• Poningsih Poningsih AMIK Tunas Bangsa
  • Muhammad Ridwan Lubis AMIK Tunas Bangsa Pematangsiantar




Academic Information System, Evaluation of information system security, Questionnaire, NIST SP 800-26


Along with the development of technology and information that is growing rapidly, currently the competition between educational institutions is getting stronger. If an institution is not able to keep up with the progress of information technology which is developing very quickly, it is certain that the institution will be left very far behind from all sides. However, there are things that really need to be considered due to the development of information technology, namely the consideration of the security of information systems owned by the Institution. For that we need an analysis and evaluation of the information system used to identify security in the information system. If the analysis and evaluation is not carried out, problems will arise related to the security of an information system such as data that is vulnerable to threats such as damaged and lost data so that the data becomes invalid. If the data is not valid, it is certain that the information generated will also not be reliable. Evaluation of information system security can be done with the framework. NIST is a framework that can be used to evaluate and identify security and risks in information systems. The information system security evaluation process is carried out by distributing questionnaires to the academic community in accordance with the NIST SP 800-26 framework and the data is managed to obtain the final result. The results of the academic information system security evaluation have an overall final score of 91.6%. The total value is obtained from the results of the number of calculations based on 3 components of the criteria tested, namely management control, operational control, and technical control. And from the 3 assessment criteria there are 17 sub-criteria that exist in each criterion. Based on this data, the security of the academic information system at AMIK Tunas Bangsa is included in the level 2 category, namely Documented Procedures.

GS Cited Analysis


Download data is not yet available.


Chopra, G., Jha, R. K., & Jain, S. (2017). A survey on ultra-dense network and emerging technologies: Security challenges and possible solutions. Journal of Network and Computer Applications, 95, 54-78.

Deli, M. S. M., Ahmad, J. F., Hassan, N. H., Maarop, N., Samy, G. N., Abdullah, M. S., & Yaacob, S. (2018). Understanding User Participation in Information Security Risk Management. Open International Journal of Informatics, 5(1), 1-8.

Gadhari, S. P., & Jadhav, P. S. A Detailed Review on Cybercrime and Cyber Security. Journal of Android and IOS Applications and Testing, 1(2).

Hoffmann, R., NapiĆ³rkowski, J., Protasowicki, T., & Stanik, J. (2020). Measurement models of information security based on the principles and practices for risk-based approach. Procedia Manufacturing, 44, 647-654.

Izatri, D. I., Rohmah, N. I., & Dewi, R. S. (2020). Identifikasi risiko pada perpustakaan daerah Gresik dengan NIST SP 800-30. JURIKOM (Jurnal Riset Komputer), 7(1), 50-55.

Ki-Aries, D., Dogan, H., Faily, S., Whittington, P., & Williams, C. (2017, September). From requirements to operation: components for risk assessment in a pervasive system of systems. In 2017 IEEE 25th International Requirements Engineering Conference Workshops (REW) (pp. 83-89). IEEE.

Mailloux, L. O., Garrison, C., Dove, R., & Biondo, R. C. (2015, October). Guidance for working group maintenance of the Systems Engineering Body of Knowledge (SEBoK) with systems security engineering example. In INCOSE International Symposium (Vol. 25, No. 1, pp. 1004-1019).

Muthukrishnan, S. M., & Palaniappan, S. (2016, May). Security metrics maturity model for operational security. In 2016 IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE) (pp. 101-106). IEEE.

Ogundoyin, I. K., Olajubu, E. A., Akinboro, S. A., Akanbi, C. O., & Aderounmu, G. A. (2017). A computational framework for computer networks novel threats management. Uniosun Journal of Sciences, 1(2).

Omoyiola, B. O. (2020). The evolution of information security measurement and testing. IOSR Journal of Computer Engineering, 22(3), 50-54.

Perdana, R. S. (2018). Audit Keamanan Sistem Informasi Akademik Menggunakan Framework NIST SP 800-26 (Studi Kasus: Universitas Sangga Buana YPKP Bandung). Infotronik: Jurnal Teknologi Informasi dan Elektronika, 3(1), 9-14.

Putro, A., Ambarwati, A., & Setiawan, E. (2021). Analisa Manajemen Risiko E-Learning Edlink Menggunakan Metode NIST SP 800-30 Revisi 1. Jurnal Teknologi Dan Informasi, 11(2), 125-136.

Sandy, S., & Solihin, H. H. (2021). Audit Keamanan dan Manajemen Risiko pada e-Learning Universitas Sangga Buana. Jurnal Manajemen Informatika (JAMIKA), 11(1), 1-14.

Santoso, H. B., & Ernawati, L. (2017). Manajemen Risiko Pada Pusat Data Perguruan Tinggi Dengan Kerangka Kerja NIST 800-30 (Studi Kasus: Universitas Kristen Duta Wacana). Jurnal Informatika Dan Sistem Informasi (JUISI) Universitas Ciputra, 3(02), 8-17.

Supriyanto, A., Aknuranda, I., & Putra, W. H. N. (2019). Penyusunan Disaster Recovery Plan (DRP) berdasarkan Framework NIST SP 800-34 (Studi Kasus: Departemen Teknologi Informasi PT Pupuk Kalimantan Timur). Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer e-ISSN, 2548, 964X.

Syafitri, W. (2016). Penilaian Risiko Keamanan Informasi Menggunakan Metode NIST 800-30 (Studi Kasus: Sistem Informasi Akademik Universitas XYZ). Jurnal CoreIT: Jurnal Hasil Penelitian Ilmu Komputer dan Teknologi Informasi, 2(2), 8-13.

Tohidi, H. (2011). The Role of Risk Management in IT systems of organizations. Procedia Computer Science, 3, 881-887.


Crossmark Updates

How to Cite

Poningsih, P., & Lubis, M. R. . (2022). ANALYSIS AND EVALUATION OF ACADEMIC INFORMATION SYSTEM SECURITY USING NIST SP 800-26 FRAMEWORK. Sinkron : Jurnal Dan Penelitian Teknik Informatika, 6(1), 267-273.