To see the other types of publications on this topic, follow the link: ISO 27001 Compliance.
Journal articles on the topic 'ISO 27001 Compliance'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'ISO 27001 Compliance.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Topa, Ioanna, and Maria Karyda. "From theory to practice: guidelines for enhancing information security management." Information & Computer Security 27, no. 3 (2019): 326–42. http://dx.doi.org/10.1108/ics-09-2018-0108.
Full textAbstract:
Purpose This study aims to identify the implications of security behaviour determinants for security management to propose respective guidelines which can be integrated with current security management practices, including those following the widely adopted information security standards ISO 27001, 27002, 27003 and 27005. Design/methodology/approach Based on an exhaustive analysis of related literature, the authors identify critical factors influencing employee security behaviour and ISP compliance. The authors use these factors to perform a gap analysis of widely adopted information security standards ISO 27001, 27002, 27003 and 27005 and identify issues not covered or only partially addressed. Drawing on the implications of security behaviour determinants and the identified gaps, the authors provide guidelines which can enhance security management practices. Findings The authors uncover the factors shaping security behaviour barely or partly considered in the ISO information security standards ISO 27001, 27002, 27003 and 27005, including top management participation, accommodating individual characteristics, embracing the cultural context, encouraging employees to comply out of habit and considering the cost of compliance. Furthermore, the authors provide guidelines to security managers on enhancing their security management practices when implementing the above ISO Standards. Practical implications This study offers guidelines on how to create and design security management practices whilst implementing ISO standards (ISO 27001, ISO 27002, ISO 27003, ISO 27005) so as to enhance ISP compliance. Originality/value This study analyses the role and implications of security behaviour determinants, discusses discrepancies and conflicting findings in related literature, provides a gap analysis of commonly used information security standards (ISO 27001, 27002, 27003 and 27005) and proposes guidelines on enhancing security management practices towards improving ISP compliance.
2
Diamantopoulou, Vasiliki, Aggeliki Tsohou, and Maria Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls." Information & Computer Security 28, no. 4 (2020): 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.
Full textAbstract:
Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation. Design/methodology/approach This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013. Findings The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR. Originality/value This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.
3
Adebola Folorunso, Viqaruddin Mohammed, Ifeoluwa Wada, and Bunmi Samuel. "The impact of ISO security standards on enhancing cybersecurity posture in organizations." World Journal of Advanced Research and Reviews 24, no. 1 (2024): 2582–95. http://dx.doi.org/10.30574/wjarr.2024.24.1.3169.
Full textAbstract:
The increasing frequency and sophistication of cyber threats have made organizations need to adopt robust cybersecurity frameworks. ISO security standards, particularly the ISO/IEC 27000 series, play a critical role in enhancing organizations' cybersecurity posture worldwide. These standards provide a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. ISO/IEC 27001, which focuses on establishing an Information Security Management System (ISMS), is widely recognized for its ability to help organizations identify, manage, and mitigate cybersecurity risks. By adopting ISO standards, organizations benefit from improved risk management, enhanced incident response capabilities, and stronger alignment with regulatory compliance requirements, such as GDPR and HIPAA. In addition, ISO security standards promote a security-first culture within organizations, fostering greater employee awareness and encouraging the consistent implementation of best practices across departments and regions. The adoption of standards like ISO/IEC 27001 (Information security, cybersecurity and privacy protection), ISO/IEC 27018 (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors), ISO/IEC 27017 (code of practice for information security controls based on ISO/IEC 27002 for Cloud services), ISO/IEC 27015 (Information security management guidelines for financial services) ISO/IEC 27002 (Information security, cybersecurity and privacy protection - Information security controls), and ISO/IEC 27701 (Security techniques- Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – requirements and guidelines) has demonstrated significant improvements in data protection, especially in industries handling sensitive personal or financial data. Despite their benefits, implementing ISO standards poses challenges, such as resource constraints, scalability, and the need for continuous updates. As the threat landscape evolves, ISO security standards will remain integral to developing a proactive cybersecurity strategy, integrating with emerging technologies such as artificial intelligence and IoT. The global adoption of these standards reflects their pivotal role in securing the digital infrastructure of modern organizations.
