Relevant bibliographies by topics / ISO/IEC 27004 / Journal articles
To see the other types of publications on this topic, follow the link: ISO/IEC 27004.

Journal articles on the topic 'ISO/IEC 27004'

Author: Grafiati
Published: 25 June 2021
Last updated: 1 February 2022

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'ISO/IEC 27004.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Winarni, Ade. "Penilaian Tingkat Efektivitas Penerapan Keamanan Sistem Informasi Menggunakan Iso/Iec 27004:2009 Dan Iso/Sni 27001:2009 (Studi." Jurnal Bangkit Indonesia 5, no. 2 (October 31, 2016): 90. http://dx.doi.org/10.52771/bangkitindonesia.v5i2.77.

Full text
Abstract:
Sejak tahun 2014 STT Indonesia Tanjungpinang sudah menerapkan kebijakan SMKI, hal ini guna menunjang oprasional penerapan sistem informasi khususnya sistem informasi akademik dan keuangan (SIMAK), namun sampai saat ini belum dilakukan evaluasi terhadap penerapan SMKI tersebut. Maka dari itu penelitian ini berfokus pada penilaian tingkat efektivitas penerapan keamanan sistem informasi menggunakan ISO/IEC 27004. Untuk memastikan bahwa kebijakan SMKI yang sudah diterapkan saat ini berjalan dengan baik. Tahap yang dilakukan dimulai dari pengukuran tingkat efektivitas penerapan keamanan sistem informasi, dari hasil pengukuran dilakukan penilaian tingkat efektivitas. Jika dalam proses penelitian didapat kebijakan yang lemah, maka akan diberikan rekomendasi saran perbaikan baik berupa prosedur maupun standar oprating prosedur (SOP) guna meningkatkan keamanan informasi. Metodologi yang digunakan adalah fremework ISO/SNI 27001. Dalam penelitian ini peneliti mengharapkan adanya perbaikan kebijakan dan prosedur yang lemah guna meningkatkan keamanan informasi yang dapat menunjang oprasional dan proses bisnis.
APA, Harvard, Vancouver, ISO, and other styles
2

Aldya, A. P., S. Sutikno, and Y. Rosmansyah. "Measuring effectiveness of control of information security management system based on SNI ISO/IEC 27004: 2013 standard." IOP Conference Series: Materials Science and Engineering 550 (August 23, 2019): 012020. http://dx.doi.org/10.1088/1757-899x/550/1/012020.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for Information Security Management." Journal of Information Security 04, no. 02 (2013): 92–100. http://dx.doi.org/10.4236/jis.2013.42011.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Diamantopoulou, Vasiliki, Aggeliki Tsohou, and Maria Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls." Information & Computer Security 28, no. 4 (June 8, 2020): 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.

Full text
Abstract:
Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation. Design/methodology/approach This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013. Findings The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR. Originality/value This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.
APA, Harvard, Vancouver, ISO, and other styles
5

ال فيحان, اثير عبد الهادي, and عامر حمدي عبد غريب. "تقييم نظام أدارة امن المعلومات في الهيئة العراقية للحاسبات والمعلوماتية على وفق المواصفة الدولية (ISO/IEC 27001:2013." Journal of Economics and Administrative Sciences 21, no. 86 (December 1, 2015): 1. http://dx.doi.org/10.33095/jeas.v21i86.764.

Full text
Abstract:
تضمّن البحث الحالي (تقييم نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في الهيئة العراقية للحواسيب والمعلوماتية) , اذ يعد وضع نظام اداري لامن المعلومات من الأولويات في الوقت الحاضر, وفي ظل اعتماد المنظمات على الحواسيب وتقانة المعلومات في العمل والتواصل مع الاخرين , تبقى الشرعية الدولية (والمتمثلة بمنظمة التقييس الدولية (ISO)) اساساً للمطابقة والالتزام, وتتجلى اهمية تطبيق نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في حماية موجودات المنظمات وبخاصة المعلومات وقواعد البيانات بشكل منهجي ومستمر. هدف البحث اجراء تقييم ما بين نظام ادارة امن المعلومات القائم حالياً في الهيئة العراقية للحواسيب والمعلوماتية (موقع اجراء البحث) وبين نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) وباستعمال قوائم فحص تدقيقية من اجل تشخيص فجوات عدم المطابقة مع المواصفة الدولية. وتوصل البحث الى استنتاج مهم الا وهو (ان النظام الإداري لأمن المعلومات والمتبع في الهيئة العراقية للحواسيب والمعلوماتية وعلى الرغم من اعتماده التقانة الحديثة والملاك الكفوء الا انه يفتقر الى حسن التوثيق والتطبيق لكثير من المتطلبات التي جاءت بها المواصفة الدولية (ISO/IEC 27001:2013) , وبحاجة الى اعادة بناء هيكل تنظيمي ووظائف تنسجم مع ما جاءت به المواصفة الداعمة (ISO/IEC 27003:2010). واختتم البحث بأهم توصية (تشكيل فريق عمل يتبنى تهيئة مستلزمات تطبيق المواصفة (ISO/IEC 27001:2013), ويعمل على تلبية متطلباتها ومتطلبات نظم الادارة الاخرى (نظام ادارة الجودة وغير ذلك) , وترتبط بالادارة العليا لتيسير الدعم بالموارد والصلاحيات
APA, Harvard, Vancouver, ISO, and other styles
6

Sugianto, Anindya Dwi Lestari, Febriliyan Samopa, and Hanim Maria Astuti. "PENILAIAN DAN KONTROL RISIKO TERHADAP INFRASTRUKTUR DAN KEAMANAN INFORMASI BERDASARKAN STANDAR ISO/IEC 27001:2013 (STUDI KASUS: INSTITUT TEKNOLOGI SEPULUH NOPEMBER)." Sebatik 24, no. 1 (June 18, 2020): 96–101. http://dx.doi.org/10.46984/sebatik.v24i1.910.

Full text
Abstract:
Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) Institut Teknologi Sepuluh Nopember (ITS) Surabaya merupakan direktorat yang memiliki fungsi menangani seluruh aktivitas yang berhubungan dengan sistem dan teknologi informasi di ruang lingkup ITS. Risiko yang muncul dalam organisasi di bidang sistem dan teknologi informasi terutama pada ruang lingkup infrastruktur dan keamanan informasi, seperti adanya kerusakan aset, pencurian data, layanan yang tidak bisa diakses. Tindakan penanganan risiko terkait ruang lingkup infrastruktur dan keamanan informasi di DPTSI ITS belum diterapkan dengan baik sehingga dapat mengakibatkan terganggunya proses bisnis. Sehingga untuk memenuhi kebutuhan terkait ruang lingkup infrastruktur dan keamanan informasi diperlukan adanya standar agar dapat meminimalisir risiko yang ada. Standar yang digunakan dalam penelitian ini adalah standar ISO/IEC 27001:2013 sebagai kerangka kerja dalam proses identifikasi dan penilaian risiko terkait ruang lingkup infrastruktur dan keamanan informasi yang dibuat berdasarkan hasil wawancara dan justifikasi dari pihak DPTSI ITS. Adapun standar lain yang digunakan yaitu ISO/IEC 27002:2013 sebagai standar penyusunan kontrol dari hasil penilaian risiko terkait ruang lingkup infrastruktur dan keamanan informasi. Hasil yang diharapkan dalam penelitian ini berupa dokumen penilaian beserta penyusunan kontrol risiko yang sesuai dengan kebutuhan terkait ruang lingkup infrastruktur dan keamanan informasi di DPTSI ITS dengan menggunakan standar ISO/IEC 27001:2013 dan ISO/IEC 27002:2013.
APA, Harvard, Vancouver, ISO, and other styles
7

