Development of Audit Information System Index KAMI Based on ISO/IEC 27001:2013

Paradise Paradise, Wahyu Adi Prabowo

Abstract


Information security is crucial and vital in digital era. Confidentiality and security of assets must be protected to minimize IT risks. An audit is needed to control whether the organization or agency has implemented information system security standards. One of the information system security audits that has an evaluation value of the level of readiness is to use the System Security Index (KAMI) based on ISO/27001 2013. KAMI is designed to assist organizations and institutions to conduct independent assessments and evaluate the level of readiness in implementing information security which includes the criteria for Governance, Risk Management, Framework, Asset Management, Information Security Technology, and Supplements. This study designed a system with an SDLC (System Development Life Cycle) approach consisting of Planning, Analysis, Design, and Implementation. The purpose of the development of the KAMI audit information system is to facilitate auditors and related parties in the audit process carried out using the KAMI Index based on ISO/IEC 27001:2013, so that auditors do not need to use Microsoft Excel again in the audit process. The results of this study are in the form of the KAMI Index information system website based on ISO/IEC 27001:2013. The conclusion from the blackbox testing results above is "Accepted", where the audit information system website based on ISO 27001:13 functions well and serves its users efficiently. There are no missing or incorrect functions, no errors in this test sign, value input test, document input test, and menu test. 


Keywords


Information System; Audit; ISO 27001

References


A. Wibawanto, “Penggunaan Internet dalam Perpustakaan,” Pustakaloka, vol. 10, no. 2, p. 191, 2018, doi: 10.21154/pustakaloka.v10i2.1472.

A. F. Manullang, C. Candiwan, and L. D. Harsono, “Asesmen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (KAMI) pada Institusi XYZ,” J. Inf. Eng. Educ. Technol., vol. 1, no. 2, p. 73, 2017, doi: 10.26740/jieet.v1n2.p73-82.

Bangkit Wiguna, W. Adi Prabowo, and R. Ananda, “Implementasi Web Application Firewall Dalam Mencegah Serangan SQL Injection Pada Website,” Digit. Zo. J. Teknol. Inf. dan Komun., vol. 11, no. 2, pp. 245–256, 2020, doi: 10.31849/digitalzone.v11i2.4867.

A. Shameli-Sendi, “An efficient security data-driven approach for implementing risk assessment,” J. Inf. Secur. Appl., vol. 54, p. 102593, 2020, doi: 10.1016/j.jisa.2020.102593.

S. Qadir and S. M. K. Quadri, “Information Availability: An Insight into the Most Important Attribute of Information Security,” J. Inf. Secur., vol. 7, no. 3, pp. 185–194, 2016, doi: 10.4236/jis.2016.73014.

W. A. Prabowo and M. E. Saputri, “Pemetaan Resiko Teknologi Informasi dengan Integrasi IT Balanced Scorecard dan NIST SP 800-,” J. Edukasi dan Penelit. Inform., vol. 6, no. 3, pp. 370–378, 2020.

B. Lundgren and N. Möller, “Defining Information Security,” Sci. Eng. Ethics, vol. 25, no. 2, pp. 419–441, 2019, doi: 10.1007/s11948-017-9992-1.

S. S. Sarmah, “Database Security –Threats & Prevention,” Int. J. Comput. Trends Technol., vol. 67, no. 5, pp. 46–53, 2019, doi: 10.14445/22312803/ijctt-v67i5p108.

A. AlKalbani, H. Deng, B. Kam, and X. Zhang, “Information Security Compliance in Organizations: An Institutional Perspective,” Data Inf. Manag., vol. 1, no. 2, pp. 104–114, 2017, doi: 10.1515/dim-2017-0006.

M. Tamimi, “Security Review Based on Iso 27000 / Iso 27001 / Iso 27002 Standards : Security Review Based on Iso 27000 / Iso 27001 / Iso 27002 Standards : a Case Study Research,” Int. J. Manag. Appl. Sci., vol. 5, no. 8, pp. 120–123, 2019.

B. H. dan H. M. – B. Komunikasi Publik, “Konsultasi dan Assessment Indeks KAMI.” https://bssn.go.id/indeks-kami/.

A. Dennis, B. H.Wixom, and D. Tegarden, Systems analysis design, UML version 2.0 : an object oriented approach. 2012.

M. Internal, A. M. I. Perguruan, E. F. Ripanti, and H. A. Oramahi, “Rancangan Sistem Informasi Pengelolaan Audit,” vol. 7, no. 1, pp. 93–99, 2021.

M. Broto Legowo and B. Indiarto, “Model Sistem Penjaminan Mutu Berbasis Integrasi Standar Akreditasi BAN-PT dan ISO 9001:2008,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 1, no. 2, p. 90, 2017, doi: 10.29207/resti.v1i2.51.

I. K. Sugiarta, I. W. Suasnawa, and N. G. A. P. H. Saptarini, “PERENCANAAN SISTEM INFORMASI AUDIT MUTU INTERNAL DENGAN ZAHMAN FRAMEWORK STUDI KASUS POLITEKNIK NEGERI BALI,” J. SIMETRIK, vol. 9, no. 1, pp. 152–158, 2019, [Online]. Available: http://ejournal-polnam.ac.id/index.php/JurnalSimetrik/article/view/202.

R. Muhidin, N. F. Kharie, and M. Kubais, “ANALISIS DAN PERANCANGAN SISTEM INFORMASI PADA SMA NEGERI 18 HALMAHERA SELATAN SEBAGAI MEDIA PROMOSI BERBASIS WEB,” IJIS - Indones. J. Inf. Syst., vol. 2, no. 2, 2017, doi: 10.36549/ijis.v2i2.31.

A. Hendini, “PEMODELAN UML SISTEM INFORMASI MONITORING PENJUALAN DAN STOK BARANG (STUDI KASUS: DISTRO ZHEZHA PONTIANAK. JURNAL KHATULISTIWA INFORMATIKA, VOL. IV, NO. 2 DESEMBER 2016 PEMODELAN,” Crop Sci., vol. 23, no. 2, pp. 201–205, 2016.

Y. S. Dwanoko and F. F. S. Arin, “Implementation of User Centered Design methodology for designing information systems introduction to culture based on mobile applications,” IOP Conf. Ser. Mater. Sci. Eng., vol. 1098, no. 6, p. 62004, 2021, doi: 10.1088/1757-899x/1098/6/062004.

A. R. Sinulingga, M. Zuhri, R. B. Mukti, Z. Syifa, and A. Saifudin, “Pengujian Black Box pada Sistem Aplikasi Informasi Data Kinerja Menggunakan Teknik Equivalence Partitions,” J. Teknol. Sist. Inf. dan Apl., vol. 3, no. 1, p. 9, 2020, doi: 10.32493/jtsi.v3i1.4303.




DOI: http://dx.doi.org/10.26418/justin.v10i2.47046

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 JUSTIN (Jurnal Sistem dan Teknologi Informasi)

ara komputer
View My Stats

Creative Commons License
All article in Justin is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License