Information Security Audit Analysis on Cloud Providers Using ISO/IEC 27017:2015 at PT.XYZ
Abstrak
Abstrak-Meningkatnya penggunaan cloud menyebabkan cloud service provider (CPS) untuk memiliki keamanan informasi yang tinggi. Karena kemudahan akses yang diberikan pada penyimpanan cloud sangatlah rentan karena semua data berada di internet. Saat ini pada studi kasus yaitu perusahaan swasta yang bergerak dibidang cloud service provider (CPS) tentulah memerlukan standar khusus untuk sistem keamanan cloud juga dalam mengambil keputusan baik data ataupun informasi yang ada, karena akan berdampak fatal bagi instansi/perusahaan. Saat ini studi kasus sudah memiliki standar keamanan, akan tetapi diperlukannya keamanan informasi dan regulasi baik pada pihak penyedia dan pengguna layanan cloud dengan dilakukannya analisis dan audit keamanan informasi pada cloud di PT.XYZ. Serta membuat hasil rekomendasi dari hasil evaluasi audit.
Kata Kunci-ISO 27017, Cloud Service Provider, Cloud Computing, CPS
Referensi
Facts & Factors, “Demand for Global Cloud Computing Market Size & Share to Surpass USD 1025.7 Bn by 2028, Exhibit a CAGR of 15.80% | Cloud Computing Industry Trends, Dynamics, Growth, Value, Analysis & Forecast Report by Facts & Factors,” 2022. [Online]. Available: https://www.globenewswire.com/en/news-release/2022/06/22/2467017/0/en/Demand-for-Global-Cloud-Computing-Market-Size-Share-to-Surpass-USD-1025-7-Bn-by-2028-Exhibit-a-CAGR-of-15-80-Cloud-Computing-Industry-Trends-Dynamics-Growth-Value-Analysis-Forecast.html
G. Research, “Indonesia Cloud Computing Market Share, Size, Growth & Industry Report, 2021-2028,” 2021, [Online]. Available: https://www.gmiresearch.com/report/indonesia-cloud-computing-market-share-size-growth-industry/#:~:text=Introduction of the Indonesia Cloud,period (2021-2028).
Mediana, “Pemanfaatan ”Cloud” Kian Marak, Layanan Diharapkan Semakin Baik,” 2022. https://www.kompas.id/baca/ekonomi/2022/02/16/pemanfaatan-cloud-kian-marak-layanan-diharapkan-semakin-baik?track_source=baca&track_medium=login-paywall&track_content=https%3A%2F%2Fwww.kompas.id%2Fbaca%2Fekonomi%2F2022%2F02%2F16%2Fpemanfaatan-cloud-kian-ma
W. a. Pauley, “Cloud Provider Transparency,” Security, vol. 8, no. December, pp. 32–39, 2010, [Online]. Available: http://ieeexplore.ieee.org/iel5/8013/5655229/05551112.pdf?arnumber=5551112
S. Majumdar et al., “Security compliance auditing of identity and access management in the cloud: Application to OpenStack,” Proceedings - IEEE 7th International Conference on Cloud Computing Technology and Science, CloudCom 2015, pp. 58–65, 2016, doi: 10.1109/CloudCom.2015.80.
C. di Giulio, R. Sprabery, C. Kamhoua, K. Kwiat, R. Campbell, and M. N. Bashir, “IT Security and Privacy Standards in Comparison: Improving FedRAMP Authorization for Cloud Service Providers,” Proceedings - 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, CCGRID 2017, pp. 1090–1099, 2017, doi: 10.1109/CCGRID.2017.137.
S. Manvi and G. K. Shyam, “Cloud Computing; Concepts and Technologies.”
IEEE, “IEEE Cloud Computing”.
C. Surianarayanan and P. R. Chelliah, Essentials of Cloud Computing: A Holistic Perspective. 2019.
Michael E. Whitman and H. J. Mattord, Management of Information Security, 3rd Edition. 2010.
I. Sarno, Riyanto ;iffano, Sistem Manajemen Keamanan Informasi. ITS Press, 2009.
“Information technology-Security techniques-Code of practice for information security controls based on ISO/IEC 27002 for cloud services.”
M. . Pol, Prakash;Paturkar, “Methods of Fit Gap Analysis in SAP ERP Projects,” 2011.
P. D. Syafitri, “Penilaian kualitas pengembangan sistem informasi pada perusahaan distributor,” IQRA`: Jurnal Ilmu Perpustakaan dan Informasi (e-Journal), vol. 10, no. 1, pp. 15–27, 2016, [Online]. Available: http://jurnal.uinsu.ac.id/index.php/iqra/article/view/124
C. Emeka Elue, CISA, “Effective Capability and Maturity Assessment Using COBIT 2019,” 2020. [Online]. Available: https://www.isaca.org/resources/news-and-trends/industry-news/2020/effective-capability-and-maturity-assessment-using-cobit-2019#4
CMMI, “CMMI Levels of Capability and Performance.” [Online]. Available: https://cmmiinstitute.com/learning/appraisals/levels
Sugiyono, Metode Penelitian Kuantitatif, Kualitatif, dan R&D. Bandung: Alfabeta, 2007.
Nana Syaodih Sukmadinata, Metode Penelitian Pendidikan. Bandung: PT Remaja Rosdakarya, 2017.
R. Mita, “Wawancara Sebuah Interaksi Komunikasi Dalam Penelitian Kualitatif,” Jurnal Ilmu Budaya, vol. 11, no. 2. pp. 71–79, 2015. [Online]. Available: https://media.neliti.com/media/publications/100164-ID-wawancara-sebuah-interaksi-komunikasi-da.pdf
A. Z. Maingak, “Asesmen Keamanan Informasi Menggunakan Standar ISO/IEC 27001:2013 Pada Institusi Pemerintah X”.
Luis Gorgona, “Building a Maturity Model for COBIT 2019 Based on CMMI,” vol. 6, pp. 2019–2021, 2021, [Online]. Available: https://www.isaca.org/resources/cobit