DESIGN OF APPLICATION INFORMATION SECURITY SELF-ASSESSMENT USING VBA AND MSXML2.XMLHTTP CASE STUDY: DISKOMINFO KABUPATEN KAMPAR

  • Fahmi Rifai Information Systems Study Program, Faculty of Science and Technology, Universitas Islam Negeri Sultan Syarif Kasim Riau, Indonesia
  • Muhammad Jazman Information Systems Study Program, Faculty of Science and Technology, Universitas Islam Negeri Sultan Syarif Kasim Riau, Indonesia
  • Angraini Information Systems Study Program, Faculty of Science and Technology, Universitas Islam Negeri Sultan Syarif Kasim Riau, Indonesia
  • Megawati Information Systems Study Program, Faculty of Science and Technology, Universitas Islam Negeri Sultan Syarif Kasim Riau, Indonesia
DOI: https://doi.org/10.52436/1.jutif.2023.4.6.1033
Keywords: Index KAMI, ISO 27001:2013, VBA, MSXML2.XMLHTTP, Information security, self-assessment

Abstract

Information security includes the issues that may threaten accountability, reliability, trustworthiness, privacy, authenticity, and trustworthiness of information in an agency. Data and information are very risky things in Information Security, and therefore it is important to do information security governance. The process of evaluating information security using the Index KAMI and ISO 27001: 2013 will be carried out in this study by recording data using Microsoft Excel which has been provided by the National Cyber and Crypto Agency (BSSN). To make it easier to conduct information security assessments and simplify the Excel display, Visual Basic for Applications (VBA) will be utilized as a medium for adding ISO 27001: 2013, then it will be connected using MSXML2.XMLHTTP. The results of the self-assessment carried out show that the Communication, Information, and Signaling Service of Kampar Regency has a level of completeness in implementing the ISO 27001 standard at the "Inadequate" level with a score of 151 only reaching level I+. Meanwhile, the results of the ISO 27001: 2013 Annex control evaluation show that there are still clauses that have not been fulfilled. Therefore, the Communication, Informatics, and Coding Office of Kampar Regency urgently needs improvement in order to fulfill the clauses of ISO 27001: 2013.

Downloads

Download data is not yet available.

References

Candiwan, M. Y. D. Beninda, and Y. Priyadi, “Analysis of Information Security Audit Using ISO 27001:2013 & ISO 27002:2013 at IT Division - X Company, In Bandung, Indonesia,” Int. J. Basic Appl. Sci., vol. 4, no. 4, pp. 77–88, 2016, doi: 10.13140/RG.2.1.1483.3044.

E. Riana, M. E. S. Sulistyawati, and O. P. Putra, “Analisis Tingkat Kematangan (Maturity Level) Dan PDCA (Plan-Do-Check-Act) Dalam Penerapan Audit Sistem Manajemen Keamanan Informasi Pada PT Indonesia Game Menggunakan Metode ISO 27001:2013,” J. Inf. …, vol. 4, no. 2, pp. 632–640, 2023, doi: 10.47065/josh.v4i2.2552.

A. F. Manullang, C. Candiwan, and L. D. Harsono, “Asesmen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (KAMI) pada Institusi XYZ,” J. Inf. Eng. Educ. Technol., vol. 1, no. 2, p. 73, 2017, doi: 10.26740/jieet.v1n2.p73-82.

A. Saputra and Y. G. Sucahyo, “Rancangan Tata Kelola Organisasi Sistem Manajemen Keamanan Informasi Dinas Komunikasi dan Informatika Kabupaten Bekasi,” J. IPTEKKOM J. Ilmu Pengetah. Teknol. Inf., vol. 20, no. 1, p. 17, 2018, doi: 10.33164/iptekkom.20.1.2018.17-29.

E. Kavakli, P. Loucopoulos, and Y. Skourtis, “Capability oriented RE for Cybersecurity and Personal Data Protection : Meeting the challenges of SMEs,” IEEE 30th Int. Requir. Eng. Conf. Work., 2022, doi: 10.1109/REW56159.2022.00053.

