<![CDATA[Along with the increasing volume and area of business, PT. XYZ implements an Integrated Trading Information System which is abbreviated Sipeter. Information leakage issues, data loss, system hangs, and so on can cause Sipeter security risks. If this is allowed, Sipeter is threatened with not being able to fulfill the aspects of confidentiality, integrity, and availability of data. In this study, Sipeter security analysis was carried out using the ISO 27002 standard in articles 8 to 14. Findings and evidence data were obtained through interviews and field observations to related departments. The results of this study showed that the approach of PT. XYZ's security at Sipeter is inconsistent and security controls are carried out informally. Which is indicated by Sipeter's maturity level is 1.55 or Initial level. PT. XYZ needs to be consistent in managing Sipeter security, develop information system security standards and be disciplined in documenting various incidents related to Sipeter to minimize the risk of data loss, information leakage and misuse, as well as internal chaos that is detrimental to the business continuity of PT. XYZ.Keywords: Security; Information System; Commerce; ISO 27002 standardAbstrakSeiring meningkatnya volume dan luas wilayah usaha maka PT. XYZ menerapkan Sistem Informasi Perdagangan Terintegrasi yang disingkat Sipeter. Permasalahan kebocoran informasi, kehilangan data, sistem hang, dan lain sebagainya dapat menimbulkan risiko keamanan Sipeter. Apabila hal tersebut dibiarkan maka Sipeter terancam tidak dapat memenuhi aspek kerahasiaan, integritas dan ketersediaan data. Pada penelitian ini dilakukan analisis keamanan Sipeter menggunakan standar ISO 27002 pada klausul 8 sampai dengan klausul 14. Data temuan dan bukti diperoleh melalui wawancara dan observasi lapangan ke bagian terkait. Hasil penelitian menunjukkan pendekatan PT. XYZ terhadap keamanan Sipeter tidak konsisten dan kontrol keamanan dilakukan secara informal. Yang ditunjukan dengan maturity level Sipeter adalah 1.55 atau level Initial. PT. XYZ perlu konsisten dalam memanaj keamanan Sipeter, menyusun standar keamanan sistem informasi dan disiplin dalam pendokumentasian berbagai kejadian terkait Sipeter untuk meminimalisir risiko kehilangan data, kebocoran dan penyalahgunaan informasi, serta kekacauan internal yang merugikan bisnis PT. XYZ. ]]>
Copyrights © 2022
