information security of critically important information systems in Russia. Today, problems exist, which are associated with numerous threats to Russian information security due to the rapidly increasing role of the information sphere. To solve these problems, an effective mechanism is needed to prevent and eliminate these threats. To develop the organizational and legal basis of the mechanism, it is necessary to define a number of concepts, such as information security, critically important information system, information infrastructure, etc. The authors explore Russian legal regulation, as well as international experience and research on this topic. The article shows the main sources of information security threats and defines general principles and approaches to ensuring information security of critically important information systems. The concept and types of critically important information systems are identified and the necessity of developing and improving their legal regulation is substantiated. A number of legal and organizational measures aimed at ensuring the information system security of Russian infrastructure are proposed.

scholarly journals MODERN TOOLS FOR INFORMATION SECURITY SYSTEMS

2021 ◽  
Vol 335 (1) ◽  
pp. 14-18
Author(s):  
N. Baisholan ◽  
K.E. Kubayev ◽  
T.S. Baisholanov
Keyword(s):  
Information System ◽  
Risk Management ◽  
Information Systems ◽  
Information Security ◽  
Information Technologies ◽  
Business Processes ◽  
Security Audit ◽  
Security Systems ◽  
Security Models ◽  
Methods And Techniques

Efficiency of business processes in modern organizations depends on the capabilities of applied information technologies. The article describes and analyzes the role and features of audit tools and other methodological tools and models in ensuring the quality and security of information systems. The standard’s principles are reviewed, as well as the importance of meeting business needs. In order to protect virtual values in a company’s system environment, the importance of using information security models is revealed. Practical proposals in risk management and information security in information technology are analyzed through the COBIT standard. Measures for protecting the information system of an organization from accidental, deliberate or fake threats are considered. The possibility of using one of the real information security models by the information recipient or provider in accordance with the requirements of external processes is reported. Furthermore, in connection with increase in the number of attack methods and techniques and development of their new tools and vectors, the need to improve and ways to ensure information security are being considered. The essential tasks of security audit are considered, and the stages of their implementation are described. With regard to security of information systems, an analytical model is proposed for determining vulnerability’s numerical value.

scholarly journals Maturity Level Analysis of Inventory Information Systems Using COBIT 4.1 Framework at PT. MEDISTA UTAMA

2021 ◽  
Vol 5 (1) ◽  
pp. 1
Author(s):  
Susi Susilowati
Keyword(s):  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Medical Devices ◽  
Business Processes ◽  
It Governance ◽  
Maturity Level ◽  
A Company ◽  
Level 2 ◽  
Level Analysis

PT. Medista Utama is a company engaged in the distribution of medical devices. We have implemented an information system in the inventory section that is used to control the movement of products in the company. The system used must be able to manage, convey and maintain information security properly. So it is necessary to carry out an audit that aims to evaluate the information system governance that is running and ensure that the existing procedures support the existing business processes in the company. The audits were conducted following the standards of the COBIT 4.1 Framework for IT governance. This study will focus on the Delivery Service and Support (DSS) domain to analyze several aspects of IT that are currently running in this company, from the level of system security used to the management carried out by the system. In this domain, the research is focused on the DS5, DS10, and DS11 sub-domains. From the research results it is known that DS5 is at the level of 1.3; DS10 and DS11 are at level 2 (Repetitive but Intuitive). The conclusion is the level of capability obtained from the inventory information system of PT. Medista Utama is still below the expected level. And many improvements are needed to maximize the company's performance to achieve the expected Maturity Level value.

scholarly journals AUDIT KEAMANAN SISTEM INFORMASI AKADEMIK DENGAN KERANGKA KERJA ISO 27001 DI PROGRAM STUDI SISTEM INFORMASI UNIKOM

2018 ◽  
Vol 16 (2) ◽  
pp. 121-131
Author(s):  
Marliana Budhiningtias Winanti ◽  
Ismail Dzulhan
Keyword(s):  
Information System ◽  
Information Systems ◽  
System Security ◽  
Primary System ◽  
Process Data ◽  
Security Audit ◽  
Information System Security ◽  
Security Controls ◽  
Academic Information ◽  
Iso 27001

