Evaluation of the Information Security Level at the Department of Communication and Informatics of Tabanan Regency Using ISO/IEC 27001:2022

Authors

  • Gede Ade Rangga Arinata Dept. of. Information Technology, Faculty of Engineering, Udayana University
  • Anak Agung Ngurah Hary Susila Dept. of. Information Technology, Faculty of Engineering, Udayana University
  • Muhammad Alam Pasirulloh Department of Information Technology, Faculty of Engineering, Udayana University

Abstract

Information security is a crucial aspect in maintaining the confidentiality, integrity, and availability of data, particularly within government environments that manage digital-based public services. The Tabanan Regency Communication and Informatics Office plays a strategic role in managing information systems and providing public information services, thus requiring the implementation of a standardized and measurable information security management system. This study aims to evaluate the level of implementation of the Information Security Management System (ISMS) at the Tabanan Regency Communication and Informatics Office based on the ISO/IEC 27001:2022 standard and to formulate improvement recommendations by referring to the control guidelines in ISO/IEC 27002:2022. The research methods employed include observation, interviews, and document analysis to identify the conformity between the existing information security conditions and the 93 security controls listed in Annex A of ISO/IEC 27001:2022. The evaluation process was conducted using a gap analysis approach to determine the level of compliance and identify gaps in the implementation of information security controls. The results indicate that the overall level of information security implementation falls within the sufficient category; however, several controls have not yet been optimally implemented. The controls requiring further attention include information authentication, access rights management, and the readiness of information and communication technology to support business continuity. Based on these findings, this study proposes technical recommendations, including the implementation of multi-factor authentication, the development and strengthening of information security policies, the enhancement of information and communication technology infrastructure, and the conduct of regular information security awareness training. These recommendations are expected to serve as a reference for the Tabanan Regency Communication and Informatics Office in improving the effectiveness of ISMS implementation in accordance with international standards.

Downloads

Published

2026-04-28

Issue

Vol. 7 No. 1 (2026): JITTER, Vol.7, No.1, April 2026

Section

Articles