Pada tahun 2005 Universitas Gadjah Mada (UGM) memiliki sistem informasi yang belum terintegrasi. Sejak tahun 2015, UGM mengembangkan sistem informasi terintegrasi (Simaster) yang sampai sekarang masih dikembangkan. Selain Simaster, UGM juga memiliki sistem lain yang dimiliki. Sistem informasi UGM dikelola oleh Direktorat Sistem dan Sumber Daya Informasi (DSSDI). Indeks KAMI dapat digunakan pada sektor pemerintah, perusahaan maupun organisasi di sektor strategis. Oleh karena itu, penting untuk dilakukan analisis dan evaluasi keamanan sistem informasi UGM. Hasil analisis menunjukkan bahwa tingkat kematangan keamanan sistem informasi UGM mencapai tingkat I+ s/d II+ sehingga belum memenuhi standar ISO 27001/SNI sesuai dengan Standar Sistem Manajemen Keamanan Informasi (Standar SMKI). Tingkat kesiapan sistem informasi UGM berada pada tingkat kesiapan pemenuhan kerangka kerja dasar. Implikasi bagi DSSDI dalam menjaga keamanan sistem informasi UGM seharusnya lebih meningkatkan investasi TI agar dapat membeli hardware maupun software yang sudah out of date, rutin melatih sumber daya manusia yang terlibat dalam keamanan sistem informasi, dan menetapkan peraturan terkait standar keamanan sistem informasi.

In 2005 Universitas Gadjah Mada (UGM) had an information system, which was not yet integrated. Since 2015 UGM has had an integrated information system (Simaster), and at present this is still being developed and advanced. In addition to Simaster, UGM also has tens of other existing systems. UGM's information systems are managed by the Directorate of System and Information Resources (DSSDI). The KAMI index can be used for the government and company sector as well as for organizations operating in strategic sectors. Therefore, it is crucial to conduct an analysis and evaluation of UGM's information system security. The results of this analysis indicate that the maturity level of UGM'ss information system security ranges from I+ to II+. Therefore, this does not meet either the ISO 27001 or Indonesian National Standard (SNI) standard in accordance with the Standard of Information Security Management System (ISMS Standard). As a result, the level of readiness of UGM's information system is at the level of fulfilling basic frameworks. This has implications for DSSDI as this directorate should ensure UGM's information system security through increasing its investment in ICT. By doing so, DSSDI will be able to replace out-of-date hardware and software, routinely train its human resources involved in UGM's information system security, and establish regulations with regard to the standard of information system security.

Kata Kunci : keamanan informasi, Indeks Kami, ISO 27001 / information security, KAMI Index, ISO 27001