论文信息 - Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution

Information Security Assessment Using ISO/IEC 27001:2013 Standard on Government Institution

The purpose of this research is to determine the existing gap to achieve ISO/IEC 27001:2013 certification and determine the maturity level of the information system owned by X Government Institution. The information system of X Government Institution would be assessed based on 14 clauses contained in ISO/IEC 27001: 2013. The method used is qualitative method, data collection and data validation with triangulation technique (interview, observation, and documentation). Data analysis used gap analysis and to measure the maturity level of this research used CMMI (Capability Maturity Model for Integration). The result of the research showed that information security which had been applied by X Government Institution was at level 1 (Initial) which meant there was evidence that the institution was aware of problems that needed to be overcome, unstandardized process, and tended to handle the problem individually or by case.

Candiwan Candiwan | Akmal Zaifullah Maingak | Listyo Dwi Harsono | C. Candiwan | Akmal Zaifullah Maingak

[1] Dian Chisva Islami,et al. Kesadaran Keamanan Informasi pada Pegawai Bank x di Bandung Indonesia , 2016 .

[2] Steven Furnell,et al. Information security conscious care behaviour formation in organizations , 2015, Comput. Secur..

[3] Rizki Komalasari,et al. 14. Audit Keamanan Informasi Bagian Teknologi Informasi PT PLN (Persero) DJBB Menggunakan SNI ISO/IEC 27001: 2009 , 2015 .

[4] Georg Disterer,et al. ISO/IEC 27000, 27001 and 27002 for Information Security Management , 2013 .

[5] Mattia Bozza. Information system management: the reengineering of an ICT department , 2012 .

[6] Tamara Dinev,et al. Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[7] Kristian Beckers,et al. A Pattern-Based Method for Identifying and Analyzing Laws , 2012, REFSQ.

[8] Xin Luo,et al. Social Engineering: The Neglected Human Factor for Information Security Management , 2011, Inf. Resour. Manag. J..

[9] Joseph Mollick. Management of Information Security , 2008 .

[10] H. Susanto,et al. Information Security Management System Standards : A Comparative Study of the Big Five , 2011 .