Perceptions of Students at Andalas University's Payakumbuh Campus Regarding the Security of Academic Information Systems
Main Article Content
Abstract
Higher Education is one of the public service providers that wants to provide the best service to internal and external parties who need information, namely by utilizing academic information systems. The use of academic information systems is prone to data and information crimes, which are problems experienced by many system users and this also occurs in Indonesia. The method in this study uses a qualitative description method in this study and data collection is obtained using triangulation techniques. The results of the study, that it is necessary to improve information security from various threats, thus ensuring the security of valuable information assets. Information security using The International Organization for Standardization (ISO)/IEC 27001. In addition, it is also necessary to perform two-factor authentication which adds a two-step verification process to access the account.
Downloads
Article Details
This work is licensed under a Creative Commons Attribution 4.0 International License.
References
Akraman, R., Candiwan, C., & Priyadi, Y., 2018, Pengukuran Kesadaran Keamanan Informasi Dan Privasi Pada Pengguna Smartphone Android Di Indonesia. Jurnal Sistem Informasi Bisnis, 8(2), 115.
Al-Sehri, 2012, Information security awareness and culture, British Journal of Arts and Social Sciences; 6(1): 61-69
Al-Omari A, El-Gayar O, Deokar A., 2012, Security policy compliance: User acceptance perspective. InSystem Science (HICSS), 45th Hawaii International Conference on 2012 Jan 4 (pp. 3317-3326). IEEE.
Arens, Alvin A. And Loebecke, James K., 2005, Auditing An Integrated Approach, Eight Edition, New Jersey: Prentice Hall Inc,
Beecroft, G.D., 1997, Implementation Philosophy: ISO 9000 versus QS 9000. Total Quality Management, 8, 83-87.
Chazar, C., 2015, Standar Manajemen Keamanan Sistem Informasi Berbasis ISO 27001:2005. Jurnal Informasi, VII(2), 48-57.
Darmawan, Deni dan Fauzi, Nur, Kunkun, 2013, Sistem Informasi Manajemen. Bandung: PT Remaja Rosdakarya.
Dhillon, G. dan Backhouse, J., 2002, Risks in The Use ofInformation Technology Within Organizations. International Journal of Information Management, Vol. 16, 1,.
Dhillon, G and Backhouse, J., 2000, Information System Security Management in the New Millennium. Communications of ACM, Vol. 43, No. 7, pp. 125-128.
Darmawan, Deni., & Kunkun Nur Fauzi, 2013, Sistem Informasi Manajemen. Bandung: PT Remaja Rosdakarya.
Dennis Beecroft, G., 1996, Internal quality audits – obstacles or opportunities?, Training for Quality, Vol. 4 No. 3, pp. 32-4.
Dyna Marisa Khairina, 2011, Analisis Keamanan Sistem Login, Jurnal Informatika Mulawarman Vol. 6 No. 2 Juli
Elachgar, Hicham, Brahim Boulafdour, Meryem Makoudi, and Boubker Regragui, 2012, Information Security, 4TH Wave. Journal of Theoretical and Applied Information Technology 43(1): 1–7
Gemalto, 2015, Information Security Threat Annual Reports. Gemalto Corporation. 2015; 43.
Sanyoto, G., & Hendarti, H., 2007, Audit Sistem Informasi Lanjutan + Standar, Panduan, dan Prosedur Audit SI dari ISACA. Jakarta: Mitra Wacana Media
Sanyoto, G., 2007, Audit Sistem Informasi + Pendekatan CobIT. Edisi Revisi. MitraWacana Media. Jakarta.
Hariningsih, 2005, Teknologi Informasi. Yogyakarta : Graha Ilmu
Hermaduanti, Ninki, and Imam Riadi, 2016, “Automation Framework for Rogue Access Point Mitigation in Ieee 802.1X-Based WLAN.” Journal of Theoretical and Applied Information Technology 93(2): 287–96.
Humphreys, E., 2016, Implementing the ISO/IEC 27001 ISMS Standard, (2nd edition). Artech House, London, U.K
Imam Riadi, 2013, Optimalisasi Keamanan Jaringan Menggunakan Pemfilteran Aplikasi Berbasis Mikrotik, Jurnal Sistem Informasi Indonesia
ISO, International Standard ISO/IEC 27001 Information Technology - Security Techniques - Information Security Management Systems - Requirements, IEC, vol. 27001, no. 27001, 2013.
