A Maturity Level Framework for Measurement of Information Security Performance

Print
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2016
Authors:
Rosmiati, Imam Riadi, Yudi Prayudi
10.5120/ijca2016907930

Imam Riadi Rosmiati and Yudi Prayudi. A Maturity Level Framework for Measurement of Information Security Performance. International Journal of Computer Applications 141(8):1-6, May 2016. BibTeX

@article{10.5120/ijca2016907930,
	author = {Rosmiati, Imam Riadi and Yudi Prayudi},
	title = {A Maturity Level Framework for Measurement of Information Security Performance},
	journal = {International Journal of Computer Applications},
	issue_date = {May 2016},
	volume = {141},
	number = {8},
	month = {May},
	year = {2016},
	issn = {0975-8887},
	pages = {1-6},
	numpages = {6},
	url = {http://www.ijcaonline.org/archives/volume141/number8/24801-2016907930},
	doi = {10.5120/ijca2016907930},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

Information is one of the most important assets of the company. With the development of information technology is very rapid, the possibility of ever increasing information security disorder. This research was conducted to find out the level of information security in organization to give recommendations improvements in information security management at the company. This research uses the ISO 27001 by involving the entire clause that exists in ISO 27001 checklist. The source of the data used in this study was a detailed questionnaire and interview. The respondents in this study are all the employees are in the Office of the Bureau of information technology as many as 14 peoples. The results showed maturity level of information security in the Office of the Bureau of information technology is at level 2. The value of the gap between the value of the maturity level of the current and expected level of maturity value is 2.79. Recommendations for improvement are given requires an understanding of the company and also required coordination with the internal company.

References

  1. Herison Surbakti,”Cobit 4.1 A maturity Level Framework for Measurement of Information System Performance (Case Study : Academic Bureau at Universitas Respati Yogyakarta)”, International Journal of Engineering Research & Technology (IJERT), Vol. 3, Agustus 2014, ISSN:2278-0181, pp 999 – 1004.
  2. Surni Erniwati and Nina Kurnia Hikmawati, “An Analysis of Information Technology on Data Processing by using Cobit Framework”, (IJACSA) Intermasional Journal of Advanced Computer Science and Application, Vol. 6 No. 9 2015, pp 151 – 157.
  3. S. Faris, H. Medromi, S. El Hasnaouni, H. Iguer and A. Sayouti, “Towards an Effective Information Security Risk Management of Universities Information Systems Using Multi Agent System, Itil, Iso 27002, Iso 27005”, (IJACSA) Intermasional Journal of Advanced Computer Science and Application, Vol. 5 No. 6 2014, pp 114 – 118.
  4. Riyanarto Sarno and Irsyat Iffano, “Information Security Manajemen Syytem”, Surabaya: ITSPress 2009 (in Indonesian Language).
  5. Varun Arora, “Comparing Different Information Security Standarts : COBIT vs ISO 27001, Carnegie Mellon University, Qatar.
  6. Ermana, F. H., Tanuwijaya Mastan, I. “Security audit information system based on the ISO 27001 Standards on PT. BPR Jatim”. STIKOM. Surabaya. 2012.
  7. Karim Youssfi, Jaouad Boutahar and Souhail Elghazi, “A Tool Design of COBIT Roadmap Implementation”, (IJACSA) Intermasional Journal of Advanced Computer Science and Application, Vol. 5 No. 7 2014, pp 86 – 94.
  8. Gusti Ayu T K, I Made Sukarsa and I Putu Agung B, “Governance Audit of Application Procurement Using Cobit Framework”, Journal of Theoretical and Applied Information Technology (JATIT)”. Vol 59. No.2. ISSN:1992-8645.2005, pp 342 – 351.
  9. Indonesian national standard. Information Technology - Security Techniques - Information Security Management Systems - Requirements (ISO / IEC 27001: 2005) (in Indonesian Language).
  10. Adi Supriyatna. “Analysis of the academic information system security level by combining Standard BS-7799 with SSE-CMM”, Prosiding Seminar Nasional Aplikasi Sains & Teknologi (SNAST), ISSN: 1979-911X,Yogyakarta, November 2014.
  11. Rozas, IS, Sarno R. “SiPKoKI ISO 27001: Electoral System Of Information Security Controls Based ISO 27001”, Seminar Nasional Pascasarjana XI-ITS, Surabaya, Juli 2011.

Keywords

Information, Security, ISO 27001, Maturity Level, Value Gaps