4
Adebola, Folorunso, Mohammed Viqaruddin, Wada Ifeoluwa, and Samuel Bunmi. "The impact of ISO security standards on enhancing cybersecurity posture in organizations." World Journal of Advanced Research and Reviews 24, no. 1 (2024): 2582–95. https://doi.org/10.5281/zenodo.15063305.
Full textAbstract:
The increasing frequency and sophistication of cyber threats have made organizations need to adopt robust cybersecurity frameworks. ISO security standards, particularly the ISO/IEC 27000 series, play a critical role in enhancing organizations' cybersecurity posture worldwide. These standards provide a systematic approach to managing sensitive information, ensuring its confidentiality, integrity, and availability. ISO/IEC 27001, which focuses on establishing an Information Security Management System (ISMS), is widely recognized for its ability to help organizations identify, manage, and mitigate cybersecurity risks. By adopting ISO standards, organizations benefit from improved risk management, enhanced incident response capabilities, and stronger alignment with regulatory compliance requirements, such as GDPR and HIPAA. In addition, ISO security standards promote a security-first culture within organizations, fostering greater employee awareness and encouraging the consistent implementation of best practices across departments and regions. The adoption of standards like ISO/IEC 27001 (Information security, cybersecurity and privacy protection), ISO/IEC 27018 (Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors), ISO/IEC 27017 (code of practice for information security controls based on ISO/IEC 27002 for Cloud services), ISO/IEC 27015 (Information security management guidelines for financial services) ISO/IEC 27002 (Information security, cybersecurity and privacy protection - Information security controls), and ISO/IEC 27701 (Security techniques- Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – requirements and guidelines) has demonstrated significant improvements in data protection, especially in industries handling sensitive personal or financial data. Despite their benefits, implementing ISO standards poses challenges, such as resource constraints, scalability, and the need for continuous updates. As the threat landscape evolves, ISO security standards will remain integral to developing a proactive cybersecurity strategy, integrating with emerging technologies such as artificial intelligence and IoT. The global adoption of these standards reflects their pivotal role in securing the digital infrastructure of modern organizations.
5
Reyes López, Felipe, Yaneth Betancurt Domínguez, Ingrid Lucia Muñoz Periñán, and Andrés Felipe Paz Loboguerrero. "Support tool for verifying the compliance of standards and regulations in implementations of strategies for information security." Sistemas y Telemática 13, no. 32 (2015): 27–39. http://dx.doi.org/10.18046/syt.v13i32.2032.
Full textAbstract:
Organizations are increasingly concerned about ensuring the security of their information. In addition, government regulations and the market itself are demanding compliance with appropriate levels to remain in operation. This article presents a support tool to the process of gap analysis on the current state of the company and the specifications of the most recognized referents in the Colombian scope in the subject of information security. The tool allows for the evaluation of an organization’s level of compliance with regard to the ISO 27001 and ISO 27002 standards in their 2013 versions and Notices 038 and 042 of the financial regulatory authority of Colombia (Superintendencia Financiera de Colombia). The tool conceives a data model that incorporates the results of a comparative analysis between the ISO 27001:2013 and ISO 27002:2013 standards and the Notices 038 and 042, and allows the inclusion of new referents and relates them to the existing ones. Several evaluation scenarios were created to validate the functional completeness and precision of the implemented prototype.
6
Rafli, Mohammad, Nuansa Cinta Akhwat Nusantara, Ella Rosediana Putri, Intan Pravda Sari, Naufal Zamzami, and Aflahal Insan Muharroman. "Information Security Behavior and Compliance with ISO 27001 in IT Companies." Journal of Digital Business and Innovation Management 3, no. 1 (2024): 62–76. http://dx.doi.org/10.26740/jdbim.v3i1.59163.
Full textAbstract:
This article discusses the importance of information security behavior and the application of the ISO 27001 standard in the context of IT companies. Using PRISMA guidelines, we outline the important role of information security behavior in maintaining the integrity, confidentiality, and availability of necessary information within an enterprise. We introduce the ISO 27001 standard as the main framework for managing secure information systems, highlighting the main stages in its implementation: plan, do, and check. This study also identified factors that influence the implementation of information security behavior in IT companies, such as organizational culture, training, management supervision, and communication between departments. With a deep understanding and implementation of ISO 27001, companies can ensure the security of their information, which is the main goal of information security in the organizational context and information technology environment.
