Audit Keamanan Sistem Informasi Manajemen Akademik dan Kemahasiswaan Menggunakan SNI ISO/IEC 27001:2013

Studi Kasus STMIK Mardira Indonesia

Authors

  • Heri Wahyudi STMIK Mardira Indonesia, Bandung
  • Arief Zulianto Universitas Langlangbuana, Bandung
  • Asep Maulana Universitas Langlangbuana, Bandung

Keywords:

IT services, SNI ISO/IEC 27001: 2013, Audit, Information security

Abstract

Observation of SIMAK that in the process of operating the system is still experiencing obstacles such as data leakage which results in impaired agency performance, insufficient security and control to anticipate forms of fraud and illegal actions that result in large losses for information owners and uncontrolled access rights, so that a system the information used must have a guaranteed level of information security, including database security, hardware, software and human resources. Based on observations in SIMAK, the authors conclude to audit SIMAK so that they are documented and obtain audit evidence and evaluate it objectively. From the results of comparisons with other methods, the authors chose the ISO 27001: 2013 SNI standard as a standard for auditing the security of an information system and used as a reference to produce documents (findings and recommendations) which are the results of the SIMAK information system security audit at STMIK Mardira Indonesia. From the results of the study it was identified that the clause used was, Clause 5: Security Policy, the current SIMAK security policy is still not appropriate, Clause 7: Asset Management is still not appropriate to achieve and maintain appropriate protection of organizational assets due to the absence of a policy letter regarding asset management, Clause 9: Access Control so that there is no misuse of access rights and there are procedures for controlling access rights, Clause 15: Compliance has not been adjusted to the applicable academic regulations, and the time has been scheduled on the educational calendar is also the legal aspect of the software used.

Author Biographies

Heri Wahyudi, STMIK Mardira Indonesia, Bandung

 

 

Arief Zulianto, Universitas Langlangbuana, Bandung

 

 

Asep Maulana, Universitas Langlangbuana, Bandung

 

 

Downloads

Published

15.06.2020

How to Cite

Wahyudi, H., Zulianto, A., & Maulana, A. (2020). Audit Keamanan Sistem Informasi Manajemen Akademik dan Kemahasiswaan Menggunakan SNI ISO/IEC 27001:2013 : Studi Kasus STMIK Mardira Indonesia. Jurnal Computech &Amp; Bisnis (e-Journal), 14(1), 40–46. Retrieved from https://jurnal.stmik-mi.ac.id/index.php/jcb/article/view/88

Issue

Vol. 14 No. 1 (2020): Jurnal Computech & Bisnis (e-Journal)

Section

Articles

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright

The copyright by authors, because basically the author is the copyright holder and does not require a copyright transfer agreement. The authors retain the copyright and full publishing rights without restrictions.

Licensing by

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.