Security Audit Parahita Information System Based ISO 27002:2005 At Parahita Diagnostic Center Surabaya

Meita Eny Kusumaning Diah, Haryanto Tanuwijaya, Erwin Sutomo

Abstract


Parahita Diagnostic Center (PDC) is a company engaged in the field of public health service, particularly in the field of laboratory. PDC using technology that is integrated and centralized called Parahita Information System (PARIS) for running and supporting existing business processes. Implementation of the (PARIS) has some problems: frequent occurrence of malicious code attacks, misuse by unauthorized parties, and lack of maintenance on the system. Existing obstacles which lead to some risk of data loss, misuse of data and information, failures in data processing and the performance of the system becomes impaired. In order to determine the cause of problems that may occur, PDC need to conduct a Information System Security Audit using the standard ISO 27002: 2005 as the best security. This audit process using ISACA developed stage and calculations of maturity model using CMMI. The scope used is clause 10, clause 12, clause 13, clause 14 and clause 15 which is adapted to the problem. The results obtained from the information system security audit is the level of maturity of 3,11 that is defined. It shows that most of the information systems security process already have rules and conducted on a regular basis. This research also produced recommendations which are used to improve the process of information systems owned by the PDC.

Full Text:

PDF

Refbacks

  • There are currently no refbacks.