Mauladani, Furqon, and Daniel Oranova Siahaan. "Perancangan SMKI Berdasarkan SNI ISO/IEC27001:2013 dan SNI ISO/IEC27005:2013 (Studi Kasus DPTSI-ITS)." CSRID (Computer Science Research and Its Development Journal) 10, no. 1 (March 27, 2018): 32. http://dx.doi.org/10.22303/csrid.10.1.2018.32-43.

Full text
Abstract:
<p><em>Institut Teknologi Sepuluh Nopember (ITS) adalah salah satu universitas di Surabaya. ITS telah menggunakan TIK untuk keperluan operasional bisnisnya (contohnya isi kartu program studi, proses absensi, pembaharuan informasi, dan lainnya). Penggunaan TIK tidak dapat dipisahkan dari ancaman yang dapat mengganggu operasional TIK. Ancaman terdiri dari ancaman yang berasal dari luar (penyebaran malware, aktifitas social engineering), orang dalam (sengaja, tidak sengaja), kegagalan teknis (kesalahan penggunaan, kegagalan perangkat keras/lunak) ataupun bencana alam (kebakaran, gempa, banjir). Metode yang digunakan pada penelitian ini adalah melakukan manajemen resiko keamanan informasi berdasarkan SNI ISO/IEC 27005 dan perancangan dokumen SMKI berdasarkan SNI ISO/IEC 27001. Hasil penelitian ini adalah 60 resiko yang tidak diterima dari total 228 resiko yang telah teridentifikasi. Dari 60 resiko tersebut, terdapat 58 risk modification, 1 risk avoidance, dan 1 risk sharing. Tata kelola keamanan informasi yang dirancang berdasarkan SNI ISO/IEC 27001 adalah ruang lingkup SMKI, kebijakan SMKI, proses penilaian resiko, proses penanganan resiko, statement of applicability, dan sasaran keamanan informasi.</em></p>
APA, Harvard, Vancouver, ISO, and other styles
8

Choi, Ju-Young, Eun-Jung Choi, and Myuhng-Joo Kim. "A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013." Journal of Digital Policy and Management 12, no. 1 (January 28, 2014): 405–14. http://dx.doi.org/10.14400/jdpm.2014.12.1.405.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Hermawan, Wawan. "Perancangan Manajemen Risiko Keamanan Informasi pada Penyelenggara Sertifikasi Elektronik (PSrE)." Jurnal Telekomunikasi dan Komputer 9, no. 2 (August 31, 2019): 129. http://dx.doi.org/10.22441/incomtech.v9i2.6474.

Full text
Abstract:
Badan Pengkajian dan Penerapan Teknologi (BPPT) merupakan Penyelenggara Sertifikasi Elektronik (PSrE) untuk instansi pemerintah. Berdasarkan Peraturan Pemerintah No.82 Tahun 2012 Penyelenggara Sertifikasi Elektronik (PSrE) BPPT dikategorikan sebagai Penyelenggara Sistem Elektronik yang termasuk dalam Penyelenggara Sistem Elektronik strategis dan tinggi sehingga diwajibkan untuk memiliki sistem manajemen keamanan informasi. Dalam penelitian ini, untuk mendukung Penyelenggara Sertifikasi Elektronik (PSrE) BPPT memiliki sistem manajemen keamanan informasi maka dilakukan perancangan manajemen risiko keamanan informasi. Rancangan manajemen risiko pada Penyelenggara Sertifikasi Elektronik (PSrE) BPPT menggunakan framework ISO/IEC 27005 seperti penentuan konteks, kriteria dasar pengelolaan risiko, penentuan ruang lingkup, penilaian risiko, penanganan dan penerimaan risiko itu sendiri, aset utama dan aset pendukung pada Penyelenggara Sertifikasi Elektronik (PSrE) BPPT semua dilakukan penilaian risikonya dan untuk menghitung nilai risiko menggunakan NIST SP 800-30. Kemudian pada tahapan penanganan risiko menggunakan ISO/IEC 27002. Dari hasil penelitian ini, dapat disimpulkan bahwa terdapat terdapat 51 skenario risiko yang dilakukan pengurangan risiko (reduction) dan 10 skenario risiko yang dilakukan penerimaan risiko (accept) dengan mengaplikasikan kontrol yang direkomendasikan berdasarkan kepada ISO/IEC 27002.
APA, Harvard, Vancouver, ISO, and other styles
10

Jendrian, Kai. "Der Standard ISO/IEC 27001:2013." Datenschutz und Datensicherheit - DuD 38, no. 8 (August 2014): 552–57. http://dx.doi.org/10.1007/s11623-014-0182-x.

Full text
APA, Harvard, Vancouver, ISO, and other styles
11

Pordesch, Ulrich. "DIN ISO/IEC 27001-orientiertes ISMS." Datenschutz und Datensicherheit - DuD 41, no. 11 (October 31, 2017): 667–71. http://dx.doi.org/10.1007/s11623-017-0855-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
12

Fauzi, Rokhman. "Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002." JTERA (Jurnal Teknologi Rekayasa) 3, no. 2 (December 3, 2018): 145. http://dx.doi.org/10.31544/jtera.v3.i2.2018.145-156.

Full text
Abstract:
Informasi merupakan aset organisasi yang harus dilindungi keamanannya. Sistem manajemen keamanan informasi diimplementasikan untuk melindungi aset informasi dari berbagai ancaman untuk menjamin kelangsungan usaha, meminimalisasi kerusakan akibat terjadinya ancaman, mempercepat kembalinya investasi, dan peluang usaha. Pada penelitian ini, standar internasional ISO/IEC 27001 dan analisis risiko metode OCTAVE-S digunakan dalam perancangan sistem manajemen keamanan informasi di salah satu perusahaan yang merupakan sebuah Usaha Kecil Menengah (UKM) yang bergerak di bidang engineering services. Sesuai dengan kondisi perusahaan, analisis risiko dilakukan menggunakan metode OCTAVE-S. Implementasi awal sistem manajemen keamanan informasi dilakukan menggunakan kontrol-kontrol pada ISO/IEC 27002. Prioritas utama hasil implementasi adalah penyusunan kebijakan dan prosedur serta peningkatan kesadaran keamanan informasi.
APA, Harvard, Vancouver, ISO, and other styles
13

Akowuah, Francis, Xiaohong Yuan, Jinsheng Xu, and Hong Wang. "A Survey of Security Standards Applicable to Health Information Systems." International Journal of Information Security and Privacy 7, no. 4 (October 2013): 22–36. http://dx.doi.org/10.4018/ijisp.2013100103.

