Evaluation of the Maturity Level of Information Technology Security Systems Using KAMI Index Version 4.2 (Case Study: Islamic Boarding Schools in Yogyakarta Special Region Province)


Information Technology
data theft
information security
extracting information

How to Cite

Arromdoni, B. H., Nuruzzaman, M. T., ’Uyun, S., & Sugiantoro, B. (2023). Evaluation of the Maturity Level of Information Technology Security Systems Using KAMI Index Version 4.2 (Case Study: Islamic Boarding Schools in Yogyakarta Special Region Province). IJID (International Journal on Informatics for Development), 12(1), 314–325. https://doi.org/10.14421/ijid.2023.3987


The development of information technology worldwide has changed very rapidly. There has been a data theft on the information system belonging to one of the most prominent Islamic Boarding Schools in the Yogyakarta area. Thus, special attention is needed to evaluate information technology security using the Information Security Index version 4.2. The research methods include extracting information, literature study, data collection, data validation, data analysis, and recommendations. The evaluation results are at the basic framework fulfilment level with a value of 343; the electronic system category has a low status with a value of 15 and 5 improvements; the governance category,  the risk management category,  the framework category,  the asset management category, and the information security technology category, have a maturity level II status with 12, five, eight, four, and eight recommendations respectively, while the supplement category for third party security areas with a value of 60%, securing cloud infrastructure services 56% and protecting personal data 61% with 14 recommendations.



Badan Pusat Statistik, Statistik Telekomunikasi Indonesia. Jakarta: Badan Pusat Statistik Indonesia, 2021.

R. Dewantara and B. Sugiantoro, “Evaluasi Manajemen Keamanan Informasi Menggunakan Indeks Keamanan Informasi (KAMI) pada Jaringan (Studi Kasus: UIN Sunan Kalijaga Yogyakarta),” J. Teknol. Inf. dan Ilmu Komput., vol. 8, no. 6, p. 1137, 2021, doi: 10.25126/jtiik.2021863123.

S. Edy, W. Gunawan, and B. D. Wijanarko, “Analysing the trends of cyber attacks: Case study in Indonesia during period 2013-Early 2017,” in 2017 International Conference on Innovative and Creative Information Technology (ICITech), Nov. 2017, pp. 1–6. doi: 10.1109/INNOCIT.2017.8319146.

Kautsarina and H. Gautama, “Information security readiness of government institution in Indonesia,” in 2014 2nd International Conference on Information and Communication Technology (ICoICT), May 2018, pp. 1–6. doi: 10.1109/ICoICT.2014.6914030.

G. Chmielarz, System Safety: Human-Technical Facility-Environment, vol. 1(1). 2019, pp. 226–233.

Menkominfo, “Peraturan Menteri Komunikasi Dan Informatika Nomor Tahun 2015,” BN (551) LL KEMKOMINFO: 18 hlm., Jakarta, 2015. doi: 10.1017/CBO9781107415324.004.

Lu, H., Liang, B. and Taylor, M., “A comparative analysis of cybercrimes and governmental law enforcement in China and the United States.,” Asian J. Criminol., vol. 5(2), pp. 123–135, 2010, doi: 10.1007/s11417-010-9092-5.

D. I. Sensuse, M. Syarif, H. Suprapto, R. Wirawan, D. Satria, and Y. Normandia, “Information security evaluation using KAMI index for security improvement in BMKG,” in 2017 5th International Conference on Cyber and IT Service Management (CITSM), Aug. 2017, pp. 1–4. doi: 10.1109/CITSM.2017.8089293.

N. Qodarsih, “Information Security Evaluation Using the Information Security Index: A Case Study In Indonesia,” in 2022 5th International Seminar on Research of Information Technology and Intelligent Systems (ISRITI), Dec. 2022, pp. 570–575. doi: 10.1109/ISRITI56927.2022.10052961.

A. Lezzi, M., Lazoi, M., & Corallo, “Cybersecurity for Industry 4.0 in the current literature: A reference framework,” Comput. Ind., vol. 103, pp. 97–110, 2018, doi: https://doi.org/10.1016/j.compind.2018.09.004.

D. N. J. Pandya, D. C., & Patel, “Study and analysis of E-Governance Information Security (InfoSec) in Indian Context,” IOSR J. Comput. Eng., vol. 19(01), pp. 04–07, 2017, doi: https://doi.org/10.9790/0661-1901040407.

