INTEGRATION OF FRAMEWORK ISO 27001 AND COBIT 2019 IN SMART TOURISM INFORMATION SECURITY PT. YoY INTERNATIONAL MANAGEMENT
-
Muhammad Nawir(1*)
Universitas Sulawesi Barat
-
Irfan AP(2)
Universitas Sulawesi Barat
-
Farid Wajidi(3)
Universitas Sulawesi Barat
(*) Corresponding Author
Abstract
Information technology that is growing rapidly becomes a very high threat to information systems. PT. YoY Management Internasional which will manage the location-based smart tourism application so that it is necessary to protect company information, in order to avoid interference and threats that can harm the company. In this study, an analysis of information technology (IT) governance was carried out using the COBIT 2019 framework, by aligning the company's strategies and goals into existing processes in COBIT 2019 which were then mapped into ISO 27001 for information security management. The purpose of this research is to manage information security using the COBIT 2019 framework and the ISO 27001:2013 standard. The research method used in this research is descriptive qualitative. The results obtained in this study are in the form of several recommendations for policies in managing information security in smart tourism applications in accordance with the COBIT 2019 and ISO 27001:2013 standards.
Downloads
References
Sholikhatin, S. A., Setyanto, A., & Luthfi, E. T. 2019. Analisis Keamanan Sistem Informasi Dengan ISO 27001 (Studi Kasus: Sistem Informasi Akademik Universitas Muhammadiyah Purwokerto). It Cida, 4(1), 1–9. http://journal.amikomsolo.ac.id/index.php/itcida/article/view/75
Steve G Watkins,. 2008. An Introduction to Information Security and ISO 27001 : IT Publising.United Kingdom
Lenawati, M., Winarno, W. W., & Amborowati, A. (2017). Tata Kelola Keamanan Informasi pada PDAM Menggunakan ISO/IEC 27001:2013 dan COBIT 5. Sentra Penelitian Engineering Dan Edukasi, 9(1), 44–49. http://speed.web.id/jurnal/index.php/speed/article/view/220
Iec, I. S. O., & Iec, I. S. O. (2019). INTERNATIONAL STANDARD ISO / IEC Security techniques — Extension to. 2019.
Masduki. 2020. Introduction and Methodology. In Palgrave Series in Asia and Pacific Studies. https://doi.org/10.1007/978-981-15-7650-8_1
Riyana, C. 2010. Teknologi Informasi dan Komunikasi. Pusat Perbukuan Kementrian Pendidikan Nasional, 1(April), 1–302.
INFORMATION SYSTEM AUDIT AND CONTROL ASSOCIATION – ISACA. (2018). Governance and Management Objectives. In COBIT® 2019 Framework. https://www.isaca.org/resources/cobit
Chopra, A., & Chaudhary, M. (2020). Implementing an Information Security Management System. In Implementing an Information Security Management System. https://doi.org/10.1007/978-1-4842-5413-4
International Organization for Standardization. 2013. INTERNATIONAL STANDARD ISO / IEC Information technology — Security techniques — Information security management systems — Requirements. Information Technology — Security Techniques — Information Security Management Systems — Requirements, 2014(ISO/IEC 27001:2013), 38.
Fathoni, Simbolon, N., & Yunika Hardiyanti, D. (2019). Security audit on loan debit network corporation system using cobit 5 and iso 27001: 2013. Journal of Physics: Conference Series, 1196(1). https://doi.org/10.1088/1742-6596/1196/1/012033
Copyright (c) 2022 Muhammad Nawir, Irfan AP, Farid Wajidi
This work is licensed under a Creative Commons Attribution 4.0 International License.
The author submitting the manuscript must understand and agree that if accepted for publication, authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work’s authorship and initial publication in this journal.
