Information Security Evaluation at Hospital Using Index KAMI 5.0 and Recommendations Based on ISO/IEC 27001:2022

  • I Nyoman Adi Artha Wibawa Universitas Udayana, Indonesia
  • Anak Agung Ngurah Hary Susila Udayana University, Indonesia
  • Muhammad Alam Pasirulloh Udayana University, Indonesia
Keywords: Information Security Evaluation, Index KAMI, ISO/IEC 27001:2022

Abstract

Bali Mandara Regional Hospital integrates information technology into its healthcare services, but ransomware attacks pose significant risks to data security. In accordance with the 2016 Indonesian Ministry of Communication and Informatics regulation, Electronic System Operators (PSE) are required to ensure information security, emphasizing confidentiality, integrity, and availability. To support this, the National Cyber and Crypto Agency introduced the Index KAMI, an evaluation tool aligned with ISO/IEC 27001 standards. This study evaluates the hospital’s information security using Index KAMI 5.0, yielding a score of 177, which classifies its readiness as “Not Eligible” for ISO 27001 compliance. Recommendations for improvement include establishing clear governance policies, implementing systematic risk management, enhancing asset management with integrated inventories, and strengthening data protection through access control and encryption. Additional measures involve improving physical security with surveillance systems and fostering stronger vendor relationships through binding SLA agreements. By adopting these measures, Bali Mandara Regional Hospital can enhance its security system, protect patient data, and achieve compliance with international standards.

Downloads

Download data is not yet available.

References

A. Minnaar, “Cyberattacks and the cybercrime threat of ransomware to hospitals and healthcare services during the COVID-19 pandemic,” Acta Criminologica: African Journal of Criminology & Victimology, vol. 34, no. 3, Dec. 2021, doi: 10.10520/ejc-crim_v34_n3_a10.

S. Sofia, E. T. Ardianto, N. Muna, and Sabran, “Analisis Aspek Keamanan Informasi Pasien Pada Penerapan RME di Fasilitas Kesehatan,” RAMMIK : Jurnal Rekam Medik dan Manajemen Informasi Kesehatan, vol. 1, no. 2, pp. 94–103, Oct. 2022, doi: 10.47134/rammik.v1i1.29.

R. Savitri, Firmansyah, Dworo, and M. S. Hasibuan, “Information Security Measurement using INDEX KAMI at Metro City,” Journal of Applied Data Sciences, vol. 5, no. 1, pp. 33–45, Jan. 2024, doi: 10.47738/jads.v5i1.152.

W. S. Basri and A. L. Ayu, “Risk Management in Information Systems: Applying ISO 31000:2018 and ISO/IEC 27001:2022 Controls at PMI’s Central Clinic,” International Journal for Applied Information Management, vol. 4, no. 1, pp. 1–13, Apr. 2024, doi: 10.47738/ijaim.v4i1.70.

D. I. Khamil, G. M. A. Sasmita, and A. A. N. H. Susila, “Evaluasi Tingkat Kesiapan Keamanan Informasi Menggunakan Indeks Kami 4.2 Dan ISO/IEC 27001:2013 (Studi Kasus: Diskominfo Kabupaten Gianyar),” Jurnal Teknik Informatika dan Sistem Informasi, vol. 9, no. 3, pp. 1948–1960, 2022, doi: 10.35957/jatisi.v9i3.2310.

P. Sundari and Wella, “SNI ISO/IEC 27001 dan Indeks KAMI: Manajemen Risiko PUSDATIN (PUPR),” Ultima InfoSys : Jurnal Ilmu Sistem Informasi, vol. 12, no. 1, pp. 35–442, 2021, doi: 10.31937/si.v12i1.1701.

A. L. Maryanto, M. N. Al Azam, and A. Nugroho, “Evaluasi Manajemen Keamanan Informasi Pada Perusahaan Pemula Berbasis Teknologi Menggunakan Indeks KAMI,” Jurnal SimanteC, vol. 11, no. 1, pp. 1–12, 2022, doi: 10.21107/simantec.v11i1.14099.

R. A. P. P. Gala, R. Sengkey, and C. Punusingon, “Analisis Keamanan Informasi Pemerintah Kabupaten Minahasa Tenggara Menggunakan Indeks KAMI,” Jurnal Teknik Informatika, vol. 15, no. 3, pp. 189–198, 2020, doi: 10.35793/jti.v15i3.31597.

D. D. Prasetyowati, I. Gamayanto, S. wibowo, and Suharnawi, “Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks KAMI Berdasarkan ISO/IEC 27001:2013 pada Politeknik Ilmu Pelayaran Semarang,” Journal of Information System, vol. 4, no. 1, pp. 65–75, 2019, doi: 10.33633/joins.v4i1.2429.

V. I. Sugara, H. Syahrial, and M. Syafrullah, “Sistem Pemeriksa Keamanan Informasi Menggunakan National Institute Of Standards And Technology (Nist) Cybersecurity Framework,” Jurnal Ilmiah Ilmu Komputer dan Matematika, vol. 16, no. 1, pp. 203–212, Jan. 2019, doi: 10.33751/komputasi.v16i1.1591.

T. E. Wijatmoko, “Evaluasi Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Kami) Pada Kantor Wilayah Kementerian Hukum Dan Ham Diy,” Jurnal CyberSecurity dan Forensik Digital, vol. 3, no. 1, pp. 1–6, May 2020, doi: 10.14421/csecurity.2020.3.1.1951.

M. Zulvikri and M. Mukaram, “Optimalisasi Pengawasan Kinerja Karyawan Business Consultant PT XYZ : Implementasi Sistem RACI Melalui Project Google Spreadsheet,” Jurnal Riset Manajemen, vol. 2, no. 4, pp. 197–207, Nov. 2024, doi: 10.54066/jurma.v2i4.2683.

Published
2024-12-31
Abstract views: 117 times
Download PDF: 77 times
How to Cite
Wibawa, I. N., Susila, A. A. N., & Pasirulloh, M. (2024). Information Security Evaluation at Hospital Using Index KAMI 5.0 and Recommendations Based on ISO/IEC 27001:2022. Journal of Information Systems and Informatics, 6(4), 3070-3086. https://doi.org/10.51519/journalisi.v6i4.949
Section
Articles