7
Sinaga, Rudolf, and Frangky Taan. "Penerapan ISO/IEC 27001:2022 dalam Tata Kelola Keamanan Sistem Informasi: Evaluasi Proses dan Kendala." NUANSA INFORMATIKA 18, no. 2 (2024): 46–54. http://dx.doi.org/10.25134/ilkom.v18i2.205.
Full textAbstract:
Implementing ISO/IEC 27001:2022 in information security management is crucial and timely due to the increasing cyber threats, the necessity for regulatory compliance, and the significance of information security as a competitive edge. The latest revision of this standard demands proper adaptation and implementation to ensure effective information security management across various organizations. This study examines the key components of ISO/IEC 27001:2022, including organizational context, leadership, planning, support, operations, performance evaluation, and improvement. It delves into the application of ISO/IEC 27001:2022 in security system governance, emphasizing how this standard can enhance risk management and information security within an organization. A case study on a logistics company adopting this standard was conducted to identify best practices, implementation challenges, and its impact on security and regulatory compliance. The study's findings demonstrate that implementing ISO/IEC 27001:2022 effectively improves an organization's information security posture by integrating security policies, procedures, and controls into business processes. These findings offer recommendations as practical guidelines for organizations aiming to strengthen their information security management through the adoption of globally recognized international standards.
8
Purba, Anton, and Mohammad Soetomo. "Assessing Privileged Access Management (PAM) using ISO 27001:2013 Control." ACMIT Proceedings 5, no. 1 (2019): 65–76. http://dx.doi.org/10.33555/acmit.v5i1.76.
Full textAbstract:
ISO 27001 is one of the most widely adopted and respected information security standards in use today. It is promulgated by the International Standards Organization (ISO). Many organizations seek to be certified for the standard, which provides a framework for implementing an Information Security Management System (ISMS). The standard touches on virtually every aspect of information security. Access controls - including Privileged Access Management (PAM), thus figure prominently into the ISO 27001 certification and audit processes. In order to manage their privileged accounts, organization should be use PAM to protect critical IT assets, meet the compliance regulation and to prevent data breaches. But unfortunately many organizations do not have enough knowledge when they plan to build PAM solutions. Many organization do not have base-line when they acquire new PAM technology. This paper will help organization to acquire PAM solution that meet the ISO 27001 control. Our compliance matrix give organization a guideline to achieving the implementation of ISMS framework with PAM technology.
9
Sarah Kuzankah Ewuga, Zainab Efe Egieya, Adedolapo Omotosho, and Abimbola Oluwatoyin Adegbite. "ISO 27001 IN BANKING: AN EVALUATION OF ITS IMPLEMENTATION AND EFFECTIVENESS IN ENHANCING INFORMATION SECURITY." Finance & Accounting Research Journal 5, no. 12 (2024): 405–25. http://dx.doi.org/10.51594/farj.v5i12.684.
Full textAbstract:
As the banking industry becomes increasingly reliant on digital technologies and faces evolving cyber threats, the adoption of robust information security frameworks is imperative. ISO 27001, a globally recognized standard for information security management systems, has gained prominence as a comprehensive framework for safeguarding sensitive data. This study explores the implementation and effectiveness of ISO 27001 within the banking sector, evaluating its impact on enhancing information security. It delves into the specific challenges and considerations unique to the banking industry, where the confidentiality, integrity, and availability of financial information are paramount. It examines the motivations behind adopting ISO 27001, the process of implementation, and the associated organizational changes required to align with the standard's principles. A critical aspect of the evaluation involves assessing the tangible benefits and outcomes resulting from ISO 27001 implementation. This includes improvements in risk management, incident response capabilities, and the overall resilience of information security controls within banking environments. The study also investigates the role of ISO 27001 in fostering a culture of security awareness among banking employees and stakeholders. Ethical considerations, compliance challenges, and the balance between security and operational efficiency are examined to provide a holistic perspective on the standard's impact. It concludes with insights into the future of ISO 27001 adoption in the banking sector, considering emerging technologies, regulatory developments, and the evolving nature of cyber threats. This research contributes valuable insights into the effectiveness of ISO 27001 as a strategic framework for information security in banking, offering practical implications for industry practitioners, policymakers, and stakeholders invested in fortifying the digital resilience of financial institutions
 Keywords: ISO 27001, Banking, Information Security, Ethical, Financial Institution.
