Abstract
Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.  Â
Highlights
Academic Information System (AIS) is an application system created to realize the process of online academic activities
ISO 27001 has the advantage that this standard is very flexible which is developed depending on the needs of the organization, organizational goals, security requirements and ISO 27001:2013 provides a certificate of implementation of a nationally and internationally recognized Information Security Management System called the ISMS [8]
The Maturity level of information security practices in higher education academic information systems in Indonesia is at level 2 Managed Process and level 3 Established Process, with a composition of 40% at level 3 and 60% at level 2
Summary
Academic Information System (AIS) is an application system created to realize the process of online academic activities. Information security in higher education AIS requires several approaches in its application. At present there are several security control frameworks that can be used to build those controls [15]. One control that puts forward the information security factor at present is ISO (International Organization for Standardization) 27001 [13]. ISO 27001:2013 is a standard for auditing the security of an information system and is used as a reference to produce documents (findings and recommendations). ISO 27001:2013 has 133 information security controls, and in practice companies can choose which controls are most relevant to conditions in the field [9]. ISO 27001 has the advantage that this standard is very flexible which is developed depending on the needs of the organization, organizational goals, security requirements and ISO 27001:2013 provides a certificate of implementation of a nationally and internationally recognized Information Security Management System called the ISMS [8]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