M. Stadnyk and A. Palamar, “Project Management Features In The Cybersecurity Area,” Sci. J. Ternopil Natl. Tech. Univ., vol. 2, no. 106, pp. 54–62, 2022.

Yusuf, “Menkominfo: RUU PDP Disahkan, Kominfo Awasi Tata Kelola Data Pribadi PSE,” Direktorat Jenderal Aplikasi Informatika, Kementerian Komunikasi dan Informatika Republik Indonesia, 2022. https://aptika.kominfo.go.id/2022/09/menkominfo-uu-pdp-disahkan-kominfo-awasi-tata-kelola-data-pribadi-pse/

T. A. M. R. Toewoeh, “Teguh : Amanat UU , Presiden Tetapkan Lembaga Otoritas PDP,” Direktorat Jenderal Aplikasi Informatika, Kementerian Komunikasi dan Informatika Republik Indonesia, 2022. aptika.kominfo.go.id/2022/10/teguh-amanat-uu-presiden-tetapkan-lembaga-otoritas-pdp/%0ATitah Arum M. R. Toewoeh October

D. Rutanaji, S. S. Kusumawardani, and W. W. Winarno, “Penggunaan Kerangka Kerja SNI ISO/IEC 27001:2013 Untuk Implementasi Tata Kelola Keamanan Informasi Arsip Digital Pemerintah Berbasis Komputasi Awan (Arsip Nasional RI),” Pros. Semin. Nas. Geotik 2018. ISSN 2580-8796, pp. 131–140, 2018.

T. J. Mohammed and N. A. Jasim, “Designing a model to protect documented information according to the integration of some international standards (ISO 27001: 2013) (ISO 10013: 2021),” Int. J. Health Sci. (Qassim)., vol. 6, no. April, pp. 10684–10697, 2022, doi: 10.53730/ijhs.v6ns3.8376.

F. A. Basyarahil, H. M. Astuti, and B. C. Hidayanto, “Evaluasi Manajemen Keamanan Informasi pada DPTSI ITS Surabaya,” J. Tek. Its, vol. 6, no. 1, pp. 122–128, 2017.

KEMKOMINFO, “JDIH KEMKOMINFO,” JDIH KEMKOMINFO, 2016. https://jdih.kominfo.go.id/produk_hukum/view/id/532/t/peraturan+menteri+komunikasi+dan+informatika+nomor+4+tahun+2016+tanggal+11+april+2016 (accessed Oct. 12, 2022).

H. H. R. H. Ananza, I. Darmawan, and R. Mulyana, “Perancangan Tata Kelola Keamanan Informasi Sistem Pemerintahan Berbasis Elektronik (SPBE) Menggunakan Standar ISO 27001:2013 (Studi Kasus : Diskominfotik Kabupaten Bandung Barat),” e-Proceeding Eng., vol. 6, no. 2, p. 8368, 2019.

M. Kartika, S. A1, Y. Saintika, and W. A. Prabowo, “Penyusunan Manajemen Risiko Keamanan Informasi Dengan Standar ISO 27001 Studi Kasus Institut Teknologi Telkom Purwokerto,” vol. 10, no. 4, pp. 423–428, 2022, doi: 10.26418/justin.v10i4.48977.

A. R. Riswaya, A. Sasongko, and A. Maulana, “Evaluasi Tata Kelola Keamanan Teknologi Informasi Menggunakan Indeks Kami Untuk Persiapan Standar Sni Iso/Iec 27001 (Studi Kasus: Stmik Mardira Indonesia),” J. Comput. Bisnis, vol. 14, no. 1, pp. 10–18, 2020.

A. Firdani, Suprapto, and A. R. Perdanakusuma, “Perencanaan Pengelolaan Keamanan Informasi Berbasis ISO 27001 Menggunakan Indeks Kami Studi Kasus: Dinas Komunikasi dan Informatika Kabupaten Rembang,” Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 3, no. 6, pp. 6009–6015, 2019.

Y. D. Wijaya, “Evaluasi Kemananan Sistem Informasi Pasdeal Berdasarkan Indeks Keamanan Informasi (Kami) Iso/Iec 27001:2013,” J. Sist. Inf. dan Inform., vol. 4, no. 2, pp. 115–130, 2021, doi: 10.47080/simika.v4i2.1178.