10
Makhija, Anil K. "Information Security Management Systems - Evolving Landscape & ISO 27001: An Empirical Study." Journal of Accounting, Finance, Economics, and Social Sciences 6, no. 1 (2021): 9–17. http://dx.doi.org/10.62458/jafess.160224.6(1)9-17.
Full textAbstract:
ABSTRACT In order to strengthen the partnership both economically and politically among countries in the region, the Belt and Road Initiative (BRI) was introduced and implemented since 2013 by the People Republic of China. Information technology has become an integral part of all business activities. Managing information security has been a key aspect in ensuring that increased information security risks (due to reliance on IT) are managed effectively. The reliance on digital and technology platforms has increased even further due to pandemic driven changes. This has led to higher information security risk exposure of organizations and their employees and their customers. Organizations use various frameworks to design and implement information security management systems, with ISO 27001 standard being the leading framework. Past researches in ISMS and leveraging ISO 27001 have had limitation of single country focus, Further there is limited research on relevance of ISO 27001 in evolving paradigm of computing shift. This global research presents an empirical study, based on inputs from industry practitioners, reflecting the key drivers for ISO 27001 implementation and certification, investigates pattern in those drivers based on size of the organization and examines the relevance of ISO 27001 both as framework and / or certification in the evolving scenario of cloud. Findings of the research indicate that the top reason for ISO 27001 implementation and certification is “compliance”, followed by “business value”, “competitive edge”, and “breach reduction” in that order. Findings also indicate that focus on information security is increasing and ISO 27001 implementation provides an effective ISMS and ISO 27001 certification helps organizations in improving their trustworthiness in keeping information secure. Keywords: Information system, security, management system, information technology
11
Kurii, Y., and I. Opirskyy. "OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022." Computer systems and network 6, no. 1 (2024): 89–98. http://dx.doi.org/10.23939/csn2024.01.089.
Full textAbstract:
The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.
12
Prawiranata, R. Teddy Adiyanto. "Sistem Manajemen Keamanan Informasi (SMKI) di PT. Surveyor Indonesia Cabang Surabaya: Penerapan Standar ISO 27001:2013." ULIL ALBAB : Jurnal Ilmiah Multidisiplin 3, no. 6 (2024): 105–12. https://doi.org/10.56799/jim.v3i6.3472.
Full textAbstract:
This article discusses the implementation of the Information Security Management System (ISMS) and the adoption of the ISO 27001:2013 standard at PT Surveyor Indonesia Surabaya Branch. The purpose of writing this article is to analyze the process of designing, implementing, and maintaining the IMS, as well as the integration of the ISO 27001:2013 standard in the company's business practices. The results of the article show that the implementation of the SMKI and the adoption of the ISO 27001:2013 standard have had a positive impact on improving the information security and overall performance of PT Surveyor Indonesia Surabaya Branch. However, there were some challenges and barriers faced during the implementation process, such as limited resources and resistance from employees. Nonetheless, the integration of ISO 27001:2013 standard in PT Surveyor Indonesia Surabaya Branch is not only formal compliance but also implemented in daily business practices to protect the company's critical information and ensure optimal information security. The writing of this article is expected to make a significant contribution to PT Surveyor Indonesia, the academic community, and information security practitioners, as well as being a valuable contribution in the context of implementing the ISO 27001:2013 standard in an increasingly connected business era.
13
Trudy-Ann Campbell, Samson Eromonsei, and Olusegun Afolabi. "Automated API framework tools for evaluating cloud resources (IAM, S3, KMS) for compliance with ISO 27001 case study AWS." Global Journal of Engineering and Technology Advances 20, no. 1 (2024): 131–49. http://dx.doi.org/10.30574/gjeta.2024.20.1.0126.
Full textAbstract:
CLOUD— computing's advancements has provided scalability and adaptability but has also given rise to data security concerns. ISO 27001 is vital for cloud information security, yet compliance in dynamic settings poses challenges. Automated API framework tools automate ISO 27001 compliance checks for IAM, S3, and KMS services in AWS, boosting efficiency and minimizing errors. This study investigates the effectiveness of these frameworks, focusing on AWS environments. It explores advantages, difficulties, and practical considerations of automation in cloud compliance. Insights aim to enhance understanding of how automation reinforces security and regulatory adherence. Previous studies highlight the need for adaptable monitoring solutions in cloud setups. Recent research demonstrates the potential of programming languages like Python to streamline compliance processes effectively. This study contributes by examining the efficiency of automated compliance frameworks in AWS, offering perspectives on their practical application in cloud settings.
