Assessment and Mitigation of Information Security Policy in Budgeting System using KAMI Index 4.1

Assessment and Mitigation of Information Security Policy in Budgeting System using KAMI Index 4.1

Authors

  • Tawar Universitas Ahmad Dahlan
  • Imam Riadi Universitas Ahmad Dahlan
  • Adiniah Gustika Pratiwi Universitas Ahmad Dahlan
  • Ariqah Adliana Siregar Universitas Ahmad Dahlan

DOI:

https://doi.org/10.56741/jnest.v1i01.57

Keywords:

assessment, information, KAMI index, security, charity institution

Abstract

This Threats to information resources require information security management policies in every agency. The Information Security Index (KAMI Index) is one of the methods developed by the Ministry of Communication and Information Technology, used to evaluate the maturity level, completeness of ISO/IEC 27001:2013 implementation and information security readyness. As a national zakat institution, XYZ Organization has utilized information technology in several systems, including the budgeting system. However, the information security index has never been measured. This condition may result in the risk of threats to information security, so it is necessary to measure. The Budgeting System needs to be measured using KAMI Index 4.1. The assessment criteria are carried out on seven categories to know how the quality of the information security policy is. The results of this assessment, XYZ organization gets an electronic system score is 17, governance 75, risk management 30, framework 31, asset management 37, ICT 38, securing third party involvement 40%, service security 20%, personal data protection 27% so the total score of 5 categories is 211 or at level I+ to II. This organization has started implement the framework at early stage and has not met the initial requirements for ISO/IEC 27001:2013 certification.

Downloads

Download data is not yet available.

Author Biographies

Tawar, Universitas Ahmad Dahlan

Tawar is an alumni of the Gadjah Mada University Computer Science Study Program, both undergraduate and postgraduate. Currently working as a lecturer at the Information Systems Department of Ahmad Dahlan University, Indonesia. He previously served as Head of the Bureau of Information and Communication systems (2008–2020). Currently, he is the Head of Data and Information Center Development. He has research interests in e-governance and information technology governance.

Imam Riadi, Universitas Ahmad Dahlan

Dr. Imam Riadi is an alumnus of Electrical Engineering Education, Yogyakarta State University for undergraduate degree, and Computer Science, Gadjah Mada University for master and doctorate degree. Currently working as a lecturer at the Information Systems Study Program and Masters in Informatics, Ahmad Dahlan University, Yogyakarta, Indonesia.

Adiniah Gustika Pratiwi, Universitas Ahmad Dahlan

Adiniah Gustika Pratiwi was born in Metro, Lampung on August 26, 2000. She is a 2018 student at the Information Systems Department, Ahmad Dahlan University. He has also attended an internship program at Technophoria Indonesia.

Ariqah Adliana Siregar, Universitas Ahmad Dahlan

Ariqah Adliana Siregar was born in Medan May 12, 2000. She is a 2018 student majoring in Information Systems, Ahmad Dahlan University. He was a member of the Student Executive Board of the Faculty of Applied Science and Technology. He has also participated in an internship at the SI-UAD Expression Room.

References

E. R. Pratama, Suprapto, and A. R. Perdanakusuma, “Evaluasi Tata Kelola Sistem Keamanan Teknologi Informasi Menggunakan Indeks KAMI dan ISO 27001: Studi Kasus KOMINFO Provinsi Jawa Timur,” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 2, no. 11, pp. 5911–5920, 2018.

T. Effendy et al., “Evaluasi Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Kami) Pada Kantor Wilayah Kementerian Hukum Dan Ham Diy,” vol. 3, no. 1, pp. 1–6, 2020.

B. Sutara, “Pengukuran Keamanan Informasi PDAM Titra Medal Menggunakan Indeks KAMI Untuk Analisis Tingkat Kematangan Keamanan Informasi,” vol. 17, no. 2, pp. 34–41, 2018.

Yustanti, W. Rahadian, B. Anita, Q. Prihanto, and Agus, “Analisis Tingkat Kesiapan Dan Kematangan Implementasi Iso 27001 : 2013 Menggunakan Indeks Keamanan Informasi 3 : 2015 Pada UPT PPTI Universitas Negeri Surabaya” Informatika, vol 5, no. 4, pp. 1602–1613, 2016.

M. R. Slamet, F. Wulandari, and D. Amalia, “Penilaian Pengamanan Teknologi Pada Sistem Pembelajaran Elektronik Menggunakan Indeks Keamanan Informasi Di Politeknik Negeri Batam,” Journal of Applied Business Administration, vol. 3, no. 1, pp. 162–171, 2019, doi: 10.30871/jaba.v3i1.1305.

W. W. W. S. Haries Anom Suseyto Aji Nugroho, “Metode Silogisme and Untuk Validitas Jawaban Dari Responden Dalam Analisis Maturity Level Keamanan Informasi Berbasis Sni Iso 27001:2013 Pada Dinas Kependudukan Dan Pencatatan Sipil Kota Xyz,” Jurnal Transformasi, vol. 14, no. 2, 2019.

J. F. Andry and A. K. Setiawan, “It Governance Evaluation Using Cobit 5 Framework on the National Library,” Jurnal Sistem Informasi, vol. 15, no. 1, pp. 10–17, 2019, doi: 10.21609/jsi.v15i1.790.

Y. Sekhara, H. Medromi, and H. Nahla, “Multi Agent Decision system for the IT Governance Platform,” vol. 15, no. 5, pp. 290–306, 2017.

