The measurement design of information security management system

Abstract

Information is an asset, such as important business assets, has value to an organization and consequently must be well protected. In organizations, information becomes an important and must remain available, and its existence should be maintained from unauthorized access. The use of information by unauthorized parties could be used for negative purposes which would be detrimental to the organization. Therefore, information security must be implemented correctly in order to avoid the impact of loss to the organization. Information security must satisfy the elements of confidentiality, integrity and availability. The international standard ISO / IEC 27000: 2014, SNI ISO / IEC 27001: 2013 and SNI ISO / IEC 27002: 2013 are a standard for Information Security Management System that can be used for the organization. These standard are able to test the security of the information and to measure the effectiveness of an implemented Information Security Management System (ISMS) which has been adopted as SNI ISO / IEC 27004: 2013. The standardization of Information Security Management Systems need an adjustment, the version of ISO / IEC 27004. The latter has adopted the development of ISO / IEC 27000, ISO / IEC 27001 and ISO / IEC 27002 which is required the measurement design of Information Security Management System. This study results in the design of the size of the Information Security Management System in accordance with the rules of international standards and the latest ISO standards. So it can be a reference for various organizations. This study aims to make a measurement design of Information Security Management System by adopting the best practices based on information security standard defined by ISO / IEC.