Analisis Kesesuaian Tata Kelola Keamanan Informasi pada Dinas Pertanian dan Perkebunan Provinsi Jawa Tengah Berdasarkan Standar ISO/IEC 27001:2022 dan NIST Cybersecurity Framework

Puspaningrum, Oktavia Anggraeni (2025) Analisis Kesesuaian Tata Kelola Keamanan Informasi pada Dinas Pertanian dan Perkebunan Provinsi Jawa Tengah Berdasarkan Standar ISO/IEC 27001:2022 dan NIST Cybersecurity Framework. Other thesis, Institut Teknologi Sepuluh Nopember.

[thumbnail of 5027211001-Undergraduate_Thesis.pdf] Text
5027211001-Undergraduate_Thesis.pdf - Accepted Version
Restricted to Repository staff only
Download (3MB) | Request a copy

Abstract

Penelitian ini bertujuan untuk mengevaluasi tata kelola keamanan informasi pada Dinas Pertanian dan Perkebunan Provinsi Jawa Tengah berdasarkan standar ISO/IEC 27001:2022 dan kerangka kerja NIST Cybersecurity Framework (CSF). Evaluasi dilakukan melalui analisis kesenjangan menggunakan pendekatan tingkat kematangan SSE-CMM, dengan memetakan 13 kontrol pada Annex A ISO/IEC 27001:2022 ke dalam lima fungsi utama NIST CSF: Govern, Identify, Protect, Detect, dan Respond. Data dikumpulkan melalui observasi, wawancara, dokumentasi, serta penyebaran kuesioner kepada 20 pegawai yang terlibat langsung dalam sistem informasi.
Hasil analisis menunjukkan bahwa fungsi Govern dan Protect berada pada level kematangan 3 (Well defined) dengan kategori gap rendah dan sedang. Sementara itu, fungsi Identify, Detect, dan Respond masih berada pada level 2 (Planned & tracked) dengan gap tinggi sebesar tiga level. Permasalahan utama mencakup belum optimalnya dokumentasi kebijakan, kurangnya pelatihan dan kesadaran keamanan informasi, belum tersedianya sistem pemantauan real-time, serta ketiadaan prosedur formal untuk respons insiden. Rekomendasi perbaikan disusun berdasarkan hasil analisis dan divalidasi kepada pihak instansi, untuk memastikan kesesuaiannya terhadap kebutuhan organisasi. Hasil validasi menunjukkan bahwa sebagian besar rekomendasi diterima dengan catatan implementasi bertahap. Penelitian ini diharapkan dapat menjadi acuan perbaikan tata kelola keamanan informasi yang adaptif, terukur, dan selaras dengan standar internasional, khususnya dalam sektor pemerintahan
===================================================================================================================================
This study aims to evaluate the information security governance at the Department of Agriculture and Plantation (Distanbun) of Central Java Province based on the ISO/IEC 27001:2022 standard and the NIST Cybersecurity Framework (CSF). The evaluation was conducted through gap analysis using the Systems Security Engineering Capability Maturity Model (SSE-CMM), by mapping 13 controls from Annex A of ISO/IEC 27001:2022 into five core functions of the NIST CSF: Govern, Identify, Protect, Detect, and Respond. Data were collected through observation, interviews, documentation review, and a questionnaire distributed to 20 staff members directly involved with information systems. The analysis results show that the Govern and Protect functions are at maturity level 3 (Well defined), categorized as having low to moderate gaps. Meanwhile, Identify, Detect, and Respond remain at level 2 (Planned & tracked), with significant gaps of three levels from the ideal target. Key issues identified include incomplete policy documentation, limited training and awareness of information security, the absence of a real-time monitoring system, and the lack of formal incident response procedures. Improvement recommendations were formulated based on the findings and validated with the institution to ensure alignment with organizational needs. The validation results showed that most recommendations were accepted with notes for phased implementation. This study is expected to serve as a reference for enhancing adaptive and measurable information security governance aligned with international standards, particularly in the public sector

Item Type: Thesis (Other)
Uncontrolled Keywords: Analisis Kesenjangan, ISO/IEC 27001:2022, NIST CSF, SSE-CMM, Tata Kelola Keamanan Informasi; Gap Analysis, Information Security Governance, ISO/IEC 27001:2022, NIST CSF, SSE-CMM
Subjects: T Technology > T Technology (General) > T58.5 Information technology. IT--Auditing
T Technology > T Technology (General) > T58.6 Management information systems
Divisions: Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Information Technology > 59201-(S1) Undergraduate Thesis
Depositing User: Oktavia Anggraeni Puspaningrum
Date Deposited: 21 Jul 2025 06:37
Last Modified: 21 Jul 2025 06:37
URI: http://repository.its.ac.id/id/eprint/120294

Actions (login required)

View Item View Item