SOP of Information System Security on Koperasi Simpan Pinjam Using ISO/IEC 27002:2013

Authors

  • Myra Andriana Universitas Kristen Satya Wacana
  • Irwan Sembiring Universitas Kristen Satya Wacana
  • Kristoko Dwi Hartomo Universitas Kristen Satya Wacana

DOI:

https://doi.org/10.26623/transformatika.v18i1.2020

Keywords:

SOP (Standard Operational Procedure), Information System Security, ISO/IEC 27002, 2013, OCTAVE, FMEA

Abstract

Information security problems always increase every year. One way to minimize problems related to information system security is to establish an SOP. This study was conducted in koperasi simpan pinjam for several reasons that there has never been an assessment related to the level of security of the information system used, there are threatshave occured, and there do not have documented information system security procedures. The SOPs compiled in this study are based on the ISO/IEC 27002:2013 framework. The method used is qualitative with the OCTAVE framework to process the information obtained. Meanwhile, to calculate the value of each risk, FMEA is used. This study shows that 22% of the risks invloved in koperasi simpan pinjam have low categories, 59% medium categories and 19% high categories. The final result of the stiff research is the proposed 8 policies and 12 information system security procedures for koperasi simpan pinjam.

References

H. Government, 2015 Information Security Breaches Survey, Infosecurity, 2015.

F. Version et al., Internet Security Threat Report: Volume 23, Procedia Comput. Sci., 2018, doi: 10.1007/s10207-014-0262-9.

D. C. Islami, K. B. I.H, and C. Candiwan, Kesadaran Keamanan Informasi pada Pegawai Bank x di Bandung Indonesia, J. INKOM, 2016, doi: 10.14203/j.inkom.428.

C. Chazar, Standar Manajemen Keamanan Sistem Informasi Berbasi ISO/IEC 27001:2005, J. Inf., 2015.

D. Rachmawan, A. Pribadi, and E. Tyas D., Pembuatan Dokumen Sop Keamanan Aset Informasi Yang Mengacu Pada Kontrol Kerangka Kerja Iso 27002:2013 (Studi Kasus : Cv Cempaka Tulungagung), J. Tek. ITS, 2017, doi: 10.12962/j23373539.v6i1.21369.

C. Chazar and M. A. Ramdhani, Model Perencanaan Keamanan Sistem Informasi Menggunakan Pendekatan Metode Octave dan ISO 27001:2005, no. Selisik, 2016.

Rosmiati and I. Riadi, Analisis Keamanan Informasi Berdasarkan Kebutuhan Teknikal dan Operasional Mengkombinasikan Standar ISO 27001:2005 dengan Maturity Level ( Studi Kasus Kantor Biro Teknologi Informasi PT . XYZ ), pp. 6 7, 2016.

E. Kurniawan and I. Riadi, Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standard ISO/IEC 27002:2013 Menggunakan SSE-CMM, INTENSIF J. Ilm. Penelit. dan Penerapan Teknol. Sist. Inf., 2018, doi: 10.29407/intensif.v2i1.11830.

H. Afandi and A. Darmawan, Audit Keamanan Informasi Menggunakan ISO 27002 Pada Data Center PT. Gigipatra Multimedia, J. Teknol. Inf. Magister Darmajaya, 2015.

A. A. Putra et al., Perencanaan dan Implementasi Information Security Management System Menggunakan Framework ISO / IEC, vol. 4, no. 1, pp. 60 66, 2016.

M. Daisihara, Evaluasi Kinerja Sistem Informasi pada KSP Kopdit Mekar Sai Bandarlampung Menggunakan Framework COBIT 4.1, Universitas Kristen Satya Wacana, 2014.

C. Supriadi and Darmansyah, Penerapan Audit Sistem Informasi untuk Mengevaluasi Pengendalian Umum Pengelolaan Keamanan pada Sistem Informasi Koperasi Kredit Sehati, Universitas Esa Unggul, 2012.

Undang-Undang No. 20 Tahun 2008, Tentang: Usaha,Mikro,Kecil dan Menengah, Sekr. Negara. Jakarta, 2008.

P. Prasetya, A. F. Rochim, and I. P. Windasari, Desain dan Implementasi Standar Operasional Prosedur (SOP) Keamanan Sistem Informasi Fakultas Teknik Universitas Diponegoro Menggunakan Standar ISO 27001, J. Teknol. dan Sist. Komput., 2015, doi: 10.14710/jtsiskom.3.3.2015.387-392.

W. R. Wicaksana, T. D. Susanto, and A. Herdiyanti, Pembuatan Standar Operasional Prosedur (SOP) Manajemen Akses Untuk Aplikasi E-Performance Bina Program Kota Surabaya Berdasarkan Kerangka Kerja ITIL V3 Dan ISO 27002, Sisfo, 2016, doi: 10.24089/j.sisfo.2016.09.008.

R. Fauzi, Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO / IEC 27002, vol. 3, no. 2, pp. 145 156, 2018, doi: 10.31544/jtera.v3.i2.2018.145-156.

ISO/IEC 27002, International Standard ISO/IEC 27002 Information technology €” Security techniques €” Code of practice for information security controls, Iec, 2013.

Downloads

Published

2020-07-29

Issue

Vol. 18 No. 1 (2020): July 2020

Section

Artikel

License

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.

Creative Commons License
Transformatika is licensed under a  Creative Commons Attribution 4.0 International License.