Risk Assessment Maturity Level of Academic Information System Using ISO 27001 System Security Engineering-Capability Maturity Model

Abstract

Risk measurement from standard operating procedures implemented by an institution determines the level of maturity of a service system at that institution. The government's determination of the Tri Dharma of Higher Education consists of education and teaching, research, and community service. These activities must be implemented in the academic information system of every university in Indonesia. Appropriate and fast academic services depend on information technology and adequate and trained human resources (HR). Factors that influence information system security determine the stability of application services. The ISO/IEC 27001:2005 standard is an international benchmark for measuring the level of maturity and security risks of an application. Risk assessment in standard operating procedures in organizations can use the ISO/IEC 27001 standard. This research aims to determine the current level of Academic Information System (AIS) service by measuring maturity and security risks. Three clauses measure the maturity level of information security controls with the ISO 27001 System Security Engineering-Capability Maturity Model (SSE-CMM). These research respondents are educational work units at the Science and Technology Faculty in UIN Syarif Hidayatullah Jakarta. This research method uses quantitative research methods. This research results show the maturity level of information security in the academic information system based on three clauses as the embodiment of the stability of the academic administration activities services at the Science and Technology Faculty. The measurement results reveal that the average score of information security controls on AIS is 3.51, which means good or average standard processing has been carried out following procedures.