scholarly journals Determining Information Security Maturity Level of an organization based on ISO 27001

2019 ◽  
Vol 6 (7) ◽  
pp. 5-11
Author(s):  
Daniel Makupi ◽  
Nelson Masese
Keyword(s):  
Information Security ◽  
Maturity Level ◽  
Iso 27001

scholarly journals Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education

2020 ◽  
Vol 9 (2) ◽  
pp. 429
Author(s):  
IGN Mantra ◽  
Aedah Abd. Rahman ◽  
Hoga Saragih
Keyword(s):  
Higher Education ◽  
Information System ◽  
Information Security ◽  
Security Management ◽  
System Security ◽  
Maturity Level ◽  
Information Security Management ◽  
Security Practices ◽  
Level 3 ◽  
Iso 27001

Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.   

scholarly journals Analisis Keamanan Informasi Menggunakan Tools Indeks Kami ISO 4.1

2021 ◽  
Vol 2 (2) ◽  
pp. 78-86
Author(s):  
Ade Kornelia ◽  
Dedi Irawan
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Information Management ◽  
Applied Research ◽  
Good Information ◽  
Maturity Level ◽  
Certification Process ◽  
International Standard ◽  
Managerial Skills ◽  
Iso 27001

Information is a very valuable asset for a university institution. Utilization of information technology offers various conveniences in obtaining the information needed. Good information management can make universities have good managerial skills. protecting information security means that it also requires efforts to pay attention to the security factors of all supporting assets such as networks, as well as other facilities that are directly or indirectly related to the process of organizing information. Bina Darma University is an institution that is engaged in the field of education and science, which has a vision that is to become an International Standard University Based on Information Technology By 2025, to realize this there are several efforts prepared, one of which is to improve information security by implementing the ISO 27001 certification process. :2013. So in the context of Bina Darma University will implement ISO 27001: 2013. Using the method of Applied Research (applied research) the author took the initiative to conduct research with the title ANALYSIS OF INFORMATION SECURITY USING OUR INDEX TOOLS 4.1 So as to produce Knowing the maturity level of information security with a status of Inappropriate, Needs improvement , Enough and Good at Bina Darma University.

Research on the Impact of Information Security Certification and Concealment onFinancial Performance

2022 ◽  
Vol 30 (3) ◽  
pp. 0-0
Keyword(s):  
Information Security ◽  
Financial Performance ◽  
Positive Impact ◽  
Rapid Development ◽  
International Standards ◽  
Corporate Decisions ◽  
Using Data ◽  
The Impact ◽  
The Relationship ◽  
Iso 27001

With the rapid development of information technology, information security has been gaining attention. The International Organization for Standardization (ISO) has issued international standards and technical reports related to information security, which are gradually being adopted by enterprises. This study analyzes the relationship between information security certification (ISO 27001) and corporate financial performance using data from Chinese publicly listed companies. The study focusses on the impact of corporate decisions such as whether to obtain certification, how long to hold certification, and whether to publicize information regarding certification. The results show that there is a positive correlation between ISO 27001 and financial performance. Moreover, the positive impact of ISO 27001 on financial performance gradually increases with time. In addition, choosing not to publicize ISO 27001 certification can negatively affect enterprise performance.

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals PENDETEKSIAN DINI TINGKAT KEMANAN INFORMASI BERBASIS ISO 27001 : 2013 MENGGUNAKAN METODE AHP (ANALYTICAL HIERARCHY PROCESS)

2019 ◽  
Vol 2 (2) ◽  
pp. 57-64
Author(s):  
Arini Arini
Keyword(s):  
Decision Making ◽  
Information Security ◽  
Analytical Hierarchy Process ◽  
British Standard Institution ◽  
International Electrotechnical Commission ◽  
Security Assessment ◽  
Scoring Method ◽  
Weighting Method ◽  
Hierarchy Process ◽  
Iso 27001

Information is one of the important assets for the survival of an organization / business, defense security and the integrity of the country, public trust between consumers, so that the availability, accuracy and integrity must be maintained, or commonly abbreviated as CIA (Confidentiality, Integrity & Availability). ISO 27001 is an information security standard published in October 2005 by the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). However, until now there has been no tool for companies in Indonesia to do a pre-assessment of the level of information security. Plus the lack of socialization of the rules and the lack of ISO 270001 expert in Indonesia, these are reason why the authors conducted this research. The author begins research by collecting data, by studying literature and interviewing experts to identify problems. After that, in its implementation, this research will be directed (knowledge acquisition) and reviewed directly by an ISO 27001 expert from The British Standard Institution of the United Kingdom (BSI) so that the results are more accurate. After that, the writer determines the weighting method (decision making), scoring method, system development method, and simulation method (testing). The results of the study are in the form of pre-assessment to evaluate the information security assessment index, which will be displayed according to indicators pioneered from ISO 27001: 2013 using AHP (Analytical Hierarchy Process) decision-making methods, as well as web-based making it easier to review.

scholarly journals Tingkat Ketahanan Sistem Informasi Administrasi Kependudukan (Studi pada Dinas Kependudukan dan Pencatatan Sipil Kota Yogyakarta)

