Information Security of Management System Using ISO 27001: 2013 in the Industrial Revolution 4.0

Lusmitasari Lusmitasari; Tri Siwi Agustina

doi:10.55047/transekonomika.v5i2.866

Lusmitasari* Department of Management, Faculty of Economic and Business, Universitas Airlangga, Surabaya, Indonesia
Tri Siwi Agustina Department of Management, Faculty of Economic and Business, Universitas Airlangga, Surabaya, Indonesia

DOI: https://doi.org/10.55047/transekonomika.v5i2.866

Keywords: ISO 27001: 2013, Information Security Management, Industrial Revolution 4.0, Management System, SSE-CMM

Abstract

The design of the Information Security Management System that is made includes all existing processes in a company. Organizations such as universities or institutions need to have a clear security management system. One of the standards that can be used to analyze the level of information security within an organization is ISO 27001:2013. This standard is continuously being developed for the purpose of completing the requirements in terms of implementation of a security system. This study aims to find out how ISO 27001 works and its benefits for an organization. The study employed a literature review methodology. Sources included books, academic papers, internet resources, and personal experiences related to the topic. This study is also expected to be able to help provide a reference for companies to determine the most appropriate security system for the company. In conclusion, the integration of ISO 27001 into an organization's security management system is crucial in today's complex digital landscape. Embracing ISO 27001 not only enhances the overall security framework within an organization but also instills trust among stakeholders and customers in the organization's dedication to data protection.

Downloads

Download data is not yet available.

References

Al-Hassan, M. N. M. (2014). A Semantic Ontology based Concept for Measuring Security Compliance of Cloud Service Providers.

Darmawan, D., & Fauzi, K. N. (2013). Management Information Systems. Rosdakarya Youth.

Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(2).

Fenz, S., Plieschnegger, S., & Hobel, H. (2016). Mapping information security standard ISO 27002 to an ontological structure. Information & Computer Security, 24(5), 452–473.

International Standards Organization. (2013). ISO/IEC 27001 Information Technology, Security Techniques – Information Security Management System-Requirements.

Karlsson, F., Kolkowska, E., & Petersson, J. (2022). Information security policy compliance-eliciting requirements for a computerized software to support value-based compliance analysis. Computers & Security, 114, 102578.

Laudon, K. C., Laudon, J. P., Hall, P. P., & Education, P. (2007). Management Information Systems: Managing the Digital Firm–9th Edition. Studies in Informatics and Control, 16(1), 147.

Meriah, I., & Rabai, L. B. A. (2019). Comparative study of ontologies based iso 27000 series security standards. Procedia Computer Science, 160, 85–92.

Olifer, D. (2015). Evaluation metrics for ontology-based security standards mapping. 2015 Open Conference of Electrical, Electronic and Information Sciences (EStream), 1–4.

Singh, V., & Pandey, S. K. (2014). A comparative study of cloud security ontologies. Proceedings of 3rd International Conference on Reliability, Infocom Technologies and Optimization, 1–6.

Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information security management system standards: A comparative study of the big five. International Journal of Electrical Computer Sciences IJECSIJENS, 11(5), 23–29.

Sutabri, T. (2012). Analisis sistem informasi. Penerbit Andi.