Evaluation of Information Security on Network Data Center Universitas Muhammadiyah Kalimantan Timur (UMKT) Using Indeks Keamanan Informasi (KAMI)

Abstract

Information management is an aspect of Good University Governance, including the quality and security of information management. To raise awareness of the importance of information security, since 2008, the Ministry of Communication and Information Technology has conducted outreach to public service providers on methods or methods of assessing the information security status of institutions that provide equity services. The tools provided by the Ministry of Communication and Information Technology as a form of how important information security is, namely the Indeks Keamanan Informasi (KAMI). The Indeks Keamanan Informasi (KAMI) is an evaluation tool created by the Ministry of Communication and Information to help analyze the level of readiness and maturity of information security in agencies/companies, both government and non-government, which has been adapted to international standards, namely ISO 27001:2013. This evaluation tool will also be used as a tool to provide an overview of the condition of readiness (completeness and maturity) of the information security framework at Universitas Muhammadiyah Kalimantan Timur. The results of the assessment of the the Electrical System Category dependence are 26 out of a total of 50, and are included in the high category. The results of the assessment of the five areas that have been carried out are 279 out of a total of 645. With the high dependence on the Electrical System Category, the assessment of the five areas is still included in the category of Fulfillment of the Basic Framework and gets the status of security level II. While the minimum limit that must be achieved to be able to carry out ISO certification is security level III+. For this reason, a recommendation for improvement will be made in the parts that are still lacking from the results of the Indeks KAMI assessment which have been done. Then the recommendations from this study can be used as material for consideration and evaluation for the Universitas Muhammadiyah Kalimantan Timur in making improvements related to mitigating or preventing information security vulnerabilities, as well as ensuring that regulations can be achieved properly and institutional security policies in the future.