Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework

Mustafa Kamal; Muhamad Muhamad; Yupit Sudianto; Muhammad Arkan Fauzan; Yuvens Anggito; Wahid Yasin; Hendrik Hermawan

doi:10.32736/sisfokom.v13i1.1987

Jurnal Sisfokom (Feb 2024)

Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework

Mustafa Kamal,
Muhamad Muhamad,
Yupit Sudianto,
Muhammad Arkan Fauzan,
Yuvens Anggito,
Wahid Yasin,
Hendrik Hermawan

Affiliations

Mustafa Kamal: Institut Teknologi Telkom Surabaya
Muhamad Muhamad: Institut Teknologi Telkom Surabaya
Yupit Sudianto: Institut Teknologi Telkom Surabaya
Muhammad Arkan Fauzan: Institut Teknologi Telkom Surabaya
Yuvens Anggito: Institut Teknologi Telkom Surabaya
Wahid Yasin: Institut Teknologi Telkom Surabaya
Hendrik Hermawan: Institut Teknologi Telkom Surabaya

DOI: https://doi.org/10.32736/sisfokom.v13i1.1987
Journal volume & issue: Vol. 13, no. 1
pp. 98 – 103

Abstract

Read online

In this era of cyber crimes, data security is an important aspect that needs special attention from an organization. This is reinforced by the ratification of Law Number 27 of 2022 on personal data security. The National Zakat Amil Institute (LAZNAS) Yayasan Dana Sosial al Falah (YDSF) as an institution with a legal entity and having data on more than 100,000 donors and partners, it also has an obligation to protect the personal data of donors and partners. The focus of this research is to evaluate and audit information technology at the LAZNAS YDSF, especially regarding the security aspect of information technology. Evaluations and audits were carried out using the ISO 27001 framework as a standardization of information technology security at the international level. In this study, information technology audits were conducted using quantitative methods. The assessment was carried out on seven main clauses that are priorities for the LAZNAS YDSF based on management priorities: compliance clauses, risk management, policies, assets, physical and environmental management, access control, and incident management. Data were collected using a questionnaire distributed to all the LAZNAS YDSF managers and employees. Fifty-five respondents, ranging from management to staff, were involved in filling out the questionnaire, ranging from management to staff. Based on the recapitulation of answers from respondents, it was found that the risk management and access control clauses had good results, with scores of 2,727 and 2,796. The compliance and incident management clauses have scores of 2.381 and 2.53, respectively; therefore, improvement efforts need to be made. By evaluating and auditing information technology that refers to the ISO 27001 standard, it is hoped that LAZNAS YDSF can protect and maintain the confidentiality, integrity, and availability of information, and manage and control information security risks.

Published in Jurnal Sisfokom

ISSN: 2301-7988 (Print); 2581-0588 (Online)
Publisher: LPPM ISB Atma Luhur
Country of publisher: Indonesia
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology
Website: http://jurnal.atmaluhur.ac.id/index.php/sisfokom/

About the journal

Abstract

Keywords