Full text
Abstract:
The information maintained by Health Information Systems (HIS) is often faced with security threats from a wide range of sources. Some government's regulations require healthcare organizations and custodians of personal health information to take practical steps to address the security and privacy needs of personal health information. Standards help to ensure an adequate level of security is attained, resources are used efficiently and the best security practices are adopted. In this paper, the authors survey security standards applicable to healthcare industry including Control OBjective for Information and related Technology (COBIT), ISO/IEC 27002:2005, ISO/IEC 27001:2005, NIST Special Publication 800-53, ISO 27799:2008, HITRUST Common Security Framework (CSF), ISO 17090:2008, ISO/TS 25237:2008, etc. This survey informs the audience currently available standards that can guide the implementation of information security programs in healthcare organizations, and provides a starting point for IT management in healthcare organizations to select a standard suitable for their organizations.
APA, Harvard, Vancouver, ISO, and other styles
14

Nykänen, Riku, and Tommi Kärkkäinen. "Aligning Two Specifications for Controlling Information Security." International Journal of Cyber Warfare and Terrorism 4, no. 2 (April 2014): 46–62. http://dx.doi.org/10.4018/ijcwt.2014040104.

Full text
Abstract:
Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and security controls to meet an objective. Here the authors compare and align these two specifications in the process, structural, and operational level, focusing on the security control objectives and the actual controls. Even if both specifications share the same topics on high level, the results reveal the differences in the scope and in the included security controls.
APA, Harvard, Vancouver, ISO, and other styles
15

Kurnianto, Ari, Rizal Isnanto, and Aris Puji Widodo. "Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs." E3S Web of Conferences 31 (2018): 11013. http://dx.doi.org/10.1051/e3sconf/20183111013.

Full text
Abstract:
Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observation. The process gets maturity using the assessment of ISO/IEC 27001:2013. GAP Analysis observes the condition now a days and then to get recommendation and road map. The result of this research gets all of the information security process which has not been already good enough in Ministry of Internal Affairs, gives recommendation and road map to improve part of all information system being running. It indicates that ISO/IEC 27001:2013 is good used to rate maturity of information security management. As the next analyzation, this research use Clause and Annex in ISO/IEC 27001:2013 which is suitable with condition of Data Center and Data Recovery Center, so it gets optimum result and solving problem of the weakness information security.
APA, Harvard, Vancouver, ISO, and other styles
16

Sundari, Piski, and Wella Wella. "SNI ISO/IEC 27001 dan Indeks KAMI: Manajemen Risiko PUSDATIN (PUPR)." Ultima InfoSys : Jurnal Ilmu Sistem Informasi 12, no. 1 (June 29, 2021): 35–42. http://dx.doi.org/10.31937/si.v12i1.1701.

Full text
Abstract:
Pusdatin of the Ministry of Public Works and Public Housing is an institution that manages data and information to support management within the ministry of public works. This research was conducted to evaluate the maturity of agencies prior to conducting an external audit of ISO 27001: 2013 certification. The method used in this research is PDCA (Plan-Do-Check-Act) using our index and ISO 27001, the technicality of this research starts from a check for analysis of current conditions, Act is carried out for assessment of the WE index, Plan compares our index results with ISO 27001, and Do control recommendations for improvement. The results of this evaluation show that PUSDATIN stopped at level I + in yellow area and overall PUSDATIN stated, "Needs improvement". In conclusion, Pusdatin is not ready for an external audit of ISO 27001: 2013 certification. The aforementioned results form the basis for the recommendations made from the findings of the WE index and compared with the ISO 27001 control. Index Terms—audit keamanan informasi; indeks KAMI; ISO 27001:2013; tingkat kematangan SMKI
APA, Harvard, Vancouver, ISO, and other styles
17

Loomans, Dirk, and Manuela Matz. "ISO/IEC 27001:2013 — Sicherheit durch mehr Freiheit!" Wirtschaftsinformatik & Management 6, no. 2 (February 2014): 62–67. http://dx.doi.org/10.1365/s35764-014-0404-x.

Full text
APA, Harvard, Vancouver, ISO, and other styles
18

Kholis Gunawan, Nur, Raden Budiarto Hadiprakoso, and Herman Kabetta. "Comparative Study Between the Integration of ITIL and ISO / IEC 27001 with the Integration of COBIT and ISO / IEC 27001." IOP Conference Series: Materials Science and Engineering 852 (July 21, 2020): 012128. http://dx.doi.org/10.1088/1757-899x/852/1/012128.

Full text
APA, Harvard, Vancouver, ISO, and other styles
19

Musyarofah, Sitta Rif’atul, and Rahadian Bisma. "Analisis kesenjangan sistem manajemen keamanan informasi (SMKI) sebagai persiapan sertifikasi ISO/IEC 27001:2013 pada institusi pemerintah." Teknologi 11, no. 1 (January 1, 2021): 1–15. http://dx.doi.org/10.26594/teknologi.v11i1.2152.

Full text
Abstract:
The Madiun City Communication and Informatics Service (Diskominfo) is a government institution that has the responsibility for managing information and communication technology in the Madiun city government. As a government institution to serving and providing information to the public, Diskominfo Madiun City is vulnerable to information security threats that can hinder its performance. Information Security Management System ISO / IEC 2701: 2013 is a system that expected to be able to provide effectiveness and efficiency of information security management at Diskominfo Madiun city. This research aims to determine the current conditions and how the readiness of Diskominfo Madiun City to achieve ISO/IEC 27001:2013 certification. From the results of the gap analysis, it can be seen that the percentage of readiness of Diskominfo Madiun City is 71%, with a readiness range between 19% - 100%. The highest level of readiness is 100% on the requirements of clause 4 concerning the organizational context and clause 10 concerning improvements, where all information security requirements have been met. While the lowest readiness percentage is 19% which is shown in the requirements of clause 6 regarding planning. The gap analysis method is used to determine how far the ISO/IEC 27001:2013 requirements are fulfilled. The results of the gap analysis show the extent of the readiness of Diskominfo Madiun City to carry out ISO/IEC 27001:2013 certification. The results of the research indicate that Diskominfo Madiun City must improve its readiness for ISO/IEC 27001:2013 certification by fulfill the requirements of the required information security documents based on ISO/IEC 27001:2013 standards.
APA, Harvard, Vancouver, ISO, and other styles
20

Pradipta, Yudhistira Candra, Yani Rahardja, and Melkior Nikolar Ngalumsine Sitokdana. "AUDIT SISTEM MANAJEMEN KEAMANAN INFORMASI PUSAT TEKNOLOGI INFORMASI DAN KOMUNIKASI PENERBANGAN DAN ANTARIKSA (PUSTIKPAN) MENGGUNAKAN SNI ISO/IEC 27001:2013." Sebatik 23, no. 2 (December 1, 2019): 352–58. http://dx.doi.org/10.46984/sebatik.v23i2.782.

