Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework

Authors

  • Mustafa Kamal Institut Teknologi Telkom Surabaya
  • Muhamad Muhamad Institut Teknologi Telkom Surabaya
  • Yupit Sudianto Institut Teknologi Telkom Surabaya
  • Muhammad Arkan Fauzan Institut Teknologi Telkom Surabaya
  • Yuvens Anggito Institut Teknologi Telkom Surabaya
  • Wahid Yasin Institut Teknologi Telkom Surabaya
  • Hendrik Hermawan Institut Teknologi Telkom Surabaya

DOI:

https://doi.org/10.32736/sisfokom.v13i1.1987

Keywords:

Data Security, Information Technology Audit, Information Technologi Governance, ISO 27001, National Zakat Amil Institute

Abstract

In this era of cyber crimes, data security is an important aspect that needs special attention from an organization. This is reinforced by the ratification of Law Number 27 of 2022 on personal data security. The National Zakat Amil Institute (LAZNAS) Yayasan Dana Sosial al Falah (YDSF) as an institution with a legal entity and having data on more than 100,000 donors and partners, it also has an obligation to protect the personal data of donors and partners.  The focus of this research is to evaluate and audit information technology at the LAZNAS YDSF, especially regarding the security aspect of information technology. Evaluations and audits were carried out using the ISO 27001 framework as a standardization of information technology security at the international level. In this study, information technology audits were conducted using quantitative methods. The assessment was carried out on seven main clauses that are priorities for the LAZNAS YDSF based on management priorities: compliance clauses, risk management, policies, assets, physical and environmental management, access control, and incident management. Data were collected using a questionnaire distributed to all the LAZNAS YDSF managers and employees. Fifty-five respondents, ranging from management to staff, were involved in filling out the questionnaire, ranging from management to staff. Based on the recapitulation of answers from respondents, it was found that the risk management and access control clauses had good results, with scores of 2,727 and 2,796. The compliance and incident management clauses have scores of 2.381 and 2.53, respectively; therefore, improvement efforts need to be made. By evaluating and auditing information technology that refers to the ISO 27001 standard, it is hoped that LAZNAS YDSF can protect and maintain the confidentiality, integrity, and availability of information, and manage and control information security risks.

References

T. Rochmadi and Ike Yunia Pasa, “PENGUKURAN RISIKO DAN EVALUASI KEAMANAN INFORMASI MENGGUNAKAN INDEKS KEAMANAN INFORMASI DI BKD XYZ BERDASARKAN ISO 27001 / SNI,” Cyber Security dan Forensik Digital, vol. 4, no. 1, pp. 38–43, Jun. 2021, doi: 10.14421/csecurity.2021.4.1.2439.

M. Saleh, I. Yusuf, and H. Sujaini, “Penerapan Framework COBIT 2019 pada Audit Teknologi Informasi di Politeknik Sambas,” Jurnal Edukasi dan Penelitian Informatika (JEPIN), vol. 7, no. 2, 2021, doi: 10.26418/jp.v7i2.48228.

A. Saputra and Y. G. Sucahyo, “Rancangan Tata Kelola Organisasi Sistem Manajemen Keamanan Informasi Dinas Komunikasi dan Informatika Kabupaten Bekasi Organization Governance Design of Information Security Management System Bekasi Communications and Information Technology Agency,” 2018.

CSA Teddy Lesmana, E. Elis, and S. Hamimah, “Urgensi Undang-Undang Perlindungan Data Pribadi Dalam Menjamin Keamanan Data Pribadi Sebagai Pemenuhan Hak Atas Privasi Masyarakat Indonesia,” Jurnal Rechten : Riset Hukum dan Hak Asasi Manusia, vol. 3, no. 2, 2022, doi: 10.52005/rechten.v3i2.78.

D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss,” International Journal on Informatics Visualization, vol. 4, no. 4, 2020, doi: 10.30630/joiv.4.4.482.

P. Edo Rizky, Suprapto, and A. R. Perdanakusuma, “Evaluasi Tata Kelola Sistem Keamanan Teknologi Informasi Menggunakan Indeks KAMI dan ISO 27001: Studi Kasus KOMINFO Provinsi Jawa Timur,” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 2, no. 11, pp. 5911–5920, 2018, [Online]. Available: http://j-ptiik.ub.ac.id/index.php/j-ptiik/article/view/3465

S. Syafie, “Kesiapan Teknologi Informasi Perbankan hadapi Revolusi Industri era 4.0,” JATISI (Jurnal Teknik Informatika dan Sistem Informasi), vol. 9, no. 1, 2022, doi: 10.35957/jatisi.v9i1.1540.

