Analisis Resiko Keamanan Informasi Website Repository Digital Library Menggunakan Framework ISO/IEC 27001 & 27002: Studi Kasus Perguruan tinggi X
DOI:
https://doi.org/10.59653/jimat.v2i01.500Keywords:
ISO/IEC 27001, ISO/IEC 27002, Repository Digital Library, Information Security, Risk AnalysisAbstract
The continuous evolution of digital repositories in the era of globalization, especially in context of higher education digital libraries, poses security risks that raise concerns among users. Existence of sensitive user data that requires protection by universities adds to this concern. This research aims to conduct comprehensive analysis of information security risks associated with digital library repository websites. This research seeks to identify potential vulnerabilities, threats that could compromise the confidentiality, integrity and availability of digital assets stored in repositories. Through detailed risk analysis, this research provides actionable insights and recommendations to improve the information security posture of digital libraries using the ISO/IEC 27001 and 27002 IT governance framework specifically tailored to information security standards. This research uses a literature review and interviews with responsible parties at the University of X's digital library repository. Findings show that the use of tools such as Acunetix helps identify vulnerabilities in web repositories. Risk mitigation in digital library web repositories involves the application of ISO/IEC 27001, 27002 standards, which results in specific risk mitigation actions. For example, universities should create policies to monitor information technology assets, ensuring regular monitoring to protect technology assets. In addition, for Database Management System (DBMS) management (e.g., MySQL, PostgreSQL, Oracle, Ms SQL Server), colleges must facilitate easy access and storage of information. By implementing the recommendations obtained from this research, higher education institutions can ensure safe environment for users accessing digital library web repositories, thereby reducing concerns about the security of their information.
Downloads
References
Ahdi Anshori, F., & Reza Perdanakusuma, A. (2019). Perencanaan Keamanan Informasi Berdasarkan Analisis Risiko Teknologi Informasi Menggunakan Metode OCTAVE dan ISO 27001 (Studi Kasus Bidang IT Kepolisian Daerah Banten) (Vol. 3, Issue 2). http://j-ptiik.ub.ac.id
Candiwan, C., & Priyadi, Y. (n.d.). Analysis of Information Security Audit Using at IT Division-X Company, In Bandung, Indonesia. https://doi.org/10.13140/RG.2.1.1483.3044
David Purba, A., Ketut, I., Purnawan, A., Agus, P., & Pratama, E. (2018). Audit Keamanan TI Menggunakan Standar ISO/IEC 27002 dengan COBIT 5. MERPATI, 6(DESEMBER).
Fadilla, I., Sartika1, N., & Bisma2, R. (n.d.). Perancangan Sistem Informasi Manajemen Risiko berdasarkan ISO 27001:2013 (Sistem Manajemen Keamanan Informasi). JEISBI, 02, 2021.
Firdani, A., & Reza Perdanakusuma, A. (2019). Perencanaan Pengelolaan Keamanan Informasi Berbasis ISO 27001 menggunakan Indeks KAMI Studi Kasus: Dinas Komunikasi dan Informatika Kabupaten Rembang (Vol. 3, Issue 6). http://j-ptiik.ub.ac.id
Hermawan, W. (2019). Perancangan Manajemen Risiko Keamanan Informasi pada Penyelenggara Sertifikasi Elektronik (PSrE). Jurnal Telekomunikasi Dan Komputer, 9(2), 129. https://doi.org/10.22441/incomtech.v9i2.6474
Risqi, A., & Nasution, S. (2021). Identifikasi Permasalahan Penelitian. In ALACRITY : Journal Of Education (Vol. 1, Issue 2). http://lpppipublishing.com/index.php/alacrity
Sari, M. K., Saintika, Y., & Prabowo, W. A. (2022). Penyusunan Manajemen Risiko Keamanan Informasi Dengan Standar ISO 27001 Studi Kasus Institut Teknologi Telkom Purwokerto. Jurnal Sistem Dan Teknologi Informasi (JustIN), 10(4), 423. https://doi.org/10.26418/justin.v10i4.48977
Ala, A. I. (2023). Penerapan IT Security Awareness Standar Keamanan ISO 27001 Di BPJS Ketenagakerjaan Kantor Cabang Purwakarta. Jurnal Media Infotama, 19(1), 103–110.
