Akmal Zaifullah Maingak, C. Candiwan, Listyo Dwi Harsono
{"title":"基于ISO/IEC 27001:2013标准的政府机构信息安全评估","authors":"Akmal Zaifullah Maingak, C. Candiwan, Listyo Dwi Harsono","doi":"10.23969/trikonomika.v17i1.1138","DOIUrl":null,"url":null,"abstract":"The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.","PeriodicalId":31920,"journal":{"name":"Trikonomika","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2018-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution\",\"authors\":\"Akmal Zaifullah Maingak, C. Candiwan, Listyo Dwi Harsono\",\"doi\":\"10.23969/trikonomika.v17i1.1138\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.\",\"PeriodicalId\":31920,\"journal\":{\"name\":\"Trikonomika\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Trikonomika\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23969/trikonomika.v17i1.1138\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Trikonomika","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23969/trikonomika.v17i1.1138","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
摘要
本研究的目的是确定X政府机构在获得ISO/IEC 27001:2013认证方面存在的差距,并确定其信息系统的成熟度。X政府机构的信息系统将根据ISO/IEC 27001: 2013中包含的14个条款进行评估。使用的方法是定性方法,数据收集和数据验证与三角测量技术(访谈,观察和文件)。数据分析采用差距分析,并采用CMMI (Capability maturity Model for Integration)来度量本研究的成熟度水平。研究结果显示,X政府机构所应用的资讯保安水平为一级(初步),这表示有证据显示该机构意识到需要克服的问题,过程不标准化,并倾向于个别或个案处理问题。
Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution
The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