14
Trudy-Ann, Campbell, Eromonsei Samson, and Afolabi Olusegun. "Automated API framework tools for evaluating cloud resources (IAM, S3, KMS) for compliance with ISO 27001 case study AWS." Global Journal of Engineering and Technology Advances 20, no. 1 (2024): 131–49. https://doi.org/10.5281/zenodo.13694364.
Full textAbstract:
CLOUD— computing's advancements has provided scalability and adaptability but has also given rise to data security concerns. ISO 27001 is vital for cloud information security, yet compliance in dynamic settings poses challenges. Automated API framework tools automate ISO 27001 compliance checks for IAM, S3, and KMS services in AWS, boosting efficiency and minimizing errors. This study investigates the effectiveness of these frameworks, focusing on AWS environments. It explores advantages, difficulties, and practical considerations of automation in cloud compliance. Insights aim to enhance understanding of how automation reinforces security and regulatory adherence. Previous studies highlight the need for adaptable monitoring solutions in cloud setups. Recent research demonstrates the potential of programming languages like Python to streamline compliance processes effectively. This study contributes by examining the efficiency of automated compliance frameworks in AWS, offering perspectives on their practical application in cloud settings.
15
Muhammad Rijal, Demas, Mukhamad Fahmi Assydiqi, Yoel Rensisko Prasetya, Lidya Nurhapsari Prasetya Ningsih, Nisya Kayla Putri Anindra, and Pandu Dwi Luhur Pambudi. "Information Security Awareness Analysis of the Threat of Data Leakage in Educational Institutions with the ISO 27001 Framework." Journal of Digital Business and Innovation Management 3, no. 1 (2024): 36–52. http://dx.doi.org/10.26740/jdbim.v3i1.59167.
Full textAbstract:
In the rapidly evolving digital era, information security has become a major concern for various organizations, including educational institutions that are facing pressures such as "publish or perish" and performance metrics like VOS viewer. Serious threats such as cyber-attacks and data breaches require more advanced security solutions. Implementing an Information Security Management System (ISMS) based on ISO 27001 standards is crucial in safeguarding information assets. This research discusses the importance of information security awareness, identifies threats to data protection, and applies ISO 27001 standards in the context of educational institutions. The research methodology employs the PRISMA guideline to evaluate related reviews and meta-analyses systematically. Information security awareness, data protection, and ISO 27001 compliance focus on building a robust information security system within educational institutions facing performance and assessment demands.
16
Arianty, Kiki Puspo. "Analysis of Information Security Management System Implementation at BSN." Jurnal Informatika: Jurnal Pengembangan IT 10, no. 1 (2025): 119–29. https://doi.org/10.30591/jpit.v10i1.8211.
Full textAbstract:
SNI ISO/IEC 27001:2013, adopted by the National Standardization Agency of Indonesia (BSN), is a national standard derived from the international ISO/IEC 27001 published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). This study evaluates the effectiveness of BSN's Information Security Management System (ISMS) implementation, focusing on compliance with international standards, risk management strategies, and organizational commitment to safeguarding information. Employing qualitative descriptive methods, data were collected through interviews, document analysis, and observations. The findings highlight the critical roles of leadership commitment, comprehensive risk assessments, and regular system evaluations in achieving ISMS objectives. Despite significant achievements, including obtaining Integrated Management System certification in 2023, challenges persist in optimizing resources and adapting to emerging security threats. Recommendations include enhancing staff capabilities, investing in advanced technologies, and transitioning to the updated SNI ISO/IEC 27001:2022 standard. This study reinforces the importance of ISMS in protecting sensitive information, fostering trust, and aligning with global best practices.
17
Kitsios, Fotis, Elpiniki Chatzidimitriou, and Maria Kamariotou. "The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector." Sustainability 15, no. 7 (2023): 5828. http://dx.doi.org/10.3390/su15075828.