T. T. Wulansari and D. Novandi, “Evaluation of Information Security Management Using the KAMI Index Framework,” in 2022 International Conference of Science and Information Technology in Smart Administration (ICSINTESA), Nov. 2022, pp. 173–177. doi: 10.1109/ICSINTESA56431.2022.10041714.

A. S. Auliani and Candiwan, “Information Security Assessment On Court Tracking Information System: A Case Study from Mataram District Court,” in 2021 IEEE 12th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), Dec. 2021, pp. 0226–0230. doi: 10.1109/UEMCON53757.2021.9666617.

M. Haidar, Y. G. Sucahyo, T. Sukardi, and A. Gandhi, “Analysis of Csirt Services in Facing Cyber Security Challenges in Indonesia,” in 2021 4th International Conference on Information and Communications Technology (ICOIACT), Aug. 2021, pp. 154–159. doi: 10.1109/ICOIACT53268.2021.9563925.

M. Iqbal, “Evaluasi Keamanan Sistem Informasi RSUD Arifin Achmad Pekanbaru Menggunakan ISO 27001,” Universitas Islam Negeri Sultan Syarif Kasim, 2021.

I. P. S. Syahindra, C. Hetty Primasari, and A. Bagas Pradipta Iriantor, “Evaluasi Risiko Keamanan Informasi Diskominfo Provinsi Xyz Menggunakan Indeks Kami Dan Iso 27005 : 2011,” J. Teknoinfo, vol. 16, no. 2, p. 165, 2022, doi: 10.33365/jti.v16i2.1246.

J. Fasilkom, “Tanggamus Menggunakan Indeks KAMI VERSI 4 . 2,” vol. 13, no. 2, pp. 181–187, 2023.

“ISO/IEC 27002:2022(en) Information security, cybersecurity and privacy protection — Information security controls,” 2022. https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27002:ed-3:v2:en

Rosihan and A. N. Hidayanto, “Measurement of Employee Information Security Awareness: A Case Study at an Indonesian Correctional Institution,” in 2022 1st International Conference on Information System and Information Technology, ICISIT 2022, 2022, pp. 318–323. doi: 10.1109/ICISIT54091.2022.9872988.

C. Alonso, “ISO 27000 and the set of Information Security standards,” 2022. https://www.globalsuitesolutions.com/iso-27000-and-the-set-of-information-security-standards/

V. S. Kasma, S. Sutikno, and K. Surendro, “Design of e-Government Security Governance System Using COBIT 2019 : (Trial Implementation in Badan XYZ),” 2019 Int. Conf. ICT Smart Soc., vol. 7, pp. 1–6, 2019, [Online]. Available: https://api.semanticscholar.org/CorpusID:210972500

R. Sarno and I. Iffano, Sistem Manajemen Keamanan Informasi. Surabaya: ITSPress, 2009.

I. M. Lopes, T. Guarda, and P. Oliveira, “Implementation of ISO 27001 Standards as GDPR Compliance Facilitator,” J. Inf. Syst. Eng. Manag., vol. 4, no. 2, pp. 2–9, 2019, doi: 10.29333/jisem/5888.

Sukardi, “Metodologi Penelitian Pendidikan,” in Metodologi Penelitian, Jakarta: Bumi Aksara, 2003, pp. 53–54.

S. Margono, “Metodologi Penelitian Pendidikan,” in Metodologi Penelitian, Jakarta: Rineka Cipta, 2000, p. 109.

Suharsimi Arikunto, Prosedur Penelitian Suatu Pendekatan Praktek. Jakarta: PT.Rineka Cipta, 1998.

Sugiyono, “Metode Penelitian Pendidikan (Pendekatan Kuantitatif, Kualitatif, dan R&D),” in Metode Penelitian, Bandung: Alfabeta, 2012, p. 117.

Endang Widi Winarni, “Macam-Macam Teknik Pengumpulan Data,” in Teori dan Praktik Penelitian Kuantitatif, Kualitatif, PTK, R & D, Jakrta: Bumi Aksara, 2021, p. 159.

Indeks KAMI, “Indeks Kami,” Badan Siber Dan Sandi Negara, 2022.

P. F. Romadhona, M. L. Ismail, and Y. Ruldeviyani, “Evaluation of information security management in crisis response using KAMI index: The case of company XYZ,” AIP Conf. Proc., vol. 2508, no. 1, p. 20034, 2023, doi: 10.1063/5.0115555.

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.