Perancangan Sistem Pengamanan Data Berdasarkan Standar ISO 27001 pada Lingkungan Laboratorium Teknik Informatika
Abstract
This study addresses the problem of inadequate information security systems in Informatics Engineering laboratories, which leads to high risks of data leakage, unauthorized access, and low user awareness of information security. The aim of this research is to design and implement an information security system based on the ISO/IEC 27001 standard to enhance the protection of information assets and establish sustainable security governance. The research employs a descriptive qualitative method consisting of literature review, needs analysis, risk assessment using a Risk Assessment Matrix, system design and implementation of security controls, and system evaluation through penetration testing and user compliance surveys. The results show that the implementation of technical security controls, such as data encryption, firewalls, and access management, significantly reduces data leakage risks and improves user compliance and awareness of information security practices. The study concludes that ISO/IEC 27001 is effective in establishing a structured and sustainable information security management system within the Informatics Engineering laboratory environment
Downloads
References
I. . P. Jovano, I. R. Padiku, and B. Ahaliki, “Analisis Manajemen Risiko dan Keamanan Sistem Informasi Akademik Terpadu ( SIAT ) Universitas Negeri Gorontalo Menggunakan Framework NIST SP 800-30,” Journal of Systems and Information Technology, vol. 5, no. 1, pp. 135–144, 2025.
N. Ibrahim, “Examining the Influence of Advanced Persistent Threats on Higher Education Institutions and Investigating Appropriate Cybersecurity Strategies,” vol. 2, pp. 96–119, 2025, doi: 10.24840/2183-6493.
F. Anis Sekar Ningrum, Y. Riwanto, I. Yanuar Risca Pratiwi, and M. A. Fikri, “Analisis Keamanan Sistem Informasi Perguruan Tinggi Berbasis Indeks KAMI,” Jurnal Informatika Polinema, vol. 10, no. 3, pp. 437–444, 2024.
N. Ramadhanty, “Implementasi Kerangka Keamanan NIST Dan ISO/IEC 27001 Dalam Menghadapi Ancaman Risiko Siber,” Journal of Indonesian Management, vol. 4, no. 4, pp. 1–9, 2024, doi: 10.53697/jim.v4i4.1973.
S. Clarissa and G. Wang, “Assessing Information Security Management Using ISO 27001:2013,” Jurnal Indonesia Sosial Teknologi, vol. 4, no. 9, pp. 1361–1371, 2023, doi: 10.59141/jist.v4i9.739.
F. C. Arumdiya and C. Rudianto, “Implementasi ISO 27001:2022 dalam Manajemen Risiko Keamanan Informasi,” vol. 06, no. 02, pp. 167–186, 2021.
S. Mahmood, M. Chadhar, and S. Firmin, “Addressing Cybersecurity Challenges in Times of Crisis: Extending the Sociotechnical Systems Perspective,” Applied Sciences (Switzerland), vol. 14, no. 24, 2024, doi: 10.3390/app142411610.
E. Susanto and N. Legowo, “Hasil Penilaian Risiko Keamanan Informasi pada Laboratorium Klinik Berdasarkan Kriteria Kendali Dalam Penerapan ISO 27001,” vol. 12, no. 2, pp. 155–164, 2023.
F. Husaeni, N. Sulistiyowati, and A. Rizal, “EVALUASI PENGELOLAAN ASET LABORATORIUM KOMPUTER MENGGUNAKAN STANDAR ISO / IEC 27001,” vol. 9, 2018.
A. Hafiz, “TREN IMPLEMENTASI ISO 27001 SISTEM MANAJEMEN KEAMANAN INFORMASI PADA PERGURUAN TINGGI ( LITERATURE REVIEW ),” no. 2, pp. 159–163, 2025.
S. Ray, J. Das, R. Pande, and A. Nithya, “Swati Ray 1 , Joyati Das 2* , Ranjana Pande 3 , and A. Nithya 2,” vol. 4, no. 2, pp. 195–222, 2025, doi: 10.1201/9781032622408-13.
Sintiya Cahya Maulany, Ety Meikhati, and Putri Intan Prastiwi, “Integrasi Teknologi Informasi Akuntansi dan Proteksi Sistem Informasi Akuntansi terhadap Cybersecurity Accounting di Era Digital,” Akuntansi Pajak dan Kebijakan Ekonomi Digital, vol. 2, no. 3, pp. 216–231, 2025, doi: 10.61132/apke.v2i3.1429.
J. Task and F. Transformation, “Guide for Conducting Risk Assessments,” no. September, 2012.
Copyright (c) 2026 Taufiq Timur Warisaji, Guruh Wijaya, Lintang Setyo Kurniawati
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
