Information Security Evaluation at Hospital Using Index KAMI 5.0 and Recommendations Based on ISO/IEC 27001:2022
Abstract
Bali Mandara Regional Hospital integrates information technology into its healthcare services, but ransomware attacks pose significant risks to data security. In accordance with the 2016 Indonesian Ministry of Communication and Informatics regulation, Electronic System Operators (PSE) are required to ensure information security, emphasizing confidentiality, integrity, and availability. To support this, the National Cyber and Crypto Agency introduced the Index KAMI, an evaluation tool aligned with ISO/IEC 27001 standards. This study evaluates the hospital’s information security using Index KAMI 5.0, yielding a score of 177, which classifies its readiness as “Not Eligible” for ISO 27001 compliance. Recommendations for improvement include establishing clear governance policies, implementing systematic risk management, enhancing asset management with integrated inventories, and strengthening data protection through access control and encryption. Additional measures involve improving physical security with surveillance systems and fostering stronger vendor relationships through binding SLA agreements. By adopting these measures, Bali Mandara Regional Hospital can enhance its security system, protect patient data, and achieve compliance with international standards.
Downloads
References
A. Minnaar, “Cyberattacks and the cybercrime threat of ransomware to hospitals and healthcare services during the COVID-19 pandemic,” Acta Criminologica: African Journal of Criminology & Victimology, vol. 34, no. 3, Dec. 2021, doi: 10.10520/ejc-crim_v34_n3_a10.
S. Sofia, E. T. Ardianto, N. Muna, and Sabran, “Analisis Aspek Keamanan Informasi Pasien Pada Penerapan RME di Fasilitas Kesehatan,” RAMMIK : Jurnal Rekam Medik dan Manajemen Informasi Kesehatan, vol. 1, no. 2, pp. 94–103, Oct. 2022, doi: 10.47134/rammik.v1i1.29.
R. Savitri, Firmansyah, Dworo, and M. S. Hasibuan, “Information Security Measurement using INDEX KAMI at Metro City,” Journal of Applied Data Sciences, vol. 5, no. 1, pp. 33–45, Jan. 2024, doi: 10.47738/jads.v5i1.152.
W. S. Basri and A. L. Ayu, “Risk Management in Information Systems: Applying ISO 31000:2018 and ISO/IEC 27001:2022 Controls at PMI’s Central Clinic,” International Journal for Applied Information Management, vol. 4, no. 1, pp. 1–13, Apr. 2024, doi: 10.47738/ijaim.v4i1.70.
D. I. Khamil, G. M. A. Sasmita, and A. A. N. H. Susila, “Evaluasi Tingkat Kesiapan Keamanan Informasi Menggunakan Indeks Kami 4.2 Dan ISO/IEC 27001:2013 (Studi Kasus: Diskominfo Kabupaten Gianyar),” Jurnal Teknik Informatika dan Sistem Informasi, vol. 9, no. 3, pp. 1948–1960, 2022, doi: 10.35957/jatisi.v9i3.2310.
P. Sundari and Wella, “SNI ISO/IEC 27001 dan Indeks KAMI: Manajemen Risiko PUSDATIN (PUPR),” Ultima InfoSys : Jurnal Ilmu Sistem Informasi, vol. 12, no. 1, pp. 35–442, 2021, doi: 10.31937/si.v12i1.1701.
A. L. Maryanto, M. N. Al Azam, and A. Nugroho, “Evaluasi Manajemen Keamanan Informasi Pada Perusahaan Pemula Berbasis Teknologi Menggunakan Indeks KAMI,” Jurnal SimanteC, vol. 11, no. 1, pp. 1–12, 2022, doi: 10.21107/simantec.v11i1.14099.
R. A. P. P. Gala, R. Sengkey, and C. Punusingon, “Analisis Keamanan Informasi Pemerintah Kabupaten Minahasa Tenggara Menggunakan Indeks KAMI,” Jurnal Teknik Informatika, vol. 15, no. 3, pp. 189–198, 2020, doi: 10.35793/jti.v15i3.31597.
D. D. Prasetyowati, I. Gamayanto, S. wibowo, and Suharnawi, “Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks KAMI Berdasarkan ISO/IEC 27001:2013 pada Politeknik Ilmu Pelayaran Semarang,” Journal of Information System, vol. 4, no. 1, pp. 65–75, 2019, doi: 10.33633/joins.v4i1.2429.
V. I. Sugara, H. Syahrial, and M. Syafrullah, “Sistem Pemeriksa Keamanan Informasi Menggunakan National Institute Of Standards And Technology (Nist) Cybersecurity Framework,” Jurnal Ilmiah Ilmu Komputer dan Matematika, vol. 16, no. 1, pp. 203–212, Jan. 2019, doi: 10.33751/komputasi.v16i1.1591.
T. E. Wijatmoko, “Evaluasi Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Kami) Pada Kantor Wilayah Kementerian Hukum Dan Ham Diy,” Jurnal CyberSecurity dan Forensik Digital, vol. 3, no. 1, pp. 1–6, May 2020, doi: 10.14421/csecurity.2020.3.1.1951.
M. Zulvikri and M. Mukaram, “Optimalisasi Pengawasan Kinerja Karyawan Business Consultant PT XYZ : Implementasi Sistem RACI Melalui Project Google Spreadsheet,” Jurnal Riset Manajemen, vol. 2, no. 4, pp. 197–207, Nov. 2024, doi: 10.54066/jurma.v2i4.2683.


Copyright (c) 2024 Journal of Information Systems and Informatics

This work is licensed under a Creative Commons Attribution 4.0 International License.
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)