W. Yustanti, R. Bisma, A. Qoiriah, and A. Prihanto, “Analisis Tingkat Kesiapan Dan Kematangan Implementasi ISO 27001:2013 Menggunakan Indeks Keamanan Informasi 3:2015 Pada UPT. PPTI Universitas Negeri Surabaya,” Semin. Nas. PPM Unesa 2018, no. 4, pp. 1602–1613, 2018.

M. Yunella, A. Dwi Herlambang, W. Hayuhardhika, and N. Putra, “Evaluasi Tata Kelola Keamanan Informasi Pada Dinas Komunikasi Dan Informatika Kota Malang Menggunakan Indeks KAMI,” J. Pengemb. Teknol. Inf. dan Ilmu Komput., vol. 3, no. 10, pp. 9552–9559, 2019.

A. Hartomo, “Perencanaan Strategis Sistem Informasi dan Sistem Manajemen Keamanan Informasi Bebasis ISO/IEC 27001:2013 Menggunakan Ward & Peppard pada Perusahaan Transshipment,” J. Teknol. Inf. dan Ilmu Komput., vol. 10, no. 1, pp. 141–152, 2023, doi: 10.25126/jtiik.2023105604.

Badan Standardisasi Nasional (BSN), “Teknologi informasi – Teknik keamanan – Sistem manajemen keamanan informasi – Persyaratan Information technology – Security techniques – Information security management systems – Requirements,” 2013.

G. Culot, G. Nassimbeni, M. Podrecca, and M. Sartor, “The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda,” TQM J., vol. 33, no. 7, pp. 76–105, 2021, doi: 10.1108/TQM-09-2020-0202.

N. F. Octariza, “Analisis Sistem Manajemen Keamanan Informasi Menggunakan Standar ISO/IEC 27001 dan ISO/IEC 27002 pada Kantor Pusat PT Jasa Marga,” 2019.

P. Sundari and W. Wella, “SNI ISO/IEC 27001 dan Indeks KAMI: Manajemen Risiko PUSDATIN (PUPR),” Ultim. InfoSys J. Ilmu Sist. Inf., vol. 12, no. 1, pp. 35–42, 2021, doi: 10.31937/si.v12i1.1701.

D. Brkić and Z. Stajić, “Excel vba-based user defined functions for highly precise colebrook’s pipe flow friction approximations: A comparative overview,” Facta Univ. Ser. Mech. Eng., vol. 19, no. 2, pp. 253–269, 2021, doi: 10.22190/FUME210111044B.

K. W. W. Wong and J. P. Barford, “Teaching Excel VBA as a problem solving tool for chemical engineering core courses,” Educ. Chem. Eng., vol. 5, no. 4, pp. e72–e77, 2010, doi: 10.1016/j.ece.2010.07.002.

M. Niazkar, “An Excel VBA-based educational module for bed roughness predictors,” Comput. Appl. Eng. Educ., vol. 29, no. 5, pp. 1051–1060, 2021, doi: 10.1002/cae.22358.

A. T. PUTRI, “Sistem Informasi Administrasi Tugas Akhir dan Kerja Praktek Berbasis MSXML2.XMLHTTP (Studi Kasus: Program Studi Sistem Informasi),” UIN Sultan Syarif Kasim Riau, 2018.

Published
2023-12-23
How to Cite
[1]
Fahmi Rifai, M. Jazman, A. Angraini, and M. Megawati, “DESIGN OF APPLICATION INFORMATION SECURITY SELF-ASSESSMENT USING VBA AND MSXML2.XMLHTTP CASE STUDY: DISKOMINFO KABUPATEN KAMPAR ”, J. Tek. Inform. (JUTIF), vol. 4, no. 6, pp. 1523-1534, Dec. 2023.
Issue
Vol. 4 No. 6 (2023): JUTIF Volume 4, Number 6, Desember 2023
Section
Articles

Copyright (c) 2023 Fahmi Rifai

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.