Assessment and Mitigation of Information Security Policy in Budgeting System using KAMI Index 4.1
DOI:
https://doi.org/10.56741/jnest.v1i01.57Keywords:
assessment, information, KAMI index, security, charity institutionAbstract
This Threats to information resources require information security management policies in every agency. The Information Security Index (KAMI Index) is one of the methods developed by the Ministry of Communication and Information Technology, used to evaluate the maturity level, completeness of ISO/IEC 27001:2013 implementation and information security readyness. As a national zakat institution, XYZ Organization has utilized information technology in several systems, including the budgeting system. However, the information security index has never been measured. This condition may result in the risk of threats to information security, so it is necessary to measure. The Budgeting System needs to be measured using KAMI Index 4.1. The assessment criteria are carried out on seven categories to know how the quality of the information security policy is. The results of this assessment, XYZ organization gets an electronic system score is 17, governance 75, risk management 30, framework 31, asset management 37, ICT 38, securing third party involvement 40%, service security 20%, personal data protection 27% so the total score of 5 categories is 211 or at level I+ to II. This organization has started implement the framework at early stage and has not met the initial requirements for ISO/IEC 27001:2013 certification.
Downloads
References
E. R. Pratama, Suprapto, and A. R. Perdanakusuma, “Evaluasi Tata Kelola Sistem Keamanan Teknologi Informasi Menggunakan Indeks KAMI dan ISO 27001: Studi Kasus KOMINFO Provinsi Jawa Timur,” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 2, no. 11, pp. 5911–5920, 2018.
T. Effendy et al., “Evaluasi Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Kami) Pada Kantor Wilayah Kementerian Hukum Dan Ham Diy,” vol. 3, no. 1, pp. 1–6, 2020.
B. Sutara, “Pengukuran Keamanan Informasi PDAM Titra Medal Menggunakan Indeks KAMI Untuk Analisis Tingkat Kematangan Keamanan Informasi,” vol. 17, no. 2, pp. 34–41, 2018.
Yustanti, W. Rahadian, B. Anita, Q. Prihanto, and Agus, “Analisis Tingkat Kesiapan Dan Kematangan Implementasi Iso 27001 : 2013 Menggunakan Indeks Keamanan Informasi 3 : 2015 Pada UPT PPTI Universitas Negeri Surabaya” Informatika, vol 5, no. 4, pp. 1602–1613, 2016.
M. R. Slamet, F. Wulandari, and D. Amalia, “Penilaian Pengamanan Teknologi Pada Sistem Pembelajaran Elektronik Menggunakan Indeks Keamanan Informasi Di Politeknik Negeri Batam,” Journal of Applied Business Administration, vol. 3, no. 1, pp. 162–171, 2019, doi: 10.30871/jaba.v3i1.1305.
W. W. W. S. Haries Anom Suseyto Aji Nugroho, “Metode Silogisme and Untuk Validitas Jawaban Dari Responden Dalam Analisis Maturity Level Keamanan Informasi Berbasis Sni Iso 27001:2013 Pada Dinas Kependudukan Dan Pencatatan Sipil Kota Xyz,” Jurnal Transformasi, vol. 14, no. 2, 2019.
J. F. Andry and A. K. Setiawan, “It Governance Evaluation Using Cobit 5 Framework on the National Library,” Jurnal Sistem Informasi, vol. 15, no. 1, pp. 10–17, 2019, doi: 10.21609/jsi.v15i1.790.
Y. Sekhara, H. Medromi, and H. Nahla, “Multi Agent Decision system for the IT Governance Platform,” vol. 15, no. 5, pp. 290–306, 2017.
A. R. Riswaya, A. Sasongko, and A. Maulana, “Evaluasi Tata Kelola Keamanan Teknologi Informasi Menggunakan Indeks Kami Untuk Persiapan Standar Sni Iso/Iec 27001 (Studi Kasus: Stmik Mardira Indonesia),” Jurnal Computech & Bisnis, Vol. 14, No. 1, Juni 2020, 10-18 ISSN (print): 1978-9629, ISSN (online): 2442-4943, vol. 14, no. 1, pp. 10–18, 2020.
N. A. Widodo and and A. F. R. , R. Rizal Isnanto, “Perencanaan Dan Implementasi Sistem Manajemen Keamanan Informasi Berdasarkan Standar ISO/IEC 27001:2005 (Studi Kasus Pada Sebuah Bank Swasta Nasional),” vol. 4, no. 1, pp. 60–66, 2016.
