Analisis kesenjangan sistem manajemen keamanan informasi (SMKI) sebagai persiapan sertifikasi ISO/IEC 27001:2013 pada institusi pemerintah
DOI:
https://doi.org/10.26594/teknologi.v11i1.2152Abstract
The Madiun City Communication and Informatics Service (Diskominfo) is a government institution that has the responsibility for managing information and communication technology in the Madiun city government. As a government institution to serving and providing information to the public, Diskominfo Madiun City is vulnerable to information security threats that can hinder its performance. Information Security Management System ISO / IEC 2701: 2013 is a system that expected to be able to provide effectiveness and efficiency of information security management at Diskominfo Madiun city. This research aims to determine the current conditions and how the readiness of Diskominfo Madiun City to achieve ISO/IEC 27001:2013 certification. From the results of the gap analysis, it can be seen that the percentage of readiness of Diskominfo Madiun City is 71%, with a readiness range between 19% - 100%. The highest level of readiness is 100% on the requirements of clause 4 concerning the organizational context and clause 10 concerning improvements, where all information security requirements have been met. While the lowest readiness percentage is 19% which is shown in the requirements of clause 6 regarding planning. The gap analysis method is used to determine how far the ISO/IEC 27001:2013 requirements are fulfilled. The results of the gap analysis show the extent of the readiness of Diskominfo Madiun City to carry out ISO/IEC 27001:2013 certification. The results of the research indicate that Diskominfo Madiun City must improve its readiness for ISO/IEC 27001:2013 certification by fulfill the requirements of the required information security documents based on ISO/IEC 27001:2013 standards.References
Apriandari, W., & Sasongko, A. (2018). Analisis Sistem Manajemen Keamanan Informasi Menggunakan SNI ISO/IEC 27001:2013 pada Pemerintahan Daerah Kota Sukabumi (Studi Kasus: Di Diskominfo Kota Sukabumi). Santika: Jurnal Ilmiah Sains dan Teknologi, 8(1), 715-729.
Basyarahil, F. A., Astuti, H. M., & Hidayanto, B. C. (2017). Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (KAMI) Berdasarkan ISO/IEC 27001:2013 pada Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) ITS Surabaya. Jurnal Teknik ITS, 6(1).
Fauzi, R. (2018). Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002. JTERA (Jurnal Teknologi Rekayasa), 3(2), . 3, No. 2, Desember 2018, Hal. 145-156.
Hartati, T. (2017). Perencanaan Sistem Manajemen Keamanan Informasi Bidang Akademik Menggunakan ISO 27001:2013. Jurnal Ilmiah Manajemen Informatika dan Komputer, 63-70.
Hassanzadeh, M., Jahangiri, N., & Brewster, B. (2014). A Conceptual Framework for Information Security Awareness, Assessment, and Training. In B. Akhgar, & H. R. Arabnia (Eds.), Emerging Trends in ICT Security (pp. 99-110). Morgan Kaufmann.
ISO. (2013). ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. ISO. Retrieved from https://www.iso.org/standard/54534.html
SNI ISO/IEC27005:2013 (Studi Kasus DPTSI-ITS). CSRID (Computer Science Research and Its Development Journal), 10(1), 56-67.
Maulana, M. M. (2019). Audit Keamanan Sistem Informasi pada Dinas Komunikasi dan Informatika Kabupaten Bogor Menggunakan Standar ISO/IEC 27001: 2013 dan COBIT 5. Jakarta: Universitas Islam Negeri Syarif Hidayatullah.
Muchsam, Y., & Saputro, F. F. (2011). Penerpaan Gap Analysis pada Pengembangan Sistem Pendukung Keputusan Penilaian Kinerja Karyawan (Studi Kasus PT. XYZ). Seminar Nasional Aplikasi Teknologi Informasi 2011 (SNATI 2011). Yogyakarta: Universitas Islam Indonesia.
Nasser, A. A. (2017). Information security gap analysis based on ISO 27001: 2013 standard: A case study of the Yemeni Academy for Graduate Studies, Sana'a, Yemen. International Journal of Scientific Research in Multidisciplinary Studies, 3(11), 4-13.
