Relevant bibliographies by topics / IEC 27004 / Journal articles
To see the other types of publications on this topic, follow the link: IEC 27004.

Journal articles on the topic 'IEC 27004'

Author: Grafiati
Published: 25 June 2021
Last updated: 29 July 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the top 50 journal articles for your research on the topic 'IEC 27004.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.

1

Winarni, Ade. "Penilaian Tingkat Efektivitas Penerapan Keamanan Sistem Informasi Menggunakan Iso/Iec 27004:2009 Dan Iso/Sni 27001:2009 (Studi." Jurnal Bangkit Indonesia 5, no. 2 (2016): 90. http://dx.doi.org/10.52771/bangkitindonesia.v5i2.77.

Full text
Abstract:
Sejak tahun 2014 STT Indonesia Tanjungpinang sudah menerapkan kebijakan SMKI, hal ini guna menunjang oprasional penerapan sistem informasi khususnya sistem informasi akademik dan keuangan (SIMAK), namun sampai saat ini belum dilakukan evaluasi terhadap penerapan SMKI tersebut. Maka dari itu penelitian ini berfokus pada penilaian tingkat efektivitas penerapan keamanan sistem informasi menggunakan ISO/IEC 27004. Untuk memastikan bahwa kebijakan SMKI yang sudah diterapkan saat ini berjalan dengan baik. Tahap yang dilakukan dimulai dari pengukuran tingkat efektivitas penerapan keamanan sistem info
APA, Harvard, Vancouver, ISO, and other styles
2

Soesanto, Edy, Fadila Kurniasih, Putri Mutiara, and Salsabila Taqwaning Afifi. "Sistem manajemen keamanan informasi dengan standar ISO/IEC 27001 dan ISO/ICE 27002 pada PT Jasa Marga." Co-Creation : Jurnal Ilmiah Ekonomi Manajemen Akuntansi dan Bisnis 1, no. 4 (2023): 155–64. http://dx.doi.org/10.55904/cocreation.v1i4.700.

Full text
Abstract:
This study aims to analyze the security management system with ISO/IEC 27001 and 27002 standards at PT Jasa Marga. This study uses a literature search study method with an ISMS approach. Information security management system (ISMS) means a form of process organization based on a business risk approach for planning (Plan), implementation and operation (Execute), monitoring and inspection (Check), and maintenance and improvement or development (Act) of security gossip, ISO/IEC 27000, 27001 and 27002 companies are accepted and adapted using standards. Based on the results of the study, companies
APA, Harvard, Vancouver, ISO, and other styles
3

Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for Information Security Management." Journal of Information Security 04, no. 02 (2013): 92–100. http://dx.doi.org/10.4236/jis.2013.42011.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Adebola Folorunso, Viqaruddin Mohammed, Ifeoluwa Wada, and Bunmi Samuel. "The impact of ISO security standards on enhancing cybersecurity posture in organizations." World Journal of Advanced Research and Reviews 24, no. 1 (2024): 2582–95. http://dx.doi.org/10.30574/wjarr.2024.24.1.3169.

Full text
Abstract:
The increasing frequency and sophistication of cyber threats have made organizations need to adopt robust cybersecurity frameworks. ISO security standards, particularly the ISO/IEC 27000 series, play a critical role in enhancing organizations' cybersecurity posture worldwide. These standards provide a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. ISO/IEC 27001, which focuses on establishing an Information Security Management System (ISMS), is widely recognized for its ability to help organizations identify, manage, and mitigat
APA, Harvard, Vancouver, ISO, and other styles
5

Aldya, A. P., S. Sutikno, and Y. Rosmansyah. "Measuring effectiveness of control of information security management system based on SNI ISO/IEC 27004: 2013 standard." IOP Conference Series: Materials Science and Engineering 550 (August 23, 2019): 012020. http://dx.doi.org/10.1088/1757-899x/550/1/012020.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Adebola, Folorunso, Mohammed Viqaruddin, Wada Ifeoluwa, and Samuel Bunmi. "The impact of ISO security standards on enhancing cybersecurity posture in organizations." World Journal of Advanced Research and Reviews 24, no. 1 (2024): 2582–95. https://doi.org/10.5281/zenodo.15063305.

Full text
Abstract:
The increasing frequency and sophistication of cyber threats have made organizations need to adopt robust cybersecurity frameworks. ISO security standards, particularly the ISO/IEC 27000 series, play a critical role in enhancing organizations' cybersecurity posture worldwide. These standards provide a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. ISO/IEC 27001, which focuses on establishing an Information Security Management System (ISMS), is widely recognized for its ability to help organizations identify, manage, and mitigat
APA, Harvard, Vancouver, ISO, and other styles
7

Fatih, Dayyan, and Rizal Fathoni Aji. "Evaluasi Keamanan Informasi Menggunakan ISO/IEC 27001: Studi Kasus PT XYZ." J-SAKTI (Jurnal Sains Komputer dan Informatika) 8, no. 1 (2024): 72. https://doi.org/10.30645/j-sakti.v8i1.767.

Full text
Abstract:
PT XYZ is one of the government-owned enterprises of the Republic of Indonesia that engaged in agribusiness. PT XYZ already has an information security management system (ISMS), but there are still several obstacles that are found, such as low personnel attention to information security, the need to remain compliant with government regulations, to technical constraints that arise, so PT XYZ wants to improve its information security-related capabilities. This study aims to determine the current condition of the existing ISMS at PT XYZ and provide recommendations for improving the ISMS. This res
APA, Harvard, Vancouver, ISO, and other styles
8

Robayo Jácome, Darío Javier, Priscila Aguilar-Molina, and Lorena del Carmen Chiliquinga Véjar. "Information Security through the ISO/IEC 27001:2013 Standard." Medwave 23, S1 (2023): eUTA275. http://dx.doi.org/10.5867/medwave.2023.s1.uta275.

