Organisational Information Security Maturity Assessment Based on ISO 27001 and ISO 27002

2020 ◽  
Author(s):  
Veselin Monev
Keyword(s):  
Information Security ◽  
Maturity Assessment ◽  
Iso 27001

Research on the Impact of Information Security Certification and Concealment onFinancial Performance

2022 ◽  
Vol 30 (3) ◽  
pp. 0-0
Keyword(s):  
Information Security ◽  
Financial Performance ◽  
Positive Impact ◽  
Rapid Development ◽  
International Standards ◽  
Corporate Decisions ◽  
Using Data ◽  
The Impact ◽  
The Relationship ◽  
Iso 27001

With the rapid development of information technology, information security has been gaining attention. The International Organization for Standardization (ISO) has issued international standards and technical reports related to information security, which are gradually being adopted by enterprises. This study analyzes the relationship between information security certification (ISO 27001) and corporate financial performance using data from Chinese publicly listed companies. The study focusses on the impact of corporate decisions such as whether to obtain certification, how long to hold certification, and whether to publicize information regarding certification. The results show that there is a positive correlation between ISO 27001 and financial performance. Moreover, the positive impact of ISO 27001 on financial performance gradually increases with time. In addition, choosing not to publicize ISO 27001 certification can negatively affect enterprise performance.

scholarly journals PENDETEKSIAN DINI TINGKAT KEMANAN INFORMASI BERBASIS ISO 27001 : 2013 MENGGUNAKAN METODE AHP (ANALYTICAL HIERARCHY PROCESS)

2019 ◽  
Vol 2 (2) ◽  
pp. 57-64
Author(s):  
Arini Arini
Keyword(s):  
Decision Making ◽  
Information Security ◽  
Analytical Hierarchy Process ◽  
British Standard Institution ◽  
International Electrotechnical Commission ◽  
Security Assessment ◽  
Scoring Method ◽  
Weighting Method ◽  
Hierarchy Process ◽  
Iso 27001

Information is one of the important assets for the survival of an organization / business, defense security and the integrity of the country, public trust between consumers, so that the availability, accuracy and integrity must be maintained, or commonly abbreviated as CIA (Confidentiality, Integrity & Availability). ISO 27001 is an information security standard published in October 2005 by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). However, until now there has been no tool for companies in Indonesia to do a pre-assessment of the level of information security. Plus the lack of socialization of the rules and the lack of ISO 270001 expert in Indonesia, these are reason why the authors conducted this research. The author begins research by collecting data, by studying literature and interviewing experts to identify problems. After that, in its implementation, this research will be directed (knowledge acquisition) and reviewed directly by an ISO 27001 expert from The British Standard Institution of the United Kingdom (BSI) so that the results are more accurate. After that, the writer determines the weighting method (decision making), scoring method, system development method, and simulation method (testing). The results of the study are in the form of pre-assessment to evaluate the information security assessment index, which will be displayed according to indicators pioneered from ISO 27001: 2013 using AHP (Analytical Hierarchy Process) decision-making methods, as well as web-based making it easier to review.

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

2015 ◽  
Vol 6 (1) ◽  
pp. 24-46
Author(s):  
Azadeh Alebrahim ◽  
Denis Hatebur ◽  
Stephan Fassbender ◽  
Ludger Goeke ◽  
Isabelle Côté
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Risk Analysis ◽  
Computing System ◽  
Security Requirements ◽  
Analysis Method ◽  
Computing Systems ◽  
Cloud Systems ◽  
Cloud Computing System ◽  
Iso 27001

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

INFORMATION SECURITY MATURITY ASSESSMENT MODEL

2013 ◽  
Vol 12 (01) ◽  
pp. 3
Author(s):  
Evandro Alencar Rigon ◽  
Carla Merkle Westphall
Keyword(s):  
Information Security ◽  
Assessment Model ◽  
Maturity Assessment

scholarly journals Wahyudi

2019 ◽  
Author(s):  
Wahyudi
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Business Process ◽  
Security Management ◽  
Information Security Management ◽  
Security Control ◽  
Iso 31000 ◽  
Lawful Interception ◽  
Iso 27001

