AUDIT KEAMANAN SISTEM INFORMASI KEARSIPAN STATIS (SIKS) BERDASARKAN STANDAR ISO 27001 PADA BADAN PERPUSTAKAAN DAN ARSIP DAERAH (BPAD) D.I. YOGYAKARTA
| Main Author: | Alfian Nur Jayanto, 12650019 |
|---|---|
| Format: | Thesis NonPeerReviewed Book |
| Bahasa: | ind |
| Terbitan: |
, 2019
|
| Subjects: | |
| Online Access: |
http://digilib.uin-suka.ac.id/40116/2/15420022%20%20BAB%20I_V_%20DAFTAR%20PUSTAKA.pdf http://digilib.uin-suka.ac.id/40116/1/15420022%2C%20BAB%20II%2C%20III%2C%20IV.pdf http://digilib.uin-suka.ac.id/40116/ |
Daftar Isi:
- Static Archive Information System BPAD D.I. Yogyakarta is a system that organizes and manages all data from static archives, the data must be safeguarded. To find out the level of security, an Information System audit is needed to ensure information security that is applied according to procedures and testing security in order to find out the security gap and as an improvement to make the Static Archive Information System better. ISO/IEC 27001 is a standard document of the Information Security Management System (ISMS) in general discussing what should be done in an effort to implement information security concepts in BPAD D.I. Yogyakarta from the aspect of information system security based on ISO 27001 by measuring and auditing based on the ISMS. Then security testing is done using several tools in the form of software, including Nmap, Acunetix Web Vulnerability Scanner, Netsparker, Sqlmap, XSSer, and Bettercap. This study resulted in the findings of the Static Archive Information System BPAD D.I. Yogyakarta, that is at a security level with a maturity scale of 2.02 (Repeatable but Intuitive), this shows that security management has followed a regular pattern but there is no standard procedure used as a reference. Then the results of testing the Information System Security with Nmap found 4 open ports, with Acunetix Web Vulnerability Scanner found 27 types of vulnerabilities, and with Netsparker found 25 types of vulnerabilities. Furthermore, this Information System is also not vulnerable to SQL injection and XSS attacks, but it is vulnerable to packet sniffer attacks. Keywords : Information System Audit, ISO / IEC 27001, ISMS, Testing, Security, Information System, Nmap, Acunetix, Netsparker, Sqlmap, XSSer, Bettercap