AUDIT KEAMANAN SISTEM INFORMASI MANAJEMEN AKADEMIK DAN KEMAHASISWAAN MENGGUNAKAN SNI ISO/IEC 27001:2013 (Studi Kasus STMIK Mardira Indonesia)

Heri Wahyudi, Arief Zulianto, Asep Maulana

Abstract


Observation of SIMAK that in the process of operating the system is still experiencing obstacles such as data leakage which results in impaired agency performance, insufficient security and control to anticipate forms of fraud and illegal actions that result in large losses for information owners and uncontrolled access rights, so that a system the information used must have a guaranteed level of information security, including database security, hardware, software and human resources.

Based on observations in SIMAK, the authors conclude to audit SIMAK so that they are documented and obtain audit evidence and evaluate it objectively. From the results of comparisons with other methods, the authors chose the ISO 27001: 2013 SNI standard as a standard for auditing the security of an information system and used as a reference to produce documents (findings and recommendations) which are the results of the SIMAK information system security audit at STMIK Mardira Indonesia.

From the results of the study it was identified that the clause used was, Clause 5: Security Policy, the current SIMAK security policy is still not appropriate, Clause 7: Asset Management is still not appropriate to achieve and maintain appropriate protection of organizational assets due to the absence of a policy letter regarding asset management, Clause 9: Access Control so that there is no misuse of access rights and there are procedures for controlling access rights, Clause 15: Compliance has not been adjusted to the applicable academic regulations, and the time has been scheduled on the educational calendar is also the legal aspect of the software used.

 

Keyword : IT services, SNI ISO/IEC 27001: 2013, SIMAK, Audit, Information security


DOI : http://doi.org/10.5281/zenodo.3929072


Full Text:

PDF

References


J. Long “List of ITIL Processes,” SpringerBriefs in Computer Science, 2012.

R. Rizaldi, “Audit Tata Kelola Teknologi Informasi Menggunakan Framework Cobit 5 (Studi Kasus: Pt.indocom Tambak Udang Lampung),” Jan. 2019.

Priandono, Anjar. “Comparison between COBIT, ITIL and ISO27001.”

IT Governance Institute, “COBIT 4.1,” Illinois : IT Governance Institute, 2007.

Sarno, Riyanarto. “Audit Sistem & Teknologi Informasi,” Surabaya : itspress, 2009.

Sarno, R. “Iffano, Sistem Manajemen Keamanan Informasi,” Surabaya, 2009.

Hutahaean, Jeperson. “Konsep Sistem Informasi,” Yogyakarta: Deepublish, 2014.

Jogiyanto, H.M 2005. “Analisis dan Desain Sistem Informasi,” Edisi ketiga, Cetakan pertama, Andi Offset, Yogyakarta.

Catur Daya Solusi, “Upgrading ISO 27001:2005 ke ISO 27001:2013,” 9 Maret 2015. [Online]. Available: http://caturdayasolusi.com/upgrading-iso-270012005-ke-iso-270012013/.[7] A. M. Wibowo, ISO 27001 Informations Security Management Systems, 2005.

IAS. 2013. ISO 27001 : 2013 Compliance Checklist ISO 27001 : 2013 Compliance Checklist.

ISACA. A Business Framework for the Governance and Management of Enterprise IT. United States of America: ISACA, 2012

Carcary, M. 2012. IT Risk Management : A Capability Maturity Model Perspective. Electronic Journal Information Systems Evaluation, 16(3), 3–13. Retrieved from www.ejise.com

Ikhsan, M., & Suwawi, D. D. J. (2016). Audit Keamanan Sistem Informasi Akademik Sekolah Tinggi Farmasi Bandung Berbasis Risiko Dengan Menggunakan Standar Iso 27001. eProceedings of Engineering, 3(3). Farmasi Bandung Berbasis Risiko Dengan Menggunakan Standar Iso 27001:2009

Bless, Y. C., Sasmita, G. M. A., & Cahyawan, A. K. A. (2014). Audit Keamanan SIMAK Berdasarkan ISO 27002 (Studi Kasus: FE UNUD). Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi).

Winanti, M. B., & Dzulhan, I. (2018). Audit Keamanan Sistem Informasi Akademik Dengan Kerangka Kerja ISO 27001 Di Program Studi Sistem Informasi Unikom. Majalah Ilmiah Unikom, 16(2), 1-12.

Afandi, H., & Darmawan, A. (2017). Audit Kemanan Informasi Menggunakan Iso 27002 Pada Data Center Pt. Gigipatra Multimedia. Jurnal Teknologi Informasi Magister, 1(02), 175-191.

Satyareni, D. H., & Mahanani, F. (2014, June). Audit Sistem Informasi Akademik Perguruan Tinggi (PT) XYZ Menggunakan Kerangka Kerja COBIT 4.1. In Seminar Nasional Aplikasi Teknologi Informasi (SNATI) (Vol. 1, No. 1).

Azizah, N. (2017). Audit Sistem Informasi Menggunakan Framework COBIT 4.1 Pada E-Learning UNISNU Jepara. Simetris: Jurnal Teknik Mesin, Elektro dan Ilmu Komputer, 8(1), 377-382.

Fitrianah, D., & Sucahyo, Y. G. (2008). Audit Sistem Informasi/Teknologi Informasi dengan kerangka kerja COBIT untuk evaluasi manajemen teknologi informasi di Universitas XYZ. Jurnal Sistem Informasi, 4(1), 37-46.

Purba, A. D., Purnawan, I. K. A., & Pratama, I. P. A. E. (2018). Audit Keamanan TI Menggunakan Standar ISO/IEC 27002 dengan COBIT 5. Jurnal Ilmiah Merpati (Menara Penelitian Akademika Teknologi Informasi), 148-158.

Sukmajaya, I. B., & Andry, J. F. (2017, November). Audit Sistem Informasi Pada Aplikasi Accurate Menggunakan Model Cobit Framework 4.1 (Studi Kasus: Pt. Setia Jaya Teknologi). In Prosiding Seminar Nasional Teknoka (Vol. 2, pp. I42-I51).

Ramdhany, T., & Asikin, M. D. (2018). AUDIT SISTEM INFORMASI APLIKASI STARCLICK MENGGUNAKAN FRAMEWORK COBIT 4.1 DOMAIN DELIVER AND SUPPORT DI PT. TELEKOMUNIKASI REGIONAL III JAWA BARAT. Jurnal Komputer Bisnis, 11(1), 33-39.

Gunawan, R., & Tjahjadi, D. (2018). AUDIT SISTEM INFORMASI AKADEMIK BERBASIS WEB MENGGUNAKAN FRAMEWORK COBIT 5.0 PADA DOMAIN APO13 DAN DSS05 (Studi Kasus: SIAT STMIK ROSMA KARAWANG). Jurnal Interkom, 13(3).


Refbacks

  • There are currently no refbacks.


Copyright (c) 2020

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.