Full text
Abstract:
Penerapan tata kelola Teknologi Informasi dan Komunikasi (TIK) saat ini sudah menjadi kebutuhan dan tuntutan di setiap instansi penyelenggara pelayanan publik mengingat peran TIK yang semakin penting bagi upaya peningkatan kualitas layanan sebagai salah satu realisasi dari tata kelola pemerintahan yang baik (Good Corporate Governance). Untuk maksud tersebut maka perlu dilakukan penelitian untuk mengaudit Sistem Manajemen Keamanan Informasi di Pusat Teknologi Informasi dan Komunikasi Penerbangan dan Antariksa (PUSTIKPAN) menggunakan ISO/IEC 27001:2013. Berdasarkan hasil penelitian tersebut ditemukan bahwa bahwa Annex 7 memiliki tingakatan paling rendah diantara Annex lainnyadikarenakan pada dokumen intruksi kerja terkait labeling belum terdaftar dalam dokumen induk sehingga perlu disesuaikan kembali dokumen induknya. Selain itu, masih ada dari klausul dan annex lainnya masih terdapat beberapa dokumen dan formulir yang kurang sesuai antara judul dengan yang tercantum pada kebijakan/prosedur yang ada sehingga kurang adanya sinkronisasi. Kemudian secara keseluruhan penggunaan ISO/IEC 27001:2013 telah terlaksana dengan baik karena memiliki rata-rata nilai maturity level 97,25% dengan level 5 Optimised. Hampir dari seluruh klausul dan annex memenuhi standar ISO/IEC 27001:2013 terlaksana sehingga dari hasil penelitian ini diharapkan PUSTIKPAN dapat meningkatkan kembali dalam pengarsipan dokumen agar memudahkan auditor dalam melakukan audit internal ataupun eksternal serta dapat terlaksananya seluruh kegiatan sesuai dengan standar ISO/IEC 27001:2013.
APA, Harvard, Vancouver, ISO, and other styles
21

Litvinchuk, Iryna, Ruslan Korchomnyi, Nataliia Korshun, and Maksym Vorokhob. "APPROACH TO INFORMATION SECURITY RISK ASSESSMENT FOR A CLASS «1» AUTOMATED SYSTEM." Cybersecurity: Education, Science, Technique 2, no. 10 (2020): 98–112. http://dx.doi.org/10.28925/2663-4023.2020.10.98112.

Full text
Abstract:
The article is devoted to the assessment of information security risks in automated systems of class "1". An adapted approach to the assessment of information security risks in such automated systems using the Methodology and requirements of the standards of GSTU SUIB 1.0 / ISO / IEC 27001: 2010 and GSTU SUIB 2.0 / ISO / IEC 27002: 2010 is proposed. The efficiency and methods of implementation of the approach are proved on the example of consideration of real threats and vulnerabilities of class 1 automated systems. The main requirement for the creation of information security management system in the organization is risk assessment and identification of threats to information resources that are processed in information and telecommunications systems and speakers. The basic standards on information security in Ukraine are considered, which give general recommendations for the construction and assessment of information security risks within the ISMS. The most common methods and methodologies for assessing information security risks of international standard are analyzed, their advantages and disadvantages are identified. The order of carrying out of works on an estimation of risks of information security of the AS of a class "1" is defined. The vulnerabilities considered by the expert according to the standard ISO/IEC 27002:2005 and the Methodology are given. A conditional scale for determining the impact on the implementation of threats to integrity, accessibility, observation is given. Measures and means of counteracting the emergence of threats are proposed. This approach can be used both for direct information risk assessment and for educational purposes. It allows to get the final result regardless of the experience and qualifications of the specialist who conducts risk assessment, with the subsequent implementation and improvement of the existing risk management system in the organization.
APA, Harvard, Vancouver, ISO, and other styles
22

Medve, Anna. "Model-based Framework for Change Management and Integrated Development of Information Security." INTERNATIONAL JOURNAL OF MANAGEMENT & INFORMATION TECHNOLOGY 5, no. 3 (September 15, 2013): 586–97. http://dx.doi.org/10.24297/ijmit.v5i3.4225.

Full text
Abstract:
This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B change management with empirical validation within a commercial SME. The framework supports MDE process of enterprise architecture re-engineering integrating the development of information security
APA, Harvard, Vancouver, ISO, and other styles
23

Medve, Anna. "Model-based Framework for Change Management and Integrated Devlopment of Information Security." INTERNATIONAL JOURNAL OF MANAGEMENT & INFORMATION TECHNOLOGY 5, no. 3 (September 15, 2018): 586–97. http://dx.doi.org/10.24297/ijmit.v5i3.759.

Full text
Abstract:
This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B change management with empirical validation within a commercial SME. The framework supports MDE process of enterprise architecture re-engineering integrating the development of information security.
APA, Harvard, Vancouver, ISO, and other styles
24

Pardo, César, Francisco J. Pino, and Félix Garcia. "Towards an Integrated Management System (IMS), harmonizing the ISO/IEC 27001 and ISO/IEC 20000-2 standards." International Journal of Software Engineering and Its Applications 10, no. 9 (September 30, 2016): 217–30. http://dx.doi.org/10.14257/ijseia.2016.10.9.18.

Full text
APA, Harvard, Vancouver, ISO, and other styles
25

Lukitowati, Risma, and Kalamullah Ramli. "Assessing the Information Security Awareness of Employees in PT ABC Against International Organization for Standardization (ISO) 27001:2013." Journal of Computational and Theoretical Nanoscience 17, no. 2 (February 1, 2020): 1441–46. http://dx.doi.org/10.1166/jctn.2020.8823.

Full text
Abstract:
The main purpose of information security is maintaining information assets that are owned by an organization, such as confidentiality, integrity, and availability (known as CIA). In maintaining information assets, a company usually manages information security by making and implementing an Information Security Management System (ISMS) policy. A widely used and applied ISMS policy in Indonesia is ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission). Indonesian telecommunications company PT ABC has implemented the ISO/IEC 27001:2013 standards and procedures. The company conducts an audit once a year to maintain the level of compliance with ISO/IEC 27001:2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of the company’s information security. This research focused on assessing how much information security awareness exists within PT ABC. Questionnaires were distributed in two departments of the company: supply chain management and service delivery of the Jakarta operations network. This research also examined company documents and surveillance audits in 2018. The employees were grouped based on their length of employment. The results of the questionnaires, with an error margin of 6%, were further compared with the results of the surveillance audit. Our data show that most employees who have worked at the company for more than six years understood and implemented ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked at the company for just one to two years.
APA, Harvard, Vancouver, ISO, and other styles
26

Mataracioglu, Tolga, and Sevgi Ozkan Yildirim. "Obstructions of Turkish Public Organizations Getting ISO/IEC 27001 Certified." International Journal of Managing Value and Supply Chains 5, no. 2 (June 2014): 1–10. http://dx.doi.org/10.5121/ijmvsc.2014.5201.