Full text
Abstract:
Introducción El uso de las tecnologías permite a las organizaciones un mejor tratamiento de la información, lo que ha hecho que, en la actualidad sea vulnerable a una variedad de amenazas que afectan a su confidencialidad, integridad y disponibilidad. Sin embargo, en la mayor parte de ellas no es prioridad su seguridad, por lo que no se cuenta con políticas adecuadas para su diagnóstico e implementación. Objetivos El objetivo del trabajo es desarrollar un plan de gestión de seguridad de la información basado en la norma ISO/IEC 27001:2013 para el centro de datos de una empresa pública de admin
APA, Harvard, Vancouver, ISO, and other styles
9

Ramazonova, Madina Shavkatovna, Shuxratbek Dilmurodjon o'g'li Tojimuratov, Bekzod Toxirboy o'g'li Mirzayev та Jaloliddin Umidjon o'g'li Babajanov. "ISO/IEC 27001:2005 VA ISO/IEC 17799:2005 STANDARTLARI. "AXBOROT TEXNOLOGIYALARI. XAVFSIZLIKNI TAʼMINLASH METODLARI. AXBOROT XAVFSIZLIGINI BOSHQARISH TIZIMLARI."". RESEARCH AND EDUCATION 3, № 4 (2024): 183–91. https://doi.org/10.5281/zenodo.11245256.

Full text
Abstract:
<em>Axborot xavfsizligi tashkilotning qo&lsquo;shimcha qiymat beradigan eng muhim resurslaridan biri bo&lsquo;lib, uni himoya qilish zarurati tug&lsquo;iladi. ISO 27001 standarti axborot xavfsizligini boshqarish tizimini (AXBT) ishlab chiqish va joriy etish bo&lsquo;yicha talablarga muvofiq jarayonlarni belgilaydi. Ushbu tizim axborot aktivlarining konfidensialligi, butunligi va foydalanuvchanligini ta&rsquo;minlashni nazarda tutadi. ISO 27001 korxona uchun xavfsizlik siyosati va risklarni boshqarish jarayonini hujjatlashtirish, monitoring qilish va takomillashtirish imkonini beradi. Standart,
APA, Harvard, Vancouver, ISO, and other styles
10

Buresh, Ph.D., J.D., LL.M., Donald L. "A Practical Evaluation of Remote Work Issues and the SolarWinds Breach Using the ISO/IEC 27001 Cybersecurity Framework and the ISO/IEC 27002 Guidelines." Studies in Social Science Research 3, no. 2 (2022): p75. http://dx.doi.org/10.22158/sssr.v3n2p75.

Full text
Abstract:
This article outlines the ISO/IEC 27001 framework and the ISO/IEC 27002 guidelines, focusing on their application to two cybersecurity issues. In light of the Covid-19 pandemic, remote work has become commonplace. The factors regarding remote work have led organizations to address the cybersecurity vulnerabilities associated with the activity. ISO/IEC 27001 is one such framework that can effectively mitigate the effects of a cyber-attack. The SolarWinds breach is another example that is discussed in this article. The piece demonstrates that had SolarWinds Corp. implemented the ISO/IEC 27001 fr
APA, Harvard, Vancouver, ISO, and other styles
11

Antipov, V. E., and V. V. Selifanov. "Problems of formalization of ISMS processes." Interexpo GEO-Siberia 6 (May 18, 2022): 3–8. http://dx.doi.org/10.33764/2618-981x-2022-6-3-8.

Full text
Abstract:
This article raises the problem of formalization of processes in the information security management system. The question of the necessity and importance of the stage of formalization of processes, the study and analysis of national and international standards is considered. In the course of the work, approaches to the development of an information security management system were analyzed, as well as national standards ГОСТ Р ИСО/МЭК 27001-2006, ГОСТ Р ИСО/МЭК 27002-2012 and ГОСТ Р ИСО/МЭК 27005-2010, which are the main ones when creating an information security management system (ISMS) and ap
APA, Harvard, Vancouver, ISO, and other styles
12

Diamantopoulou, Vasiliki, Aggeliki Tsohou, and Maria Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls." Information & Computer Security 28, no. 4 (2020): 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.

Full text
Abstract:
Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation. Design/methodology/approach This
APA, Harvard, Vancouver, ISO, and other styles
13

Mendes, Ricardo Ribeiro, Rômulo R. L. de Oliveira, Anderson Fabiano Batista Ferreira da Costa, and Reinaldo Cezar De Morais Gomes. "Uma metodologia para implantação de um Sistema de Gestão de Segurança da Informação (SGSI) baseado nas normas ABNT NBR ISO/IEC 27001 e 27002." Revista Principia - Divulgação Científica e Tecnológica do IFPB, no. 22 (August 26, 2013): 69. http://dx.doi.org/10.18265/1517-03062015v1n22p69-80.

