ANALISIS DAN PENERAPAN MANAJEMEN RISIKO APLIKASI PEMANTAUAN SERTA SISTEM MANAJEMEN KEAMANAN INFORMASI MENGGUNAKAN

In the success of the Electronic-Based Government System and Information Security Management System (SMKI), the West Java KPID must participate in it. West Java KPID has a monitoring application that functions to process recorded data and produce findings of violations of broadcast content in television broadcasts. In the monitoring application, there are national TV broadcasts that have networked main stations and local TV broadcasts. The monitoring application can only monitor television because there is a TV tuner that can make a computer capable of processing television signals and then recording them into and into the database and recording 24 hours of television viewing. Given the importance of information and the high risk of interference, the West Java KPID needs to carry out information security governance activities in the environment, especially in monitoring applications because there is data recording the contents of television broadcasts. There are frequent bugs and crashes in monitoring applications due to loss of voltage and not having a temporary power supply. The need for LAN network security to minimize the threat of attacks on monitoring applications. Risk assessment is needed to maintain the aspects of Confidentiality, Integrity, and availability and develop controls to minimize threats. This study carries out risk management monitoring applications using SNI ISO/IEC 27005: 2013 and carries out risk assessment controls based on SNI ISO/IEC 27001: 2013. The steps taken are identification of information assets, threats, vulnerabilities, risks, impacts and clause mapping based on risk assessment. Then do a maturity level analysis, gap analysis, recommendation of control objectives and information security. So that this study resulted in a risk assessment, proposed mapping of control and control objectives based on SNI ISO/IEC 27001: 2013, the level of maturity of information security, findings and recommendations

ANALISIS KEAMANAN INFORMASI SISTEM INFORMASI TERINTEGRASI IGRACIAS UNIVERSITAS TELKOM MENGGUNAKAN FRAMEWORK DAMA DMBOK

Telkom University merupakan institusi perguruan tinggi hasil dari merger 4 (empat) institusi yang berada dibawah naungan Yayasan Pendidikan Telkom (YPT), yaitu IT Telkom, IM Telkom, Politeknik Telkom dan STISI Telkom. Implementasi dari konsep merger ini tentu akan membuat suatu perubahan dinamika lingkungan dalam organisasi dan perkembangan teknologi. Proses merger dari lembaga-lembaga pada akhirnya mendorong pembangunan informasi akademik sistem yang dikenal IGracias (Sistem Informasi Akademik Terpadu). Pemanfaatan sistem informasi yang terintegrasi secara tidak langsung mengalami masalah baik dari pengelolaan informasi atau dari keamanan informasi itu sendiri, termasuk meliputi informasi yang dihasilkan. Proses manajemen keamanan informasi akan menentukan respon dari manajemen untuk melihat bahwa informasi ini merupakan aset yang tak ternilai jika tidak dikelola dengan baik.Penelitian ini  dilakukan untuk menganalisa keamanan sistem informasi terintegrasi IGracias dengan objek sistem informasi akademik di lingkungan Universitas Telkom  dengan mengacu pada standar framework DAMA DMBOK pada sub kajian  Data Security Management.Dari hasil analisa keamanan informasi diperoleh  suatu kesimpulan bahwa sistem informasi terintegrasi IGracias dengan objek sistem informasi akademik belum menerapkan keamanan formasi sehingga masih memiliki beberapa lubang keamanan, sehingga dari hasil penulisan jurnal ini  dibuat kebijakan keamanan informasi yang  disesuaikan dengan kebutuhan sistem informasi terintegrasi IGracias dengan objek sistem informasi akademik

The integrated academic information system support for education 3.0 in higher education institution: lecturer perspective

Education 3.0 has been implemented in many higher education institutions (HEIs). Education 3.0 has been directed the institution toward better educational experience. But on the other hands, the implementation of Education 3.0 also caused some problems. Previous research has found administrative problem experienced by the lecturer. This research explores deeper from the lecturer and suggested the solution from lecturer perspective, combined with information technology capabilities owned by the HEIs. The research used a case study as the method and conducted a qualitative research with a semi-structured interview. The interview analysis has found that the increase of the administrative processes is caused by online and offline administrative activities. The online activities are from e-learning and the offline activities are from traditional learning (face-to-face). The administrative processes also involved the academic information system (AIS). Simplified all of the administrative processes are more preferred. To overcome the problems, integrating the AIS and e-learning become necessary. This research suggests transforming the existing AIS into an integrated AIS and hopes the solution can simplify the administration process

Tata Kelola Pada Perguruan Tinggi Menggunakan Control Objective for Information & Related Technology (COBIT) 5

A College needs a good governance in implementation of information technology, especially which related with information security because information is an important asset. Framework which can be used for the preparation of information security governance is COBIT 5 from ISACA. The first step to start the preparation of the governance using COBIT is mapping between the goal of college with enterprise goals (EG), IT Related Goals and domain process COBIT 5. From 15 colleges that have been accredited in West Java (15 Januari 2015), produced 13 EG related for college accreditation A, B and 10 for college accreditation EG C. For a sample in process capability assessment of information security governance, we used Universitas Muhammadiyah Sukabumi (UMMI) as the research object, which is an accredited college C, and EG focused on optimization of business process functionality associated with the alignment of IT goals of IT and business strategy, and 10 processes, i.e EDM01, EDM01, APO01, APO02, APO03, APO05, APO07, APO08, BAI01, BAI02. From the results obtained capability assessment process UMMI value of 7 is on level 0, ie the value of the attribute <15-50% and 3 process closer to fulfillment level 1, ie the interval> 50-85%. Gap analysis results, it turns out that making such UMMI lack of work products (evidence / result) of activities of governance processes deemed to have been executed. To meet the achievement level, it is recommended to perform compliance on each best practice and work products, and can be initiated by creating a guide to information security