Assessing Information Security Management Using ISO 27001:2013

Abstract

To ensure operational continuity, reduce risks to businesses, and optimize investment returns and business opportunities, information security is an essential element in ensuring the protection of information from different threats. Information protection may be facilitated by the implementation of international standard frameworks, given that a set of standards or provisions is needed to achieve and maintain an adequate level of safeguards for the use of assets. The Ministry of XYZ is handling various important, highly confidential, and sensitive data. Therefore, information protection is not only essential but also mandatory.  The organization has implemented ISO 27001:2013 in Pusat Data dan Teknologi Informasi (Pusdatin) and called the security management standard Sistem Manajemen Keamanan Informasi (SMKI). However, according to the Cyber Security Maturity assessment result by a public institution in 2022, there is still a wide gap between the technical implementation and the governance itself.  Therefore, to improve the good governance of information security, we need to specifically evaluate the maturity of SMKI itself. This study will use the ISO 27001:2013 Compliance Checklist.