Full text
Abstract:
&lt;p&gt;A segurança da informação destaca-se como uma das principais preocupações em diversas organizações. Para garantir que as informações e os sistemas de informações estejam protegidos contra ameaças de todos os tipos é necessário definir processos gerenciados e assegurar a confidencialidade, integridade e disponibilidade delas. Com esta finalidade, as normas ABNT NBR ISO/IEC 27001 e ABNT NBR ISO/IEC 27002 provem um conjunto de técnicas para estabelecer, implementar, operar, monitorar, analisar criticamente, manter e melhorar um Sistema de Gestão de Segurança da Informação (SGSI). Porém,
APA, Harvard, Vancouver, ISO, and other styles
14

ال فيحان, اثير عبد الهادي, та عامر حمدي عبد غريب. "تقييم نظام أدارة امن المعلومات في الهيئة العراقية للحاسبات والمعلوماتية على وفق المواصفة الدولية (ISO/IEC 27001:2013". Journal of Economics and Administrative Sciences 21, № 86 (2015): 1. http://dx.doi.org/10.33095/jeas.v21i86.764.

Full text
Abstract:
تضمّن البحث الحالي (تقييم نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في الهيئة العراقية للحواسيب والمعلوماتية) , اذ يعد وضع نظام اداري لامن المعلومات من الأولويات في الوقت الحاضر, وفي ظل اعتماد المنظمات على الحواسيب وتقانة المعلومات في العمل والتواصل مع الاخرين , تبقى الشرعية الدولية (والمتمثلة بمنظمة التقييس الدولية (ISO)) اساساً للمطابقة والالتزام, وتتجلى اهمية تطبيق نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في حماية موجودات المنظمات وبخاصة المعلومات وقواعد البيانات بشكل منهجي ومستمر.&#x0D; هدف البحث اجراء تقييم ما بين نظام ادارة امن ا
APA, Harvard, Vancouver, ISO, and other styles
15

Sugianto, Anindya Dwi Lestari, Febriliyan Samopa, and Hanim Maria Astuti. "PENILAIAN DAN KONTROL RISIKO TERHADAP INFRASTRUKTUR DAN KEAMANAN INFORMASI BERDASARKAN STANDAR ISO/IEC 27001:2013 (STUDI KASUS: INSTITUT TEKNOLOGI SEPULUH NOPEMBER)." Sebatik 24, no. 1 (2020): 96–101. http://dx.doi.org/10.46984/sebatik.v24i1.910.

Full text
Abstract:
Direktorat Pengembangan Teknologi dan Sistem Informasi (DPTSI) Institut Teknologi Sepuluh Nopember (ITS) Surabaya merupakan direktorat yang memiliki fungsi menangani seluruh aktivitas yang berhubungan dengan sistem dan teknologi informasi di ruang lingkup ITS. Risiko yang muncul dalam organisasi di bidang sistem dan teknologi informasi terutama pada ruang lingkup infrastruktur dan keamanan informasi, seperti adanya kerusakan aset, pencurian data, layanan yang tidak bisa diakses. Tindakan penanganan risiko terkait ruang lingkup infrastruktur dan keamanan informasi di DPTSI ITS belum diterapkan
APA, Harvard, Vancouver, ISO, and other styles
16

Hermawan, Wawan. "Perancangan Manajemen Risiko Keamanan Informasi pada Penyelenggara Sertifikasi Elektronik (PSrE)." Jurnal Telekomunikasi dan Komputer 9, no. 2 (2019): 129. http://dx.doi.org/10.22441/incomtech.v9i2.6474.

Full text
Abstract:
Badan Pengkajian dan Penerapan Teknologi (BPPT) merupakan Penyelenggara Sertifikasi Elektronik (PSrE) untuk instansi pemerintah. Berdasarkan Peraturan Pemerintah No.82 Tahun 2012 Penyelenggara Sertifikasi Elektronik (PSrE) BPPT dikategorikan sebagai Penyelenggara Sistem Elektronik yang termasuk dalam Penyelenggara Sistem Elektronik strategis dan tinggi sehingga diwajibkan untuk memiliki sistem manajemen keamanan informasi. Dalam penelitian ini, untuk mendukung Penyelenggara Sertifikasi Elektronik (PSrE) BPPT memiliki sistem manajemen keamanan informasi maka dilakukan perancangan manajemen risi
APA, Harvard, Vancouver, ISO, and other styles
17

Mauladani, Furqon, and Daniel Oranova Siahaan. "Perancangan SMKI Berdasarkan SNI ISO/IEC27001:2013 dan SNI ISO/IEC27005:2013 (Studi Kasus DPTSI-ITS)." CSRID (Computer Science Research and Its Development Journal) 10, no. 1 (2018): 32. http://dx.doi.org/10.22303/csrid.10.1.2018.32-43.

Full text
Abstract:
&lt;p&gt;&lt;em&gt;Institut Teknologi Sepuluh Nopember (ITS) adalah salah satu universitas di Surabaya. ITS telah menggunakan TIK untuk keperluan operasional bisnisnya (contohnya isi kartu program studi, proses absensi, pembaharuan informasi, dan lainnya). Penggunaan TIK tidak dapat dipisahkan dari ancaman yang dapat mengganggu operasional TIK. Ancaman terdiri dari ancaman yang berasal dari luar (penyebaran malware, aktifitas social engineering), orang dalam (sengaja, tidak sengaja), kegagalan teknis (kesalahan penggunaan, kegagalan perangkat keras/lunak) ataupun bencana alam (kebakaran, gempa
APA, Harvard, Vancouver, ISO, and other styles
18

Blandón Jaramillo, Carlos Arturo, and Alejandra María Benavides Sepúlveda. "Modelo sistema de gestión de seguridad de la información para instituciones educativas de nivel básico." Scientia et Technica 23, no. 1 (2018): 85–92. http://dx.doi.org/10.22517/23447214.15861.

