Penerapan ISO/IEC 27001:2022 dalam Tata Kelola Keamanan Sistem Informasi: Evaluasi Proses dan Kendala
DOI:
https://doi.org/10.25134/ilkom.v18i2.205Keywords:
ISO/IEC 27001:2022, SMKI, Security Governance, Information Systems SecurityAbstract
Implementing ISO/IEC 27001:2022 in information security management is crucial and timely due to the increasing cyber threats, the necessity for regulatory compliance, and the significance of information security as a competitive edge. The latest revision of this standard demands proper adaptation and implementation to ensure effective information security management across various organizations. This study examines the key components of ISO/IEC 27001:2022, including organizational context, leadership, planning, support, operations, performance evaluation, and improvement. It delves into the application of ISO/IEC 27001:2022 in security system governance, emphasizing how this standard can enhance risk management and information security within an organization. A case study on a logistics company adopting this standard was conducted to identify best practices, implementation challenges, and its impact on security and regulatory compliance. The study's findings demonstrate that implementing ISO/IEC 27001:2022 effectively improves an organization's information security posture by integrating security policies, procedures, and controls into business processes. These findings offer recommendations as practical guidelines for organizations aiming to strengthen their information security management through the adoption of globally recognized international standards.
Downloads
References
Yuwono ST, Pratama N, Afifah V, Minggu P, Selatan J. Re-Assessment Konsistensi Dokumen Kontrol Sertifikasi ISO 27001:2013 (ISMS) di Bagian Komunikasi Satelit Monitoring PT. Bank BRI, TBK. 2020.
Risna R, Amaliah Y, Yunita S. Implementasi Kriptografi Pada Pengamanan Data Pembayaran Piutang Pelanggan Menggunakan Vigener Cipher. Sebatik 2022;26:525–34. https://doi.org/10.46984/sebatik.v26i2.2061.
Nasiri A. Evaluasi Tingkat Kapabilitas Keamanan Sistem Informasi Menggunakan Kerangka Kerja Cobit 2019 2023;9:34–41.
Glavan AF, Gheorghica D, Croitoru V. MULTI-ACCESS EDGE COMPUTING ANALYSIS OF RISKS AND SECURITY MEASURES. vol. 68. 2023.
Syani M, Mahestro Tresna R, Firdaus EA, Faisal Nugraha F, Bandung PT. PENERAPAN NETWORK ACCESS CONTROL AUTENTIKASI INTERNAL NETWORK SECURITY PROTOKOL 802.1 X. Nuansa Informatika 2022;16.
Budhiningtias Winanti M, Dzulhan I. AUDIT KEAMANAN SISTEM INFORMASI AKADEMIK DENGAN KERANGKA KERJA ISO 27001 DI PROGRAM STUDI SISTEM INFORMASI UNIKOM. 2020.
WATKINS SG. ISO/IEC 27001:2022. IT Governance Publishing; 2022. https://doi.org/10.2307/j.ctv30qq13d.
ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection-Information security management systems-Requirements. 2022.
Syarif RA, Nugroho A. ANALISIS TINGKAT KEMATANGAN SISTEM MANAJEMEN KEAMANAN INFORMASI DIREKTORAT JENDERAL PERBENDAHARAAN DIUKUR DENGAN MENGGUNAKAN INDEKS KEAMANAN INFORMASI (STUDI KASUS: APLIKASI SPAN) 1) 2). 2020.
Hidaya N, Jatnika I. PERANCANGAN SISTEM MANAJEMEN KEAMANAN INFORMASI DATA CENTER STANDART SNI ISOIEC 27001 2013. Jurnal Sistem Informasi Musirawas 2022.
Kurniasih S, Masitoh S. AUDIT SISTEM INFORMASI HUMAN RESOURCE INFORMATION SYSTEM (HRIS) PADA BAGIAN HUMAN RESOURCE (HR) MENGGUNAKAN FRAMEWORK COBIT 5 DOMAIN DSS01. Nuansa Informatika 2021;15.
Parama Yoga T, Maharani V, Maulana ND. Audit Keamanan Sistem Informasi Puskesmas Dengan Standar ISO/IEC 27001:2013 Dan Framework COBIT 5. Nuansa Informatika 2024;18:2614–5405.
Djebbar F, Nordstrom K. A Comparative Analysis of Industrial Cybersecurity Standards. IEEE Access 2023;11:85315–32. https://doi.org/10.1109/ACCESS.2023.3303205.
Algi A, S Reksoprodjo AH, Agus Gultom RG. ANALISIS STANDAR ISO/IEC 27001: 2013 SEBAGAI STRATEGI KEAMANAN INFORMASI DI PUSAT PERTAHANAN SIBER KEMENTERIAN PERTAHANAN REPUBLIK INDONESIA. 2020.
Kurii Y, Opirskyy I. ISO 27001: ANALYSIS OF CHANGES AND COMPLIANCE FEATURES OF THE NEW VERSION OF THE STANDARD. Cybersecurity: Education, Science, Technique 2023;3:46–55. https://doi.org/10.28925/2663-4023.2023.19.4655.
Barraza de la Paz JV, Rodríguez-Picón LA, Morales-Rocha V, Torres-Argüelles SV. A Systematic Review of Risk Management Methodologies for Complex Organizations in Industry 4.0 and 5.0. Systems 2023;11. https://doi.org/10.3390/systems11050218.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Nuansa Informatika
This work is licensed under a Creative Commons Attribution 4.0 International License.