Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

*Yuni Cintia Yuze -  Universitas Telkom, Indonesia
Yudi Priyadi -  Universitas Telkom, Indonesia
Candiwan Candiwan -  Universitas Telkom, Indonesia
Received: 8 Jun 2016; Published: 30 Nov 2016.
Open Access
Citation Format:
Article Info
Section: Research Articles
Language: IND
Full Text:
Statistics: 2055 2486
Abstract

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Keywords
Analysis Information Security; ISO/IEC 27001 : 2013; Maturity Level; SSE-CMM; CD/DFD

Article Metrics:

  1. Darmawan, Deni dan Fauzi, Kunkun Nur, 2013. Sistem Informasi Manajemen. Remaja Rosdakarya, Bandung.
  2. DataLossDB, 2015. Stastistics. Website : http://datalossdb.org/ statistics. Diakses tanggal 14 Oktober 2015.
  3. Fatta, Hanif Al, 2007. Analisis dan Perancangan Sitem Informasi untuk Keunggulan Bersaing Perusahaan dan Organisasi Modern. Andi, Yogyakarta.
  4. International Standard Organization, 2005. ISO/IEC 27002 Information Technology, Code of prectice for information security management. International Standard Organization, Switzerland.
  5. International Standard Organization. 2013. ISO/IEC 27001 Information Technology, Security Techniques - Information Security Management System-Requierements. International Standard Organization, Switzerland.
  6. Laudon, Kenneth C., and Laudon, Jane P., 2007. Sistem Informasi Manajemen Mengelola Perusahaan Digital. Salemba Empat, Jakarta.
  7. Sugiyono, 2014. Metode Penelitian Kuantitatif Kualitatif dan R&D. Alfabeta, Bandung.
  8. Susanto, H., Almunawar, Mohammad, N., dan Tuan, Yong Chee. 2011. Information Security Management System Standards : A Comparative Study of The Big Five. Retrieved from International Journal of Electrical & Computer Sciences IJECS-IJENS, 11(5), 21-27.
  9. Sutabri, Tata. 2012. Konsep Sistem Informasi. Andi, Yogyakarta.
  10. Verizon. 2014. 2014 Data Breach Invetigations Report. Verizon, United States.