Evaluasi Tata Kelola Keamanan Informasi Berbasis ISO/IEC 27001 di Perpustakaan Universitas Nasional
الشريط الجانبي للمقالة
محتوى المقالة الرئيسي
الملخص
As the utilization of digital systems continues to grow, libraries must strengthen their information management systems to protect against threats such as cyberattacks and data breaches. This study employed a descriptive qualitative approach using interviews, observation, and documentation. The findings indicate that several ISO/IEC 27001 based controls have been implemented, including firewalls, encryption, and regular audits. However, security gaps remain, such as weak credentials, the absence of multi-factor authentication, and limited real-time monitoring and data backup. Major risks include malware, network attacks, and system failures. Although the National University (UNAS) Cyber Library has developed a Disaster Recovery Plan (DRP), improvements in formal documentation and user digital literacy are still needed. These findings serve as a strategic evaluation basis for enhancing the effectiveness of information security governance in academic library environments.
تفاصيل المقالة
هذا العمل مرخص بموجب Creative Commons Attribution-ShareAlike 4.0 International License.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
كيفية الاقتباس
المراجع
Bahrudin, M., & Firmansyah, F. (2018). Manajemen Keamanan Informasi di Perpustakaan Menggunakan Framework SNI ISO/IEC 27001. Media Pustakawan, 25(1), Article 1. https://doi.org/10.37014/medpus.v25i1.191
Clarissa, S., & Wang, G. (2023). Assessing Information Security Management Using ISO 27001:2013 | Jurnal Indonesia Sosial Teknologi. https://jist.publikasiindonesia.id/index.php/jist/article/view/739
Creswell, J. W., & Creswell, J. D. (n.d.). Research Design: Qualitative, Quantitative, and Mixed Methods Approaches (fifth).
Fattah Ys, Moh. A., Parga Zen, B., & Wasitarini, D. E. (2024). Penerapan Sistem Manajemen Keamanan Informasi ISO 27001 pada Perpusnas RI dalam mendukung Keamanan Tata Kelola Teknologi Informasi. Cyber Security Dan Forensik Digital, 6(2), 76–82. https://doi.org/10.14421/csecurity.2023.6.2.4190
Galih, A. P. (2020). Keamanan Informasi (Information Security) Pada Aplikasi Perpustakaan IPusnas. AL Maktabah, 5(1), 10. https://doi.org/10.29300/mkt.v5i1.3086
International Organization for Standardization. (2013). ISO/IEC 27001:2013(en), Information technology—Security techniques—Information security management systems—Requirements. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en
ISACA. (2019). COBIT | Control Objectives for Information Technologies. ISACA. https://www.isaca.org/resources/cobit
Miles, M. B., Huberman, A. M., & Saldaña, J. (2014). Qualitative Data Analysis: A Methods Sourcebook (3rd ed.). Arizona State University.
Nugroho, A. R., & Legowo, N. (2022). Risk Assessment at it Company by Focusing on Information Security Area Using Iso 27001:2022. Syntax Literate ; Jurnal Ilmiah Indonesia, 7(12), 20307–20324.
Nur Fa’izi, M. B. (2024, October 17). Strategi Pentingnya Disaster Recovery Plan dalam IT Bisnis. https://cyberhub.id/pengetahuan-dasar/disaster-recovery-plan
Posthumus, S., & von Solms, R. (2004). A framework for the governance of information security. Computers & Security, 23(8), 638–646. https://doi.org/10.1016/j.cose.2004.10.006
Rahmat, D. (2019). Perencanaan Sistem Manajemen Keamanan Informasi Menggunakan Standar Sni Iso/Iec 27001: 2013. COMPUTING | Jurnal Informatika, 6(2), 37–41. https://doi.org/10.55222/computing.v6i2.203
San Nicolas-Rocca, T., & Burkhard, R. J. (2019). Information Security in Libraries. Information Technology and Libraries, 38(2), 58–71. https://doi.org/10.6017/ITAL.V38I2.10973
Wibowo, A. M. (n.d.). Business Continuity Plan & Disaster Recovery Plan.
Yusuf, A. M. (2016). Metode penelitian kuantitatif, kualitatif & penelitian gabungan. Prenada Media. https://books.google.com/books?hl=en&lr=&id=RnA-DwAAQBAJ&oi=fnd&pg=PA1&dq=info:ZQemdElUfUkJ:scholar.google.com&ots=JycnKl0F8l&sig=m4ixKHUUvzqie3H4qsX5f8Ibnq0