SOP of Information System Security on Koperasi Simpan Pinjam Using ISO/IEC 27002:2013

Myra Andriana, Irwan Sembiring, Kristoko Dwi Hartomo

Abstract


Information security problems always increase every year. One way to minimize problems related to information system security is to establish an SOP. This study was conducted in koperasi simpan pinjam for several reasons that there has never been an assessment related to the level of security of the information system used, there are threatshave occured, and there do not have documented information system security procedures. The SOPs compiled in this study are based on the ISO/IEC 27002:2013 framework. The method used is qualitative with the OCTAVE framework to process the information obtained. Meanwhile, to calculate the value of each risk, FMEA is used. This study shows that 22% of the risks invloved in koperasi simpan pinjam have low categories, 59% medium categories and 19% high categories. The final result of the stiff research is the proposed 8 policies and 12 information system security procedures for koperasi simpan pinjam.


Keywords


SOP (Standard Operational Procedure), Information System Security, ISO/IEC 27002:2013, OCTAVE, FMEA

References


H. Government, 2015 Information Security Breaches Survey, Infosecurity, 2015.

F. Version et al., Internet Security Threat Report: Volume 23, Procedia Comput. Sci., 2018, doi: 10.1007/s10207-014-0262-9.

D. C. Islami, K. B. I.H, and C. Candiwan, Kesadaran Keamanan Informasi pada Pegawai Bank x di Bandung Indonesia, J. INKOM, 2016, doi: 10.14203/j.inkom.428.

C. Chazar, Standar Manajemen Keamanan Sistem Informasi Berbasi ISO/IEC 27001:2005, J. Inf., 2015.

D. Rachmawan, A. Pribadi, and E. Tyas D., Pembuatan Dokumen Sop Keamanan Aset Informasi Yang Mengacu Pada Kontrol Kerangka Kerja Iso 27002:2013 (Studi Kasus : Cv Cempaka Tulungagung), J. Tek. ITS, 2017, doi: 10.12962/j23373539.v6i1.21369.

C. Chazar and M. A. Ramdhani, Model Perencanaan Keamanan Sistem Informasi Menggunakan Pendekatan Metode Octave dan ISO 27001:2005, no. Selisik, 2016.

Rosmiati and I. Riadi, Analisis Keamanan Informasi Berdasarkan Kebutuhan Teknikal dan Operasional Mengkombinasikan Standar ISO 27001:2005 dengan Maturity Level ( Studi Kasus Kantor Biro Teknologi Informasi PT . XYZ ), pp. 6 7, 2016.

E. Kurniawan and I. Riadi, Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM, INTENSIF J. Ilm. Penelit. dan Penerapan Teknol. Sist. Inf., 2018, doi: 10.29407/intensif.v2i1.11830.

H. Afandi and A. Darmawan, Audit Keamanan Informasi Menggunakan ISO 27002 Pada Data Center PT. Gigipatra Multimedia, J. Teknol. Inf. Magister Darmajaya, 2015.

A. A. Putra et al., Perencanaan dan Implementasi Information Security Management System Menggunakan Framework ISO / IEC, vol. 4, no. 1, pp. 60 66, 2016.

M. Daisihara, Evaluasi Kinerja Sistem Informasi pada KSP Kopdit Mekar Sai Bandarlampung Menggunakan Framework COBIT 4.1, Universitas Kristen Satya Wacana, 2014.

C. Supriadi and Darmansyah, Penerapan Audit Sistem Informasi untuk Mengevaluasi Pengendalian Umum Pengelolaan Keamanan pada Sistem Informasi Koperasi Kredit Sehati, Universitas Esa Unggul, 2012.

Undang-Undang No. 20 Tahun 2008, Tentang: Usaha,Mikro,Kecil dan Menengah, Sekr. Negara. Jakarta, 2008.

P. Prasetya, A. F. Rochim, and I. P. Windasari, Desain dan Implementasi Standar Operasional Prosedur (SOP) Keamanan Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Standar ISO 27001, J. Teknol. dan Sist. Komput., 2015, doi: 10.14710/jtsiskom.3.3.2015.387-392.

W. R. Wicaksana, T. D. Susanto, and A. Herdiyanti, Pembuatan Standar Operasional Prosedur (SOP) Manajemen Akses Untuk Aplikasi E-Performance Bina Program Kota Surabaya Berdasarkan Kerangka Kerja ITIL V3 Dan ISO 27002, Sisfo, 2016, doi: 10.24089/j.sisfo.2016.09.008.

R. Fauzi, Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO / IEC 27002, vol. 3, no. 2, pp. 145 156, 2018, doi: 10.31544/jtera.v3.i2.2018.145-156.

ISO/IEC 27002, International Standard ISO/IEC 27002 Information technology €” Security techniques €” Code of practice for information security controls, Iec, 2013.




DOI: http://dx.doi.org/10.26623/transformatika.v18i1.2020

Refbacks

  • There are currently no refbacks.


| View My Stats |

Jurnal Transformatika : Journal Information Technology  by  Department of Information Technology, Faculty of Information Technology and Communication, Semarang University  is licensed under a  Creative Commons Attribution 4.0 International License.