scholarly journals Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

2021 ◽  
Vol 5 (2) ◽  
pp. 68
Author(s):  
Andeka Rocky Tanaamah ◽  
Friska Juliana Indira
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Security Management ◽  
Standard Operating Procedure ◽  
Job Descriptions ◽  
Christian University ◽  
Academic Administration ◽  
Access Rights ◽  
Academic Information ◽  
Iec 27001

IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

An Information Security Model for Implementing the New ISO 27001

2019 ◽  
pp. 219-242
Author(s):  
Margareth Stoll
Keyword(s):  
Information Security ◽  
Data Privacy ◽  
Business Processes ◽  
International Standard Organization ◽  
Security Model ◽  
Privacy And Security ◽  
Holistic Model ◽  
Common Structure ◽  
Standard Organization ◽  
Iec 27001

The importance of data privacy, information availability, and integrity is increasingly recognized. Sharpened legal requirements and increasing data leakages have further promoted data privacy. In order to implement the different requirements in an effective, efficient, and sustainable way, the authors integrate different governance frameworks to their holistic information security and data privacy model. More than 1.5 million organizations worldwide are implementing a standard-based management system. In order to promote the integration of different standards, the International Standard Organization (ISO) released a common structure. ISO/IEC 27001 for information security management was changed accordingly in October 2013. The holistic model fulfills all requirements of the new version. Its implementation in several organizations and the study's results are described. In that way data privacy and security are part of all strategic, tactical, and operational business processes, promote corporate governance and living security, as well as the fulfillment of all standard requirements.

scholarly journals Information Security Management System Analysis Menggunakan ISO/IEC 27001 (Studi Kasus: STMIK STIKOM Bali)

2018 ◽  
Vol 8 (1) ◽  
pp. 1
Author(s):  
Dedy Panji Agustino
Keyword(s):  
Information Security ◽  
Management System ◽  
System Analysis ◽  
Ad Hoc ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Management System ◽  
Iec 27001

Informasi merupakan aset paling penting yang dimiliki oleh sebuah organisasi. Di era perkembangan teknologi yang semakin pesat ini, semua informasi yang dimiliki dapat disimpan dan dikelola secara digital. Hal ini membuat proses pengelolaan informasi di dalam organisasi menjadi semakin efektif dan efisien. Di sisi lain, keamanan informasi menjadi suatu hal yang mutlak untuk dipenuhi oleh organisasi. Kebocoran informasi pada sebuah organisasi akan berakibat tidak baik bagi keberlangsungan organisasi tersebut. Keamanan informasi harus memenuhi aspek CIA (Confidentiality, Integrity, dan Availability). Dengan semakin pesatnya perkembangan teknologi, ancaman terhadap aspek C.I.A (Confidentiality, Integrity, dan Availability) dalam sebuah organisasi juga semakin tinggi. Jika salah satu dari aspek C.I.A tersebut tidak dapat dipenuhi oleh organisasi, maka akurasi dan ketersediaan informasi pada organisasi tersebut akan dipertanyakan dan kepercayaan para pengguna informasi tersebut akan menurun sehingga berdampak besar bagi kelangsungan operasional organisasi. STMIK STIKOM Bali merupakan sebuah perguruan tinggi di bidang Teknologi Informasi di Bali yang saat ini sudah memiliki lebih dari 5000 mahasiswa. Hal tersebut membuat kompleksitas pengelolaan informasi yang dimiliki oleh STIKOM Bali cukup tinggi, sehingga aspek keamanan informasi yang dimiliki oleh STIKOM Bali menjadi sangat penting. Namun hingga saat ini belum dilakukan suatu manajemen keamanan informasi yang baik dan terstruktur yang berdasarkan kepada standar keamanan informasi bagi suatu organisasi. Pada penelitian ini, dilakukan proses analisa manajemen keamanan informasi pada infrastruktur teknologi informasi yang ada di STMIK STIKOM Bali, dan didapat hasil pengukuran tingkat kematangan sebesar 1,72 (Initial/Ad Hoc).

The Adoption of Information Security Management Standards

2009 ◽  
pp. 119-140 ◽  
Author(s):  
Yves Barlette ◽  
Vladislav V. Fomin
Keyword(s):  
Information Security ◽  
Literature Review ◽  
Success Factors ◽  
Security Management ◽  
Information Security Management ◽  
Diffusion Of Information ◽  
Management Standards ◽  
Business Market ◽  
Security Standards ◽  
Iec 27001

This chapter introduces major information security management methods and standards, and particularly ISO/IEC 27001 and 27002 standards. A literature review was conducted in order to understand the reasons for the low level of adoption of information security standards by companies, and to identify the drivers and the success factors in implementation of these standards. Based on the findings of the literature review, we provide recommendations on how to successfully implement and stimulate diffusion of information security standards in the dynamic business market environment, where companies vary in their size and organizational culture. The chapter concludes with an identification of future trends and areas for further research.

