基于ISO/IEC 27001:2013的ISMS规划，在差距分析阶段使用层次分析法(案例研究:XYZ研究所)

2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA) Pub Date : 2017-10-01 DOI:10.1109/TSSA.2017.8272916

Johan Candra, O. Briliyant, Sion Rebeca Tamba

{"title":"基于ISO/IEC 27001:2013的ISMS规划，在差距分析阶段使用层次分析法(案例研究:XYZ研究所)","authors":"Johan Candra, O. Briliyant, Sion Rebeca Tamba","doi":"10.1109/TSSA.2017.8272916","DOIUrl":null,"url":null,"abstract":"The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.","PeriodicalId":271883,"journal":{"name":"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"ISMS planning based on ISO/IEC 27001:2013 using analytical hierarchy process at gap analysis phase (Case study : XYZ institute)\",\"authors\":\"Johan Candra, O. Briliyant, Sion Rebeca Tamba\",\"doi\":\"10.1109/TSSA.2017.8272916\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.\",\"PeriodicalId\":271883,\"journal\":{\"name\":\"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TSSA.2017.8272916\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TSSA.2017.8272916","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

摘要

信息安全规划面临的最大挑战是如何在缺口分析阶段获得准确性。根据基于ISO/IEC 27001:2013的信息安全管理体系(ISMS)实施指南，ISMS的规划分为5个阶段。这5个阶段分别是:确定范围、进行差距分析、完成风险评估、确定控制和目标、确定ISMS的政策和程序。差距分析阶段是评估组织在ISMS实施方面的当前位置所必需的。这项研究建议使用AHP来确定哪些信息安全控制与组织的需求和目标最相关。我们将在一个叫做XYZ研究所的印尼组织中进行这个过程。这项研究的结果是信息安全漏洞处理的优先级，这将有助于XYZ研究所支持他们的ISO/IEC 27001:2013实施过程。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

ISMS planning based on ISO/IEC 27001:2013 using analytical hierarchy process at gap analysis phase (Case study : XYZ institute)

The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)

自引率

0.00%

发文量