ISO, International Standard ISO/IEC 27002 Information technology — Security techniques — Code of practice for information security controls, IEC, vol. 27002, no. 27002, 2013
Johnston, P. A. 2005. Login System, http://pajhome.org.uk
Krugger, H. A., & Kearney, W. D., 2006, A Prototype for assesing information security awareness. Computer & Securitiy, 289 – 296
Laudon, Kenneth C dan Jane P. Laudon, 2007, Sistem Informasi Manajemen, Edisi ke-10. Terjemahan Chriswan Sungkono dan Machmudin Eka P. Jakarta: Salemba Empat
McLeod, Raymond & Schell, George P., 2008, Sistem Informasi Manajemen, Edisi 10. Jakarta: Salemba Empat.
Menk, T.J. (2008), Internal auditing: key to helping your operations and bottom line, Alpern Rosenthal. available at: ww.alpern.com/resources/publications/internal%20audit.html (accessed 13 January 2008).
M. Hassanzadeh, N. Jahangiri, and B. Brewster, 2014, A Conceptual Framework for Information Security Awareness, Assessment, and Training, in Emerging Trends in ICT Security, 1st ed., B. Akhgar and H. R. Arabnia, Eds. 2014, pp. 99 – 109
Mulyadi & Kanaka Puradiredja, 1998, Auditing, Edisi Kelima,Buku Satu, Jakarta: Penerbit Salemba Empat.
Mokodompit, M. P., & Nurlaela, N., 2017, Evaluasi Keamanan Sistem Informasi Akademik Menggunakan ISO 17799&58, 2000 (Studi Kasus Pada Peguruan Tinggi X). Jurnal Sistem Informasi Bisnis, 6(2), 97-104
Moleong, Lexy J., 2013, Metode Penelitian Kualitatif, Edisi Revisi. Bandung : PT. Remaja Rosdakarya.
Ron Weber, 2000, Information System Control and Audit, PrenticeHall, Inc.: New Jersey
Sanyoto. Gondodiyoto, 2007, Audit Sistem Informasi + Pendekatan CobIT, Edisi Revisi. MitraWacana Media. Jakarta.
Sarno, R & Iffano, 2009, Sistem Manajemen Keamanan Informasi, Surabaya, Percetakan ITS Press
Satoto, Kodrat Iman, dkk., 2008, Analisis Keamanan Sistem Informasi Akademik Berbasis Web di Fakultas Teknik Universitas Diponegoro, Artikel Ilmiah Terpublikasi Seminar Nasional Aplikasi Sains dan Teknologi. ISSN: 1979- 911X, Hal: 175-186, Desember 2008
Sattarova Feruza Y. and Tao-hoon Kim, 2007, IT Security Review: Privacy, Protection, Access Control, Assurance and System Security, International Journal of Multimedia and Ubiquitous Engineering Vol. 2, No. 2, April
Sugiyono, 2015, Metode Penelitian Kuantitatif Kualitatif R&B, Bandung: Aflabeta.
Symantec, 2015, Information Security Threat Reports, Symantec Corporation. 2015; 18
Susanto, Bekti M., 2013, Mengukur Keamanan Informasi: Studi Komparasi ISO 27002 dan NIST 800-55, Seminar Nasional Teknologi Informasi dan Komunikasi.
Susanto, Heru, dkk., 2011, Information Security Management System Standards: A Comparative Study of the Big Five, International Journal of Electrical & Computer Sciences IJECS-IJENS Vol: 11 No: 05.
Thomas M, Dhillon G., 2011, Interpreting deep structures of information systems security, The Computer Journal. Nov 30:bxr118.
Urbach, N. & Mueller, B., 2011, The Update Delone and Mclean Model of Information System, Springer Science and Business Media, p. 28.
Witman, M. E., Mattord, H. J., 2011, Principles of Information security, 4th Edition. Atlanta: Cengage Learning.
Wood, C. C., 1995, Writing InfoSec Policies. Computers & Security, Vol. 14, No. 8, pp. 667-674.