Full text
Abstract:
El Ministerio de Tecnologías de la Información y las Comunicación – MINTIC ha establecido directrices que permiten implementar sistemas de gestión de seguridad de la información – SGSI en las entidades del estado. La educación pública es un servicio y un derecho de los niños y niñas consagrado en la Constitución Política de Colombia, circunscrito en el Decreto Reglamentario 1078/2015, que contiene a su vez lo lineamientos para la implementación de la estrategia de gobierno en línea – GEL, incluyendo un SGSI basado en la norma NTC ISO/IEC 27001. El proyecto consiste en realizar un análisis de r
APA, Harvard, Vancouver, ISO, and other styles
19

Primaranti, Jenyta, Aulia Faradilla Setyowardhani, Ida Nurlela, Valerian Ghrandiaz, and Yulhendri Yulhendri. "Analisis Resiko Keamanan Informasi Website Repository Digital Library Menggunakan Framework ISO/IEC 27001 & 27002: Studi Kasus Perguruan tinggi X." Jurnal Riset Multidisiplin dan Inovasi Teknologi 2, no. 01 (2023): 327–73. http://dx.doi.org/10.59653/jimat.v2i01.500.

Full text
Abstract:
The continuous evolution of digital repositories in the era of globalization, especially in context of higher education digital libraries, poses security risks that raise concerns among users. Existence of sensitive user data that requires protection by universities adds to this concern. This research aims to conduct comprehensive analysis of information security risks associated with digital library repository websites. This research seeks to identify potential vulnerabilities, threats that could compromise the confidentiality, integrity and availability of digital assets stored in repositori
APA, Harvard, Vancouver, ISO, and other styles
20

Fauzi, Rokhman. "Implementasi Awal Sistem Manajemen Keamanan Informasi pada UKM Menggunakan Kontrol ISO/IEC 27002." JTERA (Jurnal Teknologi Rekayasa) 3, no. 2 (2018): 145. http://dx.doi.org/10.31544/jtera.v3.i2.2018.145-156.

Full text
Abstract:
Informasi merupakan aset organisasi yang harus dilindungi keamanannya. Sistem manajemen keamanan informasi diimplementasikan untuk melindungi aset informasi dari berbagai ancaman untuk menjamin kelangsungan usaha, meminimalisasi kerusakan akibat terjadinya ancaman, mempercepat kembalinya investasi, dan peluang usaha. Pada penelitian ini, standar internasional ISO/IEC 27001 dan analisis risiko metode OCTAVE-S digunakan dalam perancangan sistem manajemen keamanan informasi di salah satu perusahaan yang merupakan sebuah Usaha Kecil Menengah (UKM) yang bergerak di bidang engineering services. Sesu
APA, Harvard, Vancouver, ISO, and other styles
21

Ávila Coello, Alex Armando. "Modelo de SGSI en el Departamento de TI del GADMCN, Aplicando Controles ISO/IEC 27001:2013 e ISO/IEC 27002:2022." Ciencia Latina Revista Científica Multidisciplinar 8, no. 5 (2024): 12000–11210. http://dx.doi.org/10.37811/cl_rcm.v8i5.14503.

Full text
Abstract:
Este estudio propone un modelo de Sistema de Gestión de Seguridad de la Información (SGSI) para establecer controles basados en la norma ISO/IEC 27001:2013 y el código de prácticas ISO/IEC 27002:2022 en el Departamento de Informática del Gobierno Autónomo Descentralizado Municipal (GAD) de Naranjal. La investigación identifica vulnerabilidades en las prácticas actuales de seguridad y sugiere implementar estrategias para garantizar la confidencialidad, integridad y disponibilidad de los datos. El estudio incluyó una encuesta a los usuarios internos del GAD Naranjal, lo que permitió evaluar las
APA, Harvard, Vancouver, ISO, and other styles
22

Pumasunco Rivera, Manuel Fernando, and Candy Esther Seminario Sanchez. "La seguridad de la información y los beneficios de la Norma ISO/IEC 27002:2013." Revista de investigación de Sistemas e Informática 17, no. 2 (2024): 45–49. https://doi.org/10.15381/risi.v17i2.29916.

Full text
Abstract:
La justificación se debe a la creciente amenaza en temas de seguridad de la información y constantes caso de robo informático a empresas u organizaciones. El objetivo de la presente investigación es brindar los beneficios de un Sistema de Gestión de Seguridad de la Información (SGSI) basados la norma ISO 27002:2013 la cual comprende controles a implementar por la empresa u organización que ayudaran a proteger su información e involucrar aspectos de ciberseguridad. La investigación es exploratoria, porque el tema es poco investigado y también de diseño no experimental porque no se va a alterar,
APA, Harvard, Vancouver, ISO, and other styles
23

Damian Vasquez, Jaime. "ISO/IEC 27000." HIGH TECH-ENGINEERING JOURNAL 3, no. 2 (2023): 80–84. http://dx.doi.org/10.46363/high-tech.v3i2.3.

