<![CDATA[Abstrak - Keamanan informasi merupakan aspek krusial dalam pengelolaan data kependudukan yang memiliki sensitivitas tinggi. Penelitian ini bertujuan untuk merancang Sistem Manajemen Keamanan Informasi (SMKI) berbasis ISO/IEC 27001:2022 yang terintegrasi dengan Undang - Undang Nomor 27 Tahun 2022 tentang Pelindungan Data Pribadi (UU PDP) dan Permendagri Nomor 57 Tahun 2021. Penelitian ini menggunakan pendekatan Design Research Methodology (DRM) untuk mengidentifikasi permasalahan, menganalisis kondisi eksisting, merancang model SMKI, serta mengevaluasinya melalui Focus Group Discussion (FGD) dan analisis SWOT. Hasil penelitian menunjukkan adanya kesenjangan signifikan pada tata kelola keamanan informasi Disdukcapil, terutama pada aspek kebijakan, peran organisasi, kapasitas SDM, dan infrastruktur teknis. Model SMKI yang dikembangkan meliputi penetapan kebijakan keamanan, pembentukan unit khusus keamanan informasi, penunjukan Data Protection Officer (DPO), penerapan kontrol teknis Annex A ISO/IEC 27001:2022, serta penyusunan roadmap implementasi bertahap. Hasil evaluasi menunjukkan bahwa model yang diusulkan relevan, dapat diterapkan, dan mampu meningkatkan perlindungan data pribadi serta memperkuat kedaulatan digital.Kata kunci: Disdukcapil; DRM; ISO/IEC 27001:2022; Keamanan informasi; Kedaulatan digital; UU PDP; Abstract - Information security is a crucial aspect in managing population data, which possesses a high level of sensitivity. This study aims to design an Information Security Management System (ISMS) based on ISO/IEC 27001:2022, integrated with Law No. 27 of 2022 on Personal Data Protection (PDP Law) and Minister of Home Affairs Regulation No. 57 of 2021. The research adopts the Design Research Methodology (DRM) approach to identify problems, analyze existing conditions, design the ISMS model, and evaluate it through Focus Group Discussions (FGDs) and SWOT analysis. The findings indicate significant gaps in the current information security governance of Disdukcapil, particularly in policy frameworks, organizational roles, human resource capacity, and technical infrastructure. The developed ISMS model includes the establishment of security policies, the creation of a dedicated information security unit, the appointment of a Data Protection Officer (DPO), the implementation of technical controls from Annex A of ISO/IEC 27001:2022, and the formulation of a phased implementation roadmap. Evaluation results show that the proposed model is relevant, implementable, and capable of enhancing personal data protection as well as strengthening digital sovereignty.Keywords: Disdukcapil; Digital Sovereignty; DRM; Information Security; ISO/IEC 27001:2022; PDP Law;]]>
Copyrights © 2025