A. R. Riswaya, A. Sasongko, and A. Maulana, “Evaluasi Tata Kelola Keamanan Teknologi Informasi Menggunakan Indeks Kami Untuk Persiapan Standar Sni Iso/Iec 27001 (Studi Kasus: Stmik Mardira Indonesia),” Jurnal Computech & Bisnis, Vol. 14, No. 1, Juni 2020, 10-18 ISSN (print): 1978-9629, ISSN (online): 2442-4943, vol. 14, no. 1, pp. 10–18, 2020.

N. A. Widodo and and A. F. R. , R. Rizal Isnanto, “Perencanaan Dan Implementasi Sistem Manajemen Keamanan Informasi Berdasarkan Standar ISO/IEC 27001:2005 (Studi Kasus Pada Sebuah Bank Swasta Nasional),” vol. 4, no. 1, pp. 60–66, 2016.

N. E. Wowor et al., “Analisa Keamanan Informasi Pemerintah Kota Manado Menggunakan Indeks Kami,” Jurnal Teknik Informatika, vol. 13, no. 3, pp. 1–10, 2018, doi: 10.35793/jti.13.3.2018.28081.

T. Hartati, “Perencanaan Sistem Manajemen Keamanan Informasi Bidang Akademik Menggunakan ISO 27001: 2013,” KOPERTIP : Jurnal Ilmiah Manajemen Informatika dan Komputer, vol. 1, no. 2, pp. 63–70, 2017, doi: 10.32485/kopertip.v1i02.24.

F. Febrianto and D. I. Sensuse, “Evaluasi keamanan informasi menggunakan ISO / IEC 27002 : studi kasus pada Stimik Tunas Bangsa Banjarnegara,” Infokam, vol. 2, no. 2013, pp. 21–27, 2017.

F. R. Industri and U. Telkom, “1 ) Pendahuluan,” vol. 8, no. 2, pp. 2663–2677, 2021.

N. Matondang, I. N. Isnainiyah, and A. Muliawatic, “Analisis Manajemen Risiko Keamanan Data Sistem Informasi (Studi Kasus: RSUD XYZ),” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 2, no. 1, pp. 282–287, 2018, doi: 10.29207/resti.v2i1.96.

W. Apriandari and A. Sasongko, “Analisis Sistem Manajemen Keamanan Informasi Menggunakan Sni Iso / Iec 27001 : 2013 Pada Pemerintahan Daerah Kota Sukabumi ( Studi Kasus : Di Diskominfo Kota Sukabumi ),” Ilmiah SANTIKA, vol. 8, no. 1, pp. 715–729, 2018.

R. Adi, P. Pratama, R. Sengkey, and C. Punusingon, “Analisis Keamanan Informasi Pemerintah Kabupaten Minahasa Tenggara Menggunakan Indeks KAMI,” vol. 15, no. 3, pp. 189–198, 2020.

B. A. Firzah, “Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Kami) Berdasarkan Iso / Iec 27001 : 2013 Pada Direktorat Pengembangan Teknologi Dan Sistem Informasi ( Dptsi ) Its Surabaya Evaluating Information Security Management Using Ind,” vol. 6, no. 1, 2017.

H. Hambali and P. Musa, “Analysis of Governance Security Management Information System Using Index Kami in Central Government Institution,” Angkasa: Jurnal Ilmiah Bidang Teknologi, vol. 12, no. 1, 2020, doi: 10.28989/angkasa.v12i1.563.

M. Bakri and N. Irmayana, “Analisis Dan Penerapan Sistem Manajemen Keamanan Informasi Simhp Bpkp Menggunakan Standar Iso 27001,” Jurnal Tekno Kompak, vol. 11, no. 2, p. 41, 2017, doi: 10.33365/jtk.v11i2.162.

M. Lenawati, W. W. Winarno, and A. Amborowati, “Tata Kelola Keamanan Informasi pada PDAM Menggunakan ISO/IEC 27001:2013 dan COBIT 5,” Sentra Penelitian Engineering dan Edukasi, vol. 9, no. 1, pp. 44–49, 2017.

Y. C. Pradipta, Y. Rahardja, M. N. N. Sitokdana, U. Kristen, and S. Wacana, “Teknologi Informasi Dan Komunikasi Penerbangan Dan Antariksa ( Pustikpan ) Menggunakan Sni Iso / Iec 27001 : 2013,” pp. 352–358, 2013.

W. C. Pamungkas and F. T. Saputra, “Evaluasi Keamanan Informasi Pada SMA N 1 Sentolo Berdasarkan Indeks Keamanan Informasi (KAMI) ISO/IEC 27001:2013,” Jurnal Sistem Komputer dan Informatika (JSON), vol. 1, no. 2, p. 101, 2020, doi: 10.30865/json.v1i2.1924.

Aucla, “No TitleΕΛΕΝΗ,” Αγαη, vol. 8, no. 5, p. 55, 2019.

BSSN, “Indeks Keamanan Informasi (Kami),” Badan Siber dan Sandi Negara (BSSN), no. November, 2019.

Downloads

Published

2022-08-03

How to Cite

Tawar, Imam Riadi, Adiniah Gustika Pratiwi, & Ariqah Adliana Siregar. (2022). Assessment and Mitigation of Information Security Policy in Budgeting System using KAMI Index 4.1. Journal of Novel Engineering Science and Technology, 1(01), 24–29. https://doi.org/10.56741/jnest.v1i01.57

Issue

Vol. 1 No. 01 (2022): Journal of Novel Engineering Science and Technology

Section

Articles

Categories

License

Copyright (c) 2022 Journal of Novel Engineering Science and Technology

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC

Plaudit