<![CDATA[The background of this research is the vulnerability of the Information System Unit of PT KAI Divre III Palembang to cyber threats such as malware, saved browser passwords, and weak physical asset management, amidst high dependence on IT for transportation operations. The purpose of the research is to analyze the condition of the ISO/IEC 27001:2013-based ISMS, identify gaps, and recommend controls through the PDCA cycle. This type of research is a qualitative descriptive study with a case study approach. The population is all unit personnel (15 people), a sample of 10 key informants via purposive sampling. Instruments include semi-structured interviews, checklist observations, and document analysis) (analysis techniques use the Miles and Huberman model with a gap and risk matrix. The results show that the implementation of PDCA is effective: high risks (malware, fire extinguishers) and medium risks are reduced to low through antivirus, device locking, inventory updates, and time synchronization audit corrections. The conclusion is that the ISMS has been structured, increasing operational resilience, although further quantitative evaluation is needed.]]>
Copyrights © 2026
