Tujuan utama keamanan sistem informasi adalah menjaga 3 (tiga) atribut yaitu kerahasiaan (confidentiality), keutuhan (integrity) dan ketersediaan (availability). Terjaminnya ketiga hal ini berpengaruh besar dalam keberlangsungan layanan teknologi informasi di organisasi. Untuk mengembangkan manajemen sistem keamanan informasi, telah ada standar internasional yang disebut ISO 27001. Universitas Gadjah Mada (UGM) memiliki Pusat Sistem dan Sumber Daya Informasi (PSDI) yang berperan sebagai pusat layanan teknologi informasi di UGM. PSDI belum menerapkan standar ISO 27001. Sebelum standardisasi diterapkan, perlu dilakukan evaluasi keamanan sistem informasi di PSDI untuk mendapatkan gambaran kondisi kesiapan dan kematangan keamanan informasi. Indeks Keamanan Informasi (KAMI) adalah alat evaluasi yang dirilis oleh Kementerian Komunikasi dan Informasi yang berfungsi untuk menganalisa tingkat kesiapan pengamanan informasi di instansi pemerintah. Parameter evaluasi Indeks KAMI mewakili tingkat kesiapan penerapan pengamanan sesuai dengan kelengkapan kendali standar ISO/IEC 27001:2005 serta tingkat kematangan penerapan pengamanan yang mengacu kepada kerangka kerja Control Objectives for Information and Related Technology (COBIT). Setelah menentukan tingkat peran dan kepentingan Teknologi Informasi dan Komunikasi (TIK) di PSDI, area yang dievaluasi antara lain tata kelola keamanan informasi, pengelolaan risiko keamanan informasi, kerangka kerja keamanan informasi, pengelolaan aset informasi serta teknologi dan keamanan informasi Didapati tingkat peran dan kepentingan TIK di PSDI adalah Sedang. Skor akhir Indeks KAMI PSDI adalah 305 dari 588 skor maksimum. Dengan skor ini, PSDI tergolong ‘Perlu Perbaikan’ untuk mengimplementasikan standar ISO 27001. Disajikan pula saran perbaikan untuk kekurangan yang ditemukan di sistem manajemen keamanan informasi. Kata kunci : Keamanan sistem informasi, Indeks KAMI, ISO 27001

The main purpose of the information systems security is to maintain 3 (three) attributes: confidentiality, integrity and availability. Ensuring these three influence greatly on the sustainability of the organization's information technology services. To develop an information security management systems, there has been an international standard called ISO 27001. Gadjah Mada University (UGM) has a Systems and Information Resource Centre (PSDI), which acts as a centre for information technology services at UGM. PSDI has not implemented the ISO 27001 standard yet. Prior to standardization is applied, it is necessary to evaluate the security of information systems in the PSDI to get a picture of the readiness and maturity of information security. Prior to standardization is applied, it is necessary to evaluate the security of information systems in the PSDI to get a picture of the readiness and maturity of information security. Information Security Index is an evaluation tool that was released by the Ministry of Communication and Information that serves to analyse the readiness level of information security in government agencies. Information Security Index parameters represent the level of readiness in accordance with the completeness of the application security control standards ISO/IEC 27001:2005 as well as application security maturity level refers to the framework of the Control Objectives for Information and Related Technology (COBIT). After determining the importance rate and the role of Information and Communication Technology (ICT) in the PSDI, areas that are evaluated include information security governance, information security risk management, information security framework, information asset management and information technology and security. It was found that the level of the role and importance of ICT in the PSDI is Moderate. The final score of the Information Security Index is 305 out of 588 maximum. With this score, PSDI is considered 'Need Improvement' in order to implement the ISO 27001 standard. Following is improvement suggestions for the deficiencies found in the information security management system. Keywords: Information systems security, Information Security Index, ISO 27001, Systems and Information Resource Centre.

Kata Kunci : Keamanan sistem informasi, Indeks KAMI, ISO 27001