Full textAbstract:
In order to handle their regulatory and legal responsibilities and to retain trustworthy strategic partnerships, enterprises need to be dedicated to guaranteeing the privacy, accessibility, and authenticity of the data at their disposal. Companies can become more resilient in the face of information security threats and cyberattacks by effectively integrating security strategies. The goal of this article is to describe a plan that a corporation has implemented in the information technology industry in order to ensure compliance with International Organization for Standardization (ISO) 27001. This research demonstrates an examination of the reasons that force enterprises to make a investment in ISO 27001 in addition to the incentives that might be acquired from having undergone this process. In addition, the research examines the reasons that push firms to make an investment in ISO 27001. More particularly, the research investigates an international IT consulting services institution that is responsible for the implementation of large-scale business assistance insertion and projects. It demonstrates the risk management framework and the administrative structure of the appropriate situations so that its procedures are adequate and also in line with the guidelines founded by ISO 27001. In conclusion, it discusses the problems and difficulties that were experienced.
18
Lukitowati, Risma, and Kalamullah Ramli. "Assessing the Information Security Awareness of Employees in PT ABC Against International Organization for Standardization (ISO) 27001:2013." Journal of Computational and Theoretical Nanoscience 17, no. 2 (2020): 1441–46. http://dx.doi.org/10.1166/jctn.2020.8823.
Full textAbstract:
The main purpose of information security is maintaining information assets that are owned by an organization, such as confidentiality, integrity, and availability (known as CIA). In maintaining information assets, a company usually manages information security by making and implementing an Information Security Management System (ISMS) policy. A widely used and applied ISMS policy in Indonesia is ISO/IEC 27001 (International Organization for Standardization/International Electrotechnical Commission). Indonesian telecommunications company PT ABC has implemented the ISO/IEC 27001:2013 standards and procedures. The company conducts an audit once a year to maintain the level of compliance with ISO/IEC 27001:2013. However, only a few people are involved in conducting audits, and it is still unknown how many employees are aware of the company’s information security. This research focused on assessing how much information security awareness exists within PT ABC. Questionnaires were distributed in two departments of the company: supply chain management and service delivery of the Jakarta operations network. This research also examined company documents and surveillance audits in 2018. The employees were grouped based on their length of employment. The results of the questionnaires, with an error margin of 6%, were further compared with the results of the surveillance audit. Our data show that most employees who have worked at the company for more than six years understood and implemented ISO 27001 controls. Meanwhile, companies still need to socialize ISO to employees who have worked at the company for just one to two years.
19
Sanchez, Luis Enrique, Antonio Santos-Olmo, Esther Alvarez, Eduardo Fernandez-Medina, and Mario Piattini-Velthuis. "LOPD Compliance and ISO 27001 legal requirements in the Health Sector." IEEE Latin America Transactions 10, no. 3 (2012): 1824–37. http://dx.doi.org/10.1109/tla.2012.6222590.
Full text
20
Clarissa, Stella, and Gunawan Wang. "Assessing Information Security Management Using ISO 27001:2013." Jurnal Indonesia Sosial Teknologi 4, no. 9 (2023): 1361–71. http://dx.doi.org/10.59141/jist.v4i9.739.
Full textAbstract:
To ensure operational continuity, reduce risks to businesses, and optimize investment returns and business opportunities, information security is an essential element in ensuring the protection of information from different threats. Information protection may be facilitated by the implementation of international standard frameworks, given that a set of standards or provisions is needed to achieve and maintain an adequate level of safeguards for the use of assets. The Ministry of XYZ is handling various important, highly confidential, and sensitive data. Therefore, information protection is not only essential but also mandatory. The organization has implemented ISO 27001:2013 in Pusat Data dan Teknologi Informasi (Pusdatin) and called the security management standard Sistem Manajemen Keamanan Informasi (SMKI). However, according to the Cyber Security Maturity assessment result by a public institution in 2022, there is still a wide gap between the technical implementation and the governance itself. Therefore, to improve the good governance of information security, we need to specifically evaluate the maturity of SMKI itself. This study will use the ISO 27001:2013 Compliance Checklist.
21
Wibawa, I. Nyoman Adi Artha, Anak Agung Ngurah Hary Susila, and Muhammad Alam Pasirulloh. "Information Security Evaluation at Hospital Using Index KAMI 5.0 and Recommendations Based on ISO/IEC 27001:2022." Journal of Information Systems and Informatics 6, no. 4 (2024): 3070–86. https://doi.org/10.51519/journalisi.v6i4.949.
