TATA KELOLA KEAMANAN INFORMASI LAYANAN TI MENGGUNAKAN FRAMEWORK ITIL V3 DOMAIN SERVICE DESIGN DI LINGKUNGAN SMKN 4 PADALARANG

  Information technology is now widely used for everyday purposes, ranging from administrative affairs of offices, hospitals to the service at the level of education. SMKN 4 Padalarang as an educational institution is expected to follow the development of information technology (IT) in order to support the process of learning and teaching activities and can build the quality of human resources. However, we still do not have an adequate IT governance and management until now. Especially which related to IT services and also faced with the limited problem of human resources where the field is not comparable with the number of IT service users, also the weak awareness of service users to the security factor. Implementation of Information Security Governance in educational institutions has an important role in the development and application of information technology (IT) they have. This research focuses on making Information Security Governance using ITIL V3 Domain Service Design framework so it can be a comprehensive procedure / policy and can be used in every educational institution especially in the plain of SMKN / SMA equal. The result of this design is Standard Operating Procedure (SOP) for IT services. We expect this research can help SMKN 4 Padalarang to improve its service capability and improve its security and role. Keywords: IT Services, ITIL V3, Service Design, Standard Operating Procedure. &nbsp

Information security service management : a service management approach to information security management

In today’s world, information and the associated Information Technology are critical assets for many organizations. Any information security breach, or compromise of these assets, can lead to serious implications for organizations that are heavily dependent on these assets. For such organizations, information security becomes vital. Organizations deploy an information security infrastructure for protecting their information assets. This infrastructure consists of policies and controls. Organizations also create an information security management system for managing information security in the organization. While some of the policies and controls are of a purely technical nature, many depend upon the actions of end-users. However, end-users are known to exhibit both compliant and noncompliant behaviours in respect of these information security policies and controls in the organization. Non-compliant information security behaviours of end-users have the potential to lead to information security breaches. Non-compliance thus needs to be controlled. The discipline of information security and its management have evolved over the years. However, the discipline has retained the technology-driven nature of its origin. In this context, the discipline has failed to adequately appreciate the role played by the end-users and the complexities of their behaviour, as it relates to information security policies and controls. The pervasive information security management philosophy is that of treating end-users as the enemy. Compliance is sought to be achieved through awareness programs, rewards, punishments and evermore strict policies and controls. This has led to a bureaucratic information security management approach. The philosophy of treating end-users as the enemy has had an adverse impact on information security in the organization. It can be said that rather than curbing non-compliance by end-users, the present-day bureaucratic approach to information security management has contributed to non-compliance. This thesis calls this the end-user crisis. This research aims at resolving this crisis by identifying an improved approach to information security management in the organization. This research has applied the service management approach to information security management. The resultant Information Security Service Management (ISSM) views end-users as assets and resources, and not as enemies. The central idea of ISSM is that the end-user is to be treated as a customer, whose needs are to be satisfied. This research presents ISSM. This research also presents the various components of ISSM to aid in its implementation in an organization