Audit Human Resources Security, Access Control, Dan Physical And Environmental Security Pada Sistem Informasi Pt. Taspen (Persero) Kcu Bandung Menggunakan Iso 27001

Authors

  • Vica Firlia Telkom University
  • Ilham Perdana Telkom University

Abstract

Abstrak Pada perkembangan teknologi komputasi dan komunikasi dewasa ini, sistem informasi perusahaan hampir dapat dikatakan sangat mengandalkan dukungan teknologi informasi (TI). PT TASPEN (Persero) sebagai salah satu perusahaan BUMN Indonesia merasakan hal yang sama akan pentingnya teknologi informasi. Untuk memastikan apakah sistem informasi telah dirancang dan diterapkan sesuai dengan prosedur dan standar yang telah diterapkan, perlu dilakukan audit terhadap sistem informasi. Audit juga dilakukan untuk memastikan apakah pengendalian yang telah ada sudah memadai sesuai ISO 27001: 2013. Jenis penelitian yang digunakan adalah deskriptif kualitatif. Tehnik pengumpulan data yang digunakan adalah wawancara, observasi, dan studi dokumentasi. Dan tehnik keabsahan menggunakan triangulasi tehnik. Setelah data di dapat, selanjutnya dilakukan analisis data dengan melakukan Gap Analysis. Dan untuk mengukur tingkat kematangan, penelitian ini menggunakan System Security Engineering Capability Maturity Model (SSECMM). Hasil penelitian ini menunjukkan bahwa tingkat kematangan klausul Human Resource Security mencapai level level 1 (Performed Informally), klausul Access Control mencapai level 2 (planned and tracked), sedangkan klausul Physical and Environmental Security sudah mencapai level 3 (well defined). Kata kunci: audit, keamanan sistem informasi, ISO 27001, maturity level Abstract In the development of computing and communication technology today, enterprise information system almost can be said to rely heavily on the support of information technology (IT). TASPEN PT (Persero) as one of the Indonesian state-owned companies feel the same way about the importance of information technology. To ascertain whether the information system has been designed and implemented in accordance with the procedures and standards that have been applied, there should be an audit of the information system. Audits are also conducted to ascertain whether existing controls are adequate according to ISO 27001: 2013. This type of research is descriptive qualitative. Data collection techniques used were interviews, observation, and study documentation. And the validity of using the technique of triangulation techniques. Once the data is in the can, then analyzed the data by conducting Gap Analysis. And to measure the level of maturity, this study uses the System Security Engineering Capability Maturity Model (SSECMM). Based on the research results, level of maturity clause Human Resource Security reached a level 1 (Performed Informally), clause Access Control reaches level 2 (planned and tracked), whereas clauses of Physical and Environmental Security has reached level 3 (well-defined). Keywords: audit, information systems security, ISO 27001, maturity level

Downloads

Published

2014-12-01

Issue

Vol. 1 No. 3 (2014): Desember, 2014

Section

Program Studi S1 Manajemen (Manajemen Bisnis Telekomunikasi & Informatika)