INFORMATION SECURITY POLICY AND SOP AS THE ACCESS CONTROL DOCUMENT OF PT. JUI SHIN INDONESIA USING ISO/IEC 27002:2013

Muhammad Sukmaji; Rahmat Yasirandi; Muhammad Al Makky

doi:10.33480/pilar.v17i2.2282

Muhammad Sukmaji Telkom University
Rahmat Yasirandi Telkom University
Muhammad Al Makky Telkom University

DOI: https://doi.org/10.33480/pilar.v17i2.2282

Keywords: information security, access control, policy, SOP, ISO/IEC 27002:2013

Abstract

PT. Jui Shin Indonesia as the research population is a company engaged in the ceramics, granite, and cement industry. The existence of important assets owned by the company can not be denied the threat that will occur in these important assets. The importance of a company's assets, then the company must maintain the security of assets with various efforts. The security that must be maintained in this study is the security of information related to accessing control of important assets of the company. The purpose of this research is to analyze and design policy documents and SOP (Standard Operating Procedure) access control related to information security. This is done to minimize the risk that occurs in important assets of the company. The method used in this study is the OCTAVE method as a method of identification against risks that will occur in important assets of the company and the FMEA method as a method of risk analysis against the risk that has been identified through the OCTAVE method. The final result of this study is the creation of policy documents and access control SOPs related to information security which refers to the ISO/IEC 27002:2013 framework that focuses on clause 9. Access Control. Based on the results of the study, the researchers received proposals for policy document-making and SOPs as much as, namely, 17 for policy document-making and 18 for the creation of SOP documents.

Downloads

Download data is not yet available.

References

Anarkhi, P. G., Ali, A. H. N., & Kurnia, I. (2013). Penyusunan Perangkat Audit Keamanan Informasi Aplikasi Berbasis Web Menggunakan ISO/IEC Klausul Kendali Akses. Jurnal Teknik POMITS, 1(1), 1–5.

Andriana, M., Sembiring, I., & Hartomo, K. D. (2020). SOP of Information System Security on Koperasi Simpan Pinjam Using ISO/IEC 27002:2013. Jurnal Transformatika, 18(1), 25–35. https://doi.org/10.26623/TRANSFORMATIKA.V18I1.2020

Arsin, F., Yamin, M., & Surimi, L. (2017). Implementasi Security System Menggunakan Metode Idps (Intrusion Detection And Prevention System) Dengan Layanan Realtime Notification. SemanTIK, 3(2), 39–48. Retrieved from http://ojs.uho.ac.id/index.php/semantik/article/view/3199

Department for Digital Culture Media & Sport. (2020). Cyber Security Breaches Survey 2020. Retrieved June 30, 2021, from GOV.UK website: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020

Fahrurozi, M., Tarigan, S. A., Tanjung, M. A., & Mutijarsa, K. (2020). The Use of ISO/IEC 27005: 2018 for Strengthening Information Security Management (A Case Study at Data and Information Center of Ministry of Defence). ICITEE 2020 - Proceedings of the 12th International Conference on Information Technology and Electrical Engineering, 86–91. Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/ICITEE49829.2020.9271748

Fatimah, A. N. (2016). Pembuatan Dokumen Sop (Standard Operating Procedure) Keamanan Data Yang Mengacu Pada Kontrol Kerangka Kerja Cobit 5 Dan Iso27002:2013 (Studi Kasus : Stie Perbanas). Institut Teknologi Sepuluh November, Surabaya.

Hom, J., Anong, B., Rii, K. B., Choi, L. K., & Zelina, K. (2020). The Octave Allegro Method in Risk Management Assessment of Educational Institutions. Aptisi Transactions on Technopreneurship (ATT), 2(2), 167–179. https://doi.org/10.34306/ATT.V2I2.103

International Organization for Standardization. (2013). ISO/IEC 27002:2013(en), Information technology — Security techniques — Code of practice for information security controls. Retrieved August 26, 2021, from Online Browsing Platform (OBP) website: https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:en

Jufri, M. T., Hendayun, M., & Suharto, T. (2017). Risk-assessment-based academic information System security policy using octave Allegro and ISO 27002. Proceedings of the 2nd International Conference on Informatics and Computing, ICIC 2017, 1–6. Jayapura: Institute of Electrical and Electronics Engineers Inc. https://doi.org/10.1109/IAC.2017.8280541

Liu, H. C., Wang, L. E., Li, Z., & Hu, Y. P. (2019). Improving risk evaluation in FMEA with cloud model and hierarchical TOPSIS method. IEEE Transactions on Fuzzy Systems, 27(1), 84–95. https://doi.org/10.1109/TFUZZ.2018.2861719

Pratiwi, W. A. (2019). Perencanaan Sistem Manajemen Keamanan Informasi Berdasarkan Standar ISO 27001:2013 pada Kominfo Provinsi Jawa Timur (Universitas Dinamika.). Universitas Dinamika., Surabaya. Retrieved from https://repository.dinamika.ac.id/id/eprint/3310/

Rachmawan, D. I., Pribadi, A., & Wahyu, T. D. E. (2017). Pembuatan Dokumen Sop Keamanan Aset Informasi yang Mengacu pada Kontrol Kerangka Kerja Iso 27002:2013 (Studi Kasus : CV Cempaka Tulungagung) - Neliti. Jurnal Teknik ITS, 6(1), A-198-A-201.

Sadzah, A. H. (2018). Analisis dan Desain Tempat Kerja Menggunakan Macroergonomics Analysis And Design Pada PT. Jui Shin Indonesia (Universitas Sumatera Utara). Universitas Sumatera Utara, Medan. Retrieved from http://repositori.usu.ac.id/handle/123456789/9137

Saputra, A. Y. (2016). Pembuatan Standar Operating ProcedureKeamanan Aset Informasi Berdasarkan KendaliAkses Dengan Menggunakan Iso/Iec:27002:2013Pada Studi Kasus STIE Perbanas Surabaya (Institut Teknologi Sepuluh Nopember). Institut Teknologi Sepuluh Nopember, Surabaya. Retrieved from https://repository.its.ac.id/72788/

Sudirman, A. (2019). Kerangka Kerja Digital Forensic Readiness pada Sebuah Organisasi (Studi Kasus : PT Waditra Reka Cipta Bandung) (Universitas Islam Indonesia). Universitas Islam Indonesia, Yogyakarta. Retrieved from https://dspace.uii.ac.id/handle/123456789/17263