Risk Risk Assessment and Development of Access Control Information Security Governance Based on ISO/IEC 27001:2013 At XYZ University
Abstract
The rapid development of information technology at this time also has an impact on the use of information technology in the university environment. XYZ University as a university that has quite a lot of students also applies information technology to support their distance learning. The role of information technology is quite crucial and important. Unfortunately, the issue of information security which is an important part of information technology often gets less attention. Its undeniable that the emergence of threats or weaknesses in information technology can disrupt the course of service activities using information technology. Therefore, it is necessary to manage information technology and risk-based document standard procedures as outlined in governance to manage emerging threats or weaknesses. ISO/IEC 27001:2013 is an framework of information security management system that can be used as a basis for managing information security. This study identifies assets, threats, weaknesses, risk analysis, BIA, risk assessment, and risk mapping based on clauses to produce recommendations for policy documents, procedures, and work instructions to improve information security control based on ISO 27001:2013 clauses. Considering its high risk value, this study produced several recommendations for security documents, namely 5 policy documents, 6 procedure guidelines, 8 work instructions, and 12 forms.
References
[2] . R., Brahmasari, I. A., & Panjaitan, H. (2018). Peran Teknologi Informasi Dalam Peningkatan Kepercayaan Dan Citra Perguruan Tinggi Swasta. Jurnal Mebis (Manajemen Dan Bisnis), 3(2), 78–86. https://doi.org/10.33005/mebis.v3i2.37
[3] Fitrani, L. (2021). The Combination Of Ahp And Topsis Methods In Determining The Ranking Of Recommendations For Improvement Of Information Technology Services. Pilar Nusa Mandiri: Journal of Computing and Information System, 17(2), 119-126. https://doi.org/10.33480/pilar.v17i2.2319
[4] Bradbury, C. (2008, April). DISASTER! Creating and testing an effective recovery plan. Manager.
[5] Tipton, H. F., & Krause, M. (2007). Information security management handbook, sixth edition. Information Security Management Handbook, Sixth Edition (pp. 1–3233). CRC Press. https://doi.org/10.1201/ebk1439819029-b
[6] Mikes, A., & Kaplan, R. S. (2012). Managing Risks: Managin Risks: A New Framework. Harvard Business Review, (June), 48–60.
[7] Februari, P., & Fitria, F. (2019). Audit Sistem Keamanan Informasi Menggunakan ISO 27001 pada SMKN 1 Pugung, Lampung. POSITIF: Jurnal Sistem Dan Teknologi Informasi, 5(2), 97. https://doi.org/10.31961/positif.v5i2.833
[8] Musyarofah1, S.R., & Bisma, R. (2020). Pembuatan Standard Operating Procedure (SOP) Keamanan Informasi Berdasarkan Framework ISO/IEC 27001:2013 dan ISO/IEC 27002:2013 pada Dinas Komunikasi dan Informatika Pemerintah Kota Madiun. (Journal of Emerging Information Systems and Business Intelligence), Volume 01 Nomor 01.
[9] G. Stoneburner, Goguen, a., & Feringa, a. (2002). Risk Management Guide for Information Technology Systems. National Institute of Standards and Technology, Special Publication 800 -30, 800–30, 55.
[10] Pradipta, Y. C., Rahardja, Y., & Sitokdana, M. N. N. (2019). Audit Sistem Manajemen Keamanan Informasi Pusat Teknologi Informasi Dan Komunikasi Penerbangan Dan Antariksa (Pustikpan) Menggunakan Sni Iso/Iec 27001:2013. Sebatik, 23(2), 352–358. https://doi.org/10.46984/sebatik.v23i2.782.
[11] Santosa, I., & Kuswanto, D. (2016). Analisa Manajemen Resiko Keamanan Informasi pada Kantor Pelayanan Pajak Pratama XYZ. Rekayasa, 9(2), 108. https://doi.org/10.21107/rekayasa.v9i2.3347
[12] Husein, Gilang M., (2015). Analisis Manajemen Resiko Teknologi Informasi Penerapan Pada Document Management System di PT. Jabar Telematika (JATEL), Jurnal Teknik Informatika dan Sistem Informasi Vol. 1 No. 2 hal. 77.
[13] Jakaria, D. A., Dirgahayu, R. T., & Hendrik. (2013). Manajemen Risiko Sistem Informasi Akademik pada Perguruan Tinggi Menggunakan Metoda Octave Allegro. Fakultas Hukum UII, 37–42.
[14] Utomo, M., Utomo, M., Ali, A. H. N., & Affandi, I. (2012). Pembuatan Tata Kelola Keamanan Informasi Kontrol Akses Berbasis ISO/IEC 27001:2005 Pada Kantor Pelayanan Perbendaharaan Surabaya I. Jurnal Teknik ITS, 1(1), A288–A293. Retrieved from http://ejurnal.its.ac.id/index.php/teknik/article/view/900 https://ejurnal.its.ac.id.
[15] Setiawan, I., Sekarini, A. R., Waluyo, R., & Afiana, F. N. (2021). Manajemen Risiko Sistem Informasi Menggunakan ISO 31000 dan Standar Pengendalian ISO/EIC 27001 di Tripio Purwokerto. MATRIK: Jurnal Manajemen, Teknik Informatika Dan Rekayasa Komputer, 20(2), 389–396. https://doi.org/10.30812/matrik.v20i2.1093
[16] Setiawan, I., Sutopo, M., & Azis, A. (2020). Manajamen Risiko SIMRS Menggunakan Metode OCTAVE-S dan Standar Pengendalian ISO/EIC 27001. Jurnal Teknik Informatika dan Sistem Informasi, Vol. 7, No. 3.
[17] Nurfadilah, D.R., Putra, W.H.N, & Rachmadi, A. Analisis Manajemen Risiko Keamanan Sistem Informasi pada BKPSDM Kota Batu menggunakan Kerangka Kerja OCTAVE-S dan ISO 27001:2013 (Studi Kasus: Aplikasi E-Kinerja). Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer. Vol. 4, No. 9
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
JATIS oleh http://jurnal.mdp.ac.id/index.php/jatisi disebarluaskan di bawah Lisensi Creative Commons Atribusi-BerbagiSerupa 4.0 Internasional.