Full textAbstract:
Bali Mandara Regional Hospital integrates information technology into its healthcare services, but ransomware attacks pose significant risks to data security. In accordance with the 2016 Indonesian Ministry of Communication and Informatics regulation, Electronic System Operators (PSE) are required to ensure information security, emphasizing confidentiality, integrity, and availability. To support this, the National Cyber and Crypto Agency introduced the Index KAMI, an evaluation tool aligned with ISO/IEC 27001 standards. This study evaluates the hospital’s information security using Index KAMI 5.0, yielding a score of 177, which classifies its readiness as “Not Eligible” for ISO 27001 compliance. Recommendations for improvement include establishing clear governance policies, implementing systematic risk management, enhancing asset management with integrated inventories, and strengthening data protection through access control and encryption. Additional measures involve improving physical security with surveillance systems and fostering stronger vendor relationships through binding SLA agreements. By adopting these measures, Bali Mandara Regional Hospital can enhance its security system, protect patient data, and achieve compliance with international standards.
22
Nugraha, Arya Adhi, and Asyahri Hadi Nasyuha. "Integrating ISO 27001 and Indonesia's Personal Data Protection Law for Data Protection Requirement Model." Journal of Information Systems and Informatics 6, no. 2 (2024): 1052–69. http://dx.doi.org/10.51519/journalisi.v6i2.754.
Full textAbstract:
This research explores the integration of ISO/IEC 27001:2022 with Indonesia's Personal Data Protection (PDP) Law to establish a robust framework for data protection and information security within organizations operating in Indonesia. The research addresses the challenges of aligning the comprehensive information security management systems (ISMS) standard of ISO/IEC 27001:2022 with the specific legal requirements of the PDP Law, which governs personal data collection, processing, and protection. Employing the Action Design Research (ADR) methodology, the study involves a thorough review of existing literature, consultations with domain experts, and the development of a structured framework for integration. Key findings highlight the complementary nature of ISO/IEC 27001:2022's risk-based approach and the PDP Law's emphasis on data subject rights, consent management, and breach notification. The integration framework provides organizations with a unified approach to meet both international standards and local regulatory requirements, enhancing overall data protection. The research concludes with insights and recommendations for organizations seeking to navigate the complex landscape of data protection compliance, emphasizing the importance of harmonizing security measures with legal mandates to build a comprehensive and effective data protection strategy.
23
Meitarice, Sonya, Lidya Febyana, Aidil Fitriansyah, Rahmad Kurniawan, and Riki Ario Nugroho. "Risk Management Analysis of Information Security in an Academic Information System at a Public University in Indonesia: Implementation of ISO/IEC 27005:2018 and ISO/IEC 27001:2013 Security Controls." Journal of Information Technology and Cyber Security 2, no. 2 (2024): 58–75. https://doi.org/10.30996/jitcs.12099.
Full textAbstract:
An online academic information system is potentially exposed to various threats from internal and external sources, which may compromise the institution's objectives if not managed effectively and appropriately. Academic portals often experience issues such as server downtime and unauthorised access attempts. However, there is no specific documentation dedicated to managing these issues. This study aims to analyze risk management in information security for the academic portal of Universitas Riau, Indonesia. The study employs the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27005:2018 standard and ISO/IEC 27001:2013 security controls, following four key stages: context establishment, risk assessment, risk treatment, and recommendations. The findings identify eight categories of information system assets, 30 identified threats, and 43 vulnerabilities, including two high-risk categories, 19 medium-risk categories, and 22 low-risk categories. Of the 43 vulnerabilities, 21 risks required risk modification, four required risk avoidance, and four required risk sharing. Fourteen risks, which can be managed through risk retention (acceptance of risk), fall under the category of risk acceptance. Furthermore, ISO/IEC 27001 suggests that implementing control recommendations can minimize and effectively address these risks. Nevertheless, this study focuses primarily on information security risks and does not extensively cover related areas such as data privacy, regulatory compliance, or operational risks. Future research can explore the effectiveness of training programs and awareness campaigns in reducing human-related risks, such as phishing and social engineering attacks.
