Evaluation the Information Security Management System: A Path Towards ISO 27001 Certification

  • Jevelin Jevelin Universitas Multimedia Nusantara, Indonesia
  • Ahmad Faza Universitas Multimedia Nusantara, Indonesia
DOI: 10.51519/journalisi.v5i4.572
Keywords: Information security management system, ISO 27001, KAMI index, PDCA method

Abstract

This study addresses the urgent need for robust data security by evaluating the Information Security Management System (ISMS) of a private contractor poised for ISO 27001 certification. It introduces the context of pervasive data breaches that necessitate stringent security measures. Employing a mixed-methods approach, the research method combines the KAMI index for quantitative maturity assessment with qualitative insights from staff interviews and literature reviews. The results reveal the contractor's ISMS maturity at levels I+ to II, indicating a shortfall in meeting the ISO 27001 benchmark. The discussion highlights the efficacy of the PDCA cycle in ISMS implementation, but also underscores the imperative for enhancements to fulfill certification requirements.

Downloads

Download data is not yet available.

References

A. P. Idhamani, “Dampak Teknologi Informasi terhadap Minat Baca Siswa,” UNILIB J. Perpust., vol. 11, no. 1, pp. 35–41, 2020, doi: 10.20885/unilib.vol11.iss1.art4.

J. Simarmata and others, Teknologi Informasi dan Sistem Informasi Manajemen. Yayasan Kita Menulis, 2020.

M. Fianty, A. Angelina, G. Claudia, D. Sertivia, and Jevelin, “Analysis of Factors Affecting Information System Security Behaviour in Employees at IT Company,” vol. 13, no. 1, pp. 29–36, 2022, doi: https://doi.org/10.31937/si.v13i1.2660.

I. Y. Sari and others, Keamanan Data dan Informasi. Yayasan Kita Menulis, 2020.

“Keamanan siber indonesia 2022.” 2022.

A. R. Riswaya, A. Sasongko, and A. Maulana, “Evaluasi Tata Kelola Keamanan Teknologi Informasi Menggunakan Indeks KAMI Untuk Persiapan Standar SNI ISO / IEC 27001 ( Studi Kasus : STMIK Mardira Indonesia ),” J. Comput. Bisnis, vol. 14, no. 1, pp. 10–18, 2020.

P. Sugiarto and Y. Suryanto, “Evaluation of the Readiness Level of Information System Security at the BAKAMLA Using the KAMI Index based on ISO 27001 : 2013,” Int. J. Mech. Eng., vol. 7, no. 2, pp. 3607–3614, 2022.

P. Sundari and Wella, “SNI ISO / IEC 27001 dan Indeks KAMI : Manajemen Risiko PUSDATIN ( PUPR ),” Ultim. InfoSys J. Ilmu Sist. Inf., vol. 12, no. 1, pp. 35–42, 2021.

P. Ferdiansyah, Subektiningsih, and R. Indrayani, “Evaluasi Tingkat Kesiapan Keamanan Informasi pada Lembaga Pendidikan Menggunakan Indeks KAMI 4.0,” J. Mob. Forensics, vol. 1, no. 2, pp. 53–62, 2019, doi: https://doi.org/10.12928/mf.v1i2.1001.

I. G. P. K. Juliharta, K. T. Werthi, and N. L. P. N. S. P. Astawa, “Penilaian Keamanan Informasi E-Government Menggunakan Index Keamanan Informasi (KAMI) 4.0,” J. Teknol. Inf. dan Komput., vol. 06, no. 02, pp. 238–244, 2020.

A. L. Maryanto, M. N. Al Azam, and A. Nugroho, “Evaluasi Manajemen Keamanan Informasi pada Perusahaan Pemula Berbasis Teknologi Menggunakan Indeks KAMI,” J. SimanteC, vol. 11, no. 1, pp. 1–12, 2022.

A. Y. Eskaluspita, “ISO 27001 : 2013 for Laboratory Management Information System at School of Applied Science Telkom University,” IOP Conf. Ser. Mater. Sci. Eng., pp. 1–6, 2020, doi: 10.1088/1757-899X/879/1/012074.

E. R. Kaburuan and A. Lindawati, “Implementation of Security System on Humanitarian Organization : Case Study of Dompet Dhuafa Foundation,” J. Phys. Conf. Ser., 2019, doi: 10.1088/1742-6596/1367/1/012004.

N. V Syreyshchikova, D. Y. Pimenov, T. Mikolajczyk, and L. Moldovan, “Information Safety Process Development According to ISO 27001 for an Industrial Enterprise,” Procedia Manuf., vol. 32, pp. 278–285, 2019, doi: 10.1016/j.promfg.2019.02.215.

A. Calder, ISO27001 / ISO 27002 A Pocket Guide, Second. IT Governance Publishing, 2013.

Published
2023-11-29
Abstract views: 2307 times
Download PDF: 1413 times
How to Cite
Jevelin, J., & Faza, A. (2023). Evaluation the Information Security Management System: A Path Towards ISO 27001 Certification. Journal of Information Systems and Informatics, 5(4), 1240-1256. https://doi.org/10.51519/journalisi.v5i4.572
Issue
Vol 5 No 4 (2023): Journal of Information Systems and Informatics
Section
Articles

Copyright (c) 2023 Journal of Information Systems and Informatics

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

  1. I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
  2. I certify that all authors have approved the publication of this and there is no conflict of interest.
  3. I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
  4. I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
  5. I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
  6. I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
  7. If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
  8. I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)