Full text
Abstract:
En la actualidad, las amenazas tecnológicas son una realidad cotidiana, especialmente en las organizaciones, que van desde virus hasta ataques sofisticados como los de día cero. Esto exige la implementación de controles de seguridad de la informaciónpara proteger los datos y recursos confidenciales, reduciendo la fricción de acceso de los usuarios ante amenazas. La dependencia de las Tecnologías de la Información y las Comunicaciones (TIC) en las organizaciones ha dado lugar a la necesidad de un Sistema de Gestión de Seguridad de la Información (SGSI) para garantizar la protección adecuada de
APA, Harvard, Vancouver, ISO, and other styles
24

Nykänen, Riku, and Tommi Kärkkäinen. "Aligning Two Specifications for Controlling Information Security." International Journal of Cyber Warfare and Terrorism 4, no. 2 (2014): 46–62. http://dx.doi.org/10.4018/ijcwt.2014040104.

Full text
Abstract:
Assuring information security is a necessity in modern organizations. Many recommendations for information security management exist, which can be used to define a baseline of information security requirements. ISO/IEC 27001 prescribes a process for an information security management system, and guidance to implement security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has been developed by the national authorities in Finland as a tool to verify maturity of information security practices. KATAKRI defines both security control objectives and secu
APA, Harvard, Vancouver, ISO, and other styles
25

Meitarice, Sonya, Lidya Febyana, Aidil Fitriansyah, Rahmad Kurniawan, and Riki Ario Nugroho. "Risk Management Analysis of Information Security in an Academic Information System at a Public University in Indonesia: Implementation of ISO/IEC 27005:2018 and ISO/IEC 27001:2013 Security Controls." Journal of Information Technology and Cyber Security 2, no. 2 (2024): 58–75. https://doi.org/10.30996/jitcs.12099.

Full text
Abstract:
An online academic information system is potentially exposed to various threats from internal and external sources, which may compromise the institution's objectives if not managed effectively and appropriately. Academic portals often experience issues such as server downtime and unauthorised access attempts. However, there is no specific documentation dedicated to managing these issues. This study aims to analyze risk management in information security for the academic portal of Universitas Riau, Indonesia. The study employs the International Organization for Standardization (ISO)/Internation
APA, Harvard, Vancouver, ISO, and other styles
26

Medve, Anna. "Model-based Framework for Change Management and Integrated Development of Information Security." INTERNATIONAL JOURNAL OF MANAGEMENT & INFORMATION TECHNOLOGY 5, no. 3 (2013): 586–97. http://dx.doi.org/10.24297/ijmit.v5i3.4225.

Full text
Abstract:
This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B chan
APA, Harvard, Vancouver, ISO, and other styles
27

Medve, Anna. "Model-based Framework for Change Management and Integrated Devlopment of Information Security." INTERNATIONAL JOURNAL OF MANAGEMENT & INFORMATION TECHNOLOGY 5, no. 3 (2018): 586–97. http://dx.doi.org/10.24297/ijmit.v5i3.759.

Full text
Abstract:
This paper introduces a business process-based goal-oriented framework which consists of generic and specific model repositories, and of methodology for integrated change management of business and IT evolutions. Sets of generic models of ISO/IEC 27001 and 27002 standards for information security support developers and decision makers in MDE process. The techniques and tools used are from the User Requirements Notation technologies for model compositions and traceability assessments of goal-oriented and scenario-based models. An example is given from the instantiation of framework for B2B chan
APA, Harvard, Vancouver, ISO, and other styles
28

riswaya, Asep Ririh, Ashwin Sasongko, and Asep Maulana. "EVALUASI TATA KELOLA KEAMANAN TEKNOLOGI INFORMASI MENGGUNAKAN INDEKS KAMI UNTUK PERSIAPAN STANDAR SNI ISO/IEC 27001 (STUDI KASUS: STMIK MARDIRA INDONESIA)." Jurnal Computech & Bisnis 14, no. 1 (2020): 10–18. https://doi.org/10.5281/zenodo.3929041.

Full text
Abstract:
<em>Today&#39;s technology is an important asset to support the business activities of institutions or institutions, </em>STMIK Mardira Indonesia<em> is a higher education institution that requires technology for educational service facilities. Information technology security governance is useful for protecting assets while maintaining the sustainability of information technology services, several standards for governance have also been used to ensure the security of information technology assets, </em>SNI ISO / IEC 27001<em> and </em>SNI ISO / IEC 27002<em> are national standards that adopt f
APA, Harvard, Vancouver, ISO, and other styles
29

Tasa Catanzaro, María Elena, Henry George Maquera Quispe, John Fredy Rojas Bujaico, and Marjorie Gabriela del Carmen Delgado Rospigliosi. "Análisis de información de la gestión de incidentes de seguridad en organizaciones." PURIQ 4, no. 1 (2021): 14–30. http://dx.doi.org/10.37073/puriq.4.1.196.

Full text
Abstract:
Los incidentes de seguridad en una organización se consideran la fuente principal para evaluar la correcta aplicación de los controles de seguridad en organizaciones públicas o privadas. La investigación está basada en el comportamiento de los incidentes ante la participación de controles de tecnologías de información conjuntamente con los procesos formales en las organizaciones. Se utilizaron buenas prácticas de seguridad basadas en las normas internacionales ISO/IEC 27001 e ISO/IEC 27002. Se aplicó la metodología Magerit v3 y técnicas de inteligencia de negocios para integrar y procesar la i
APA, Harvard, Vancouver, ISO, and other styles
30

Akowuah, Francis, Xiaohong Yuan, Jinsheng Xu, and Hong Wang. "A Survey of Security Standards Applicable to Health Information Systems." International Journal of Information Security and Privacy 7, no. 4 (2013): 22–36. http://dx.doi.org/10.4018/ijisp.2013100103.