“BSSN: Malware Trojan Dominasi Serangan Siber di 2020 -Tempo.co.”

P. Paradise, K. Kusrini, and A. Nasiri, “Audit Keamanan Aplikasi E-Cash Menggunakan Iso 27001,” Creative Information Technology Journal, vol. 5, no. 4, 2020, doi: 10.24076/citec.2018v5i4.209.

A. Meyliana, T. Tristiyanto, and R. Prabowo, “AUDIT KEAMANAN SISTEM INFORMASI DI DINAS XYZ PROVINSI LAMPUNG MENGGUNAKAN STANDAR ISO/IEC 27001:2013,” Jurnal Pepadun, vol. 1, no. 1, 2020, doi: 10.23960/pepadun.v1i1.16.

Monang Nixon Haposan Tampubolon, “Manajemen Risiko, Internal Kontrol, Tata Kelola Perusahaan dan Kinerja Keuangan BUMN dengan Maturity Level Departemen Audit Internal sebagai Pemoderasi,” Jurnal Riset Akuntansi & Perpajakan (JRAP), vol. 6, no. 02, 2019, doi: 10.35838/jrap.v6i02.1247.

Pitrawati and I. Agus, “Audit Sistem Informasi pada AMIK Dian Cipta Cendekia Bandar Lampung,” Jurnal Jupiter, vol. 10, no. Snati, pp. 83–92, 2018.

K. N. Cahyo, Martini, and E. Riana, “Perancangan Sistem Informasi Pengelolaan Kuesioner Pelatihan pada PT Brainmatics Cipta Informatika,” Journal of Information System Research (JOSH), vol. 1, no. 1, 2019.

F. Rosique, P. J. Navarro, C. Fernández, A. Padilla, “A systematic review of perception system and simulators for autonomous vehicles research,” Sensors (Switzerland), vol. 19, no. 3. 2019. doi: 10.3390/s19030648.

N. A. Chandra, K. Ramli, A. A. P. Ratna, and T. S. Gunawan, “Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools,” Risks, vol. 10, no. 8, 2022, doi: 10.3390/risks10080165.

R. Sheikhpour and N. Modiri, “An approach to map COBIT processes to ISO/IEC 27001 information security management controls,” International Journal of Security and its Applications, vol. 6, no. 2, 2012.

Downloads

Additional Files

Published

2024-02-15

Issue

Vol. 13 No. 1 (2024): MARET

Section

Articles

License

The copyright of the article that accepted for publication shall be assigned to Jurnal Sisfokom (Sistem Informasi dan Komputer) and LPPM ISB Atma Luhur as the publisher of the journal. Copyright includes the right to reproduce and deliver the article in all form and media, including reprints, photographs, microfilms, and any other similar reproductions, as well as translations.

Jurnal Sisfokom (Sistem Informasi dan Komputer), LPPM ISB Atma Luhur, and the Editors make every effort to ensure that no wrong or misleading data, opinions or statements be published in the journal. In any way, the contents of the articles and advertisements published in Jurnal Sisfokom (Sistem Informasi dan Komputer) are the sole and exclusive responsibility of their respective authors.

Jurnal Sisfokom (Sistem Informasi dan Komputer) has full publishing rights to the published articles. Authors are allowed to distribute articles that have been published by sharing the link or DOI of the article. Authors are allowed to use their articles for legal purposes deemed necessary without the written permission of the journal with the initial publication notification from the Jurnal Sisfokom (Sistem Informasi dan Komputer).

The Copyright Transfer Form can be downloaded [Copyright Transfer Form Jurnal Sisfokom (Sistem Informasi dan Komputer).

This agreement is to be signed by at least one of the authors who have obtained the assent of the co-author(s). After submission of this agreement signed by the corresponding author, changes of authorship or in the order of the authors listed will not be accepted. The copyright form should be signed originally, and send it to the Editorial in the form of scanned document to sisfokom@atmaluhur.ac.id.