Evaluasi Tata Kelola Keamanan Informasi Berbasis ISO/IEC 27001 di Perpustakaan Universitas Nasional

الشريط الجانبي للمقالة

PDF (الإنجليزية)
منشور: Jun 20, 2025
النسخ:
2025-06-20 (2)
DOI: https://doi.org/10.19109/tadwin.v6i1.29814
الكلمات المفتاحية:
Information Security; Library; Information Security Governance; ISO/IEC 27001

محتوى المقالة الرئيسي

Afifah Nur fadilah
Universitas Pembangunan Nasional “Veteran” Jakarta, Indonesia
Dwi Fajar Saputra
Universitas Pembangunan Nasional “Veteran” Jakarta, Indonesia
Ibnu Fyras Maulana
Universitas Pembangunan Nasional “Veteran” Jakarta, Indonesia
Muhammad Jordan A. N
Universitas Pembangunan Nasional “Veteran” Jakarta, Indonesia
Dzaki Rizky Jumayyil
Universitas Pembangunan Nasional “Veteran” Jakarta, Indonesia
Sarah Aurelia T. M.
Universitas Pembangunan Nasional "Veteran" Jakarta, Indonesia
Saffana Mufiddah Adhayanti
Universitas Pembangunan Nasional "Veteran" Jakarta, Indonesia

الملخص

As the utilization of digital systems continues to grow, libraries must strengthen their information management systems to protect against threats such as cyberattacks and data breaches. This study employed a descriptive qualitative approach using interviews, observation, and documentation. The findings indicate that several ISO/IEC 27001 based controls have been implemented, including firewalls, encryption, and regular audits. However, security gaps remain, such as weak credentials, the absence of multi-factor authentication, and limited real-time monitoring and data backup. Major risks include malware, network attacks, and system failures. Although the National University (UNAS) Cyber Library has developed a Disaster Recovery Plan (DRP), improvements in formal documentation and user digital literacy are still needed. These findings serve as a strategic evaluation basis for enhancing the effectiveness of information security governance in academic library environments. 

تفاصيل المقالة

كيفية الاقتباس
fadilah, A. N., Saputra, D. F., Fyras Maulana, I., Jordan A. N, M., Rizky Jumayyil, D., T. M., S. A., & Mufiddah Adhayanti, S. (2025). Evaluasi Tata Kelola Keamanan Informasi Berbasis ISO/IEC 27001 di Perpustakaan Universitas Nasional. TADWIN: Jurnal Ilmu Perpustakaan Dan Informasi, 6(1), 141-154. https://doi.org/10.19109/tadwin.v6i1.29814 (Original work published 2025)
إصدار
مجلد 6 عدد 1 (2025): Tadwin: Jurnal Ilmu Perpustakaan dan Informasi
القسم
Articles
Creative Commons License

هذا العمل مرخص بموجب Creative Commons Attribution-ShareAlike 4.0 International License.

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work

كيفية الاقتباس

fadilah, A. N., Saputra, D. F., Fyras Maulana, I., Jordan A. N, M., Rizky Jumayyil, D., T. M., S. A., & Mufiddah Adhayanti, S. (2025). Evaluasi Tata Kelola Keamanan Informasi Berbasis ISO/IEC 27001 di Perpustakaan Universitas Nasional. TADWIN: Jurnal Ilmu Perpustakaan Dan Informasi, 6(1), 141-154. https://doi.org/10.19109/tadwin.v6i1.29814 (Original work published 2025)

المراجع

Bahrudin, M., & Firmansyah, F. (2018). Manajemen Keamanan Informasi di Perpustakaan Menggunakan Framework SNI ISO/IEC 27001. Media Pustakawan, 25(1), Article 1. https://doi.org/10.37014/medpus.v25i1.191

Clarissa, S., & Wang, G. (2023). Assessing Information Security Management Using ISO 27001:2013 | Jurnal Indonesia Sosial Teknologi. https://jist.publikasiindonesia.id/index.php/jist/article/view/739

Creswell, J. W., & Creswell, J. D. (n.d.). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches (fifth).

Fattah Ys, Moh. A., Parga Zen, B., & Wasitarini, D. E. (2024). Penerapan Sistem Manajemen Keamanan Informasi ISO 27001 pada Perpusnas RI dalam mendukung Keamanan Tata Kelola Teknologi Informasi. Cyber Security Dan Forensik Digital, 6(2), 76–82. https://doi.org/10.14421/csecurity.2023.6.2.4190

Galih, A. P. (2020). Keamanan Informasi (Information Security) Pada Aplikasi Perpustakaan IPusnas. AL Maktabah, 5(1), 10. https://doi.org/10.29300/mkt.v5i1.3086

International Organization for Standardization. (2013). ISO/IEC 27001:2013(en), Information technology—Security techniques—Information security management systems—Requirements. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en

ISACA. (2019). COBIT | Control Objectives for Information Technologies. ISACA. https://www.isaca.org/resources/cobit

Miles, M. B., Huberman, A. M., & Saldaña, J. (2014). Qualitative Data Analysis: A Methods Sourcebook (3rd ed.). Arizona State University.

Nugroho, A. R., & Legowo, N. (2022). Risk Assessment at it Company by Focusing on Information Security Area Using Iso 27001:2022. Syntax Literate ; Jurnal Ilmiah Indonesia, 7(12), 20307–20324.

Nur Fa’izi, M. B. (2024, October 17). Strategi Pentingnya Disaster Recovery Plan dalam IT Bisnis. https://cyberhub.id/pengetahuan-dasar/disaster-recovery-plan

Posthumus, S., & von Solms, R. (2004). A framework for the governance of information security. Computers & Security, 23(8), 638–646. https://doi.org/10.1016/j.cose.2004.10.006

Rahmat, D. (2019). Perencanaan Sistem Manajemen Keamanan Informasi Menggunakan Standar Sni Iso/Iec 27001: 2013. COMPUTING | Jurnal Informatika, 6(2), 37–41. https://doi.org/10.55222/computing.v6i2.203

San Nicolas-Rocca, T., & Burkhard, R. J. (2019). Information Security in Libraries. Information Technology and Libraries, 38(2), 58–71. https://doi.org/10.6017/ITAL.V38I2.10973

Wibowo, A. M. (n.d.). Business Continuity Plan & Disaster Recovery Plan.

Yusuf, A. M. (2016). Metode penelitian kuantitatif, kualitatif & penelitian gabungan. Prenada Media. https://books.google.com/books?hl=en&lr=&id=RnA-DwAAQBAJ&oi=fnd&pg=PA1&dq=info:ZQemdElUfUkJ:scholar.google.com&ots=JycnKl0F8l&sig=m4ixKHUUvzqie3H4qsX5f8Ibnq0