Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model
Risk measurement from standard operating procedures implemented by an institution determines the level of maturity of a service system at that institution. The government's determination of the Tri Dharma of Higher Education consists of education and teaching, research, and community service....
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Yayasan Pendidikan Riset dan Pengembangan Intelektual (YRPI)
2024-06-01
|
| Series: | Journal of Applied Engineering and Technological Science |
| Subjects: | |
| Online Access: | https://yrpipku.com/journal/index.php/jaets/article/view/2971 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841560872641626112 |
|---|---|
| author | Nurbojatmiko Nurbojatmiko Qurrotul Aini Nabil Cahya Wasiqi Muhammad Fitra Alfajri Zahra Ulinnuha Yuni Kurnia Purwati Indah Kusuma Ayu Natasya Aurora Yasmin |
| author_facet | Nurbojatmiko Nurbojatmiko Qurrotul Aini Nabil Cahya Wasiqi Muhammad Fitra Alfajri Zahra Ulinnuha Yuni Kurnia Purwati Indah Kusuma Ayu Natasya Aurora Yasmin |
| author_sort | Nurbojatmiko Nurbojatmiko |
| collection | DOAJ |
| description |
Risk measurement from standard operating procedures implemented by an institution determines the level of maturity of a service system at that institution. The government's determination of the Tri Dharma of Higher Education consists of education and teaching, research, and community service. These activities must be implemented in the academic information system of every university in Indonesia. Appropriate and fast academic services depend on information technology and adequate and trained human resources (HR). Factors that influence information system security determine the stability of application services. The ISO/IEC 27001:2005 standard is an international benchmark for measuring the level of maturity and security risks of an application. Risk assessment in standard operating procedures in organizations can use the ISO/IEC 27001 standard. This research aims to determine the current level of Academic Information System (AIS) service by measuring maturity and security risks. Three clauses measure the maturity level of information security controls with the ISO 27001 System Security Engineering-Capability Maturity Model (SSE-CMM). These research respondents are educational work units at the Science and Technology Faculty in UIN Syarif Hidayatullah Jakarta. This research method uses quantitative research methods. This research results show the maturity level of information security in the academic information system based on three clauses as the embodiment of the stability of the academic administration activities services at the Science and Technology Faculty. The measurement results reveal that the average score of information security controls on AIS is 3.51, which means good or average standard processing has been carried out following procedures.
|
| format | Article |
| id | doaj-art-efc52c4a598c4861ad31213147adfcd3 |
| institution | Kabale University |
| issn | 2715-6087 2715-6079 |
| language | English |
| publishDate | 2024-06-01 |
| publisher | Yayasan Pendidikan Riset dan Pengembangan Intelektual (YRPI) |
| record_format | Article |
| series | Journal of Applied Engineering and Technological Science |
| spelling | doaj-art-efc52c4a598c4861ad31213147adfcd32025-01-03T12:32:28ZengYayasan Pendidikan Riset dan Pengembangan Intelektual (YRPI)Journal of Applied Engineering and Technological Science2715-60872715-60792024-06-015210.37385/jaets.v5i2.2971Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model Nurbojatmiko Nurbojatmiko0Qurrotul Aini1Nabil Cahya Wasiqi2Muhammad Fitra Alfajri3Zahra Ulinnuha4Yuni Kurnia Purwati5Indah Kusuma Ayu6Natasya Aurora Yasmin7Universitas Islam Negeri Syarif Hidayatullah JakartaUniversitas Islam Negeri Syarif Hidayatullah JakartaUniversitas Islam Negeri Syarif Hidayatullah JakartaUniversitas Islam Negeri Syarif Hidayatullah JakartaUniversitas Islam Negeri Syarif Hidayatullah JakartaUniversitas Islam Negeri Syarif Hidayatullah JakartaUniversitas Islam Negeri Syarif Hidayatullah JakartaUniversitas Islam Negeri Syarif Hidayatullah Jakarta Risk measurement from standard operating procedures implemented by an institution determines the level of maturity of a service system at that institution. The government's determination of the Tri Dharma of Higher Education consists of education and teaching, research, and community service. These activities must be implemented in the academic information system of every university in Indonesia. Appropriate and fast academic services depend on information technology and adequate and trained human resources (HR). Factors that influence information system security determine the stability of application services. The ISO/IEC 27001:2005 standard is an international benchmark for measuring the level of maturity and security risks of an application. Risk assessment in standard operating procedures in organizations can use the ISO/IEC 27001 standard. This research aims to determine the current level of Academic Information System (AIS) service by measuring maturity and security risks. Three clauses measure the maturity level of information security controls with the ISO 27001 System Security Engineering-Capability Maturity Model (SSE-CMM). These research respondents are educational work units at the Science and Technology Faculty in UIN Syarif Hidayatullah Jakarta. This research method uses quantitative research methods. This research results show the maturity level of information security in the academic information system based on three clauses as the embodiment of the stability of the academic administration activities services at the Science and Technology Faculty. The measurement results reveal that the average score of information security controls on AIS is 3.51, which means good or average standard processing has been carried out following procedures. https://yrpipku.com/journal/index.php/jaets/article/view/2971Academic Information SystemsRisk AssessmentMaturity LevelSSE-CMMISO/IEC 27001:2005 |
| spellingShingle | Nurbojatmiko Nurbojatmiko Qurrotul Aini Nabil Cahya Wasiqi Muhammad Fitra Alfajri Zahra Ulinnuha Yuni Kurnia Purwati Indah Kusuma Ayu Natasya Aurora Yasmin Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model Journal of Applied Engineering and Technological Science Academic Information Systems Risk Assessment Maturity Level SSE-CMM ISO/IEC 27001:2005 |
| title | Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model |
| title_full | Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model |
| title_fullStr | Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model |
| title_full_unstemmed | Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model |
| title_short | Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model |
| title_sort | risk assessment maturity level of academic information system using iso 27001 system security engineering capability maturity model |
| topic | Academic Information Systems Risk Assessment Maturity Level SSE-CMM ISO/IEC 27001:2005 |
| url | https://yrpipku.com/journal/index.php/jaets/article/view/2971 |
| work_keys_str_mv | AT nurbojatmikonurbojatmiko riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel AT qurrotulaini riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel AT nabilcahyawasiqi riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel AT muhammadfitraalfajri riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel AT zahraulinnuha riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel AT yunikurniapurwati riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel AT indahkusumaayu riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel AT natasyaaurorayasmin riskassessmentmaturitylevelofacademicinformationsystemusingiso27001systemsecurityengineeringcapabilitymaturitymodel |