PARAMESVARI, Dhenok Prastyaningtyas and Suseno, Jatmiko Endro and Widodo, Catur Edi (2026) EVALUASI TINGKAT KEMATANGAN KEAMANAN INFORMASI DAN REKOMENDASI STRATEGIS PADA SISTEM MANAJEMEN INFORMASI OBJEK PAJAK BUMI DAN BANGUNAN MENGGUNAKAN NIST CSF, ISO/IEC 27002 DAN C2M2. Masters thesis, UNIVERSITAS DIPONEGORO.
|
Text
cover aja.pdf Download (146kB) |
|
|
Text
Cover lengkap.pdf Restricted to Repository staff only Download (1MB) |
|
|
Text
BAB I.pdf Download (242kB) |
|
|
Text
BAB II.pdf Download (853kB) |
|
|
Text
BAB III.pdf Restricted to Repository staff only Download (465kB) |
|
|
Text
BAB IV.pdf Restricted to Repository staff only Download (450kB) |
|
|
Text
BAB V.pdf Restricted to Repository staff only Download (224kB) |
|
|
Text
Daftar Pustaka.pdf Download (229kB) |
|
|
Text
Lampiran.pdf Restricted to Repository staff only Download (637kB) |
Abstract
Permasalahan keamanan informasi pada SISMIOP di BPPKAD Kabupaten Banjarnegara muncul akibat belum tersedianya evaluasi formal tingkat kematangan keamanan informasi, sehingga kebijakan dan kontrol keamanan belum dirumuskan secara terukur. Kondisi ini menimbulkan risiko terhadap kerahasiaan, integritas, dan ketersediaan data pajak bumi dan bangunan daerah. Urgensi penelitian terletak pada kebutuhan untuk mengetahui tingkat kematangan keamanan informasi secara menyeluruh dan mengidentifikasi area yang memerlukan peningkatan. Rumusan masalah difokuskan pada bagaimana tingkat kematangan SISMIOP saat ini, kesenjangan yang terjadi, dan rekomendasi apa yang tepat untuk diterapkan. Penelitian ini bertujuan menilai tingkat kematangan keamanan informasi menggunakan model C2M2 berdasarkan hasil pemetaan 38 subkategori NIST CSF ke kontrol ISO/IEC 27002 sebagai dasar perumusan rekomendasi kebijakan dan kontrol keamanan. Metode penelitian menggunakan pendekatan studi kasus melalui kuesioner, wawancara, observasi, serta analisis pemetaan kerangka kerja. Hasil penelitian menunjukkan bahwa sebagian besar subkategori berada pada tingkat kematangan MIL 1, menandakan praktik keamanan telah berjalan namun belum terdokumentasi dan belum konsisten. Penelitian ini menghasilkan model evaluasi keamanan informasi berbasis integrasi NIST CSF, ISO/IEC 27002 dan C2M2 serta rekomendasi perbaikan yang mencakup kebijakan, pengendalian teknis, tata kelola, dan prosedur operasional. Dampaknya adalah tersedianya arah strategis yang dapat meningkatkan keamanan layanan SISMIOP dan memperkuat perlindungan data pajak daerah.
Kata Kunci : Kerangka Kerja Keamanan Informasi, Sistem Informasi Pajak Daerah, NIST Cybersecurity Framework, ISO/IEC 27002, Cybersecurity Capability Maturity Model (C2M2)
Information security issues in the SISMIOP system at BPPKAD Banjarnegara Regency arise from the absence of a formal evaluation of information security maturity, resulting in security policies and controls that have not been formulated in a structured and measurable manner. This condition poses risks to the confidentiality, integrity, and availability of regional land and building tax data. The urgency of this research lies in the need to comprehensively determine the current level of information security maturity and to identify areas that require improvement. Accordingly, the research problem focuses on assessing the current maturity level of SISMIOP, identifying existing gaps, and determining appropriate recommendations for improvement. This study aims to evaluate the level of information security maturity using the Cybersecurity Capability Maturity Model (C2M2), based on the mapping of 38 NIST Cybersecurity Framework (CSF) subcategories to ISO/IEC 27002 controls as a foundation for formulating security policies and control recommendations. The research adopts a case study approach, employing questionnaires, interviews, observations, and framework mapping analysis. The results indicate that most subcategories are at Maturity Indicator Level 1 (MIL 1), suggesting that basic security practices have been implemented but are not yet formally documented or consistently applied. This research produces an information security evaluation model based on the integration of NIST CSF, ISO/IEC 27002, and C2M2, along with improvement recommendations covering policy, technical controls, governance, and operational procedures. The findings provide a strategic direction to enhance the security of SISMIOP services and strengthen the protection of regional tax data.
Keywords : Information Security Framework, Local Tax Information System, NIST Cybersecurity Framework, ISO/IEC 27002, Cybersecurity Capability Maturity Model (C2M2)
| Item Type: | Thesis (Masters) |
|---|---|
| Uncontrolled Keywords: | Kerangka Kerja Keamanan Informasi, Sistem Informasi Pajak Daerah, NIST Cybersecurity Framework, ISO/IEC 27002, Cybersecurity Capability Maturity Model (C2M2) |
| Subjects: | Sciences and Mathemathic |
| Divisions: | Postgraduate Program > Master Program in Information System |
| Depositing User: | ekana listianawati |
| Date Deposited: | 10 Jul 2026 08:25 |
| Last Modified: | 10 Jul 2026 08:25 |
| URI: | https://eprints2.undip.ac.id/id/eprint/56429 |
Actions (login required)
![]() |
View Item |