Full text
Abstract:
The information maintained by Health Information Systems (HIS) is often faced with security threats from a wide range of sources. Some government's regulations require healthcare organizations and custodians of personal health information to take practical steps to address the security and privacy needs of personal health information. Standards help to ensure an adequate level of security is attained, resources are used efficiently and the best security practices are adopted. In this paper, the authors survey security standards applicable to healthcare industry including Control OBjective for
APA, Harvard, Vancouver, ISO, and other styles
31

Kurii, Y., and I. Opirskyy. "OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022." Computer systems and network 6, no. 1 (2024): 89–98. http://dx.doi.org/10.23939/csn2024.01.089.

Full text
Abstract:
The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to gu
APA, Harvard, Vancouver, ISO, and other styles
32

Joko Wibowo, Endro, and Kalamullah Ramli. "Impact of Implementation of Information Security Risk Management and Security Controls on Cyber Security Maturity (A Case Study at Data Management Applications of XYZ Institute)." Jurnal Sistem Informasi 18, no. 2 (2022): 1–17. http://dx.doi.org/10.21609/jsi.v18i2.1146.

Full text
Abstract:
Information security is an important concern for governments and industry due to the increase in cyber attacks during Covid-19. The government is obliged to maintain information security in implementing an Electronic-Based Government System following Presidential Regulation of the Republic of Indonesia Number 95 of 2018. To overcome this problem, the XYZ Institute needs an approach to implementing information security risk management and information security controls. This study aims to risk identification, risk analysis, risk evaluation, risk treatment, risk acceptance, risk control, and anal
APA, Harvard, Vancouver, ISO, and other styles
33

Coloma-Baños, Nadia Carminia, Fredy Pablo Cañizares-Galarza, Ariel José Romero-Fernández, and Marco Vinicio Quintana-Cifuentes. "La seguridad informática para la toma de decisiones en el distrito de educación 12d03. Mocache-Ecuador." CIENCIAMATRIA 8, no. 4 (2022): 897–915. http://dx.doi.org/10.35381/cm.v8i4.898.

Full text
Abstract:
El objetivo de la presente investigación es diseñar un plan de seguridad informática para la toma de decisiones en el distrito de educación 12D03 Mocache-Quevedo basado en las directrices de la Norma ISO/IEC 27001 con el afán de asignar mejores prácticas en la gestión de la seguridad de la información. La implementación del Plan de seguridad informática contribuyó permitiendo elevar en un grado muy significativo la seguridad en los 11 dominios de la norma ISO 27002, para lo cual es esencial que el equipo de trabajo y la alta gerencia se comprometa con la implementación de las políticas, ya que
APA, Harvard, Vancouver, ISO, and other styles
34

Litvinchuk, Iryna, Ruslan Korchomnyi, Nataliia Korshun, and Maksym Vorokhob. "APPROACH TO INFORMATION SECURITY RISK ASSESSMENT FOR A CLASS «1» AUTOMATED SYSTEM." Cybersecurity: Education, Science, Technique 2, no. 10 (2020): 98–112. http://dx.doi.org/10.28925/2663-4023.2020.10.98112.

Full text
Abstract:
The article is devoted to the assessment of information security risks in automated systems of class "1". An adapted approach to the assessment of information security risks in such automated systems using the Methodology and requirements of the standards of GSTU SUIB 1.0 / ISO / IEC 27001: 2010 and GSTU SUIB 2.0 / ISO / IEC 27002: 2010 is proposed. The efficiency and methods of implementation of the approach are proved on the example of consideration of real threats and vulnerabilities of class 1 automated systems. The main requirement for the creation of information security management syste
APA, Harvard, Vancouver, ISO, and other styles
35

Choi, Ju-Young, Eun-Jung Choi, and Myuhng-Joo Kim. "A Comparison Study between Cloud Service Assessment Programs and ISO/IEC 27001:2013." Journal of Digital Policy and Management 12, no. 1 (2014): 405–14. http://dx.doi.org/10.14400/jdpm.2014.12.1.405.

Full text
APA, Harvard, Vancouver, ISO, and other styles
36

Apaza Chávez, Wilmer Aufredy. "Propuesta de un plan de seguridad de la información para incrementar la fiabilidad de datos en una financiera." Innovación y Software 2, no. 2 (2021): 27–43. http://dx.doi.org/10.48168/innosoft.s6.a39.

Full text
Abstract:
La entidad financiera tiene como función principal ofrecer sus servicios de colocación de tarjetas, préstamos, etc., hacia los clientes que soliciten en sus diferentes establecimientos. Ante ello se identificó que en el banco existen actividades que están generando mal manejo de la información por parte del personal hacia los clientes lo cual está ocasionando reclamos de los mismos por inconsistencia de los datos que trae como consecuencia la desafiliación de sus servicios. Por ese motivo se desarrolló una propuesta de un plan de seguridad de la información en los procesos y áreas del banco Ri
APA, Harvard, Vancouver, ISO, and other styles
37

Niemann, Karl-Heinz, and Pierre Kobes. "ISO 27000 oder IEC 62443?" atp magazin 66, no. 3 (2024): 60–67. http://dx.doi.org/10.17560/atp.v66i3.2706.