Full text
APA, Harvard, Vancouver, ISO, and other styles
27

الذنيبات, معاذ يوسف, عدنان عواد الشوابكة, and خيرو خلف البقور. "دور عمليات إدارة الموارد البشرية في تحقيق الأمن المعلوماتي: دراسة تطبيقية على الجامعات الحكومية السعودية." Management & Economics Research Journal 2, no. 3 (June 21, 2020): 1–23. http://dx.doi.org/10.48100/merj.v2i3.107.

Full text
Abstract:
تهدف هذه الدراسة إلى الكشف واقع مساهمة وحدات إدارة الموارد البشرية في تحقيق الأمن المعلوماتي في الجامعات الحكومية السعودية من خلال فحص مدى التزامها بضوابط المواصفة العالمية لنظام إدارة أمن المعلومات ((ISO/IEC 27002:2013. اعتمدت الدراسة على طرق البحث النوعي، حيث تم تصميم قائمة فحص لجمع البيانات اللازمة للدراسة، باستخدام أسلوب المقابلات شبه المهيكلة، والملاحظة المباشرة، وفحص والوثائق المستخدمة بوحدات إدارة الموارد البشرية، كما تم استخدام أسلوب تحليل الفجوات لتحليل البيانات وفهم مدى امتثال وحدات إدارة الموارد البشرية في الجامعات التي شاركت في الدراسة لضوابط أمن المعلومات التي نصت عليها المواصفة ((ISO/IEC 27002:2013. توصلت الدراسة إلى عدد من النتائج كان من أهمها التزام الجامعات المشاركة في الدراسة بنسب متفاوتة تراوحت بين المتوسط والمرتفع في تطبيق بنود المواصفة العالمية ((ISO/IEC 27002:2013 فيما يتعلق بعمليات إدارة الموارد البشرية (قبل التوظيف، واثناء التوظيف، وعمليات ترك الخدمة أو تغير الوظيفة). وفي ضوء تلك النتائج قدمت الدراسة عدد من التوصيات التي ترشد الجامعات نحو الالتزام الكامل بمتطلبات تلك المواصفة بهدف رفع مستوى مساهمة عمليات إدارة الموارد البشرية في تحقيق الامن المعلوماتي. تصنيف جال: M15.
APA, Harvard, Vancouver, ISO, and other styles
28

Paradise, Paradise, Kusrini Kusrini, and Asro Nasiri. "Audit Keamanan Aplikasi E-Cash Menggunakan Iso 27001." Creative Information Technology Journal 5, no. 4 (March 19, 2020): 243. http://dx.doi.org/10.24076/citec.2018v5i4.209.

Full text
Abstract:
Mandiri e-cash adalah uang elektronik yang dikeluarkan oleh Bank Mandiri, berbasis server yang memanfaatkan teknologi aplikasi di handphone atau yang disebut sebagai uang tunai di handphone. Dalam pelaksanaannya, mandiri e-cash memberikan kemudahan kepada pengguna dalam proses transaksi keuangan, akan tetapi disamping itu banyak juga keluhan masyarakat akan maraknya tindak kejahatan dunia maya melalui mandiri e-cash. Keamanan adalah hal penting yang harus diperhatikan oleh pihak bank, mengingat pentingnya data-data yang ada pada aplikasi ini. Untuk mengukur keamanan informasi tersebut penulis akan melakukan audit menggunakan ISO 27001 untuk memastikan Bank Mandiri bekerja sesuai dengan procedure yang ada. ISO/IEC 27001:2005 adalah standar keamanan sistem informasi yang mempunyai 27 klausul untuk mengukur tingkat keamanan bank. Hasil audit didapatkan dari observasi, wawancara, dan pembagian kuisoner kepada responden yang telah dipilih. Hasil yang didapat dari penelitian ini adalah tingkat maturity level dari hasil perhitungan beberapa klausul yang dipilih. Dari hasil tersebut akan ditemukan rekomendasi dan saran untuk aplikasi Mandiri E-Cash.Kata Kunci — Audit, E-Cash, ISO 27001Mandirie-cash is an electronic money issued by Bank Mandiri, a server-based technology applications in mobile phones or called as cash in mobile. In practice, independent e-cash provides convenience to users in the process of financial transactions, but also many complaints besides communities will be rampant cyberspace crimes through mandiri e-cash. Security is important things that must be considered by the bank, given the importance of the existing data on this application. To measure the information security writers will use ISO 27001 audit to ensure Bank Mandiri working in accordance with the existing procedure. ISO/IEC 27001:2005 information systems security is a standard which has 27 clauses to measure the level of security of a company or organization. Audit results obtained from observation, interview, and Division kuisoner to selected respondents. The results obtained from this research is the level of maturity level of the results of the calculations of some of the selected clause. The results will be found from recommendations and suggestions for the standalone application E-Cash.Keyword — Auditing, E-Cash, ISO 27001
APA, Harvard, Vancouver, ISO, and other styles
29

Kozhedub, Yuliia. "Modern aspects of updating international standards of series ISO/IEC 27000." Collection "Information technology and security" 4, no. 1 (June 30, 2016): 20–26. http://dx.doi.org/10.20535/2411-1031.2016.4.1.95921.

Full text
APA, Harvard, Vancouver, ISO, and other styles
30

Rosa, Ferrucio De Franco, Mario Jino, Paulo Marcos Siqueira Bueno, and Rodrigo Bonacin. "Applying heuristics to the selection and prioritisation of security assessment items in software assessment: the case of ISO/IEC 27001 the case of ISO/IEC 27001." ACTA IMEKO 8, no. 2 (June 27, 2019): 12. http://dx.doi.org/10.21014/acta_imeko.v8i2.624.

Full text
Abstract:
Security standards are essential instruments for security assessment. To create security assessment designs with suitable assessment items, we need to know the security aspects that are covered by a particular standard. We propose an approach to the selection and prioritisation of security assessment items. Assessment heuristics are proposed, aiming to increase the coverage of assessment dimensions and security characteristics in assessment designs. The main contribution of this paper to the field is the set of security assessment heuristics. Our approach can be applied to security standards in order to select or to prioritise assessment items with respect to 11 security properties and 6 assessment dimensions. The approach is flexible and allows the inclusion of security dimensions and properties. Our proposal is applied herein to a well-known security standard, ISO/IEC 27001, and its assessment items were analysed. The proposal is intended to support (i) the generation of high-coverage assessment designs, by including security assessment items with assured coverage of the main security characteristics and (ii) the evaluation of security standards with respect to the coverage of security aspects.
APA, Harvard, Vancouver, ISO, and other styles
31

Maingak, Akmal Zaifullah, Candiwan Candiwan, and Listyo Dwi Harsono. "Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution." TRIKONOMIKA 17, no. 1 (September 17, 2018): 28. http://dx.doi.org/10.23969/trikonomika.v17i1.1138.