2017 ◽  
Vol 23 (2) ◽  
pp. 21
Author(s):  
Aris Tundung ◽  
Tri Kuntoro Priyambodo ◽  
Armaidy Armawi
Keyword(s):  
Information System ◽  
Information Security ◽  
Public Services ◽  
Security Management ◽  
Population Data ◽  
Development Planning ◽  
Maturity Level ◽  
Information Security Management ◽  
Civil Registration ◽  
Yogyakarta City

ABSTRACTBureaucratic reforms aim to deliver excellence public services including civil registration service. The Law on Population Administration states that the use of the Population Administration Information System (SIAK) is one of the government's efforts to protect the secrecy, integrity and availability of population data related to its function as the basis for public services, development planning, budget allocation, democratic development, and law enforcement and criminal prevention. The study measures information technology resilience level by describing Yogyakarta City Civil Registry Service Office (Dindukcapil) information security management, the level of maturity and completeness of SIAK management, and SIAK success level. The study uses mixed method guided by ISO/IEC 27001document, Information Security (INFOSEC) Index form, and questionnaire prepared under the DeLone and McLane Models. Yogyakarta City Dindukcapil has not set up rules and documentation on information security management. The actions taken are reactive, not referring to overall risk without clear flow of authority and control. The study concludes the SIAK is "Highly Needed" by the Civil Registry Service Office of Yogyakarta City. The value of the information security management areas completeness level reaches 312 points out of maximum value 645 points. Those findings category SIAK security management into “Need Improvement" category. The maturity level of information security management range from "Maturity Level I/ Initial Condition" to "Maturity Level II+/ Basic Implementation". 77,3% users clarify “positive” perception and 1,2% users reveal “negative” judgement that made SIAK belongs to “Success” information system category.ABSTRAKReformasi birokrasi mengamanatkan peningkatan mutu dan kecepatan layanan publik pemerintah termasuk layanan administrasi kependudukan. Undang-undang tentang Administrasi Kependudukan menyebutkan penggunaan Sistem Informasi Administrasi Kependudukan (SIAK) merupakan salah satu usaha pemerintah untuk mengelola dan melindungi kerahasiaan, keutuhan dan ketersediaan data kependudukan terkait fungsinya sebagai dasar pelayanan publik, perencanaan pembangunan, alokasi anggaran, pembangunan demokrasi, dan penegakan hukum dan pencegahan kriminal. Penelitian dilakukan untuk mengetahui ketahanan sistem informasi SIAK melalui gambaran pengelolaan keamanan informasi Dindukcapil Kota Yogyakarta, tingkat kematangan dan kelengkapan pengelolaan SIAK, dan tingkat kesuksesan SIAK. Penelitian menggunakan metode campuran dengan menggunakan kisi-kisi ISO/IEC 27001, instrumen perhitungan dalam borang Indeks KAMI, dan kuesioner yang disusun berdasarkan Model DeLone dan McLane yang sudah diperbaharui yang mendiskusikan tentang Kualitas Informasi, Kualitas Sistem, Kualitas Pelayanan, Penggunaan, Kepuasan Pengguna, Manfaat Bersih (DeLone dan McLane, 2004: 32). Dindukcapil Kota Yogyakarta belum menyusun aturan dan dokumentasi pengelolaan keamanan informasi. Tindakan yang dilakukan bersifat reaktif, tidak mengacu pada keseluruhan risiko tanpa alur kewenangan dan pengawasan yang jelas. Peran SIAK termasuk dalam kategori “Tinggi” namun nilai kelengkapan penerapan standar pengelolaan keamanannya hanya mencapai 312 dari nilai total 645 sehingga pengelolaan keamanan SIAK masuk dalam kategori “Perlu Perbaikan”. Tingkat kematangan penerapan standar keamanan berkisar pada “Tingkat Kematangan I/ Kondisi Awal” sampai dengan “Tingkat Kematangan II+/ Penerapan Kerangka Kerja Dasar”. Tingkat kesuksesan SIAK termasuk dalam kategori “Sukses”, 77,3% pengguna memberikan pernyataan “positif” dan hanya 1,2% pengguna memberikan pernyataan “negatif”.

A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems

2015 ◽  
Vol 6 (1) ◽  
pp. 24-46
Author(s):  
Azadeh Alebrahim ◽  
Denis Hatebur ◽  
Stephan Fassbender ◽  
Ludger Goeke ◽  
Isabelle Côté
Keyword(s):  
Cloud Computing ◽  
Information Security ◽  
Risk Analysis ◽  
Computing System ◽  
Security Requirements ◽  
Analysis Method ◽  
Computing Systems ◽  
Cloud Systems ◽  
Cloud Computing System ◽  
Iso 27001

To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers' confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in the ISO 27001 standard for achieving information security. This standard, however, contains ambiguous descriptions. In addition, it does not stipulate any method to identify assets, threats, and vulnerabilities. In this paper, the authors present a method for cloud computing systems to perform risk analysis according to the ISO 27001. The authors' structured method is tailored to SMEs. It relies upon patterns to describe context and structure of a cloud computing system, elicit security requirements, identify threats, and select controls, which ease the effort for these activities. The authors' method guides companies through the process of risk analysis in a structured manner. Furthermore, the authors provide a model-based tool for supporting the ISO 27001 standard certification. The authors' tool consists of various plug-ins for conducting different steps of their method.

Sign in / Sign up

Export Citation Format

Share Document