Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

https://doi.org/10.22146/ijitee.65670

Andeka Rocky Tanaamah(1), Friska Juliana Indira(2*)

(1) Satya Wacana Christian University
(2) Satya Wacana Christian University
(*) Corresponding Author

Abstract


IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

Keywords


Information Technology;Information System;Information Security Management;ISO/IEC 27001:2013

Full Text:

PDF


References

G. Disterer, “ISO/IEC 27000, 27001, and 27002 for Information Security Management,” Journal of Information Security, Vol. 4, No. 2, pp. 92-100, Apr. 2013.

Information Technology - Security Techniques - Code Practices for Information Security Management, International Standard ISO/IEC 17799:2005, 2005.

G. Pavlov and J. Karakaneva, “Information Security Management System in Organization,” Trakia Journal Sciences, Vol. 9, No. 4, pp. 20-25, 2011.

A. Gillies, “Improving the Quality of Information Security Management Systems with ISO 27000,” The TQM Journal, Vol. 23, No. 4, pp. 367-376, 2011.

S. Al-Dhahri, M. Al-Sarti, and A.A. Aziz, “Information Security Management System,” International Journal of Computer Applications, Vol. 158, No. 7, pp. 29-33, Jan. 2017.

(2021) BTSI UKSW. [Online], https://btsi.uksw.edu/pages/sekilas-btsi, access date: Jan. 30, 2021.

A.A. Nasser, “Information Security Gap Analysis based on ISO 27001: 2013 Standard: A Case Study of the Yemeni Academy for Graduate Studies, Sana'a, Yemen,” International Journal of Scientific Research in Multidisciplinary Studies, Vol. 3, No. 11, pp. 4-13, Dec. 2017.

D. Rutanaji, S.S. Kusumawardani, and W.W. Winarno, “Penggunaan Kerangka Kerja SNI ISO/IEC 27001:2013 untuk Implementasi Tata Kelola Keamanan Informasi Arsip Digital Pemerintah Berbasis Komputasi Awan (Arsip Nasional RI),” Prosiding Seminar Nasional GEOTIK, 2018, pp. 131-140.

Y. Darmawan and A.F. Wijaya, “Analisis Sistem Manajemen Keamanan Informasi pada Perguruan Tinggi Menggunakan ISO 27001:2013,” Seminar Nasional Sistem Informasi Indonesia, 2017, pp. 285-286.

F. Mauladani and D.O. Siahaan, “Perancangan SMKI Berdasarkan SNI ISO/IEC27001:2013 dan SNI ISO/IEC 27005:2013 (Studi Kasus DPTSI-ITS),” Computer Science Research and Its Development Journal, Vol. 10, No. 1, pp. 56-67, Feb. 2018.

P.G. Anarkhi, A.H.N. Ali, and I. Kurnia, “Penyusunan Perangkat Audit Keamanan Informasi Aplikasi Berbasis Web Menggunakan ISO/IEC 27001 Klausul Kendali Akses,” Jurnal Teknik POMITS, Vol. 1, No. 1, pp. 1-5, 2013.

Information Technology - Security Techniques - Information Security Management Systems - Requirements, International Standard ISO/IEC 27001:2013, 2013.

ISACA Germany Chapter, Implementation Guideline ISO/IEC 27001:2013: A Practical Guideline for Implementing an ISMS in accordance with the International Standard ISO/IEC 27001:2013. Berlin, Germany: ISACA Germany Chapter e.V., 2016.

D.I. Sensuse, A. Syahrizal, F. Aditya, and M. Nazri, “Information Security Risk Management Planning of Digital Certificate Management Case Study: Balai Sertifikasi Elektronik,” Fifth International Conference on Informatics and Computing (ICIC), 2020, pp. 1-7.



DOI: https://doi.org/10.22146/ijitee.65670

Article Metrics

Abstract views : 2455 | views : 1190

Refbacks

  • There are currently no refbacks.




Copyright (c) 2021 IJITEE (International Journal of Information Technology and Electrical Engineering)

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

ISSN  : 2550-0554 (online)

Contact :

Department of Electrical engineering and Information Technology, Faculty of Engineering
Universitas Gadjah Mada

Jl. Grafika No 2 Kampus UGM Yogyakarta

+62 (274) 552305

Email : ijitee.ft@ugm.ac.id

----------------------------------------------------------------------------