Full text
Abstract:
Betreiber von Produktionsanlagen stehen oft vor der Frage, welche Norm für die Absicherung der Anlage gegen Cyberangriffe heranzuziehen ist. Aus dem IT-Bereich ist die Normreihe ISO 27000 bekannt. Im Produktionsbereich wird häufig die Normreihe IEC 62443 herangezogen. Dieser Beitrag gibt einen Überblick über beide Normreihen und schlägt einen Ansatz zur gemeinsamen Nutzung beider Standards vor.
APA, Harvard, Vancouver, ISO, and other styles
38

Mohammed, Mustafa Khan. "Examining ISO/IEC 27001 Standard." European Journal of Advances in Engineering and Technology 8, no. 1 (2021): 123–28. https://doi.org/10.5281/zenodo.13950913.

Full text
Abstract:
The demand for risk analysis and information security of systems by institutions that run an information system is rapidly increasing. The utilization of modern information technology in businesses mandates the introduction of different measures to protect the information and systems that house this information. One of the fundamental aspects that has been recommended to achieve information security is the international standard ISO/IEC 27001. ISO/IEC 27001 was jointly established by ISO (International Organization for Standardization) and IEC (International Electronical Commission). The ISO/I
APA, Harvard, Vancouver, ISO, and other styles
39

Kurnianto, Ari, Rizal Isnanto, and Aris Puji Widodo. "Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center in Ministry of Internal Affairs." E3S Web of Conferences 31 (2018): 11013. http://dx.doi.org/10.1051/e3sconf/20183111013.

Full text
Abstract:
Information security is a problem effected business process of an organization, so it needs special concern. Information security assessment which is good and has international standard is done using Information Security Management System (ISMS) ISO/IEC 27001:2013. In this research, the high level assessment has been done using ISO/IEC 27001:2013 to observe the strength of information secuity in Ministry of Internal Affairs. The research explains about the assessment of information security management which is built using PHP. The input data use primary and secondary data which passed observat
APA, Harvard, Vancouver, ISO, and other styles
40

Beirami, Nahid, Naser Modiri, and Abbas Toloie Eshlaghi. "Review the implementation of information security management system requirements in hospitals of Tabriz in East Azarbaijan." Journal of Management and Accounting Studies 4, no. 01 (2019): 72–77. http://dx.doi.org/10.24200/jmas.vol4iss01pp72-77.

Full text
Abstract:
The purpose of this study was to investigate and analyze the assumptions and requirements for the implementation of Information Security Management System (ISMS). Methodology: To check assumptions security management system implementation is the population of Tabriz hospitals. Review the requirements and assumptions are based on the standard ISO / IEC 27001, ISO / IEC 27002 test target setting and ISO 27001 standard questionnaire containing 33 questions in 11 control is used. The data were analyzed using descriptive and inferential statistical method that factors in the implementation of infor
APA, Harvard, Vancouver, ISO, and other styles
41

Mukati Astitwa Bhargava, Adesh. "Comparative Study between PCI-DSS v4.0 and ISO/IEC 27001:2022." International Journal of Science and Research (IJSR) 12, no. 6 (2023): 2936–51. http://dx.doi.org/10.21275/sr23711142455.

Full text
APA, Harvard, Vancouver, ISO, and other styles
42

Hunorfi, Péter. "Az ISO/IEC 27001 szabvány elmélete és gyakorlati alkalmazása OT/ICS-rendszerek kiberbiztonsági jelentéseinek tükrében." Scientia et Securitas 5, no. 3 (2024): 323–32. https://doi.org/10.1556/112.2024.00228.

Full text
Abstract:
Az ISO/IEC 27001 szabvány alkalmazása lehetővé teszi az OT-rendszereket üzemeltető szervezetek számára, hogy egy átfogó és koherens biztonsági stratégiát alakítsanak ki, amely integrálja a kockázatkezelést és az információvédelem legjobb gyakorlatait. Az ISO/IEC 27001 kiemeli a felső vezetés elkötelezettségének szükségességét, a hatókör pontos meghatározását, a kockázatértékelést, a megfelelő biztonsági kontrollok kiválasztását és a rendszer folyamatos felülvizsgálatát és fejlesztését. Ezek a lépések kulcsfontosságúak az OT-rendszerek biztonságának fenntartása és a kibertámadásokkal szembeni v
APA, Harvard, Vancouver, ISO, and other styles
43

Sinaga, Rudolf, and Frangky Taan. "Penerapan ISO/IEC 27001:2022 dalam Tata Kelola Keamanan Sistem Informasi: Evaluasi Proses dan Kendala." NUANSA INFORMATIKA 18, no. 2 (2024): 46–54. http://dx.doi.org/10.25134/ilkom.v18i2.205.

Full text
Abstract:
Implementing ISO/IEC 27001:2022 in information security management is crucial and timely due to the increasing cyber threats, the necessity for regulatory compliance, and the significance of information security as a competitive edge. The latest revision of this standard demands proper adaptation and implementation to ensure effective information security management across various organizations. This study examines the key components of ISO/IEC 27001:2022, including organizational context, leadership, planning, support, operations, performance evaluation, and improvement. It delves into the ap
APA, Harvard, Vancouver, ISO, and other styles
44

Kusnandar, Aris. "Evaluasi Keamanan Sistem Informasi Menggunakan Fuzzy FMEA Berbasis Framework ISO/IEC 27001:2013 untuk Meningkatkan Keamanan Informasi." Jurnal Sistem Informasi Bisnis 14, no. 2 (2024): 181–90. http://dx.doi.org/10.21456/vol14iss2pp181-190.