Full text
Abstract:
The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.
APA, Harvard, Vancouver, ISO, and other styles
32

Krawczyk-Jezierska, Agnieszka, and Jarosław Jezierski. "Zastosowanie normy ISO/EIC 27001 w sektorze finansowym — zakres i korzyści." Ekonomia 24, no. 2 (October 23, 2018): 107–21. http://dx.doi.org/10.19195/2084-4093.24.2.8.

Full text
Abstract:
Application of ISO/EIC 27001 in the financial sector — scope and benefitsIn the face of technological advances and, as a result, the increasing threat of the loss of growing amount of data collected by financial institutions, it seems necessary to employ effective security measures in the process of information management. The necessity to implement information security management systems ISMS by all institutions processing personal data is reflected in national legislation. The requirements resulting from contemporary hazards and legal provisions are concurrent with the requirements of the international standard ISO/IEC 27001, concerning the designing of the information security management system. This standard is most widely used by IT companies, however, the financial sector that collects and a processes huge amount of personal data, constitutes its significant recipient. Most of the companies certified by this standard come from the Eastern Asia and Pacific region, dominated by Japan, and from Europe, where the United Kingdom is the leader. In Poland the use of ISO/IEC 27001 is growing, yet the financial institutions that fulfill its requirements are still in a minority. It seems that from May 2018 on, national regulations imposing greater responsibility for the security of personal data on the institutions processing it, will bring the above-mentioned standard into focus.
APA, Harvard, Vancouver, ISO, and other styles
33

Maletić, Siniša. "IMPLEMENTACIJA SISTEMABEZBEDNOSTI INFORMACIJAISO/IEC 27001 U KOMPANIJI „FMS“ BEOGRAD, SA OSVRTOM NA PROCENU RIZIKA." Zbornik radova Fakulteta tehničkih nauka u Novom Sadu 34, no. 05 (April 15, 2019): 822–24. http://dx.doi.org/10.24867/02gi06maletic.

Full text
Abstract:
U radu je opisana implementacija standarda ISO/IEC 27001 na primeru studije slučaja preduzeća „FMS" Beograd. Implementacijom ovog standarda obuhvaćena je procena rizika kao i primena svih kontrola u politici bezbednosti.
APA, Harvard, Vancouver, ISO, and other styles
34

Marcos, Antonio Folgueras, José Carlos Alva Tello, Belén Ruiz-Mezcua, and Ángel García Crespo. "Detection of Strategies in IT Organizations through an Integrated IT Compliance Model." International Journal of IT/Business Alignment and Governance 1, no. 4 (October 2010): 40–57. http://dx.doi.org/10.4018/jitbag.2010100103.

Full text
Abstract:
In the past few years, many frameworks and standards have been developed to cover different aspects of IT to provide best practices, such as COBIT, ITIL, CMMI, ISO/IEC 20000, ISO/IEC 38500 and ISO/IEC 27000, and improve IT governance and IT service management in organizations. This research presents how self-assessments for IT standards improve significantly the strategic and tactical evaluation of IT requirements. Self-assessments measure the state of an organization in relation to experts’ recommendations of a specific framework. As a result of the number and excellence of the current standards, the authors propose a Compliance Model (MOPLACO) that uses, as a starting point, a combination of self-assessments and standards to plan the early strategic and tactical stages of the IT departments.
APA, Harvard, Vancouver, ISO, and other styles
35

Muthaiyah, Saravanan, and Thein Oak Kyaw Zaw. "ISO/IEC 27001 Implementation in SMEs: Investigation on Management of Information Assets." Indian Journal of Public Health Research & Development 9, no. 12 (2018): 2631. http://dx.doi.org/10.5958/0976-5506.2018.02112.5.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

ChiChang Chang, PeiRan Sun, KuoHsiung Liao, and YiFen Chen. "Evaluating the ISO/IEC 27001 with Experts' Knowledge for Taiwanese Medical Center." Journal of Convergence Information Technology 6, no. 10 (October 31, 2011): 63–70. http://dx.doi.org/10.4156/jcit.vol6.issue10.9.

Full text
APA, Harvard, Vancouver, ISO, and other styles
37

Afrianto, Irawan, Taryana Suryana, and Sufa’atin Sufa’atin. "Pengukuran dan Evaluasi Keamanan Informasi Menggunakan Indeks KAMI - SNI ISO/IEC 27001:2009." Jurnal ULTIMA InfoSys 6, no. 1 (June 1, 2015): 43–49. http://dx.doi.org/10.31937/si.v6i1.278.

Full text
Abstract:
Information is a valuable asset for the college. The need for safeguards against information becomes very necessary thing for a college. One standard that can be used to measure the maturity level of information security in an organization is the KAMI index developed by Depkominfo standards refer to ISO standard ISO / IEC 27001: 2009. This assessment is used to see how far the maturity level of information security in the college environment, which results can be used as a medium for evaluation in order to improve the information security of the college in the future. Index Terms - Assessment, Information security, KAMI Index, Maturity Level, College X
APA, Harvard, Vancouver, ISO, and other styles
38

Cruz-Gavilánez, Yolanda de la N., and Carlos J. Martinez-Santander. "ISO / IEC 27001 aseguramiento de la calidad de la información: Línea de tiempo." Polo del Conocimiento 3, no. 6 (June 5, 2018): 478. http://dx.doi.org/10.23857/pc.v3i6.641.

Full text
Abstract:
<p style="text-align: justify;">En la actualidad los datos son esenciales en la vida cotidiana de todas las personas, empresas, organizaciones, entre otras. Desafortunadamente el riesgo de fraude cada vez es mayor. Ciberataques, hacking de los datos digitales, perdida de información se ha convertido en algo común de esta década. La aparición de nuevos sistemas acoplados a la parte industrial, de salud, energía, servicios básicos. Los han convertido en infraestructuras críticas, si incurre un ataque, puede traer consigo la paralización de una ciudad, además de las pérdidas económicas. Por tanto, el riesgo es cada vez mayor. Una de las medidas efectivas para contrarrestar en un alto porcentaje estos problemas, sería la implementación de un Sistema de Gestión de la Seguridad de la Información (SGSI). Esto provee un detallado marco para el desarrollo, implementación y gestión de seguridad de la información ISO/IEC27001. Representa un propósito importante para proteger su TI (Tecnología Informática), infraestructura y aseguramiento de los datos para una empresa u organización ya sea pública o privada. EL objetivo de este artículo es discutir el origen y evolución de la ISO / IEC 27001, además se hace una comparación entre la ISO 27001: 2005 y 2013 que es el estándar actual e implementado en la mayoría de las organizaciones.</p>
APA, Harvard, Vancouver, ISO, and other styles
39

Culot, Giovanna, Guido Nassimbeni, Matteo Podrecca, and Marco Sartor. "The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda." TQM Journal 33, no. 7 (March 16, 2021): 76–105. http://dx.doi.org/10.1108/tqm-09-2020-0202.

