Laporkan Masalah

AUDIT KEAMANAN INFORMASI SMART LIBRARY BERDASARKAN TRIANGLE CIA COBIT® 4.1 DI AMIKOM RESOURCE CENTRE STMIK AMIKOM YOGYAKARTA

AGUNG PAMBUDI, Dr. Ir. Eko Nugroho, M.Si.

2015 | Tesis | S2 Manajemen Informasi dan Perpustakaan

Perpustakaan di STMIK AMIKOM YOGYAKARTA sejak tahun 2007, telah mengggunakan Sistem Informasi Perpustakaan dan diberi nama Smart Library. Smart Library ini dihubungkan dengan Sistem Informasi Akademik, berkaitan dengan keaktipan atau registrasi mahasiswa. Smart Library, merupakan perangkat lunak yang berfungsi untuk melayani, sirkulasi, data master, pencarian buku, laporan dan utility. Dengan demikian Smart Library memiliki kumpulan data dan informasi yang penting yang harus dikelola dengan benar serta dijaga dari kerahasiaanya, integritasnya dan ketersediaanya. Audit Keamanan Informasi Smart Library berdasarkan Triangle CIA (Confidentiality, Integrity dan Availibility) dengan mengunakan framework COBIT® 4.1. Berdasarkan Triangle CIA, maka diperoleh 13 proses Teknologi Informasi, terdiri dari PO2, PO9, AI2, AI3, AI6, DS4, DS5, DS10, DS11, DS12, DS13, ME1, ME2. Dalam penentuan responden berdasarkan tabel RACI (Responsible, Accountable, Consulted and Informed) sehingga dapat diharapkan mewakili jabatan dan sesuai dengan tanggung jawabnya. Hasil akhir rata-rata Maturity Level 2 : Repeatable but Intuitive atau proses ini secara umum telah dimengerti oleh pihak manajemen tetapi belum didokumentasikan secara pasti. Dengan rincian hasil kesimpulan sebagai berikut :Goal Setting & Measurement Goal setting : mulai muncul, disertai dengan pengukuran finansial terkait, namun hanya diketahui oleh level manajemen senior. Monitoring dilakukan secara inkonsisten pada area-area tertentu saja. 1. Skill & Expertise : Ketrampilan minimal yang dibutuhkan pada areaarea kritis telah teridentifikasi. Pelatihan disediakan sebagai tanggapan terhadap kebutuhan, bukan berdasarkan rencana yang disepakati, serta pelatihan ditempat kerja telah dilaksanakan secara informal. 2. Awareness & Communication : Terdapat kesadaran mengenai kebutuhan untuk melakukan aksi. Manajemen mengkomunikasikan isu-isu yang terjadi. 3. Tools &Automation : Ada pendekatan umum untuk penggunaan tools, namun berdasarkan solusi yang dikembangkan oleh individu kunci. Tools vendor sudah mulai digunakan, tapi mungkin belum diterapkan secara benar, dan bisa jadi masih berupa shelfware. Kata kunci : STMIK AMIKOM YOGYAKARTA, Smart Library,COBIT 4.1 framework, Triangle CIA.

STMIK AMIKOM YOGYAKARTA Library has been managed using library information systems, namely SmartLibrary system since 2007. The information system is well integrated with Academic Information System and tightly linked to the student registration status. Generally Smart Library provides two main services which are transaction management and reporting. Transaction management consists circulation management, searching utilities and collection management. Therefore, important information and services of Smart Library has to be well managed, keep its confidentiality, integrity and availability. An information system security audit is conducted according CIA triangle (Confidentiality, Integrity and Availibility) in the COBIT 4.1 framework. According to CIA there are 13 IT process which are PO2, PO9, AI2, AI3, AI6, DS4, DS5, DS10, DS11, DS12, DS13, ME1 and ME2. Respondent is selected according to RACI (Responsible, Accountable, Consulted and Informed) chart table in order to choose an appropriate person who represents their position and responsibility. The final result shows that average of maturity level is two which means repeatable and intuitive. Generally management fully understands the process, but lack of documentation. The summary result is listed below: 1. Goal Setting & Measurement Goal setting : is identified along with financial calculation, however, it is only realized by senior management. Monitoring has performed inconsistently in particular aspect only. 2. Skill & Expertise : minimum skill requirements for critical aspects is identified. However, training is provided as a response to a necessity rather than an agreed plan, moreover the training is performed informally on the job site. 3. Awareness & Communication : there is an awareness of the need to act, management communicates the occurred issue. 4. Tools & Automation : a common approach in using tools is exist, however it is performed based on a solution developed by key individual. Vendor tolls may have been acquired, but might not be used correctly and probably it still as shelfware. Keywords: STMIK AMIKOM YOGYAKARTA, Smart Library,COBIT 4.1 framework, Triangle CIA.

Kata Kunci : STMIK AMIKOM YOGYAKARTA, Smart Library,COBIT 4.1 framework, Triangle CIA


    Tidak tersedia file untuk ditampilkan ke publik.