Search for collections on Undip Repository

EVALUASI TINGKAT KEMATANGAN KEAMANAN INFORMASI DAN REKOMENDASI STRATEGIS PADA SISTEM MANAJEMEN INFORMASI OBJEK PAJAK BUMI DAN BANGUNAN MENGGUNAKAN NIST CSF, ISO/IEC 27002 DAN C2M2

PARAMESVARI, Dhenok Prastyaningtyas and Suseno, Jatmiko Endro and Widodo, Catur Edi (2026) EVALUASI TINGKAT KEMATANGAN KEAMANAN INFORMASI DAN REKOMENDASI STRATEGIS PADA SISTEM MANAJEMEN INFORMASI OBJEK PAJAK BUMI DAN BANGUNAN MENGGUNAKAN NIST CSF, ISO/IEC 27002 DAN C2M2. Masters thesis, UNIVERSITAS DIPONEGORO.

[thumbnail of cover aja.pdf] Text
cover aja.pdf

Download (146kB)
[thumbnail of Cover lengkap.pdf] Text
Cover lengkap.pdf
Restricted to Repository staff only

Download (1MB)
[thumbnail of BAB I.pdf] Text
BAB I.pdf

Download (242kB)
[thumbnail of BAB II.pdf] Text
BAB II.pdf

Download (853kB)
[thumbnail of BAB III.pdf] Text
BAB III.pdf
Restricted to Repository staff only

Download (465kB)
[thumbnail of BAB IV.pdf] Text
BAB IV.pdf
Restricted to Repository staff only

Download (450kB)
[thumbnail of BAB V.pdf] Text
BAB V.pdf
Restricted to Repository staff only

Download (224kB)
[thumbnail of Daftar Pustaka.pdf] Text
Daftar Pustaka.pdf

Download (229kB)
[thumbnail of Lampiran.pdf] Text
Lampiran.pdf
Restricted to Repository staff only

Download (637kB)

Abstract

Permasalahan keamanan informasi pada SISMIOP di BPPKAD Kabupaten Banjarnegara muncul akibat belum tersedianya evaluasi formal tingkat kematangan keamanan informasi, sehingga kebijakan dan kontrol keamanan belum dirumuskan secara terukur. Kondisi ini menimbulkan risiko terhadap kerahasiaan, integritas, dan ketersediaan data pajak bumi dan bangunan daerah. Urgensi penelitian terletak pada kebutuhan untuk mengetahui tingkat kematangan keamanan informasi secara menyeluruh dan mengidentifikasi area yang memerlukan peningkatan. Rumusan masalah difokuskan pada bagaimana tingkat kematangan SISMIOP saat ini, kesenjangan yang terjadi, dan rekomendasi apa yang tepat untuk diterapkan. Penelitian ini bertujuan menilai tingkat kematangan keamanan informasi menggunakan model C2M2 berdasarkan hasil pemetaan 38 subkategori NIST CSF ke kontrol ISO/IEC 27002 sebagai dasar perumusan rekomendasi kebijakan dan kontrol keamanan. Metode penelitian menggunakan pendekatan studi kasus melalui kuesioner, wawancara, observasi, serta analisis pemetaan kerangka kerja. Hasil penelitian menunjukkan bahwa sebagian besar subkategori berada pada tingkat kematangan MIL 1, menandakan praktik keamanan telah berjalan namun belum terdokumentasi dan belum konsisten. Penelitian ini menghasilkan model evaluasi keamanan informasi berbasis integrasi NIST CSF, ISO/IEC 27002 dan C2M2 serta rekomendasi perbaikan yang mencakup kebijakan, pengendalian teknis, tata kelola, dan prosedur operasional. Dampaknya adalah tersedianya arah strategis yang dapat meningkatkan keamanan layanan SISMIOP dan memperkuat perlindungan data pajak daerah.
Kata Kunci : Kerangka Kerja Keamanan Informasi, Sistem Informasi Pajak Daerah, NIST Cybersecurity Framework, ISO/IEC 27002, Cybersecurity Capability Maturity Model (C2M2)

Information security issues in the SISMIOP system at BPPKAD Banjarnegara Regency arise from the absence of a formal evaluation of information security maturity, resulting in security policies and controls that have not been formulated in a structured and measurable manner. This condition poses risks to the confidentiality, integrity, and availability of regional land and building tax data. The urgency of this research lies in the need to comprehensively determine the current level of information security maturity and to identify areas that require improvement. Accordingly, the research problem focuses on assessing the current maturity level of SISMIOP, identifying existing gaps, and determining appropriate recommendations for improvement. This study aims to evaluate the level of information security maturity using the Cybersecurity Capability Maturity Model (C2M2), based on the mapping of 38 NIST Cybersecurity Framework (CSF) subcategories to ISO/IEC 27002 controls as a foundation for formulating security policies and control recommendations. The research adopts a case study approach, employing questionnaires, interviews, observations, and framework mapping analysis. The results indicate that most subcategories are at Maturity Indicator Level 1 (MIL 1), suggesting that basic security practices have been implemented but are not yet formally documented or consistently applied. This research produces an information security evaluation model based on the integration of NIST CSF, ISO/IEC 27002, and C2M2, along with improvement recommendations covering policy, technical controls, governance, and operational procedures. The findings provide a strategic direction to enhance the security of SISMIOP services and strengthen the protection of regional tax data.
Keywords : Information Security Framework, Local Tax Information System, NIST Cybersecurity Framework, ISO/IEC 27002, Cybersecurity Capability Maturity Model (C2M2)

Item Type: Thesis (Masters)
Uncontrolled Keywords: Kerangka Kerja Keamanan Informasi, Sistem Informasi Pajak Daerah, NIST Cybersecurity Framework, ISO/IEC 27002, Cybersecurity Capability Maturity Model (C2M2)
Subjects: Sciences and Mathemathic
Divisions: Postgraduate Program > Master Program in Information System
Depositing User: ekana listianawati
Date Deposited: 10 Jul 2026 08:25
Last Modified: 10 Jul 2026 08:25
URI: https://eprints2.undip.ac.id/id/eprint/56429

Actions (login required)

View Item View Item