Information Security Risk Management Web-Based Final Semester Summative Assessment Application Using ISO 27001:2013

Authors

  • Ananda Cipta Pamungkas Widyatama University, Indonesia
  • Wegi Salman Hulu Widyatama University, Indonesia
  • Rosalin Samihardjo Widyatama University, Indonesia
Pages Icon

DOI:

https://doi.org/10.51519/journalisi.v6i1.668

Keywords:

Risk Management, ISO/IEC 27001:2013, Information Security, ISMS

Abstract

Education is often understood as more than just teaching, but as the transfer of knowledge, transformation of values, and development of character with all related aspects. Digitalization of the need for information and communication technology is increasing to facilitate access to information systems. This research was conducted at SMAN 12 Bandung with the research objective being a form of evaluation of the implementation of ISO 27001:2013 in clause 4.1. up to 10.2 and Annex A is one of the efforts and efforts to improve the PSAS Website Application ISMS. The method used in this research is to collect data in the form of school documents, identify assets, carry out risk assessments, then carry out risk assessments. The methods used are field observations, interviews, and information processing. The research results show that the Risk Opportunity on the PSAS SMAN 12 Bandung Website Application is around 45%, while the risk severity is estimated at 47%, and the Risk Rating is 49%. In processing field observation data, it was concluded that 80% of Class X, XI, and XII. Meanwhile, the percentage related to the implementation and implementation of ISO/IEC 27001:2013 variable procedures on the PSAS SMAN 12 Bandung web application is 81.43%, which has been implemented and applied well. Meanwhile, the percentage of control implemented in the PSAS web ISMS at SMAN 12 Bandung is 100%. Based on these findings, an analysis was carried out using the PDCA (Plan, Do, Check, Act) method in accordance with ISO 27001:2013 standards and procedures to overcome ISMS problems on the Final Semester Summative Assessment Website Application at SMAN 12 Bandung.

Downloads

Download data is not yet available.

References

R. Samihardjo, E. Amalia, and A. C. Pamungkas, “Analysis of Web-Based E-Learning Management System Business Proccess to Increase Learning Effectiveness at SMA ABC Bandung,” Brilliance: Research of Artificial Intelligence, vol. 3, no. 2, pp. 329–337, 2023.

E. Pratama, “Analisis Korelasi Eta Dalam Menentukan Hubungan Antara Tempat Wisata Dan Jumlah Wisatawan Mancanegara Di Kota Surakarta,” Mabha J., vol. 4, pp. 2746–8941, 2023.

I. Epriatna, R. Wiguna Permana, I. Bukhori, and A. Hidayat, “Pemanfaatan Google Form sebagai alternatif efisiensi Pembiayaan Penilaian Sumatif Akhir Semester di SMP IT Nurul Wasilah,” Tadbir Muwahhid, vol. 7, no. 1, pp. 1–12, 2023, doi: 10.30997/jtm.v7i1.6240.

A. C. Pamungkas and E. Nurjanah, “Kolajar 12 ( Komunitas Guru Pembelajar 12 ) Sebagai Sarana Meningkatkan Kompetensi Guru Di SMAN 12,” Jurnal Pendidikan Dan Keguruan, vol. 2, no. 2, pp. 239–249, 2024.

ATSDR, Peraturan Pemerintah Republik Indonesia Nomor 82 Tahun 2012 Tentang Penyelenggaraan Sistem Dan Transaksi Elektronik, vol. 66. 2012.

ISO, “International Standard ISO / IEC Information technology — Security techniques — Information security management systems — Overview and,” ACM Work. Form. Methods Secur. Eng. DC, USA, vol. 34, no. 19, pp. 45–55, 2018.

A. Hartomo, “Menggunakan Ward & Peppard Pada Perusahaan Transshipment,” J. Teknol. Inf. dan Ilmu Komput., vol. 10, no. 1, pp. 141–152, 2023, doi: 10.25126/jtiik.2023105604.

E. Riana, M. Eka, S. Sulistyawati, and O. P. Putra, “Analisis Tingkat Kematangan (Maturity Level) Dan PDCA (Plan-Do- Check-Act) Dalam Penerapan Audit Sistem Manajemen Keamanan Informasi Pada PT Indonesia Game Menggunakan Metode ISO 27001 : 2013,” Journal of Information System Research (JOSH), vol. 4, no. 2, pp. 632–640, 2023, doi: 10.47065/josh.v4i2.2552.

A. Penting, “Standard Internasional ISO 27001 dan Manfaat Keamanan Informasi,” pp. 7264126.

J. Benyamin, M. Mualim, and E. P. Duarte, “Information Security Risk Management In Minimizing Cyber Threats At The Data Center And Communication Information Technology Of The National Cyber And Crypto Agency To Improve Cyber Defense And Security,” J. Manaj. Pertahanan, vol. 9, no. 1, pp. 40–54, 2023.

J. Primaranti, A. F. Setyowardhani, I. Nurlela, V. Ghrandiaz, and Y. Yulhendri, “Analisis Resiko Keamanan Informasi Website Repository Digital Library Menggunakan Framework ISO/IEC 27001 & 27002: Studi Kasus Perguruan tinggi X,” J. Ris. Multidisiplin dan Inov. Teknol., vol. 2, no. 01, pp. 327–373, 2023, doi: 10.59653/jimat.v2i01.500.

E. Tarakçı, A. M. Gönül, U. H. A. Ş, and U. H. A. Ş, “Risk Analysis and Assessment Framework for Cyber Security in Management Systems,” OHS ACADEMY, vol. 6, no. 3, pp.165-172, 2023.

S. Clarissa and G. Wang, “Assessing Information Security Management Using ISO 27001:2013,” Jurnal Indonesia Sosial Teknologi, vol. 4, no. 9, pp. 1361–1371, 2023, doi: 10.59141/jist.v4i9.739.

D. Widiyasti, I. Rusi, and F. Febriyanto, “Manajemen Risiko Keamanan Teknologi Informasi Menggunakan Metode Octave Allegro Dan Kontrol ISO / IEC 27001 : 2013 (Studi Kasus : PLN UP2D Kalimantan Barat),” Coding Jurnal Komputer dan Aplikasi, vol. 11, no. 02, 2023.

A. Faza, “Evaluation the Information Security Management System : A Path Towards ISO 27001 Certification,” Journal of Information Systems and Informatics, vol. 5, no. 4, pp. 1240–1256, 2023, doi: 10.51519/journalisi.v5i4.572.

Downloads

Published

2024-03-26

Issue

Vol. 6 No. 1 (2024): March

Section

Articles

License

Authors Declaration

  1. The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
  2. The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
  3. The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
  4. The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
  6. The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
  7. If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
  8. The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights

How to Cite

[1]
A. C. Pamungkas, W. S. Hulu, and R. Samihardjo, “Information Security Risk Management Web-Based Final Semester Summative Assessment Application Using ISO 27001:2013”, journalisi, vol. 6, no. 1, pp. 349–362, Mar. 2024, doi: 10.51519/journalisi.v6i1.668.