Evaluasi Tata Kelola Keamanan Informasi Berdasarkan Standard ISO 27001:2013 Deangan Menggunakan Model SSE-CMM (Studi Kasus: PT Pertamina Persero)

Maulydina, Vira Datry (2025) Evaluasi Tata Kelola Keamanan Informasi Berdasarkan Standard ISO 27001:2013 Deangan Menggunakan Model SSE-CMM (Studi Kasus: PT Pertamina Persero). Other thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 5027211050-Undergraduate_Thesis.pdf] Text
5027211050-Undergraduate_Thesis.pdf - Accepted Version
Restricted to Repository staff only
Download (7MB) | Request a copy

Abstract

Pesatnya digitalisasi meningkatkan ancaman terhadap keamanan informasi, termasuk di PT Pertamina Persero yang bergantung pada Teknologi Informasi (TI) untuk operasionalnya. Penelitian ini bertujuan untuk mengevaluasi tingkat kematangan Maturity Level keamanan informasi di PT Pertamina Persero menggunakan metode Systems Security Engineering Capability Maturity Model (SSE-CMM) dengan acuan ISO/IEC 27001:2013. Evaluasi ini akan mengukur sejauh mana keamanan informasi telah diterapkan serta mengidentifikasi kesenjangan (gap analysis) dibandingkan standar yang berlaku. Tujuan penelitian ini untuk mengetahui tingkat kematangan Maturity Level keamanan informasi dan memberikan rekomendasi pada PT Pertamina Persero. Pengumpulan data dan informasi pada penelitian ini dilakukan melalui wawancara, kuesioner, dan peninjauan dokumen. Metode skala Systems Security Engineering Capability Maturity Model (SSE-CMM) dan perhitungan Maturity Level menggunakan 3 klausul yang telah ditentukan berdasarkan pada ISO/IEC 27001:2013. Hasil rata-rata keseluruhan klausul berada pada level 4 yaitu Quantitatively Controlled (Dikendalikan secara kuantitatif) dengan nilai 3,73 sesuai dengan standar yang ditetapkan instansi. Penulis juga menemukan gap antara kondisi instansi saat ini dengan standar ISO 27001:2013 dan sudah sebuah rekomendasi yang telah disusun dan dikaji telah diterima oleh pihak instansi terkait serta telah melalui proses verifikasi. Dengan demikian, hasil penelitian ini diharapkan dapat memberikan perbaikan guna meningkatkan efektivitas Sistem Manajemen Keamanan Informasi (SMKI) dan mendukung kebijakan keamanan informasi yang lebih optimal di PT Pertamina Persero sesuai standar ISO 27001:2013.
======================================================================================================================================
The rapid digitalization increases the threat to information security, including at PT Pertamina Persero which relies on Information Technology (IT) for its operations. This study aims to evaluate the level of information security maturity at PT Pertamina Persero using the Systems Security Engineering Capability Maturity Model (SSE-CMM) method with reference to ISO/IEC 27001:2013. This evaluation will measure the extent to which information security has been implemented and identify gaps (gap analysis) compared to applicable standards. The purpose of this study is to determine the level of information security maturity and provide recommendations to PT Pertamina Persero. Data and information collection in this study was carried out through interviews, questionnaires, and document reviews. The Systems Security Engineering Capability Maturity Model (SSE-CMM) scale method and Maturity Level calculation use 3 predetermined clauses based on ISO/IEC 27001:2013. The overall average result of the clause is at level 4, namely Quantitatively Controlled with a value of 3.73 in accordance with the standards set by the agency. The author also found a gap between the current condition of the agency and the ISO 27001:2013 standard and a recommendation that has been prepared and reviewed has been accepted by the relevant agency and has gone through a verification process. Thus, the results of this study are expected to provide improvements to increase the effectiveness of the Information Security Management System (ISMS) and support a more optimal information security policy at PT Pertamina Persero according to the ISO 27001:2013 standard.

Item Type: Thesis (Other)
Uncontrolled Keywords: Kata kunci: Keamanan Informasi, Maturity Level, SSE-CMM, ISO/IEC 27001:2013, Keywords: Information Security, Maturity Level, SSE-CMM, ISO/IEC 27001:2013.
Subjects: T Technology > T Technology (General)
T Technology > T Technology (General) > T174.5 Technology--Risk assessment.
T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing
Divisions: Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information Technology > 59201-(S1) Undergraduate Thesis
Depositing User: Vira Datry Maulydina
Date Deposited: 30 Jul 2025 05:43
Last Modified: 30 Jul 2025 05:43
URI: http://repository.its.ac.id/id/eprint/124153

Actions (login required)

View Item View Item