Analisis Tingkat Keamanan Informasi : Studi Komparasi Framwork COBIT 5 subdomain manage security services (DSS05) dan NIST SP 800 – 55

eko hanoyo

Abstract


Information technology is a very important part of the organization. IT is expected to provide a good profit for the company. However, as technology evolves, it is often exploited by some irresponsible parties that can lead to the emergence of threats and risks from the use of technology. The organization needs to measure the level of information security to identify the system's weaknesses and threats to the organization. Standards for measuring information security are COBIT 5 subdomain manage security services (DSS05) and NIST SP 800-55 revision 1. This study is comparing the two standards. Comparative analysis uses qualitative analysis based on three aspects in information security that are confidentiality, integrity, and availability. Based on the analysis result obtained the advantages and disadvantages of each standard.

Keywords


Threat, COBIT 5, Security, NIST, Information Technology.

References


R. Umar, I. Riadi, and E. Handoyo, “Analisis Tata Kelola Teknologi Informasi Menggunakan Framework COBIT 5 Pada Domain Delivery, Service, And Support (DSS),” in Seminar Nasional Teknologi Informasi dan Komunikasi - SEMANTIKOM 2017, 2017, pp. 41–48.

L. F. Fathoni et al., “Application Information System Based Health Services Android,” vol. 2, no. 1, pp. 39–48, 2016.

E. Kurniawan and I. Riadi, “Analisis Tingkat Keamanan Sistem Informasi Akademik Berdasarkan Standar ISO 27002 : 2013 Menggunakan SSE-CMM,” vol. 2, no. 1, pp. 12–23, 2018.

Rosmiati, I. Riadi, and Y. Prayudi, “A Maturity Level Framework for Measurement of Information Security Performance Imam Riadi,” Int. J. Comput. Appl., vol. 141, no. 8, pp. 975–8887, 2016.

E. Kurniawan and I. Riadi, “Security level analysis of academic information systems based on standard ISO 27002:2003 using SSE-CMM,” Int. J. Comput. Sci. Inf. Secur., vol. 16, no. 1, pp. 139–147, 2018.

S. I. Farida and E. Rahajeng, Usulan Model Tata Kelola Teknologi Informasi Pada Domain Monitor , Evaluate And Assess Dengan Metode Framework COBIT 5, vol. 7, no. 2. 2014.

N. Hermaduanti and I. Riadi, “Automation framework for rogue access point mitigation in ieee 802.1X-based WLAN,” J. Theor. Appl. Inf. Technol., vol. 93, no. 2, pp. 287–296, 2016.

L. Raichel et al., “International Standard ISO / IEC,” 2005.

I. Riadi, “Analisis keamanan informasi berdasarkan kebutuhan teknikal dan operasional mengkombinasikan standar iso 27001 : 2005 dengan maturity level ( Studi Kasus Kantor Biro Teknologi Informasi PT . XYZ ),” Semin. Nas. Teknol. Inf. Dan Multimed. 2016, vol. 6, no. 6, pp. 6–7, 2016.

H. Elachgar, B. Boulafdour, M. Makoudi, and B. Regragui, “Information security, 4TH wave,” J. Theor. Appl. Inf. Technol., vol. 43, no. 1, pp. 1–7, 2012.

Asriyanik and M. Hendayun, “Tata Kelola Teknologi Informasi pada Perguruan Tinggi Menggunakan Control Objective for Information & Related Technology ( COBIT ) 5,” vol. 3, no. April, pp. 206–216, 2017.

N. Sasongko, “Pengujian Keamanan Transaksi Cloud Computing pada Layanan Software as a Services ( SaaS ) Menggunakan Kerangka Kerja NIST SP800-53A,” Semin. Nas. Apl. Teknol. Inf., vol. 2011, no. Snati, pp. 134–139, 2011.

Isaca, A Business Framework for the Governance and Management of Enterprise IT. 2013.

N. D. Setyaningrum and A. Kusyanti, “Evaluasi Manajemen Risiko Teknologi Informasi Menggunakan Framework COBIT 5 ( Studi Kasus : PT . Kimia Farma ( Persero ) Tbk – Plant Watudakon ),” vol. 2, no. 1, pp. 143–152, 2018.

D. Firmansyah, “Pengukuran Kapabilitas Pengelolaan Sistem Informasi Sub Domain Deliver , Service , Support 01 Menggunakan Framework Cobit 5 Studi Kasus : Politeknik Komputer Niaga LPKIA Bandung,” Konf. Nas. Sist. Inform. 2015, pp. 689–695, 2015.

F. Mahardika, “Manajemen Risiko Keamanan Informasi Menggunakan Framework NIST SP 800-30 Revisi 1 (Studi Kasus: STMIK Sumedang),” J. Inform. J. Pengemb. IT, vol. 2, no. 2, pp. 1–8, 2017.

A. Brown and W. Robinson, “Security Metrics Guide for Information Technology Systems,” vol. 1, 2015.

E. Chew, M. Swanson, K. Stine, N. Bartol, A. Brown, and W. Robinson, “Performance M easurement Guide for Information Security,” no. July, 2008.

J. Task and F. Transformation, “Security and Privacy Controls for Federal Information Systems and Organizations Security and Privacy Controls for Federal Information Systems and Organizations.”

I. S. O. Dan, J. Ring, T. Pad, and K. Kun, “Menajemen informasi : studi komparasi,” vol. 2013, no. Sentika, 2013.


Full Text: PDF

Refbacks

  • There are currently no refbacks.


Jumlah Pengunjung :

Web
Analytics

View My Stats