Full text
Abstract:
PurposeAfter 15 years of research, this paper aims to present a review of the academic literature on the ISO/IEC 27001, the most renowned standard for information security and the third most widespread ISO certification. Emerging issues are reframed through the lenses of social systems thinking, deriving a theory-based research agenda to inspire interdisciplinary studies in the field.Design/methodology/approachThe study is structured as a systematic literature review.FindingsResearch themes and sub-themes are identified on five broad research foci: relation with other standards, motivations, issues in the implementation, possible outcomes and contextual factors.Originality/valueThe study presents a structured overview of the academic body of knowledge on ISO/IEC 27001, providing solid foundations for future research on the topic. A set of research opportunities is outlined, with the aim to inspire future interdisciplinary studies at the crossroad between information security and quality management. Managers interested in the implementation of the standard and policymakers can find an overview of academic knowledge useful to inform their decisions related to implementation and regulatory activities.
APA, Harvard, Vancouver, ISO, and other styles
40

Putra, Mardi Yudhi, and Djajasukma Tjahjadi. "Evaluasi Keamanan Informasi Pada Perguruan Tinggi Bina Insani Berdasarkan Indeks Keamanan Informasi SNI ISO/IEC 27001." PIKSEL : Penelitian Ilmu Komputer Sistem Embedded and Logic 6, no. 1 (March 19, 2018): 95–104. http://dx.doi.org/10.33558/piksel.v6i1.1404.

Full text
Abstract:
Abstract Efforts to improve information security are so important to an organization that not only in planning but up to the stage of information security. In reality, there is a lack of awareness of the organization of its importance that it causes the occurrence of security issues such as spam so that it affects the business process of the organization. This study examines the evaluation of the completeness (readiness and maturity) of the Information Security Management System (SMKI) at the Private Higher Education Institution of Bina Insani as measured using the Information Security Index (KAMI). Evaluation carried out refers to the ISO / IEC 27001 information security standard regarding information security requirements. Population and sample of this research consist of 4 working unit that is BAAK, BKEU, PMB and BSIJ & UPT so total amount 20. Sampling technique used is non probability sampling that is saturated sampling. The evaluation results of both the preparedness and maturity of the ISMS are at a very low level with the dependence on the role of information and communication technology at the organization at a moderate level. The level of completeness is at a low level with a score of 167 out of a total of 588 and the level of maturity is at level II. Meanwhile, to obtain ISO / IEC 27001: 2009 certification minimum level of information security is at level III. To achieve the level of maturity of Higher Education Bina Insani need to make improvements gradually starting from kesadaraan importance of information security, such as knowledge sharing and information security related training. Keywords: Information Security, Index KAMI, ISO 27001 Abstrak Upaya meningkatkan keamanan informasi sangat penting pada sebuah organisasi, tidak hanya dalam perencanaan akan tetapi sampai dengan tahap penerapan keamanan informasi. Pada kenyataannya ditemukan kurangnya kesadaran dari organisasi akan pentingnya hal tersebut sehingga menyebabkan terjadinya masalah keamanan informasi sehingga berdampak pada proses bisnis organisasi. Penelitian ini membahas tentang evaluasi kelengkapan (kesiapan dan kematangan) Sistem Manajemen Keamanan Informasi (SMKI) yang ada pada Lembaga Pendidikan Swasta Perguruan Tinggi Bina Insani yang dievaluasi menggunakan Indeks Keamanan Informasi (KAMI). Evaluasi yang dilakukan mengacu pada standar keamanan informasi ISO/IEC 27001 mengenai persyaratan keamanan informasi. Populasi dan sampel penelitian ini terdiri dari 4 unit kerja yakni BAAK, BKEU, PMB dan BSIJ & UPT sehingga jumlah secara keseluruhan 20. Teknik sampling yang digunakan adalah non probability sampling yakni sampling jenuh. Hasil evaluasi baik kesiapan dan kematangan SMKI berada pada tingkat yang sangat rendah dengan ketergantungan peran teknologi informasi dan komunikasi pada organisasi pada tingkat sedang. Untuk tingkat kelengkapan berada pada tingkat yang rendah dengan skor 167 dari total 588 dan tingkat kematangan berada pada tingkat II. Sementara untuk mendapatkan sertifikasi ISO/IEC 27001:2009 minimal level keamanan informasi adalah berada pada tingkat III. Untuk mencapai tingkat kematangan tersebut Perguruan Tinggi Bina Insani perlu melakukan perbaikan secara bertahap mulai dari kesadaraan pentingnya kemanan informasi, seperti sharing knowledge dan pelatihan terkait keamanan informasi. Kata kunci: Keamanan Informasi, Indeks KAMI, ISO 27001
APA, Harvard, Vancouver, ISO, and other styles
41

Гаршина, Вероника Викторовна, Вячеслав Алексеевич Степанцов, and Анастасия Юрьевна Данковцева. "Семантический анализ информационных рисков и угроз на основе онтологии стандарта ISO/IEC 27001." Вестник ВГУ. Серия: Системный анализ и информационные технологии, no. 4 (August 30, 2018): 73–80. http://dx.doi.org/10.17308/sait.2018.4/1255.

Full text
Abstract:
В статье представлена реализация онтологического подхода к моделированию смысловых закономерностей для управления информационной безопасностью компании на основе стандарта ISO/IEC 27001. Предложена технологическая платформа разработки, базирующаяся на универсальных стандартах и использующая свободно-распространяемое ПО, на базе которой реализован прототип системы семантического анализа информационных рисков и угроз.
APA, Harvard, Vancouver, ISO, and other styles
42

Sholikhatin, Siti Alvi, and Khairunnisak Nur Isnaini. "Analysis of Information Security Using ISO 27001 and Triangular Fuzzy Number Weighting." Jurnal Ilmiah Informatika 6, no. 1 (June 30, 2021): 43–49. http://dx.doi.org/10.35316/jimi.v6i1.1224.

Full text
Abstract:
The business process of an organization can’t be done properly without appropriate information management, in which information is an important asset that needs to be protected with the utmost care and concern. Information security is a way to protect information from large scale threats, thus to ensure the sustainability of the organization's operational, to reduce business risks and to increase business opportunity and return of investment. This research is conducted to measure the accountability of ISO 27001 in assisting the organization to document the information security policy. ISO/IEC 27001:2005 is a standard of information security that is widely used, openly accepted and implemented, and suitable for providing rules related to implementation and evaluation of the information security system. The assessment from ISO controls and objectives will be converted into a triangular fuzzy number to help in the analysis purpose. The fuzzy number is used to simplify the measurement. The result shows that the organization is not yet complying with the standard procedures of the Information Security Management System so it is needed to document the security policy based on the ISO 27001 framework standard.
APA, Harvard, Vancouver, ISO, and other styles
43

Sanskriti Choubey and Astitwa Bhargava. "Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance." International Journal of Scientific Research in Network Security and Communication 6, no. 2 (April 30, 2018): 30–33. http://dx.doi.org/10.26438/ijsrnsc/v6i2.3033.

