Information Security Risk Management Web-Based Final Semester Summative Assessment Application Using ISO 27001:2013

  • Ananda Cipta Pamungkas Widyatama University, Indonesia
  • Wegi Salman Hulu Widyatama University, Indonesia
  • Rosalin Samihardjo Widyatama University, Indonesia
Keywords: Risk Management, ISO/IEC 27001:2013, Information Security, ISMS

Abstract

Education is often understood as more than just teaching, but as the transfer of knowledge, transformation of values, and development of character with all related aspects. Digitalization of the need for information and communication technology is increasing to facilitate access to information systems. This research was conducted at SMAN 12 Bandung with the research objective being a form of evaluation of the implementation of ISO 27001:2013 in clause 4.1. up to 10.2 and Annex A is one of the efforts and efforts to improve the PSAS Website Application ISMS. The method used in this research is to collect data in the form of school documents, identify assets, carry out risk assessments, then carry out risk assessments. The methods used are field observations, interviews, and information processing. The research results show that the Risk Opportunity on the PSAS SMAN 12 Bandung Website Application is around 45%, while the risk severity is estimated at 47%, and the Risk Rating is 49%. In processing field observation data, it was concluded that 80% of Class X, XI, and XII. Meanwhile, the percentage related to the implementation and implementation of ISO/IEC 27001:2013 variable procedures on the PSAS SMAN 12 Bandung web application is 81.43%, which has been implemented and applied well. Meanwhile, the percentage of control implemented in the PSAS web ISMS at SMAN 12 Bandung is 100%. Based on these findings, an analysis was carried out using the PDCA (Plan, Do, Check, Act) method in accordance with ISO 27001:2013 standards and procedures to overcome ISMS problems on the Final Semester Summative Assessment Website Application at SMAN 12 Bandung.

Downloads

Download data is not yet available.

References

R. Samihardjo, E. Amalia, and A. C. Pamungkas, “Analysis of Web-Based E-Learning Management System Business Proccess to Increase Learning Effectiveness at SMA ABC Bandung,” Brilliance: Research of Artificial Intelligence, vol. 3, no. 2, pp. 329–337, 2023.

E. Pratama, “Analisis Korelasi Eta Dalam Menentukan Hubungan Antara Tempat Wisata Dan Jumlah Wisatawan Mancanegara Di Kota Surakarta,” Mabha J., vol. 4, pp. 2746–8941, 2023.

I. Epriatna, R. Wiguna Permana, I. Bukhori, and A. Hidayat, “Pemanfaatan Google Form sebagai alternatif efisiensi Pembiayaan Penilaian Sumatif Akhir Semester di SMP IT Nurul Wasilah,” Tadbir Muwahhid, vol. 7, no. 1, pp. 1–12, 2023, doi: 10.30997/jtm.v7i1.6240.

A. C. Pamungkas and E. Nurjanah, “Kolajar 12 ( Komunitas Guru Pembelajar 12 ) Sebagai Sarana Meningkatkan Kompetensi Guru Di SMAN 12,” Jurnal Pendidikan Dan Keguruan, vol. 2, no. 2, pp. 239–249, 2024.

ATSDR, Peraturan Pemerintah Republik Indonesia Nomor 82 Tahun 2012 Tentang Penyelenggaraan Sistem Dan Transaksi Elektronik, vol. 66. 2012.

ISO, “International Standard ISO / IEC Information technology — Security techniques — Information security management systems — Overview and,” ACM Work. Form. Methods Secur. Eng. DC, USA, vol. 34, no. 19, pp. 45–55, 2018.

A. Hartomo, “Menggunakan Ward & Peppard Pada Perusahaan Transshipment,” J. Teknol. Inf. dan Ilmu Komput., vol. 10, no. 1, pp. 141–152, 2023, doi: 10.25126/jtiik.2023105604.

E. Riana, M. Eka, S. Sulistyawati, and O. P. Putra, “Analisis Tingkat Kematangan (Maturity Level) Dan PDCA (Plan-Do- Check-Act) Dalam Penerapan Audit Sistem Manajemen Keamanan Informasi Pada PT Indonesia Game Menggunakan Metode ISO 27001 : 2013,” Journal of Information System Research (JOSH), vol. 4, no. 2, pp. 632–640, 2023, doi: 10.47065/josh.v4i2.2552.

A. Penting, “Standard Internasional ISO 27001 dan Manfaat Keamanan Informasi,” pp. 7264126.

J. Benyamin, M. Mualim, and E. P. Duarte, “Information Security Risk Management In Minimizing Cyber Threats At The Data Center And Communication Information Technology Of The National Cyber And Crypto Agency To Improve Cyber Defense And Security,” J. Manaj. Pertahanan, vol. 9, no. 1, pp. 40–54, 2023.

J. Primaranti, A. F. Setyowardhani, I. Nurlela, V. Ghrandiaz, and Y. Yulhendri, “Analisis Resiko Keamanan Informasi Website Repository Digital Library Menggunakan Framework ISO/IEC 27001 & 27002: Studi Kasus Perguruan tinggi X,” J. Ris. Multidisiplin dan Inov. Teknol., vol. 2, no. 01, pp. 327–373, 2023, doi: 10.59653/jimat.v2i01.500.

E. Tarakçı, A. M. Gönül, U. H. A. Ş, and U. H. A. Ş, “Risk Analysis and Assessment Framework for Cyber Security in Management Systems,” OHS ACADEMY, vol. 6, no. 3, pp.165-172, 2023.

S. Clarissa and G. Wang, “Assessing Information Security Management Using ISO 27001:2013,” Jurnal Indonesia Sosial Teknologi, vol. 4, no. 9, pp. 1361–1371, 2023, doi: 10.59141/jist.v4i9.739.

D. Widiyasti, I. Rusi, and F. Febriyanto, “Manajemen Risiko Keamanan Teknologi Informasi Menggunakan Metode Octave Allegro Dan Kontrol ISO / IEC 27001 : 2013 (Studi Kasus : PLN UP2D Kalimantan Barat),” Coding Jurnal Komputer dan Aplikasi, vol. 11, no. 02, 2023.

A. Faza, “Evaluation the Information Security Management System : A Path Towards ISO 27001 Certification,” Journal of Information Systems and Informatics, vol. 5, no. 4, pp. 1240–1256, 2023, doi: 10.51519/journalisi.v5i4.572.

Published
2024-03-26
Abstract views: 834 times
Download PDF: 309 times
How to Cite
Pamungkas, A., Hulu, W., & Samihardjo, R. (2024). Information Security Risk Management Web-Based Final Semester Summative Assessment Application Using ISO 27001:2013. Journal of Information Systems and Informatics, 6(1), 349-362. https://doi.org/10.51519/journalisi.v6i1.668