Browse By Repository


Maturity Framework Analysis ISO 27001:2013 on Indonesian Higher Education


IGN, Mantra and Aedah, Abd Rahman and Hoga, Saragih (2020) Maturity Framework Analysis ISO 27001:2013 on Indonesian Higher Education. International Journal of Engineering & Technology, 9 (2). pp. 429-436. ISSN 2289-4152

[img] Text
document.pdf

Download (356kB)

Abstract

threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.

Item Type: Journal
Uncontrolled Keywords: Information Security Management System; Information Security Maturity; ISO 27001:2013
Subjects: T Technology > T Technology (General)
Depositing User: Aida Rashidah Maajis
Date Deposited: 28 Dec 2020 03:30
Last Modified: 02 Apr 2021 01:30
URI: http://ur.aeu.edu.my/id/eprint/818

Actions (login required)

View Item View Item