Evaluation the Information Security Management System: A Path Towards ISO 27001 Certification

Authors

  • Jevelin Jevelin Multimedia Nusantara University, Indonesia
  • Ahmad Faza Multimedia Nusantara University, Indonesia
Pages Icon

DOI:

https://doi.org/10.51519/journalisi.v5i4.572

Keywords:

Information security management system, ISO 27001, KAMI index, PDCA method

Abstract

This study addresses the urgent need for robust data security by evaluating the Information Security Management System (ISMS) of a private contractor poised for ISO 27001 certification. It introduces the context of pervasive data breaches that necessitate stringent security measures. Employing a mixed-methods approach, the research method combines the KAMI index for quantitative maturity assessment with qualitative insights from staff interviews and literature reviews. The results reveal the contractor's ISMS maturity at levels I+ to II, indicating a shortfall in meeting the ISO 27001 benchmark. The discussion highlights the efficacy of the PDCA cycle in ISMS implementation, but also underscores the imperative for enhancements to fulfill certification requirements.

Downloads

Download data is not yet available.

References

A. P. Idhamani, “Dampak Teknologi Informasi terhadap Minat Baca Siswa,” UNILIB J. Perpust., vol. 11, no. 1, pp. 35–41, 2020, doi: 10.20885/unilib.vol11.iss1.art4.

J. Simarmata and others, Teknologi Informasi dan Sistem Informasi Manajemen. Yayasan Kita Menulis, 2020.

M. Fianty, A. Angelina, G. Claudia, D. Sertivia, and Jevelin, “Analysis of Factors Affecting Information System Security Behaviour in Employees at IT Company,” vol. 13, no. 1, pp. 29–36, 2022, doi: https://doi.org/10.31937/si.v13i1.2660.

I. Y. Sari and others, Keamanan Data dan Informasi. Yayasan Kita Menulis, 2020.

“Keamanan siber indonesia 2022.” 2022.

A. R. Riswaya, A. Sasongko, and A. Maulana, “Evaluasi Tata Kelola Keamanan Teknologi Informasi Menggunakan Indeks KAMI Untuk Persiapan Standar SNI ISO / IEC 27001 ( Studi Kasus : STMIK Mardira Indonesia ),” J. Comput. Bisnis, vol. 14, no. 1, pp. 10–18, 2020.

P. Sugiarto and Y. Suryanto, “Evaluation of the Readiness Level of Information System Security at the BAKAMLA Using the KAMI Index based on ISO 27001 : 2013,” Int. J. Mech. Eng., vol. 7, no. 2, pp. 3607–3614, 2022.

P. Sundari and Wella, “SNI ISO / IEC 27001 dan Indeks KAMI : Manajemen Risiko PUSDATIN ( PUPR ),” Ultim. InfoSys J. Ilmu Sist. Inf., vol. 12, no. 1, pp. 35–42, 2021.

P. Ferdiansyah, Subektiningsih, and R. Indrayani, “Evaluasi Tingkat Kesiapan Keamanan Informasi pada Lembaga Pendidikan Menggunakan Indeks KAMI 4.0,” J. Mob. Forensics, vol. 1, no. 2, pp. 53–62, 2019, doi: https://doi.org/10.12928/mf.v1i2.1001.

I. G. P. K. Juliharta, K. T. Werthi, and N. L. P. N. S. P. Astawa, “Penilaian Keamanan Informasi E-Government Menggunakan Index Keamanan Informasi (KAMI) 4.0,” J. Teknol. Inf. dan Komput., vol. 06, no. 02, pp. 238–244, 2020.

A. L. Maryanto, M. N. Al Azam, and A. Nugroho, “Evaluasi Manajemen Keamanan Informasi pada Perusahaan Pemula Berbasis Teknologi Menggunakan Indeks KAMI,” J. SimanteC, vol. 11, no. 1, pp. 1–12, 2022.

A. Y. Eskaluspita, “ISO 27001 : 2013 for Laboratory Management Information System at School of Applied Science Telkom University,” IOP Conf. Ser. Mater. Sci. Eng., pp. 1–6, 2020, doi: 10.1088/1757-899X/879/1/012074.

E. R. Kaburuan and A. Lindawati, “Implementation of Security System on Humanitarian Organization : Case Study of Dompet Dhuafa Foundation,” J. Phys. Conf. Ser., 2019, doi: 10.1088/1742-6596/1367/1/012004.

N. V Syreyshchikova, D. Y. Pimenov, T. Mikolajczyk, and L. Moldovan, “Information Safety Process Development According to ISO 27001 for an Industrial Enterprise,” Procedia Manuf., vol. 32, pp. 278–285, 2019, doi: 10.1016/j.promfg.2019.02.215.

A. Calder, ISO27001 / ISO 27002 A Pocket Guide, Second. IT Governance Publishing, 2013.

Downloads

Published

2023-11-29

Issue

Vol. 5 No. 4 (2023): Journal of Information Systems and Informatics

Section

Articles

License

Authors Declaration

  1. The Authors certify that they have read, understood, and agreed to the Journal of Information Systems and Informatics (JournalISI) submission guidelines, policies, and submission declaration. The submission has been prepared using the provided template.
  2. The Authors certify that all authors have approved the publication of this manuscript and that there is no conflict of interest.
  3. The Authors confirm that the manuscript is their original work, has not received prior publication, is not under consideration for publication elsewhere, and has not been previously published.
  4. The Authors confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. The Authors confirm that the manuscript is not copied from or plagiarized from any other published work.
  6. The Authors declare that the manuscript will not be submitted for publication in any other journal or magazine until a decision is made by the journal editors.
  7. If the manuscript is finally accepted for publication, the Authors confirm that they will either proceed with publication immediately or withdraw the manuscript in accordance with the journal’s withdrawal policies.
  8. The Authors agree that, upon publication of the manuscript in this journal, they transfer copyright or assign exclusive rights to the publisher, including commercial rights

How to Cite

[1]
J. Jevelin and A. Faza, “Evaluation the Information Security Management System: A Path Towards ISO 27001 Certification”, journalisi, vol. 5, no. 4, pp. 1240–1256, Nov. 2023, doi: 10.51519/journalisi.v5i4.572.

Most read articles by the same author(s)