Arifky Nanda Prasetya. (2019). SISTEM REKOMENDASI PENILAIAN RISIKO KEAMANAN INFORMASI INFRASTRUKTUR TI DENGAN METODE RULE BASED REASONING DAN ISO27002:2013. https://repository.uin-suska.ac.id/19925/
Disterer, G. (2023). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Jurnal Ilmiah Ekonomi Manajemen Akuntansi Dan Bisnis, 2(1), 119–125.
Mahersmi, B. L., Muqtadiroh, F. A., & Hidayanto, B. C. (2016). ANALISIS RISIKO KEAMANAN INFORMASI DENGAN MENGGUNAKAN METODE OCTAVE DAN KONTROL ISO 27001 PADA DISHUBKOMINFO KABUPATEN TULUNGAGUNG. Seminar Nasional Sistem Informasi Indonesia.
Putra, A. A., Nurhayati, O. D., & Windasari, I. P. (2016). Perencanaan dan implementasi information security management system menggunakan framework ISO/IEC 20071. Jurnal Teknologi Dan Sistem Komputer, 4(1).
Soesanto, E., Kurniasih, F., Mutiara, P., & Afifi, S. T. (2023). Sistem manajemen keamanan informasi dengan standar ISO/IEC 27001 dan ISO/ICE 27002 pada PT Jasa Marga. Jurnal Ilmiah Ekonomi Manajemen Akuntansi Dan Bisnis, 1(4), 169–179. https://jurnal.arkainstitute.co.id/index.php/co-creation/index
Wicaksono, B. B., & Papilaya, F. S. (2018). EVALUASI KEAMANAN INFORMASI BERDASARKAN ISO/IEC 27002: 2013 INFORMATION SECURITY MANAGEMENT SYSTEM (STUDI KASUS PERUSAHAAN XYZ). Jurnal Teknologi Informasi, 1–24.
Putra, IMM, & Mutijarsa, K (2021). Designing information security risk management on bali regional police command center based on ISO 27005. 2021 3rd East Indonesia Conference …, ieeexplore.ieee.org, <https://ieeexplore.ieee.org/abstract/document/9431865/>
Sukmaji, M, Yasirandi, R, & ... (2021). Information security policy and SOP as the access control document of PT. Jui Shin Indonesia Using ISO/IEC 27002: 2013. Jurnal Pilar Nusa …, ejournal.nusamandiri.ac.id, <https://ejournal.nusamandiri.ac.id/index.php/pilar/article/view/2282>
Soesanto, E, Kurniasih, F, Mutiara, P, & ... (2023). Sistem manajemen keamanan informasi dengan standar ISO/IEC 27001 dan ISO/ICE 27002 pada PT Jasa Marga. Co-Creation: Jurnal …, jurnal.arkainstitute.co.id, <https://jurnal.arkainstitute.co.id/index.php/co-creation/article/view/700>
Fahrurozi, M, Tarigan, SA, Tanjung, MA, & ... (2020). The Use of ISO/IEC 27005: 2018 for Strengthening Information Security Management (A Case Study at Data and Information Center of Ministry of Defence). 2020 12th …, ieeexplore.ieee.org, <https://ieeexplore.ieee.org/abstract/document/9271748/>
Sihwi, SW, Andriyanto, F, & ... (2016). An expert system for risk assessment of information system security based on ISO 27002. 2016 IEEE International …, ieeexplore.ieee.org, <https://ieeexplore.ieee.org/abstract/document/7802992/>
Febrianto, F, & Sensuse, DI (2017). Evaluasi keamanan informasi menggunakan ISO/IEC 27002: studi kasus pada Stimik Tunas Bangsa Banjarnegara. Jurnal Ilmiah Infokam, amikjtc.com, <http://amikjtc.com/jurnal/index.php/jurnal/article/view/127>
Sejati, DP Audit Security Information on Parts of Multimedia New Based on Standards Iso 27002: 2005 in Radio of the Republic of Indonesia Surabaya. neliti.com, <https://www.neliti.com/publications/448845/audit-security-information-on-parts-of-multimedia-new-based-on-standards-iso-270>
Nancylia, M, Mudjtabar, EK, Sutikno, S, & ... (2014). The measurement design of information security management system. 2014 8th …, ieeexplore.ieee.org, <https://ieeexplore.ieee.org/abstract/document/7065914/>
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Aulia Faradilla Setyowardhani, Ida Nurlela, Jenyta Primaranti, Valerian Ghrandiaz, Yulhendri
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-ShareAlike that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).