Information Security Evaluation Using the Information Security Index: A Case Study In Indonesia

Abstract

Information security awareness has been extensively discussed as an effective means to reduce security risks. The hacking incident experienced by the judiciary within the Supreme Court of the Republic of Indonesia in 2021. This resulted in disrupted services to the community. Therefore, it is necessary to conduct an information security audit. Information security audits were carried out using an information security evaluation using the US Index. The research methodology was conducted by interviewing resource persons at the Bureau of Public Relations Data and Information of the Supreme Court of the Republic of Indonesia and using the US index questionnaire version 3.1. The results of the study show that from 6 (six) assessment categories, the Electronic System Category has a value of “35” with a “strategic” level, Information Security Governance with a value of “32” with a status of “initial condition and starting to be implemented”, Information Security Risk Management with a value of “8” status. “Initial condition”, Information Security Management Framework value “31” status “initial condition, Information Asset Management value “86” status “implementation of basic framework”, Technology and Information Security value “63” status “initial condition and implementation commenced” Overall, the results of the final evaluation of the level of application information security standards scored “224” and the status was “inappropriate”. From the results of this study, several recommendations are then given based on SNI ISO/IEC 27001: 2013 to assist the Supreme Court in determining corrective measures.