Analysis of Information Security Using ISO 27001 and Triangular Fuzzy Number Weighting
Abstract
The business process of an organization can’t be done properly without appropriate information management, in which information is an important asset that needs to be protected with the utmost care and concern. Information security is a way to protect information from large scale threats, thus to ensure the sustainability of the organization's operational, to reduce business risks and to increase business opportunity and return of investment. This research is conducted to measure the accountability of ISO 27001 in assisting the organization to document the information security policy. ISO/IEC 27001:2005 is a standard of information security that is widely used, openly accepted and implemented, and suitable for providing rules related to implementation and evaluation of the information security system. The assessment from ISO controls and objectives will be converted into a triangular fuzzy number to help in the analysis purpose. The fuzzy number is used to simplify the measurement. The result shows that the organization is not yet complying with the standard procedures of the Information Security Management System so it is needed to document the security policy based on the ISO 27001 framework standard.
Downloads
References
C. Hsu, T. Wang, and A. Lu, “The impact of ISO 27001 certification on firm performance,” Proc. Annu. Hawaii Int. Conf. Syst. Sci., vol. 2016-March, pp. 4842–4848, 2016.
D. Ki-Aries and S. Faily, “Persona-centred information security awareness,” Comput. Secur., vol. 70, pp. 663–674, 2017.
D. Achmadi, Y. Suryanto, and K. Ramli, “On Developing Information Security Management System (ISMS) Framework for ISO 27001-based Data Center,” 2018 Int. Work. Big Data Inf. Secur. IWBIS 2018, pp. 149–157, 2018.
S. Gritzalis, E. R. Weippl, S. K. K. G. Anderst-kotsis, I. Conference, and G. Goos, Trust , Privacy and Security. 2019.
R. Almeida, R. Lourinho, M. M. Da Silva, and R. Pereira, “A model for assessing COBIT 5 and ISO 27001 simultaneously,” Proceeding - 2018 20th IEEE Int. Conf. Bus. Informatics, CBI 2018, vol. 1, pp. 60–69, 2018.
T. Kristanto, M. Sholik, D. Rahmawati, and M. Nasrullah, “Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001:2005 Pada Staff IT Support Di Instansi XYZ,” JISA(Jurnal Inform. dan Sains), vol. 2, no. 2, pp. 30–33, 2019.
G. Culot, G. Nassimbeni, M. Podrecca, and M. Sartor, “The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda,” TQM J., vol. 33, no. 7, pp. 76–105, 2021.
S. Al-Dhahri, M. Al-Sarti, and A. Abdul, “Information Security Management System,” Int. J. Comput. Appl., vol. 158, no. 7, pp. 29–33, 2017.
D. Proença and J. Borbinha, Information security management systems - A maturity model based on ISO/IEC 27001, vol. 320. Springer International Publishing, 2018.
M. Mirtsch, J. Kinne, and K. Blind, “Exploring the Adoption of the International Information Security Management System Standard ISO/IEC 27001: A Web Mining-Based Analysis,” IEEE Trans. Eng. Manag., vol. 68, no. 1, pp. 87–100, 2021.
I. Topa and M. Karyda, “From theory to practice: guidelines for enhancing information security management,” Inf. Comput. Secur., vol. 27, no. 3, pp. 326–342, 2019.
A. Aginsa, I. Y. Matheus Edward, and W. Shalannanda, “Enhanced information security management system framework design using ISO 27001 and zachman framework - A study case of XYZ company,” Proc. - ICWT 2016 2nd Int. Conf. Wirel. Telemat. 2016, pp. 62–66, 2017.
A. Kurnianto, R. Isnanto, and A. P. Widodo, “Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs,” E3S Web Conf., vol. 31, pp. 0–5, 2018.
T. Hartati, “Perencanaan Sistem Manajemen Keamanan Informasi Bidang Akademik Menggunakan ISO 27001: 2013,” KOPERTIP J. Ilm. Manaj. Inform. dan Komput., vol. 1, no. 2, pp. 63–70, 2017.
A. P. H. De Gusmão, L. C. E Silva, M. M. Silva, T. Poleto, and A. P. C. S. Costa, “Information security risk analysis model using fuzzy decision theory,” Int. J. Inf. Manage., vol. 36, no. 1, pp. 25–34, 2016.
Copyright (c) 2021 Jurnal Ilmiah Informatika
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.