Academic Information Systems Prodi UNIKOM Information System is the primary system used in the Information Systems Prodi process data and information about lectures and students. But in this system still found a lack of control of physical and logical security. To find out how your system security in organizations, information systems need security audit to determine whether security information is in accordance with the security procedures of management. Standardization used here is ISO 27001, this standards have been an international standards organization that is structured on the management of information security systems. Implementation of academic information system security audit is done by using the Audit Checklist ISO 27001: 2005. Audit results found security controls are still less well as the roles and responsibilities of employee safety, physical protection from disasters and power failures, data validation, and data backup are less regular. So the academic information system security controls is still need to be repairs in accordance with the recommendation.

scholarly journals Information Security Audit and Main Findings in Czech and Slovak Companies

2020 ◽  
Author(s):  
Petr Doucek ◽  
◽  
Martina Kuncova ◽  
Ludek Novak ◽  
Lea Nedomova ◽  
...  
Keyword(s):  
Czech Republic ◽  
Information Systems ◽  
Information Security ◽  
Slovak Republic ◽  
Security Audit ◽  
Independence Test ◽  
The Czech Republic ◽  
Security Audits ◽  
Iec 27001

Ensuring the security of information systems of companies is one of the important functions of the Corporate Informatics Department. One effective tool for building secured information systems is to audit their security. This article analyzes the results of 66 security audits in companies in the Czech Republic and the Slovak Republic during the years 2015-2018. The structure of the audit findings and their groups corresponds to the structure of ISO/IEC 27001: 20013. Using the data, we have formulated two hypotheses. The first hypothesis was about the dependence of the audit results on the size of the company; the second hypothesis examined the dependence of the audit results on the year of its performance. We used Pearson’s chisquare independence test to verify these hypotheses. We have grouped the detailed audit results to provide clear proof. Based on the achieved results, we can say that the analyzed audit results showed the dependence of the audit results on the size of the company as well as on the year the audit was performed. The discussion then explains the reasons for the identified dependencies.

scholarly journals Analysis of Power Network Behavior Security Analysis Technology

2018 ◽  
Vol 246 ◽  
pp. 03017
Author(s):  
Kai Fan ◽  
Hang Yang ◽  
Aidong Xu
Keyword(s):  
Information Technology ◽  
Information System ◽  
Information Systems ◽  
Information Security ◽  
Power Systems ◽  
Power System ◽  
Rapid Development ◽  
Social Needs ◽  
Power Network ◽  
Network Information

Nowadays, with the rapid development of science and technology, network information technology is widely applied to various enterprise departments. In order to meet the increasing social needs, power companies have also built power network information systems. The establishment of the network information system has been put into use, which has greatly improved the efficiency of the power enterprise. However, the security risks of network information systems have followed. Once the network is damaged by the attack, it will cause the power system to fail to operate normally, which will inevitably cause significant losses. Power system information security issues threaten the security of the power system and the entire power industry. Studying the information security of power systems, how to protect the power information network from threats, how to ensure the safe and stable supply of electricity to the whole society, and striving to develop a safe and effective power network information system is an important issue facing the development of information technology.

Assessing the Information Security Awareness of Employees in PT ABC Against International Organization for Standardization (ISO) 27001:2013

2020 ◽  
Vol 17 (2) ◽  
pp. 1441-1446
Author(s):  
Risma Lukitowati ◽  
Kalamullah Ramli
Keyword(s):  
Information Security ◽  
International Organization ◽  
International Electrotechnical Commission ◽  
Security Awareness ◽  
Information Security Awareness ◽  
International Organization For Standardization ◽  
Information Security Management System ◽  
Information Assets ◽  
Iec 27001 ◽  
Iso 27001

The main purpose of information security is maintaining information assets that are owned by an organization, such as confidentiality, integrity, and availability (known as CIA). In maintaining information assets, a company usually manages information security by making and implementing an Information Security Management System (ISMS) policy. A widely used and applied ISMS policy in Indonesia is ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission). Indonesian telecommunications company PT ABC has implemented the ISO/IEC 27001:2013 standards and procedures. The company conducts an audit once a year to maintain the level of compliance with ISO/IEC 27001:2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of the company’s information security. This research focused on assessing how much information security awareness exists within PT ABC. Questionnaires were distributed in two departments of the company: supply chain management and service delivery of the Jakarta operations network. This research also examined company documents and surveillance audits in 2018. The employees were grouped based on their length of employment. The results of the questionnaires, with an error margin of 6%, were further compared with the results of the surveillance audit. Our data show that most employees who have worked at the company for more than six years understood and implemented ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked at the company for just one to two years.

Sign in / Sign up

Export Citation Format

Share Document