Analisis kesenjangan sistem manajemen keamanan informasi (SMKI) sebagai persiapan sertifikasi ISO/IEC 27001:2013 pada institusi pemerintah

Authors

DOI:

https://doi.org/10.26594/teknologi.v11i1.2152

Abstract

The Madiun City Communication and Informatics Service (Diskominfo) is a government institution that has the responsibility for managing information and communication technology in the Madiun city government. As a government institution to serving and providing information to the public, Diskominfo Madiun City is vulnerable to information security threats that can hinder its performance. Information Security Management System ISO / IEC 2701: 2013 is a system that expected to be able to provide effectiveness and efficiency of information security management at Diskominfo Madiun city. This research aims to determine the current conditions and how the readiness of Diskominfo Madiun City to achieve ISO/IEC 27001:2013 certification. From the results of the gap analysis, it can be seen that the percentage of readiness of Diskominfo Madiun City is 71%, with a readiness range between 19% - 100%. The highest level of readiness is 100% on the requirements of clause 4 concerning the organizational context and clause 10 concerning improvements, where all information security requirements have been met. While the lowest readiness percentage is 19% which is shown in the requirements of clause 6 regarding planning. The gap analysis method is used to determine how far the ISO/IEC 27001:2013 requirements are fulfilled. The results of the gap analysis show the extent of the readiness of Diskominfo Madiun City to carry out ISO/IEC 27001:2013 certification. The results of the research indicate that Diskominfo Madiun City must improve its readiness for ISO/IEC 27001:2013 certification by fulfill the requirements of the required information security documents based on ISO/IEC 27001:2013 standards.

Author Biographies

Sitta Rif’atul Musyarofah, Universitas Negeri Surabaya

Sistem Informasi

Rahadian Bisma, Universitas Negeri Surabaya

Sistem Informasi

References

Apriandari, W., & Sasongko, A. (2018). Analisis Sistem Manajemen Keamanan Informasi Menggunakan SNI ISO/IEC 27001:2013 pada Pemerintahan Daerah Kota Sukabumi (Studi Kasus: Di Diskominfo Kota Sukabumi). Santika: Jurnal Ilmiah Sains dan Teknologi, 8(1), 715-729.

Basyarahil, F. A., Astuti, H. M., & Hidayanto, B. C. (2017). Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (KAMI) Berdasarkan ISO/IEC 27001:2013 pada Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) ITS Surabaya. Jurnal Teknik ITS, 6(1).

Fauzi, R. (2018). Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002. JTERA (Jurnal Teknologi Rekayasa), 3(2), . 3, No. 2, Desember 2018, Hal. 145-156.

Hartati, T. (2017). Perencanaan Sistem Manajemen Keamanan Informasi Bidang Akademik Menggunakan ISO 27001:2013. Jurnal Ilmiah Manajemen Informatika dan Komputer, 63-70.

Hassanzadeh, M., Jahangiri, N., & Brewster, B. (2014). A Conceptual Framework for Information Security Awareness, Assessment, and Training. In B. Akhgar, & H. R. Arabnia (Eds.), Emerging Trends in ICT Security (pp. 99-110). Morgan Kaufmann.

ISO. (2013). ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements. ISO. Retrieved from https://www.iso.org/standard/54534.html

SNI ISO/IEC27005:2013 (Studi Kasus DPTSI-ITS). CSRID (Computer Science Research and Its Development Journal), 10(1), 56-67.

Maulana, M. M. (2019). Audit Keamanan Sistem Informasi pada Dinas Komunikasi dan Informatika Kabupaten Bogor Menggunakan Standar ISO/IEC 27001: 2013 dan COBIT 5. Jakarta: Universitas Islam Negeri Syarif Hidayatullah.

Muchsam, Y., & Saputro, F. F. (2011). Penerpaan Gap Analysis pada Pengembangan Sistem Pendukung Keputusan Penilaian Kinerja Karyawan (Studi Kasus PT. XYZ). Seminar Nasional Aplikasi Teknologi Informasi 2011 (SNATI 2011). Yogyakarta: Universitas Islam Indonesia.

Nasser, A. A. (2017). Information security gap analysis based on ISO 27001: 2013 standard: A case study of the Yemeni Academy for Graduate Studies, Sana'a, Yemen. International Journal of Scientific Research in Multidisciplinary Studies, 3(11), 4-13.

Octariza, N. F. (2019). Analisis Sistem Manajemen Keamanan Informasi Menggunakan Standar ISO/IEC 27001 dan ISO/IEC 27002 pada Kantor Pusat PT. Jasa Marga. Jakarta: Universitas Islam Negeri Syarif Hidayatullah.

Pratiwi, W. A. (2019). Perencanaan Sistem Manajemen Keamanan Informasi Berdasarkan Standar ISO 27001:2013 pada Kominfo Provinsi Jawa Timur. Surabaya: Institut Bisnis dan Informatika STIKOM Surabaya.

Putra, A. A., Nurhayati, O. D., & Windasari, I. P. (2016). Perencanaan dan Implementasi Informations Security Management System Menggunakan Framework ISO/IEC 20071. Jurnal Teknologi dan Sistem Komputer, 4(1), 60-66.

Ritzkal, R., Goeritno, A., & Hendrawan, A. H. (2016). Implementasi ISO/IEC 27001:2013 Untuk Sistem Manajemen Keamanan Informasi (SMKI) PADA Fakultas Teknik UIKA-Bogor. Prosiding Semnastek (Seminar Nasional Sains dan Teknologi). Jakarta: Universitas Muhammadiyah Jakarta.

Rosmiati, R., & Riadi, I. (2016). Analisis Keamanan Informasi Berdasarkan Kebutuhan Teknikal dan Operasional Mengkombinasikan Standar Iso 27001:2005 dengan Maturity Level (Studi Kasus Kantor Biro Teknologi Informasi PT. XYZ). Seminar Nasional Teknologi Informasi dan Multimedia 2016. Yogyakarta: STMIK AMIKOM Yogyakarta.

Sarno, R., & Iffano, I. (2009). Sistem Manajemen Keamanan Informasi. Surabaya: ITS Press.

Whitman, M. E., & Mattord, H. J. (2012). Principles of Information Security. Boston: Course Technology, Cengage Learning.

Downloads

Published

2021-01-23

Issue

Section

Articles