Octariza, N. F. (2019). Analisis Sistem Manajemen Keamanan Informasi Menggunakan Standar ISO/IEC 27001 dan ISO/IEC 27002 pada Kantor Pusat PT. Jasa Marga. Jakarta: Universitas Islam Negeri Syarif Hidayatullah.
Pratiwi, W. A. (2019). Perencanaan Sistem Manajemen Keamanan Informasi Berdasarkan Standar ISO 27001:2013 pada Kominfo Provinsi Jawa Timur. Surabaya: Institut Bisnis dan Informatika STIKOM Surabaya.
Putra, A. A., Nurhayati, O. D., & Windasari, I. P. (2016). Perencanaan dan Implementasi Informations Security Management System Menggunakan Framework ISO/IEC 20071. Jurnal Teknologi dan Sistem Komputer, 4(1), 60-66.
Ritzkal, R., Goeritno, A., & Hendrawan, A. H. (2016). Implementasi ISO/IEC 27001:2013 Untuk Sistem Manajemen Keamanan Informasi (SMKI) PADA Fakultas Teknik UIKA-Bogor. Prosiding Semnastek (Seminar Nasional Sains dan Teknologi). Jakarta: Universitas Muhammadiyah Jakarta.
Rosmiati, R., & Riadi, I. (2016). Analisis Keamanan Informasi Berdasarkan Kebutuhan Teknikal dan Operasional Mengkombinasikan Standar Iso 27001:2005 dengan Maturity Level (Studi Kasus Kantor Biro Teknologi Informasi PT. XYZ). Seminar Nasional Teknologi Informasi dan Multimedia 2016. Yogyakarta: STMIK AMIKOM Yogyakarta.
Sarno, R., & Iffano, I. (2009). Sistem Manajemen Keamanan Informasi. Surabaya: ITS Press.
Whitman, M. E., & Mattord, H. J. (2012). Principles of Information Security. Boston: Course Technology, Cengage Learning.
Downloads
Additional Files
Published
Issue
Section
License
Please find the rights and licenses in Teknologi: Jurnal Ilmiah Sistem Informasi. By submitting the article/manuscript of the article, the author(s) agree with this policy. No specific document sign-off is required.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
2. Author(s)' Warranties
The author warrants that the article is original, written by stated author(s), has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author(s).
3. User/Public Rights
Register's spirit is to disseminate articles published are as free as possible. Under the Creative Commons license, Register permits users to copy, distribute, display, and perform the work for non-commercial purposes only. Users will also need to attribute authors and Register on distributing works in the journal and other media of publications. Unless otherwise stated, the authors are public entities as soon as their articles got published.
4. Rights of Authors
Authors retain all their rights to the published works, such as (but not limited to) the following rights;
Copyright and other proprietary rights relating to the article, such as patent rights,
The right to use the substance of the article in own future works, including lectures and books,
The right to reproduce the article for own purposes,
The right to self-archive the article (please read out deposit policy),
The right to enter into separate, additional contractual arrangements for the non-exclusive distribution of the article's published version (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal (Register: Jurnal Ilmiah Teknologi Sistem Informasi).
5. Co-Authorship
If the article was jointly prepared by more than one author, any authors submitting the manuscript warrants that he/she has been authorized by all co-authors to be agreed on this copyright and license notice (agreement) on their behalf, and agrees to inform his/her co-authors of the terms of this policy. Register will not be held liable for anything that may arise due to the author(s) internal dispute. Register will only communicate with the corresponding author.
6. Royalties
Being an open accessed journal and disseminating articles for free under the Creative Commons license term mentioned, author(s) aware that Register entitles the author(s) to no royalties or other fees.
7. Miscellaneous
Register will publish the article (or have it published) in the journal if the article’s editorial process is successfully completed. Register's editors may modify the article to a style of punctuation, spelling, capitalization, referencing and usage that deems appropriate. The author acknowledges that the article may be published so that it will be publicly accessible and such access will be free of charge for the readers as mentioned in point 3.