IMPLEMENTASI MANAJEMEN KEAMANAN INFORMASI BERBASIS  ISO 27001 PADA SISTEM INFORMASI AKADEMIK

Agnes Intan Mafiana; Luthfiah Hanum; Hanifah Mufidatul Ilmi; Silvani Febriliani

doi:10.26740/jdbim.v2i2.57580

Agnes Intan Mafiana Universitas Negeri Surabaya
Luthfiah Hanum Universitas Negeri Surabaya
Hanifah Mufidatul Ilmi Universitas Negeri Surabaya
Silvani Febriliani Universitas Negeri Surabaya

DOI: https://doi.org/10.26740/jdbim.v2i2.57580

Keywords: Information assets; Data security; ISO 27001

Abstract

The implementation of data security in academic systems is crucial to protect highly
sensitive student, faculty, and administrative information. The ISO 27001 standard has
become a critical guide in the development and implementation of effective information
security measures. This research aims to evaluate the use of ISO 27001 in the context of
Universitas Negeri Surabaya (Unesa) and analyze its impact on data security in the
academic environment. The research identified risks relevant to Unesa's academic systems,
including cyber threats and physical risks. The results of this study confirm that the
implementation of ISO 27001 has had a positive impact on data security at Unesa. The
implementation of appropriate security controls and effective risk reduction has assisted in
maintaining the integrity of academic data and protecting valuable information assets. As
such, Unesa students, lecturers and administrative staff feel more confident that their data
is safe and secure. This research provides important insights into the key role played by the
ISO 27001 standard in securing academic systems in higher education institutions. It also
underscores the importance of continuous risk evaluation, implementation of appropriate
controls, and regular security monitoring as part of a successful data security strategy.

References

Abdullah, A.N., et al. (2019). Information security practices in Malaysian University medical center. IJHISI, 14(2), 44-54. https://doi.org/10.4018/IJHISI.2019040103

Cheung, R. et al. (2021). Phishing and ransomware attacks on Hong Kong universities during the COVID-19 pandemic. JCS, 37(6), 753-765. https://doi.org/10.1108/JCS-05-2020-0090.

Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(2).

Fatmawati, E.D. et al. (2022). Challenges in implementing ISO 27001 in Indonesian universities. IEEE Access, 10,23272-23292. https://doi.org/10.1109/ACCESS.2022.3152698

Haris, L. (2018, August). Risk Assessment on Information Asset an academic Application Using ISO 27001. In 2018 6th International Conference on Cyber and IT Service Management (CITSM) (pp. 1-4). IEEE.

Itradat, A., Sultan, S., Al-Junaidi, M., Qaffaf, R., Mashal, F., & Daas, F. (2014). Developing an ISO27001 Information Security Management System for an Educational Institute: Hashemite University as a Case Study. Jordan Journal of Mechanical & Industrial Engineering, 8(2).

Khan, M.S.M. et al. (2020). Information security awareness training for university students. IJCSNS, 20(1), 137-145. http://paper.ijcsns.org/07_book/20200101/2020010120.pdf

Lee, J.K., & Lee, W.J. (2022). Blockchain based access control for campus information systems. Electronics, 11(3),501. https://doi.org/10.3390/electronics11030501.

Mat, S.N.S. et al. (2020). Data breach notification model for Malaysian universities. F1000Research, 9,1135. https://doi.org/10.12688/f1000research.25619.1

Mustafa, S.A. et al. (2019). Information security governance practices in Malaysian public universities. IJACSA, 10(2), 459-465. https://doi.org/10.14569/IJACSA.2019.0100262.

Pang, J.S. et al. (2022). Insider threats in universities and mitigation strategies. SN Computer Science, 3(2). https://doi.org/10.1007/s42979-022-01118-9

Permana, A. et al. (2023). ISO 27001 implementation framework for Indonesia higher education institutions. Journal of Physics: Conference Series, 2217(1). https://doi.org/10.1088/1742-6596/2217/1/012048.

Pritasari, K. et al. (2021). Readiness and implementation of ISO 27001 on information security management system in Indonesia universities. CommIT Journal, 15(1), 19-26. https://doi.org/10.21512/commit.v15i1.7148.

Rahman, A. et al. (2021). A review of information security policies and guidelines in higher education institutions. Heliyon, 7(3). https://doi.org/10.1016/j.heliyon.2021.e06467.

Rozak, F. et al. (2020). Benefits of implementing ISO 27001 in a university: A case study in Indonesia. 2020 International Conference on Information Management and Technology (ICIMTech). https://doi.org/10.1109/ICIMTech50083.2020.9211016.

Situmorang, M.S. et al. (2020). Information security risk analysis based on ISO 27001:2013 in the academic information system. CommIT Journal, 14(1), 19- 24. https://doi.org/10.21512/commit.v14i1.6456.

Susanto, H., & Mukhlash, I. (2021). Information security awareness level of university students. Library Hi Tech News, 38(4), 7-12. https://doi.org/10.1108/LHTN-10-2020-0098.

Susanto, H. et al. (2019). Developing information security management system standards for Indonesian university. ISASE 2019.

https://doi.org/10.1109/ISASE47356.2019.9106132.

Susanto, H. et al. (2020). Information security management system with risk management at higher education. 2020 International Conference on Information Management and Technology (ICIMTech). https://doi.org/10.1109/ICIMTech50083.2020.9210999.

Wang, T. et al. (2020). Security vulnerabilities of campus network and security reinforcement suggestions. Procedia Computer Science, 166, 597-602. https://doi.org/10.1016/j.procs.2020.02.085.