Information Security Risk Management Web-Based Final Semester Summative Assessment Application Using ISO 27001:2013
Abstract
Education is often understood as more than just teaching, but as the transfer of knowledge, transformation of values, and development of character with all related aspects. Digitalization of the need for information and communication technology is increasing to facilitate access to information systems. This research was conducted at SMAN 12 Bandung with the research objective being a form of evaluation of the implementation of ISO 27001:2013 in clause 4.1. up to 10.2 and Annex A is one of the efforts and efforts to improve the PSAS Website Application ISMS. The method used in this research is to collect data in the form of school documents, identify assets, carry out risk assessments, then carry out risk assessments. The methods used are field observations, interviews, and information processing. The research results show that the Risk Opportunity on the PSAS SMAN 12 Bandung Website Application is around 45%, while the risk severity is estimated at 47%, and the Risk Rating is 49%. In processing field observation data, it was concluded that 80% of Class X, XI, and XII. Meanwhile, the percentage related to the implementation and implementation of ISO/IEC 27001:2013 variable procedures on the PSAS SMAN 12 Bandung web application is 81.43%, which has been implemented and applied well. Meanwhile, the percentage of control implemented in the PSAS web ISMS at SMAN 12 Bandung is 100%. Based on these findings, an analysis was carried out using the PDCA (Plan, Do, Check, Act) method in accordance with ISO 27001:2013 standards and procedures to overcome ISMS problems on the Final Semester Summative Assessment Website Application at SMAN 12 Bandung.
Downloads
References
R. Samihardjo, E. Amalia, and A. C. Pamungkas, “Analysis of Web-Based E-Learning Management System Business Proccess to Increase Learning Effectiveness at SMA ABC Bandung,” Brilliance: Research of Artificial Intelligence, vol. 3, no. 2, pp. 329–337, 2023.
E. Pratama, “Analisis Korelasi Eta Dalam Menentukan Hubungan Antara Tempat Wisata Dan Jumlah Wisatawan Mancanegara Di Kota Surakarta,” Mabha J., vol. 4, pp. 2746–8941, 2023.
I. Epriatna, R. Wiguna Permana, I. Bukhori, and A. Hidayat, “Pemanfaatan Google Form sebagai alternatif efisiensi Pembiayaan Penilaian Sumatif Akhir Semester di SMP IT Nurul Wasilah,” Tadbir Muwahhid, vol. 7, no. 1, pp. 1–12, 2023, doi: 10.30997/jtm.v7i1.6240.
A. C. Pamungkas and E. Nurjanah, “Kolajar 12 ( Komunitas Guru Pembelajar 12 ) Sebagai Sarana Meningkatkan Kompetensi Guru Di SMAN 12,” Jurnal Pendidikan Dan Keguruan, vol. 2, no. 2, pp. 239–249, 2024.
ATSDR, Peraturan Pemerintah Republik Indonesia Nomor 82 Tahun 2012 Tentang Penyelenggaraan Sistem Dan Transaksi Elektronik, vol. 66. 2012.
ISO, “International Standard ISO / IEC Information technology — Security techniques — Information security management systems — Overview and,” ACM Work. Form. Methods Secur. Eng. DC, USA, vol. 34, no. 19, pp. 45–55, 2018.
A. Hartomo, “Menggunakan Ward & Peppard Pada Perusahaan Transshipment,” J. Teknol. Inf. dan Ilmu Komput., vol. 10, no. 1, pp. 141–152, 2023, doi: 10.25126/jtiik.2023105604.
E. Riana, M. Eka, S. Sulistyawati, and O. P. Putra, “Analisis Tingkat Kematangan (Maturity Level) Dan PDCA (Plan-Do- Check-Act) Dalam Penerapan Audit Sistem Manajemen Keamanan Informasi Pada PT Indonesia Game Menggunakan Metode ISO 27001 : 2013,” Journal of Information System Research (JOSH), vol. 4, no. 2, pp. 632–640, 2023, doi: 10.47065/josh.v4i2.2552.
A. Penting, “Standard Internasional ISO 27001 dan Manfaat Keamanan Informasi,” pp. 7264126.
J. Benyamin, M. Mualim, and E. P. Duarte, “Information Security Risk Management In Minimizing Cyber Threats At The Data Center And Communication Information Technology Of The National Cyber And Crypto Agency To Improve Cyber Defense And Security,” J. Manaj. Pertahanan, vol. 9, no. 1, pp. 40–54, 2023.
J. Primaranti, A. F. Setyowardhani, I. Nurlela, V. Ghrandiaz, and Y. Yulhendri, “Analisis Resiko Keamanan Informasi Website Repository Digital Library Menggunakan Framework ISO/IEC 27001 & 27002: Studi Kasus Perguruan tinggi X,” J. Ris. Multidisiplin dan Inov. Teknol., vol. 2, no. 01, pp. 327–373, 2023, doi: 10.59653/jimat.v2i01.500.
E. Tarakçı, A. M. Gönül, U. H. A. Ş, and U. H. A. Ş, “Risk Analysis and Assessment Framework for Cyber Security in Management Systems,” OHS ACADEMY, vol. 6, no. 3, pp.165-172, 2023.
S. Clarissa and G. Wang, “Assessing Information Security Management Using ISO 27001:2013,” Jurnal Indonesia Sosial Teknologi, vol. 4, no. 9, pp. 1361–1371, 2023, doi: 10.59141/jist.v4i9.739.
D. Widiyasti, I. Rusi, and F. Febriyanto, “Manajemen Risiko Keamanan Teknologi Informasi Menggunakan Metode Octave Allegro Dan Kontrol ISO / IEC 27001 : 2013 (Studi Kasus : PLN UP2D Kalimantan Barat),” Coding Jurnal Komputer dan Aplikasi, vol. 11, no. 02, 2023.
A. Faza, “Evaluation the Information Security Management System : A Path Towards ISO 27001 Certification,” Journal of Information Systems and Informatics, vol. 5, no. 4, pp. 1240–1256, 2023, doi: 10.51519/journalisi.v5i4.572.
Download PDF: 309 times
Copyright (c) 2024 Journal of Information Systems and Informatics
This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)