Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework

Mustafa Kamal, Muhamad Muhamad, Yupit Sudianto, Muhammad Arkan Fauzan, Yuvens Anggito, Wahid Yasin, Hendrik Hermawan
{"title":"Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework","authors":"Mustafa Kamal, Muhamad Muhamad, Yupit Sudianto, Muhammad Arkan Fauzan, Yuvens Anggito, Wahid Yasin, Hendrik Hermawan","doi":"10.32736/sisfokom.v13i1.1987","DOIUrl":null,"url":null,"abstract":"In this era of cyber crimes, data security is an important aspect that needs special attention from an organization. This is reinforced by the ratification of Law Number 27 of 2022 on personal data security. The National Zakat Amil Institute (LAZNAS) Yayasan Dana Sosial al Falah (YDSF) as an institution with a legal entity and having data on more than 100,000 donors and partners, it also has an obligation to protect the personal data of donors and partners.  The focus of this research is to evaluate and audit information technology at the LAZNAS YDSF, especially regarding the security aspect of information technology. Evaluations and audits were carried out using the ISO 27001 framework as a standardization of information technology security at the international level. In this study, information technology audits were conducted using quantitative methods. The assessment was carried out on seven main clauses that are priorities for the LAZNAS YDSF based on management priorities: compliance clauses, risk management, policies, assets, physical and environmental management, access control, and incident management. Data were collected using a questionnaire distributed to all the LAZNAS YDSF managers and employees. Fifty-five respondents, ranging from management to staff, were involved in filling out the questionnaire, ranging from management to staff. Based on the recapitulation of answers from respondents, it was found that the risk management and access control clauses had good results, with scores of 2,727 and 2,796. The compliance and incident management clauses have scores of 2.381 and 2.53, respectively; therefore, improvement efforts need to be made. By evaluating and auditing information technology that refers to the ISO 27001 standard, it is hoped that LAZNAS YDSF can protect and maintain the confidentiality, integrity, and availability of information, and manage and control information security risks.","PeriodicalId":517030,"journal":{"name":"Jurnal Sisfokom (Sistem Informasi dan Komputer)","volume":"167 ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Sisfokom (Sistem Informasi dan Komputer)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32736/sisfokom.v13i1.1987","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

In this era of cyber crimes, data security is an important aspect that needs special attention from an organization. This is reinforced by the ratification of Law Number 27 of 2022 on personal data security. The National Zakat Amil Institute (LAZNAS) Yayasan Dana Sosial al Falah (YDSF) as an institution with a legal entity and having data on more than 100,000 donors and partners, it also has an obligation to protect the personal data of donors and partners.  The focus of this research is to evaluate and audit information technology at the LAZNAS YDSF, especially regarding the security aspect of information technology. Evaluations and audits were carried out using the ISO 27001 framework as a standardization of information technology security at the international level. In this study, information technology audits were conducted using quantitative methods. The assessment was carried out on seven main clauses that are priorities for the LAZNAS YDSF based on management priorities: compliance clauses, risk management, policies, assets, physical and environmental management, access control, and incident management. Data were collected using a questionnaire distributed to all the LAZNAS YDSF managers and employees. Fifty-five respondents, ranging from management to staff, were involved in filling out the questionnaire, ranging from management to staff. Based on the recapitulation of answers from respondents, it was found that the risk management and access control clauses had good results, with scores of 2,727 and 2,796. The compliance and incident management clauses have scores of 2.381 and 2.53, respectively; therefore, improvement efforts need to be made. By evaluating and auditing information technology that refers to the ISO 27001 standard, it is hoped that LAZNAS YDSF can protect and maintain the confidentiality, integrity, and availability of information, and manage and control information security risks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
使用 ISO 27001 框架对 YDSF 国家天课机构进行信息技术安全审计
在这个网络犯罪猖獗的时代,数据安全是一个需要组织特别关注的重要方面。关于个人数据安全的 2022 年第 27 号法律的批准加强了这一点。国家天课研究所(LAZNAS)Yayasan Dana Sosial al Falah(YDSF)作为一个具有法人资格的机构,拥有超过 10 万名捐赠者和合作伙伴的数据,因此也有义务保护捐赠者和合作伙伴的个人数据。 本研究的重点是评估和审计拉兹纳斯青年发展基金会的信息技术,尤其是信息技术的安全方面。评估和审计采用 ISO 27001 框架进行,该框架是信息技术安全的国际标准化。本研究采用定量方法进行信息技术审计。根据管理重点,对 LAZNAS YDSF 优先考虑的七个主要条款进行了评估:合规条款、风险管理、政策、资产、物理和环境管理、访问控制和事件管理。数据收集采用了向所有 LAZNAS YDSF 管理人员和员工发放调查问卷的方式。55 名受访者参与了问卷填写,其中既有管理人员,也有员工。根据对受访者答案的总结,发现风险管理和访问控制条款效果良好,得分分别为 2 727 分和 2 796 分。合规性和事件管理条款的得分分别为 2.381 分和 2.53 分,因此需要努力改进。通过对 ISO 27001 标准的信息技术进行评估和审核,希望 LAZNAS YDSF 能够保护和维护信息的机密性、完整性和可用性,管理和控制信息安全风险。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Factors Influencing Acceptance of ILMU E-Learning Among Lecturers: An Empirical Study Based on UTAUT Model Detection of Rice Leaf Pests Based on Images with Convolution Neural Network in Yollo v8 Enterprise Architecture Planning Pada Industri Otomotif Pitcar Service Menggunakan Odoo Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework Data-Driven Strategies for Fuel Distribution in Indonesia: A Case Study of PT Pertamina Patra Niaga
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1