Full text
Abstract:
Very few organizations are not aware of the importance of information security, even though information security is important to the running of an organization. Dinas Kependudukan XYZ faces a number of information security threats from various sources. Every security threat such as information theft, fraud, vandalism, and computer hacking will affect the organization. This research uses the ISO/IEC 27001:2013 framework as a method for. analyze risks. The risk value calculation uses the FMEA method which is integrated with the fuzzy method to determine the risk level of information security thr
APA, Harvard, Vancouver, ISO, and other styles
45

Musyarofah, Sitta Rif’atul, and Rahadian Bisma. "Analisis kesenjangan sistem manajemen keamanan informasi (SMKI) sebagai persiapan sertifikasi ISO/IEC 27001:2013 pada institusi pemerintah." Teknologi 11, no. 1 (2021): 1–15. http://dx.doi.org/10.26594/teknologi.v11i1.2152.

Full text
Abstract:
The Madiun City Communication and Informatics Service (Diskominfo) is a government institution that has the responsibility for managing information and communication technology in the Madiun city government. As a government institution to serving and providing information to the public, Diskominfo Madiun City is vulnerable to information security threats that can hinder its performance. Information Security Management System ISO / IEC 2701: 2013 is a system that expected to be able to provide effectiveness and efficiency of information security management at Diskominfo Madiun city. This resear
APA, Harvard, Vancouver, ISO, and other styles
46

Sindi Aprianti, Renny Puspita Sari, and Ibnur Rusi. "Manajemen Risiko Keamanan Simbada Menggunakan Metode NIST SP 800-30 Revisi 1 dan Kontrol ISO/IEC 27001:2013." Jurnal Buana Informatika 14, no. 01 (2023): 50–59. http://dx.doi.org/10.24002/jbi.v14i01.7043.

Full text
Abstract:
Dengan ini dilakukannya manajemen risiko menggunakan metode NIST SP 800-30 Revisi 1 dengan tujuan untuk melakukan penilaian risiko atas pengelolaan SIMBADA dan memberikan rekomendasi mitigasi berdasarkan Kontrol ISO/IEC 27001:2013 sehingga dapat menjadi acuan untuk minimalisir risiko yang mungkin terjadi. Hasilnya SIMBADA memiliki 20 daftar risiko yang berada pada level sangat tinggi, tinggi, sedang, dan rendah yang akan diberikan rekomendasi kontrol untuk penerapan keamanan sistem informasi. Terdapat 20 daftar ancaman risiko dan 54 rekomendasi mitigasi yang mengacu pada Kontrol ISO/IEC 27001:
APA, Harvard, Vancouver, ISO, and other styles
47

Rasyid, Rizky Muhamad, and Rizal Fathoni Aji. "Perancangan Manajemen Risiko Keamanan Informasi Menggunakan SNI ISO/IEC 27005: Studi Kasus Integrated School Management System milik PT XYZ." Jurasik (Jurnal Riset Sistem Informasi dan Teknik Informatika) 10, no. 1 (2025): 226. https://doi.org/10.30645/jurasik.v10i1.866.

Full text
Abstract:
The existence of information technology has provided various conveniences and opportunities for conducting business online, one of which is the Software as a Service (SaaS) industry. PT XYZ is one of the startups focused on the SaaS business as a provider of integrated school management system (ISMS) solutions. IT plays a vital role in the operational activities of ISMS. PT XYZ is aware of this and has implemented a zero-security incident policy for its ISMS. However, the ISMS still experiences security incidents due to vulnerabilities in the system that result in losses for PT XYZ. This indic
APA, Harvard, Vancouver, ISO, and other styles
48

Jendrian, Kai. "Der Standard ISO/IEC 27001:2013." Datenschutz und Datensicherheit - DuD 38, no. 8 (2014): 552–57. http://dx.doi.org/10.1007/s11623-014-0182-x.

Full text
APA, Harvard, Vancouver, ISO, and other styles
49

Pordesch, Ulrich. "DIN ISO/IEC 27001-orientiertes ISMS." Datenschutz und Datensicherheit - DuD 41, no. 11 (2017): 667–71. http://dx.doi.org/10.1007/s11623-017-0855-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
50

Handro, Fedro Ali, Alwi Azis Mahendra, and Megawati. "Evaluasi Tingkat Kesiapan Keamanan Informasi Menggunakan Indeks Keamanan Informasi (Indeks Kami) Versi 5.0 pada Diskominfo XYZ." Journal Informatics Nivedita 1, no. 2 (2025): 141–49. https://doi.org/10.25078/nivedita.v1i2.4501.

Full text
Abstract:
Kemajuan teknologi informasi mendorong organisasi, termasuk institusi pemerintah, untuk memastikan keamanan informasi guna meningkatkan efisiensi dan efektivitas operasional. Berdasarkan observasi dan wawancara, ditemukan bahwa DISKOMINFO XYZ belum pernah melakukan evaluasi keamanan informasi secara menyeluruh. Indeks KAMI disusun oleh BSSN dan mengacu pada standar internasional ISO/IEC 27001:2013, sehingga memberikan kerangka evaluasi yang kredibel dan terstandar. Penelitian ini mengevaluasi tingkat kesiapan keamanan informasi di Dinas Komunikasi dan Informatika XYZ menggunakan Indeks Keamana
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the bibliographies on the topic 'IEC 27004' for other source types:
Dissertations / Theses Books
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography