Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution

Authors

  • Akmal Zaifullah Maingak Faculty of Economics and Business, Universitas Telkom
  • Candiwan Candiwan Faculty of Economics and Business, Universitas Telkom
  • Listyo Dwi Harsono Faculty of Economics and Business, Universitas Telkom

DOI:

https://doi.org/10.23969/trikonomika.v17i1.1138

Keywords:

ISO/IEC 27001: 2013, information security, CMMI, assessment

Abstract

The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.

Downloads

Download data is not yet available.

Downloads

Published

2018-06-18

Issue

Vol. 17 No. 1 (2018): June Edition

Section

Articles