Menanggapi isu penyadapan yang dilakukan oleh Australia terhadap jaringan Indosat, manajemen Indosat mengatakan telah memiliki audit atas sistem keamanan jaringannya. Sistem tersebut sudah berstandard internasional yakni ISO 27001 dan ISO31000."Kami mempunyai manajemen tata laksana kebijakan dan pengendalian operasional dalam bentuk penerapan sistem manajemen standard ISO 27001 (Information Security Management) dan ISO 31000 (Risk Management) yang juga menyangkut audit keamanan sistem jaringan. Indosat juga mematuhi ketentuan lawful interception sesuai ketetuan dan Indosat menyatakan dengan tegas tidak memiliki kerjasama dengan pihak asing yang bertujuan untuk melakukan penyadapan," ujar President Director & CEO Indosat Alexander Rusli dalam keterangannya di Jakarta.Lebih lanjut dijelaskan, sistem adalah jaringan publik yang menggunakan standar seperti yang ditentukan oleh pemerintah. Dan satu-satunya tindakan penyadapan yang diizinkan adalah yang dilakukan oleh lembaga resmi negara berdasarkan aturan hukum yang berlaku. Bagaimana tanggapan anda mengenai artikel ini?Sesuai dengan UU No 36 Tahun 1999 tentang Telekomunikasi, Indosat hanya menyediakan fasilitas penyadapan kepada Aparat Penegak Hukum. Tidak hanya itu, seluruh perangkat Indosat telah memiliki sertifikat dari Kementerian Kominfo sesuai PM No. 29 Tahun 2008 tentang Sertifikasi Alat dan Perangkat Telekomunikasi dan sebagaimana telah disebutkan di atas bahwa keamanan jaringan Indosat sudah berstandar internasional sesuai ISO 27001.Bahkan, Indosat memiliki standard audit yang meliputi penerapan security control, business process, kepatuhan terhadap kebijakan serta pengujian teknis terhadap kerentanan jaringan, sehingga keamanan jaringan tetap terpelihara. Dalam hal ini, Indosat secara tegas menyatakan bahwa tidak ada kerjasama penyadapan dengan pihak luar terutama dengan pihak asing karena jelas hal tersebut melanggar Undang-undang yang berlaku serta merugikan kepentingan negara dan bangsa Indonesia sendiri.

scholarly journals Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City)

2020 ◽  
Vol 1 (1) ◽  
pp. 1-11
Author(s):  
Adrian Fathurohman ◽  
R. Wahjoe Witjaksono
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Business Processes ◽  
City Government ◽  
Regional Government ◽  
Government Information ◽  
Analysis And Design ◽  
Information Security Management System ◽  
Regional Service ◽  
Iso 27001

The Department of Communication and Information (Diskominfo) of the Bandung City Government is an agency that has the responsibility of carrying out several parts of the Regional Government in the field of communication and informatics. Based on the composition of the regional service organization Bandung City Diskominfo has five fields and two UPTs which are part of the Bandung City Diskominfo. Bandung City Diskominfo in implementing work programs has IT as a supporter of business processes in government agencies. Based on the results of research conducted that IT management in Bandung City Government Diskominfo found several clauses that were still unfulfilled in this Diskominfo impact on the management of government information security institutions that can affect the performance of Bandung City Government. Therefore, there is a need for standardization that needs to be implemented as a guide that examines the direction in safeguarding information or assets that are considered sensitive to an organization. With the existence of these problems pushed to design information security recommendations based on ISO 27001: 2013 standards at Diskominfo. Also makes the design of IT information security systems that are focused on the control of Annex Information Security Policies, Human Resource Security, Operational Security, Communication Security and Asset Management so that business IT processes can run in accordance with the objectives of the organization. The results of this study are expected to help in securing IT information at the Bandung Diskominfo City and can also improve the goals of an organization.

scholarly journals ENSURING INFORMATION SECURITY IN PUBLIC ORGANIZATIONS IN THE REPUBLIC OF MOLDOVA THROUGH THE ISO 27001 STANDARD

2021 ◽  
Vol IV(1) ◽  
Author(s):  
Arina Alexei ◽  
Keyword(s):  
Information Security ◽  
Cyber Security ◽  
Public Organizations ◽  
Public Institutions ◽  
International Standards ◽  
Republic Of Moldova ◽  
Security Controls ◽  
The Republic ◽  
The Government ◽  
Iso 27001

. Data protection in public organizations in the Republic of Moldova (RM) is ensured by implementing mandatory cyber security controls (MCSR) adopted by the Government. In order to analyze the completeness of the controls, a comparative study was conducted between MCSR and the cyber security standard ISO 27001. The intention to comply with international cyber security standards is reflected in the Strategy on Information Security in the RM for 2019-2024. Compliance with national cyber security controls to international standards will ensure the security of the organization's data and resources by implementing effective, time-verified security controls. Another benefit is the confidence of foreign partners in public organizations of the country, because there will be guarantees that the data provided is confidential, complete and available. It is very important to increase the number of public organizations, certified with the ISO 27001 standard in Moldova in order to ensure the level of compliance with international cyber security requirements. The gap method, which was used in this study, measures the completeness of the MCSR, which is mandatory for public institutions in the Republic of Moldova, compared to the international standard ISO 27001. Based on the results obtained, a series of recommendations were developed which include: the creation of information security management systems (ISMS); performing internal and external audit of systems to meet trends; alignment of the MCSR, issued by the Government of the Republic of Moldova to the security controls of the ISO 27001 standard. It is very important to ensure an acceptable level of cyber security in public institutions in the Republic of Moldova, therefore implementation and certification with international standards is mandatory.

Sign in / Sign up

Export Citation Format

Share Document