Evaluation of Information Security Based on KAMI Index and ISO/IEC 27001 at the XYZ Regency Communication and Information Office

Authors

  • Putu Pradiptha Dwipayani Universitas Udayana
  • Dwi Putra Githa Universitas Udayana
  • Muhammad Alam Pasirulloh Universitas Udayana

DOI:

https://doi.org/10.61132/ijiime.v2i2.259

Keywords:

Evaluation, Information Security, ISO/IEC 27001:2022, KAMI Index

Abstract

Information security is one of the key aspects of protecting information assets. Referring to the Regulation of the Ministry of Communication and Informatics No. 4 of 2016, Electronic System Providers (PSE) are required to implement information security to safeguard public interests, public services, state administration, and national defense and security. Therefore, the XYZ Regency Communication and Information Office, as an Electronic System Provider, needs to conduct an evaluation of its information security. This study aims to assess the level of information security at the XYZ Regency Communication and Information Office using the KAMI Index version 5.0 and to provide improvement recommendations in accordance with ISO/IEC 27001:2022 controls. The KAMI Index is used as a standard evaluation tool for assessing information security readiness based on the Regulation of the National Cyber and Crypto Agency (BSSN) No. 8 of 2021. The evaluation results show that the XYZ Regency Communication and Information Office obtained a final score of 248, with a readiness status of "Not Eligible" to meet the ISO/IEC 27001:2022 standard. The maturity level of information security is in the range of Level I to II. Improvement recommendations are provided based on questionnaire results that do not yet meet the ISO/IEC 27001:2022 standards. These recommendations serve as a reference for the XYZ Regency Communication and Information Office to align its information security governance with the ISO/IEC 27001:2022 standard.

References

Bakhtiar, A. & Salsabila Hidayat, F. 2023, ‘EVALUASI SISTEM MANAJEMEN KEAMANAN INFORMASI BERDASARKAN PENILAIAN INDEKS KAMI v.4.2 PADA DINAS XYZ PROVINSI JAWA TENGAH’, Industrial Engineering Online Journal, vol. 12, no. 4

Barani, G.D.S. 2020, ‘Analisis Tingkat Kesiapan Keamanan Informasi Menggunakan Indeks KAMI (Keamanan Informasi) 4.0 (Studi Kasus : Dinas Komunikasi dan Informatika Provinsi Jawa Timur)’, vol. 4, no. 9, hh. 3218-3224

BSSN 2023, Konsultasi dan Assessment Indeks KAMI. Badan Siber dan Sandi Negara.

Diva Ramadhani, N. 2020, ‘Evaluasi Keamanan Informasi pada Dinas Komunikasi dan Informatika Kabupaten Malang menggunakan Indeks KAMI (Keamanan Informasi)’, Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 4, no. 5, hh. 1490-1490

Firdani, A. 2019, ‘Perencanaan Pengelolaan Keamanan Informasi Berbasis ISO 27001 menggunakan Indeks KAMI Studi Kasus: Dinas Komunikasi dan Informatika Kabupaten Rembang’, Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 3, no. 6, hh. 6009-6015

Gala, R.A.P.P. 2020, ‘Analisis Keamanan Informasi Pemerintah Kabupaten Minahasa Tenggara Menggunakan Indeks KAMI’, Jurnal Teknik Informatika, vol. 15, no. 3, hh. 189–198.

Insan Khamil, D. 2022, ‘Evaluasi Tingkat Kesiapan Keamanan Informasi Menggunakan Indeks Kami 4.2 Dan ISO/IEC 27001:2013 (Studi Kasus: Diskominfo Kabupaten Gianyar)’, Jurnal Teknik Informatika dan Sistem Informasi, vol. 9, no. 3, hh. 1946-1960

Octaviani, S.I.D. 2019, ‘Evaluasi Kesiapan Kerangka Kerja Keamanan Informasi Pada Dinas Komunikasi Dan Informatika Kota Batu Dengan Menggunakan Indeks KAMI’, Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 3, no. 3, hh. 2741-2745

Pratiwi, H.A. & Wulandari, L. 2021, ‘Evaluasi Tingkat Kesiapan Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Indeks KAMI) Versi 4.0 pada Dinas Komunikasi dan Informatika Kota Bogor’, Journal of Industrial Engineering & Management Research, vol. 2, no. 5, hh. 146-163

Rahayu, I., Miftach, F. & Haryatno 2017, Panduan Penerapan Sistem Manajemen Keamanan Informasi Berbasis Indeks Keamanan Informasi (Indeks KAMI). Direktorat Keamanan Informasi & Direktorat Jenderal Aplikasi Informatika Kementerian Komunikasi dan Informatika.

Rahmah, Y. 2020, ‘Evaluasi Tingkat Keamanan Informasi pada Dinas Komunikasi dan Informatika Kabupaten Mojokerto dengan Menggunakan Indeks KAMI’, Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 4, no. 3, hh. 840-847

Shimels, T. & Lessa, L. 2023, ‘Maturity of information systems’ security in Ethiopian banks: case of selected private banks’, International Journal of Industrial Engineering and Operations Management, vol. 5, no. 2, hh. 86–103.

Sundari, P. & Wella 2021, ‘SNI ISO/IEC 27001 dan Indeks KAMI: Manajemen Risiko PUSDATIN (PUPR)’, Ultima InfoSys : Jurnal Ilmu Sistem Informasi, vol. 12, no. 1, hh. 35-42

Sutabri, T. 2012, Analisis Sistem Informasi. Diedit oleh C. Putri. Penerbit Andi.

Whitman, M.E. and Mattord, H.J. (2010) Management of Information Security. Edk 3. Course Technology.

Wijatmoko, T.E. 2020, ‘EVALUASI KEAMANAN INFORMASI MENGGUNAKAN INDEKS KEAMANAN INFORMASI (KAMI) PADA KANTOR WILAYAH KEMENTERIAN HUKUM DAN HAM DIY’, CyberSecurity dan Forensik Digital, vol. 3, no. 1, hh. 1-6

Yustanti, W. et al. (2018) Keamanan Sistem Informasi. Zifatama Jawara.

Downloads

Published

2025-04-08

How to Cite

Putu Pradiptha Dwipayani, Dwi Putra Githa, & Muhammad Alam Pasirulloh. (2025). Evaluation of Information Security Based on KAMI Index and ISO/IEC 27001 at the XYZ Regency Communication and Information Office. International Journal of Industrial Innovation and Mechanical Engineering, 2(2), 01–07. https://doi.org/10.61132/ijiime.v2i2.259

Issue

Vol. 2 No. 2 (2025): May : International Journal of Industrial Innovation and Mechanical Engineering

Section

Articles

License

Copyright (c) 2025 International Journal of Industrial Innovation and Mechanical Engineering

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.