ANALISIS TINGKAT KEMATANGAN SISTEM MANAJEMEN KEAMANAN INFORMASI DIREKTORAT JENDERAL PERBENDAHARAAN DIUKUR DENGAN MENGGUNAKAN INDEKS KEAMANAN INFORMASI (STUDI KASUS: APLIKASI SPAN)
DOI:
https://doi.org/10.31092/jia.v4i4.46Keywords:
information security management system, information security maturity levelAbstract
Implementation of Information Security Management System (ISMS) is one of the internal control measures to minimize risk and information security threats such as information leakage, application malfunction, loss of data, and low performance of IT networks. Several incidents related to information security have already occurred in the implementation of Treasury System and the State Budget (SPAN) within the Directorate General of Treasury. Therefore, Directorat General of Treasury has made efforts to implement information security in accordance with Ministry of Finance Decree No. 479 / KMK.01 / 2010 on Policy and Management System Standards Information security. In this study, Index KAMI which was published by the Directorate of Information Security, Ministry of Communication and Information has been used to evaluate the maturity level of SPAN's information security. Six key areas examined in this study are the role and the importance of ICT, information security governance, risk management, information security, information security management framework, management of information assets, technology of information security. The results showed that the maturity level of SPAN implementation is still at Level II (basic framework implementation). Of the six key areas analyzed, information security technology scored the highest (83%). However, risk management still shows low score that need special attention from the Directorate General of Treasury.
References
Afrianto, Irawan, Taryana Suryana, dan Sufa'atin. 2015. Pengukuran dan Evaluasi Keamanan Informasi Menggunakan Indeks KAMI – SNI ISO/IEC 27001:2009 - Studi Kasus Perguruan Tinggi X. Bandung: Universitas Komputer Indonesia.
Agustian, Fajrin. 2011. Kajian Tingkat Kematangan Sistem Manajemen Keamanan Informasi menggunakan Indeks KAMI (Studi Kasus: Kantor Pusat Direktorat Jenderal Pajak). Tangerang Selatan: Sekolah Tinggi Akuntansi Negara.
Badan Standardisasi Nasional. 2009. SNI ISO/IEC 27001:2009 Teknologi Informasi – Teknik Keamanan – Sistem Manajemen Keamanan Informasi – Persyaratan. Jakarta: Badan Standardisasi Nasional – BSN
Committee on National Security Systems: National Information Assurance (IA) Glossary, CNSS Instruction No. 4009, 26 April 2010. Direktorat Transformasi Perbendaharaan. 2013. Modul SPAN-SAKTI. Jakarta: Direktorat Jenderal Perbendaharaan.
Direktorat Transformasi Perbendaharaan. 2013. Slide Overview SPAN. Jakarta: Direktorat Jenderal Perbendaharaan.
ISO/IEC 27000:2009 (E). (2009). Information technology - Security techniques - Information security management systems - Overview and vocabulary. ISO/IEC.
ISO/IEC FIDIS 27005:2008. Information technology - Security techniques-Information security risk management. ISO/IEC.
Kementerian Komunikasi dan Informatika. 2011. Panduan Penerapan Tata Kelola Keamanan Informasi bagi Penyelenggara Pelayanan Publik. Jakarta: Direktorat Keamanan Informasi Direktorat Jenderal Aplikasi dan Informatika Informasi Kementerian Komunikasi dan Informatika.
Kurniawan, Fanny Wahyu. 2015. Pengukuran Indeks Keamanan Sistem Informasi Berdasarkan Standar ISO 27001 (Studi Kasus Instansi Badan Nasional Penempatan dan Perlindungan Tenaga Kerja Indonesia). Jakarta: Universitas Mercu Buana.
McLeod, Raymond Jr. dan George Schell. 2008. Sistem Informasi Manajemen, Jakarta: Indeks.
Soenardi, Iqbal dan M. Ichsan. 2013. Analisis Kematangan Sistem Manajemen Keamanan Informasi Badan Pendidikan dan Pelatihan Keuangan Diukur Menggunakan Indeks Keamanan Informasi. Jakarta: Badan Pendidikan dan Pelatihan Keuangan.
The Open Group. 2011. Open Book Standard - Open Information Security Management Maturity Model ( O - ISM3). United Kingdom: The Open Group.
Websites dan Sumber Lainnya
Direktorat Jenderal Perbendaharaan. Sejarah Direktorat Jenderal Perbendaharaan. http://www.djpbn.kemenkeu.go.id/portal/id/profil/profil-organisasi/sejarah.html (diakses 11 November 2015).
Direktorat Jenderal Perbendaharaan. Visi dan Misi Direktorat Jenderal Perbendaharaan. http://www.djpbn.kemenkeu.go.id/portal/id/profil/profil-organisasi/visi-misi.html (diakses 11 November 2015).
ISACA. (2008). Glossary of terms, 2008. Retrieved from http://www.isaca.org/Knowledge-Center/Documents/Glossary/glossary.pdf (diakses 6 November 2015).
Sistem Perbendaharaan dan Anggaran Negara. Project Management SPAN .http://www.span.kemenkeu.go.id/content/single-span-project-management (diakses 7 November 2015).
Sistem Perbendaharaan dan Anggaran Negara. Sejarah SPAN. http://www.span.kemenkeu.go.id/content/span-template-artikel (diakses 7 November 2015).
Sistem Perbendaharaan dan Anggaran Negara. Teknologi SPAN. http://www.span.kemenkeu.go.id/content/single-it-aplikasi (diakses 7 November 2015).
Perrin, Chad. 2008. The CIA Triad. 30 Juni 2008. http://www.techrepublic.com/blog/it-security/the-cia-triad/ (diakses 6 November 2015).
Peraturan Perundang-undangan
Kementerian Keuangan Republik Indonesia. 2014. Peraturan Menteri Keuangan Nomor 206/PMK.01/2014 Tahun 2014 tentang Organisasi dan Tata Kerja Kementerian Keuangan.
Kementerian Keuangan Republik Indonesia. 2010. Keputusan Menteri Keuangan Nomor 479/KMK.01/2010 Tahun 2010 tentang Kebijakan dan Standar Sistem Manajemen Keamanan Informasi di Lingkungan Kementerian.
Kementerian Keuangan Republik Indonesia. 2009. Keputusan Menteri Keuangan Nomor 72/KMK.05/2009 Tahun 2009 tentang Program Reformasi Penganggaran dan Perbendaharaan Negara.
Kementerian Keuangan Republik Indonesia. 2009. Keputusan Menteri Keuangan Nomor 512/KMK.01/2009 Tahun 2009 tentang Kebijakan dan Standar Penggunaan Akun dan Kata Sandi, Surat Elektronik, dan Internet di Lingkungan Departemen Keuangan.
Kementerian Keuangan Republik Indonesia. 2008. Keputusan Menteri Keuangan Nomor 276/KMK.05/2008 Tahun 2008 tentang Program Reformasi Sistem Perbendaharaan dan Anggaran Negara.
Downloads
Issue
Section
License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a CC BY-SA Creative Commons Attribution-ShareAlike 4.0 International License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.