Full text
APA, Harvard, Vancouver, ISO, and other styles
44

Ahler, Ekaterina. "The ISO/IEC 27001 standard provides a systematic approach to information security management." Upravlenie kachestvom (Quality management), no. 1 (January 1, 2021): 36–38. http://dx.doi.org/10.33920/pro-1-2101-07.

Full text
Abstract:
The company's information security is not only compliance with a set of IT security measures, but also the correct choice of the appropriate standard. Let's look at what standards are aimed at ensuring the information security of the company.
APA, Harvard, Vancouver, ISO, and other styles
45

Tanaamah, Andeka Rocky, and Friska Juliana Indira. "Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013." IJITEE (International Journal of Information Technology and Electrical Engineering) 5, no. 2 (August 6, 2021): 68. http://dx.doi.org/10.22146/ijitee.65670.

Full text
Abstract:
IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.
APA, Harvard, Vancouver, ISO, and other styles
46

Rabii, Anass, Saliha Assoul, Khadija Ouazzani Touhami, and Ounsa Roudies. "Information and cyber security maturity models: a systematic literature review." Information & Computer Security 28, no. 4 (June 6, 2020): 627–44. http://dx.doi.org/10.1108/ics-03-2019-0039.

Full text
Abstract:
Purpose This paper aims to clarify the uncertainty reflected in the current state of information security maturity evaluation where it has not enough matured and converged so that a generic approach or many specfics approaches become the go-to choice. In fact, in the past decade, many secruity maturity models are still being produced and remain unproven regardless of the existence of ISO 21827. Design/methodology/approach The authors have used the systematic literature review to summarize existing research, help identify gaps in the existing literature and provide background for positioning new research studies. Findings The authors highlighted the prevalent influence of the ISO/IEC 27001/27002 standard but raised the necessity for an in-depth investigation of ISO 21827. The authors also made the implementation facet a central topic of our review. The authors found out that, compared to the number of proposed models, implementation experiments are lacking. This could be due to the arduous task of validation and it could also be the reason why specific models are dominant. Originality/value While the research literature contains many experience reports and a few case studies on information security maturity evaluation, a systematic review and synthesis of this growing field of research is unavailable as far as the authors know. In fact, the authors only picked-up one bodywork [Maturity models in cyber security A systematic review (2017)] carrying out a literature review on security maturity models between 2012 and 2017, written in Spanish.
APA, Harvard, Vancouver, ISO, and other styles
47

Arruda, Paulo Cesar Andrade, Marcio Lima Da Silva, and Edilson Da Silva Pedro. "Um Estudo da Segurança da Informação na Propriedade Intelectual nas ICTs." Cadernos de Prospecção 13, no. 4 (July 12, 2020): 1053. http://dx.doi.org/10.9771/cp.v13i4.29512.

Full text
Abstract:
<p>O presente estudo apresenta um panorama nacional e internacional dos controles relacionados à segurança da informação utilizados pelas Instituições de Ciência e Tecnologia (ICTs) em suas atividades relacionadas à Propriedade Intelectual. Para esta análise foram selecionadas Instituições de renome nacional e internacional. A metodologia utilizada tem como referencial as recomendações das normas ABNT NBR ISO/IEC 27001 e 27002 e permitiu mapear os principais controles adotados pelas ICTs, além de indicar as Instituições que possuem um Sistema de Gestão de Segurança da Informação (SGSI) mais completo e abrangente. A partir desse mapeamento, analisou-se o impacto dos principais controles nas atividades institucionais que envolvem Propriedade Intelectual. Concluiu-se que a adoção de um SGSI é crucial para o desenvolvimento de atividades relacionadas à Propriedade Intelectual, como a proteção de ativos intangíveis e a transferência de tecnologias. Observou-se que, comparando as ICTs nacionais com as estrangeiras, estas apresentam um Sistema de Gestão de Segurança da Informação mais abrangente em relação à PI.</p>
APA, Harvard, Vancouver, ISO, and other styles
48

Tiszolczi, Balázs Gergely. "Fizikai biztonsági kontrollok tervezésének és alkalmazásának gyakorlata az ISO/IEC 27001 szabvány elvárásainak tükrében." Magyar Rendészet 19, no. 2-3 (2019): 233–49. http://dx.doi.org/10.32577/mr.2019.2-3.12.

Full text
Abstract:
Az információ és az információs rendszerek megfelelő védelme körültekintő tervezést és számos kontroll implementálását igényli a vállalkozások részéről, amelynek sok esetben valamely információbiztonsági keretrendszer, legtöbbször az ISO/IEC 27001 nemzetközi szabvány bevezetésével tesznek eleget. A szabvány rendelkezései közt hangsúlyosan foglalkozik többek közt az információs rendszerek fizikai védelmének kialakításával. Jelen tanulmány olyan tervezési, üzemeltetési megfontolásokat tárgyal, amely segíthet, hogy a felelős szakemberek a szabvány elvárásainak megfelelő fizikai biztonsági rendszereket hozzanak létre.
APA, Harvard, Vancouver, ISO, and other styles
49

Maquera Quispe, Henry George, and Paola Nhataly Serpa Guillermo. "GESTIÓN DE ACTIVOS BASADO EN ISO/IEC 27002 PARA GARANTIZAR SEGURIDAD DE LA INFORMACIÓN." Ciencia & Desarrollo, no. 21 (June 11, 2019): 100–112. http://dx.doi.org/10.33326/26176033.2017.21.736.

Full text
Abstract:
Muchas empresas carecen de controles de seguridad por lo que no pueden garantizar la seguridad de la información.El avance tecnológico y una gestión de la información, cada vez más compleja traen consigo la presencia de diversostipos de amenaza que buscan reducir los niveles de servicio de los activos del área de proyectos digitales del Grupode Periodismo Digital (GPD). Esta investigación se encaminó a la implementación y utilización de mecanismos de control para la gestión de activos basada en la norma internacional ISO/IEC 27002 bajo el objetivo de evaluar los niveles de seguridad en los activos de información mediante métricas formuladas a través de la guía de medición del desempeño para la seguridad de la información del NIST (National Institute of Standards and Technology). Un análisis de riesgos por cada tipo de activos permitió establecer que los mecanismos implementados basados en controles administrativos - técnicos - físicos han logrado reducir los niveles de riesgo. La gestión de activos de información ha permitido elevar las métricas de seguridad de la información y estrategias de seguridad con el fin de garantizar la continuidad de los procesos establecidos por el Grupo de Periodismo Digital mediante planes de continuidad de negocios y planes de recuperación ante desastres.
APA, Harvard, Vancouver, ISO, and other styles
50

Andriana, Myra, Irwan Sembiring, and Kristoko Dwi Hartomo. "SOP of Information System Security on Koperasi Simpan Pinjam Using ISO/IEC 27002:2013." Jurnal Transformatika 18, no. 1 (July 29, 2020): 25. http://dx.doi.org/10.26623/transformatika.v18i1.2020.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'ISO/IEC 27004' for other source types:
Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography