Compliance Gap Analysis of Information Security Management System Standards on Ina-Geoportal
Abstract
The increasing threats to information security and regulatory demands on the Ina-geoportal system as a strategic electronic system require the National Geospatial Information Agency (Badan Informasi Geospasial) to implement and obtain ISO/IEC 27001 standard certification within the scope of the Ina-geoportal. Gap analysis is conducted to evaluate compliance with standard requirements and established information security controls, based on document studies, observations, and interviews with 10 respondents from the Center for Management and Dissemination of Geospatial Information. The analysis results show that the majority of standard requirements remain unfulfilled, with 20 out of 26 requirements still unmet. This shortfall is attributed to the National Geospatial Information Agency's limited implementation of ISO/IEC 27001, focusing solely on physical facilities and network infrastructure within data centers. Despite significant progress, with most controls met within the current scope, 28 out of 108 established information security controls remain unmet.
Full text article
Authors
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
Article Details
How to Cite
