Pengukuran Kesadaran Keamanan Informasi Pegawai (Studi Kasus : PT Meshindo Jayatama)
DOI:
https://doi.org/10.25126/jtiik.20241128106Kata Kunci:
kesadaran keamanan informasi, Human Aspects of Information Security Questionnaire (HAIS-Q), Analytical Hierarchy Process (AHP)Abstrak
Integrasi teknologi dalam organisasi meningkatkan pertukaran informasi yang membuat organisasi lebih rentan terhadap serangan siber. Laporan Publik Hasil Monitoring Keamanan Siber Bulan April 2023 Badan Siber dan Sandi negara (BSSN) menyatakan terdapat 27.476.788 anomali trafik dan tertinggi adalah malware sebanyak 14.235.050. Serangan cyber juga dialami oleh PT Meshindo Jayatama yang memiliki data informasi penting sebagai aset dalam mendukung kegiatan usahanya. Hasil wawancara dengan Presiden Direktur dan Manager Teknologi Informasi (TI) PT Meshindo Jayatama menyatakan bahwa telah terjadi serangan seperti Phishing dan Malware sebanyak 26 kali ditahun 2023. Dengan adanya serangan malware yang mengakibatkan terinfeksinya dokumen laporan perusahaan dan kerugian finansial yang disebabkan oleh faktor kelalaian sumber daya manusia, menjadi pertimbangan perlu untuk dilakukan pengukuran kesadaran keamanan informasi dan mengetahui area yang perlu ditingkatkan. Penelitian ini menggunakan kuesioner sebagai metode pengumpulan data yang disusun berdasarkan Human Aspects of Information Security Questionnaire (HAIS-Q) dengan kerangka kerja Knowledge Attitude Behavior (KAB) dan penskalaan prioritas menggunakan Analytic Hierarchy Process (AHP). Hasil pengukuran kesadaran keamanan informasi pegawai PT Meshindo Jayatama berada dilevel “baik” dengan nilai 83,40%. Dari pengukuran tersebut, diketahui terdapat fokus area pada level “sedang” yaitu penggunaan perangkat mobile dan pengelolaan password. selanjutnya, Peneliti memberikan saran untuk diselenggarakan program pelatihan keamanan informasi dengan media yang menarik dan dilakukan secara berkelanjutan dan perlu diterapkan atau diperbaharui seluruh kebijakan terkait keamanan informasi perusahaan.
Abstract
The integration of technology in organizations increases the exchange of information making organizations more vulnerable to cyber attacks. Public Report on Cyber Security Monitoring Results for April 2023, the National Cyber and Crypto Agency (BSSN) stated that there were 27,476,788 traffic anomalies and the highest was malware at 14,235,050. Cyber attacks were also experienced by PT Meshindo Jayatama, which has important information data as assets to support its business activities. The results of interviews with the President Director and Information Technology (IT) Manager of PT Meshindo Jayatama stated that attacks such as Phishing and Malware had occurred 26 times in 2023. These malware attacks resulted in the infection of company report documents and financial losses caused by human resource negligence, it is necessary to measure information security awareness and identify areas that need to be improved. In this research, a questionnaire was used as a data collection method which was prepared based on the Human Aspects of Information Security Questionnaire (HAIS-Q) with the Knowledge Attitude Behavior (KAB) framework and priority scaling using the Analytic Hierarchy Process (AHP). The results of measuring the information security awareness of PT Meshindo Jayatama employees were at the "good" level (83.40%). There is a focus area at the "medium" level, namely the use of mobile devices and password management. Researchers provide suggestions for holding security training programs with interesting media and carried out on an ongoing basis and need to implement or update all policies related to company information security..
Downloads
Referensi
BSSN. 2023. Monitoring Keamanan Siber 2023 | www.bssn.go.id. [online] Tersedia melalui: <https://www.bssn.go.id/monitoring-keamanan-siber-2023/> [Diakses 29 September 2023].
MESHINDO. 2023. PT. MESHINDO JAYATAMA – About Us. [online] Tersedia melalui: <https://www.meshindo-jayatama.com/about-us> [Diakses 29 September 2023].
