Information security analysis on physical security in university x using maturity model
Keywords:
Physical Security, COBIT 5, Maturity ModelAbstract
The threat of physical security can be from human factors, natural disasters, and information technology itself. Therefore, to prevent threats, we need the right tools to control current activities, evaluate potential impacts, and make appropriate plans so that business processes at X University will not be affected. This research starts by analyzing the problems that arise, followed by collecting the data needed, discussing the results, and making conclusions and recommendations that can be given. The method uses quantitative descriptive research. The research instrument uses interviews and questionnaire techniques. COBIT 5 is used as a framework for measuring the performance that is being implemented and will be achieved. Maturity models are used to measure current and future activities. The goal to be achieved is that the organization can create a physical security environment by the CIA principle (confidentiality, integrity, & availability). Positioning results are at level 3, meaning that the process is currently running in two main standard operating procedures. However, this evaluation specifically on the DSS5.5.5 subdomain (Providing Service Support-Managing physical security for IT Assets) in COBIT 5, and the results are still below the level 3 standard (Established Process), at 2.9 points. So, the right suggestion is to keep activities safe, one of which is to improve facilities and infrastructure, one of which is the use of biometric control in data center management rooms or other rooms with limited access.References
M. E. Whitman and H. J. Mattord, Principles of Information Security Fourth Edition. 2011.
K. Haufe, R. Colomo-Palacios, S. Dzombeta, K. Brandis, and V. Stantchev, "A process framework for information security management," Int. J. Inf. Syst. Proj. Manag., vol. 4, no. 4, pp. 27–47, 2016.
IBISA, Keamanan Sistem Informasi. Yogyakarta: CV ANDI OFFSET, 2011.
IBISA, Keamanan Sistem Informasi. Yogyakarta: ANDI OFFSET, 2011.
M. A. H. H. Shohaieb, "Effect Of Physical Security Initiatives On Supply Chain," vol. 2, no. 1, pp. 18–35, 2018.
F. Abdi, C. Y. Chen, M. Hasan, S. Liu, S. Mohan, and M. Caccamo, "Guaranteed Physical Security with Restart-Based Design for Cyber-Physical Systems," Proc. - 9th ACM/IEEE Int. Conf. Cyber-Physical Syst. ICCPS 2018, pp. 10–21, 2018.
A. M. Razmy and A. Jabeer, "Association between the Performance of the University Security Officers and Their Physical Fitness: A Case Study," OALib, vol. 4, no. 6, pp. 1–7, 2017.
IBISA, Physical Security. Yogyakarta: CV ANDI OFFSET, 2013.
M. P. Coole and D. J. Brooks, Physical Security: Best Practices. 2019.
D. Antonucci, The Cyber Risk Handbook: Creating and Measuring Effective Cybersecurity Capabilities. Belgium: John Wiley & Sons, Inc, 2017.
M. E. Whitman and H. J. Mattord, Principles of Information Security Fourth Edition, 4th ed. Boston: Course Technology, 2011.
S. Moses and D. C. Rowe, "Physical Security and Cybersecurity: Reducing Risk by Enhancing Physical Security Posture through Multi-Factor Authentication and other Techniques," Int. J. Inf. Secur. Res., vol. 6, no. 2, pp. 667–676, 2016.
I. U. A. A. I. L. A. M. K. Idierukevbe, "Physical Security Best Practices," J. Phys. Secur., vol. 12, no. 3, pp. 15–29, 2019.
A. F. Apriliana, R. Sarno, and Y. A. Effendi, "Risk analysis of IT applications using FMEA and AHP SAW method with COBIT 54," 2018 Int. Conf. Inf. Commun. Technol. ICOIACT 2018, vol. 2018–Janua, pp. 373–378, 2018.
M. Lalonde, "Combining Strengths .," The Conference Board of Canada, Ottawa, Canada, 2018.
P. R. E. Indrajit, Konsep dan Strategi Keamanan Informasi di Dunia Cyber. Yogyakarta: Graha Ilmu, 2014.
A. Arief and I. H. A. Wahab, "Information technology audit for management evaluation using COBIT and IT security (Case study on Dishubkominfo of North Maluku Provincial Government, Indonesia)," in Proceedings - 2016 3rd International Conference on Information Technology, Computer, and Electrical Engineering, ICITACEE 2016, 2017, pp. 388–392.
W. Al-Ahmad and B. Mohammed, "A code of practice for effective information security risk management using COBIT 5," 2015 2nd Int. Conf. Inf. Secur. Cyber Forensics, InfoSec 2015, pp. 145–151, 2016.
M. Motii and A. Semma, "Towards a new approach to pooling COBIT 5 and ITIL V3 with ISO/IEC 27002 for better use of ITG in the Moroccan parliament," Int. J. Comput. Sci. Issues, vol. 14, no. 3, pp. 49–58, 2017.
W. Gunawan, E. P. Kalensun, A. N. Fajar, and Sfenrianto, "Applying COBIT 5 in Higher Education," IOP Conf. Ser. Mater. Sci. Eng., vol. 420, no. 1, 2018.
A. Tantiono and N. Legowo, "Information System Governance in Higher Education Foundation using COBIT 5 Framework," Int. J. Recent Technol. Eng., vol. 8, no. 6, pp. 2798–2811, 2020.
M. Wolden, R. Valverde, and M. Talla, "The effectiveness of COBIT 5 information security framework for reducing cyber attacks on supply chain management system," IFAC-PapersOnLine, vol. 28, no. 3, pp. 1846–1852, 2015.
[R. Umar, A. Fadlil, and A. I. Putra, “Analisis Forensics Untuk Mendeteksi Pemalsuan Video,†J-SAKTI (Jurnal Sains Komput. dan Inform., vol. 3, no. 2, p. 193, 2019.
R. R, I. Riadi, and Y. Prayudi, "A Maturity Level Framework for Measurement of Information Security Performance," Int. J. Comput. Appl., vol. 141, no. 8, pp. 1–6, 2016.
I. Riadi, I. T. R. Yanto, and E. Handoyo, "Analysis of academic service cybersecurity in university based on framework COBIT 5 using CMMI," IOP Conf. Ser. Mater. Sci. Eng., vol. 821, no. 1, 2020.
O. D. Apuke, "Quantitative Research Methods : A Synopsis Approach," Kuwait Chapter Arab. J. Bus. Manag. Rev., vol. 6, no. 11, pp. 40–47, 2017.
H. Atmowardoyo, "Research Methods in TEFL Studies: Descriptive Research, Case Study, Error Analysis, and R & D," J. Lang. Teach. Res., vol. 9, no. 1, p. 197, 2018.
I. A. R. I. R. Prihandi, "COBIT 5 for Improving Production Performance using DSS Domain," Int. J. Innov. Technol. Explor. Eng., vol. 9, no. 4, pp. 678–681, 2020.
D. M. Selvianti et al., “Perancangan service catalogue management dan service level management pada layanan it pusair Puslitbang Sumber Daya Air , Bandung,†J. Sist. Inf., vol. 5, no. 4, pp. 436–445, 2015.
Downloads
Published
Issue
Section
License
Authors who publish with Jurnal Informatika (JIFO) agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.