Information Security Governance and Standard Based Management Systems

2012 ◽  
pp. 261-282 ◽  
Author(s):  
Margareth Stoll ◽  
Ruth Breu
Keyword(s):  
Corporate Governance ◽  
Information Security ◽  
Business Processes ◽  
Management Systems ◽  
Holistic Model ◽  
Information Security Management ◽  
Security Governance ◽  
Governance Model ◽  
Information Security Governance ◽  
Iec 27001

The importance of information and Information Systems for modern organizations as a key differentiator is increasingly recognized. Sharpened legal and regulatory requirements have further promoted to see information security governance as part of corporate governance. More than 1.37 million organizations worldwide are implementing a standards based management system, such as ISO9001 or others. To implement information security governance and compliance in an effective, efficient, and sustainable way, the authors integrate these standard based management systems with different information security governance frameworks and the requirements of the international ISO/IEC 27001 information security management standard to a holistic information security governance model. In that way information security is part of all strategic, tactical, and operational business processes promotes corporate governance and living information security. The implementation of this innovative holistic model in several organizations and the case studies results are described.

scholarly journals Perencanaan dan Implementasi Information Security Management System Menggunakan Framework ISO/IEC 20071

2016 ◽  
Vol 4 (1) ◽  
pp. 60
Author(s):  
Anggi Anugraha Putra ◽  
Oky Dwi Nurhayati ◽  
Ike Pertiwi Windasari
Keyword(s):  
Corporate Governance ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Information Security Management ◽  
Good Corporate Governance ◽  
Information Security Management System ◽  
Iec 27001

Penerapan tata kelola Teknologi Informasi saat ini sudah menjadi kebutuhan dan tuntutan di setiap instansi penyelenggara pelayanan publik mengingat peran TI yang semakin penting bagi upaya peningkatan kualitas layanan sebagai salah satu realisasi dari tata kelola pemerintahan yang baik (Good Corporate Governance). Dalam penyelenggaraan tata kelola TI, faktor keamanan informasi merupakan aspek yang sangat penting diperhatikan mengingat kinerja tata kelola TI akan terganggu jika informasi sebagai salah satu objek utama tata kelola TI mengalami masalah keamanan informasi yang menyangkut kerahasiaan (confidentiality), keutuhan (integrity) dan ketersediaan (availability). Information Security Management System (ISMS) adalah seperangkat kebijakan berkaitan dengan manajemen keamanan informasi atau terkait dengan risiko TI. Prinsip yang mengatur di balik ISMS adalah bahwa organisasi harus merancang, menerapkan dan memelihara seperangkat kebijakan, proses dan sistem untuk mengelola risiko aset informasi mereka, sehingga memastikan tingkat risiko keamanan informasi yang dapat diterima. Dari perencanaan dan implementasi sistem manajemen keamanan informasi ini, dihasilkan daftar nilai risiko akhir aset- aset kritikal dan dokumen-dokumen tata kelola penunjang ISMS. Metode penelitian yang digunakan adalah studi kasus yang didalam hal ini, merupakan penelitian kualitatif. Adapun proses yang digunakan untuk mengukur tingkat kematangan dari tata kelola keamanan sistem informasi ini berdasarkan kerangka kerja ISO/IEC 27001. Dari kerangka tersebut kemudian dilakukan evaluasi terhadap objek kontrol yang dimiliki ISO/IEC 27001. Hasil yang didapat adalah peningkatan terhadap tata kelola keamanan sistem informasi. Kesimpulan dari penelitian ini adalah dibutuhkannya tata kelola keamanan sistem informasi agar IT dapat diandalkan untuk mencapai tujuan bisnis.

The ISO/IEC 27001 standard provides a systematic approach to information security management

2021 ◽  
pp. 36-38
Author(s):  
Ekaterina Ahler
Keyword(s):  
Information Security ◽  
Systematic Approach ◽  
Security Management ◽  
Correct Choice ◽  
It Security ◽  
Security Measures ◽  
Information Security Management ◽  
Iec 27001

The company's information security is not only compliance with a set of IT security measures, but also the correct choice of the appropriate standard. Let's look at what standards are aimed at ensuring the information security of the company.

Sign in / Sign up

Export Citation Format

Share Document