N. E. Wowor et al., “Analisa Keamanan Informasi Pemerintah Kota Manado Menggunakan Indeks Kami,” Jurnal Teknik Informatika, vol. 13, no. 3, pp. 1–10, 2018, doi: 10.35793/jti.13.3.2018.28081.
T. Hartati, “Perencanaan Sistem Manajemen Keamanan Informasi Bidang Akademik Menggunakan ISO 27001: 2013,” KOPERTIP : Jurnal Ilmiah Manajemen Informatika dan Komputer, vol. 1, no. 2, pp. 63–70, 2017, doi: 10.32485/kopertip.v1i02.24.
F. Febrianto and D. I. Sensuse, “Evaluasi keamanan informasi menggunakan ISO / IEC 27002 : studi kasus pada Stimik Tunas Bangsa Banjarnegara,” Infokam, vol. 2, no. 2013, pp. 21–27, 2017.
F. R. Industri and U. Telkom, “1 ) Pendahuluan,” vol. 8, no. 2, pp. 2663–2677, 2021.
N. Matondang, I. N. Isnainiyah, and A. Muliawatic, “Analisis Manajemen Risiko Keamanan Data Sistem Informasi (Studi Kasus: RSUD XYZ),” Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), vol. 2, no. 1, pp. 282–287, 2018, doi: 10.29207/resti.v2i1.96.
W. Apriandari and A. Sasongko, “Analisis Sistem Manajemen Keamanan Informasi Menggunakan Sni Iso / Iec 27001 : 2013 Pada Pemerintahan Daerah Kota Sukabumi ( Studi Kasus : Di Diskominfo Kota Sukabumi ),” Ilmiah SANTIKA, vol. 8, no. 1, pp. 715–729, 2018.
R. Adi, P. Pratama, R. Sengkey, and C. Punusingon, “Analisis Keamanan Informasi Pemerintah Kabupaten Minahasa Tenggara Menggunakan Indeks KAMI,” vol. 15, no. 3, pp. 189–198, 2020.
B. A. Firzah, “Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Kami) Berdasarkan Iso / Iec 27001 : 2013 Pada Direktorat Pengembangan Teknologi Dan Sistem Informasi ( Dptsi ) Its Surabaya Evaluating Information Security Management Using Ind,” vol. 6, no. 1, 2017.
H. Hambali and P. Musa, “Analysis of Governance Security Management Information System Using Index Kami in Central Government Institution,” Angkasa: Jurnal Ilmiah Bidang Teknologi, vol. 12, no. 1, 2020, doi: 10.28989/angkasa.v12i1.563.
M. Bakri and N. Irmayana, “Analisis Dan Penerapan Sistem Manajemen Keamanan Informasi Simhp Bpkp Menggunakan Standar Iso 27001,” Jurnal Tekno Kompak, vol. 11, no. 2, p. 41, 2017, doi: 10.33365/jtk.v11i2.162.
M. Lenawati, W. W. Winarno, and A. Amborowati, “Tata Kelola Keamanan Informasi pada PDAM Menggunakan ISO/IEC 27001:2013 dan COBIT 5,” Sentra Penelitian Engineering dan Edukasi, vol. 9, no. 1, pp. 44–49, 2017.
Y. C. Pradipta, Y. Rahardja, M. N. N. Sitokdana, U. Kristen, and S. Wacana, “Teknologi Informasi Dan Komunikasi Penerbangan Dan Antariksa ( Pustikpan ) Menggunakan Sni Iso / Iec 27001 : 2013,” pp. 352–358, 2013.
W. C. Pamungkas and F. T. Saputra, “Evaluasi Keamanan Informasi Pada SMA N 1 Sentolo Berdasarkan Indeks Keamanan Informasi (KAMI) ISO/IEC 27001:2013,” Jurnal Sistem Komputer dan Informatika (JSON), vol. 1, no. 2, p. 101, 2020, doi: 10.30865/json.v1i2.1924.
Aucla, “No TitleΕΛΕΝΗ,” Αγαη, vol. 8, no. 5, p. 55, 2019.
BSSN, “Indeks Keamanan Informasi (Kami),” Badan Siber dan Sandi Negara (BSSN), no. November, 2019.
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2022 Journal of Novel Engineering Science and Technology
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.