BULGURCU, B., CAVUSOGLU, H. AND BENBASAT, 2010. Special issue information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523–548. https://doi.org/10.2307/25750690
ERNITA, H., RULDEVIYANI, Y., NURUL MAFTUHAH, D. AND MULYADI, R., 2022. Strategy to Improve Employee Security Awareness at Information Technology Directorate Bank XYZ. Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi), 6(4), pp.577–584. https://doi.org/10.29207/resti.v6i4.4170.
HASSANZADEH, M., JAHANGIRI, N. AND BREWSTER, B., 2014. A Conceptual Framework for Information Security Awareness, Assessment, and Training. Emerging Trends in ICT Security, pp.99–110. https://doi.org/10.1016/B978-0-12-411474-6.00006-2.
KHANDO, K., GAO, S., ISLAM, S.M. AND SALMAN, A., 2021. Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers & Security, 106, p.102267. https://doi.org/10.1016/J.COSE.2021.102267.
KRUGER, H.A. AND KEARNEY, W.D., 2006. A prototype for assessing information security awareness. Computers & Security, 25(4), pp.289–296. https://doi.org/10.1016/J.COSE.2006.02.008.
KUSUMAWATI, A., 2018. Information Security Awareness: Study on a Government Agency. IEEE.
MAHARDIKA, M.S., HIDAYANTO, A.N., PARAMARTHA, P.A., OMPUSUNGGU, L.D., MAHDALINA, R. AND AFFAN, F., 2020. Measurement of employee awareness levels for information security at the center of analysis and information services judicial commission Republic of Indonesia. Advances in Science, Technology and Engineering Systems, 5(3), pp.501–509. https://doi.org/10.25046/aj050362.
PARSONS, K., MCCORMAC, A., BUTAVICIUS, M., PATTINSON, M. AND JERRAM, C., 2014. Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q). Computers and Security, 42, pp.165–176. https://doi.org/10.1016/j.cose.2013.12.003.
RYAN JR., T.P. AND RYAN, T.P., 2013. Sample Size Determination and Power. [online] Newark, UNITED STATES: John Wiley & Sons, Incorporated. Tersedia melalui: <http://ebookcentral.proquest.com/lib/indonesiau-ebooks/detail.action?docID=1207569>.
SAATY, T.L., 2008. Decision making with the analytic hierarchy process. International Journal of Services Sciences (IJSSCI), pp.83–95. https://doi.org/10.1504/IJSSCI.2008.017590
SIPONEN, M.T., 2000. A conceptual foundation for organizational information security awareness. Information Management & Computer Security, Vol.8 No. 1, pp.31-41.
TARMIZI, A., HAPSARI, I.C., HIDAYANTO, A.N., ADHI YUNIARTO, L.Y. AND HERKULES, 2019. Information security awareness national nuclear energy agency of Indonesia (BATAN). Institute of Electrical and Electronics Engineers Inc. pp.35–39. https://doi.org/10.1109/ICCED.2018.00017.
Unduhan
Diterbitkan
Terbitan
Bagian
Lisensi
Hak Cipta (c) 2024 Jurnal Teknologi Informasi dan Ilmu Komputer
Artikel ini berlisensiCreative Commons Attribution-ShareAlike 4.0 International License.
Artikel ini berlisensi Creative Common Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)
Penulis yang menerbitkan di jurnal ini menyetujui ketentuan berikut:
- Penulis menyimpan hak cipta dan memberikan jurnal hak penerbitan pertama naskah secara simultan dengan lisensi di bawah Creative Common Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) yang mengizinkan orang lain untuk berbagi pekerjaan dengan sebuah pernyataan kepenulisan pekerjaan dan penerbitan awal di jurnal ini.
- Penulis bisa memasukkan ke dalam penyusunan kontraktual tambahan terpisah untuk distribusi non ekslusif versi kaya terbitan jurnal (contoh: mempostingnya ke repositori institusional atau menerbitkannya dalam sebuah buku), dengan pengakuan penerbitan awalnya di jurnal ini.
- Penulis diizinkan dan didorong untuk mem-posting karya mereka online (contoh: di repositori institusional atau di website mereka) sebelum dan selama proses penyerahan, karena dapat mengarahkan ke pertukaran produktif, seperti halnya sitiran yang lebih awal dan lebih hebat dari karya yang diterbitkan. (Lihat Efek Akses Terbuka).