Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework
(1) Institut Teknologi Telkom Surabaya
(2) Institut Teknologi Telkom Surabaya
(3) Institut Teknologi Telkom Surabaya
(4) Institut Teknologi Telkom Surabaya
(5) Institut Teknologi Telkom Surabaya
(6) Institut Teknologi Telkom Surabaya
(7) Institut Teknologi Telkom Surabaya
(*) Corresponding Author
Abstract
In this era of cyber crimes, data security is an important aspect that needs special attention from an organization. This is reinforced by the ratification of Law Number 27 of 2022 on personal data security. The National Zakat Amil Institute (LAZNAS) Yayasan Dana Sosial al Falah (YDSF) as an institution with a legal entity and having data on more than 100,000 donors and partners, it also has an obligation to protect the personal data of donors and partners. The focus of this research is to evaluate and audit information technology at the LAZNAS YDSF, especially regarding the security aspect of information technology. Evaluations and audits were carried out using the ISO 27001 framework as a standardization of information technology security at the international level. In this study, information technology audits were conducted using quantitative methods. The assessment was carried out on seven main clauses that are priorities for the LAZNAS YDSF based on management priorities: compliance clauses, risk management, policies, assets, physical and environmental management, access control, and incident management. Data were collected using a questionnaire distributed to all the LAZNAS YDSF managers and employees. Fifty-five respondents, ranging from management to staff, were involved in filling out the questionnaire, ranging from management to staff. Based on the recapitulation of answers from respondents, it was found that the risk management and access control clauses had good results, with scores of 2,727 and 2,796. The compliance and incident management clauses have scores of 2.381 and 2.53, respectively; therefore, improvement efforts need to be made. By evaluating and auditing information technology that refers to the ISO 27001 standard, it is hoped that LAZNAS YDSF can protect and maintain the confidentiality, integrity, and availability of information, and manage and control information security risks.
Keywords
Full Text:
PDFReferences
T. Rochmadi and Ike Yunia Pasa, “PENGUKURAN RISIKO DAN EVALUASI KEAMANAN INFORMASI MENGGUNAKAN INDEKS KEAMANAN INFORMASI DI BKD XYZ BERDASARKAN ISO 27001 / SNI,” Cyber Security dan Forensik Digital, vol. 4, no. 1, pp. 38–43, Jun. 2021, doi: 10.14421/csecurity.2021.4.1.2439.
M. Saleh, I. Yusuf, and H. Sujaini, “Penerapan Framework COBIT 2019 pada Audit Teknologi Informasi di Politeknik Sambas,” Jurnal Edukasi dan Penelitian Informatika (JEPIN), vol. 7, no. 2, 2021, doi: 10.26418/jp.v7i2.48228.
A. Saputra and Y. G. Sucahyo, “Rancangan Tata Kelola Organisasi Sistem Manajemen Keamanan Informasi Dinas Komunikasi dan Informatika Kabupaten Bekasi Organization Governance Design of Information Security Management System Bekasi Communications and Information Technology Agency,” 2018.
CSA Teddy Lesmana, E. Elis, and S. Hamimah, “Urgensi Undang-Undang Perlindungan Data Pribadi Dalam Menjamin Keamanan Data Pribadi Sebagai Pemenuhan Hak Atas Privasi Masyarakat Indonesia,” Jurnal Rechten : Riset Hukum dan Hak Asasi Manusia, vol. 3, no. 2, 2022, doi: 10.52005/rechten.v3i2.78.
D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss,” International Journal on Informatics Visualization, vol. 4, no. 4, 2020, doi: 10.30630/joiv.4.4.482.
P. Edo Rizky, Suprapto, and A. R. Perdanakusuma, “Evaluasi Tata Kelola Sistem Keamanan Teknologi Informasi Menggunakan Indeks KAMI dan ISO 27001: Studi Kasus KOMINFO Provinsi Jawa Timur,” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 2, no. 11, pp. 5911–5920, 2018, [Online]. Available: http://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/3465
S. Syafie, “Kesiapan Teknologi Informasi Perbankan hadapi Revolusi Industri era 4.0,” JATISI (Jurnal Teknik Informatika dan Sistem Informasi), vol. 9, no. 1, 2022, doi: 10.35957/jatisi.v9i1.1540.
“BSSN: Malware Trojan Dominasi Serangan Siber di 2020 -Tempo.co.”
P. Paradise, K. Kusrini, and A. Nasiri, “Audit Keamanan Aplikasi E-Cash Menggunakan Iso 27001,” Creative Information Technology Journal, vol. 5, no. 4, 2020, doi: 10.24076/citec.2018v5i4.209.
A. Meyliana, T. Tristiyanto, and R. Prabowo, “AUDIT KEAMANAN SISTEM INFORMASI DI DINAS XYZ PROVINSI LAMPUNG MENGGUNAKAN STANDAR ISO/IEC 27001:2013,” Jurnal Pepadun, vol. 1, no. 1, 2020, doi: 10.23960/pepadun.v1i1.16.
Monang Nixon Haposan Tampubolon, “Manajemen Risiko, Internal Kontrol, Tata Kelola Perusahaan dan Kinerja Keuangan BUMN dengan Maturity Level Departemen Audit Internal sebagai Pemoderasi,” Jurnal Riset Akuntansi & Perpajakan (JRAP), vol. 6, no. 02, 2019, doi: 10.35838/jrap.v6i02.1247.
Pitrawati and I. Agus, “Audit Sistem Informasi pada AMIK Dian Cipta Cendekia Bandar Lampung,” Jurnal Jupiter, vol. 10, no. Snati, pp. 83–92, 2018.
K. N. Cahyo, Martini, and E. Riana, “Perancangan Sistem Informasi Pengelolaan Kuesioner Pelatihan pada PT Brainmatics Cipta Informatika,” Journal of Information System Research (JOSH), vol. 1, no. 1, 2019.
F. Rosique, P. J. Navarro, C. Fernández, A. Padilla, “A systematic review of perception system and simulators for autonomous vehicles research,” Sensors (Switzerland), vol. 19, no. 3. 2019. doi: 10.3390/s19030648.
N. A. Chandra, K. Ramli, A. A. P. Ratna, and T. S. Gunawan, “Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools,” Risks, vol. 10, no. 8, 2022, doi: 10.3390/risks10080165.
R. Sheikhpour and N. Modiri, “An approach to map COBIT processes to ISO/IEC 27001 information security management controls,” International Journal of Security and its Applications, vol. 6, no. 2, 2012.
DOI: https://doi.org/10.32736/sisfokom.v13i1.1987
Refbacks
- There are currently no refbacks.