24
Mantra, IGN, Aedah Abd. Rahman, and Hoga Saragih. "Maturity Framework Analysis ISO 27001: 2013 on Indonesian Higher Education." International Journal of Engineering & Technology 9, no. 2 (2020): 429. http://dx.doi.org/10.14419/ijet.v9i2.30581.
Full textAbstract:
Information Security Management System (ISMS) implementation in Institution is an effort to minimize information security risks and threats such as information leakage, application damage, data loss and declining IT network performance. The several incidents related to information security have occurred in the implementation of the Academic System application in Indonesian higher education. This research was conducted to determine the maturity level of information security practices in Academic Information Systems at universities in Indonesia. The number of universities used as research samples were 35 institutions. Compliance with the application of ISO 27001:2013 standard is used as a reference to determine the maturity level of information system security practices. Meanwhile, to measure and calculate the level of maturity using the SSE-CMM model. In this research, the Information System Security Index obtained from the analysis results can be used as a tool to measure the maturity of information security that has been applied. There are six key areas examined in this study, namely the role and importance of ICT, information security governance, information security risk management, information security management framework, information asset management, and information security technology. The results showed the level of information security maturity at 35 universities was at level 2 Managed Process and level 3 Established Process. The composition is that 40% of universities are at level 3, and 60% are out of level 3. The value of the gap between the value of the current maturity level and the expected level of maturity is varied for each clause (domain). The smallest gap (1 level) is in clause A5: Information Security Policy, clause A9: Access Control, and clause A11: Physical and environmental security. The biggest gap (4 levels) is in clause A14: System acquisition, development and maintenance and clause A18: compliance.
25
Partyka, A., O. Harasymchuk, E. Nyemkova, Y. Sovyn, and V. Dudykevych. "DEVELOPMENT OF A METHOD FOR INVESTIGATING CYBERCRIMES BY THE TYPE OF RANSOMWARE USING ARTIFICIAL INTELLIGENCE MODELS IN THE INFORMATION SECURITY MANAGEMENT SYSTEM OF CRITICAL INFRASTRUCTURE." Computer systems and network 6, no. 1 (2024): 15–25. http://dx.doi.org/10.23939/csn2024.01.015.
Full textAbstract:
In this article the authors focused on analyzing the possibilities of using artificial intelligence models for effective detection and analysis of cybercrimes. A comprehensive method using artificial intelligence algorithms such as Random Forest and Isolation Forest algorithms is developed and described to detect ransomware which is one of the main threats to information security management systems (ISMS) in the field of critical infrastructure. The result of the study is the determination of the compatibility of such methods with the requirements of ISO 27001:2022 emphasizing the importance of integrating innovative AI technologies into already existing security systems. In addition the article analyzes the potential advantages of such integration including compliance with the requirements of international information security frameworks. Keywords: Isolation Forest Random Forest critical infrastructure information security management system ISO 27001 cyber security cyber security standard cybercrime ISMS ransomware siem edr security monitoring antivirus machine learning computer networks information systems.
26
Kurii, Yevhenii, and Ivan Opirskyy. "ISO 27001: ANALYSIS OF CHANGES AND COMPLIANCE FEATURES OF THE NEW VERSION OF THE STANDARD." Cybersecurity: Education, Science, Technique 3, no. 19 (2023): 46–55. http://dx.doi.org/10.28925/2663-4023.2023.19.4655.
Full textAbstract:
Managing information security in the organization may be a daunting task, especially considering that it may encompass many areas from physical and network security to human resources security and management of suppliers. This is where security frameworks come in handy and put formality into the process of the design and implementation of the security strategy. While there are a bunch of different information security frameworks out in the wild, the most commonly-found and preferred by security professionals worldwide is ISO/IEC 27001. It combines both the quite comprehensive set of security controls to cover the most important security areas and wide applicability which allows applying this framework to all kinds of organizations. While cyberspace is constantly changing, companies should also adapt their approaches to the organization of information security processes. In order to respond to new challenges and threats to cyber security, the International Organization for Standardization (ISO) at the end of 2022 has published an updated version of the ISO/IEC 27001:2022 standard, which from now on should be taken into account by all organizations that aim to implement and certify its information security management system (ISMS). The purpose of this article is to provide a brief overview of the new edition of the popular standard, фтв describe the key changes in the structure and description of security controls; as well as develop recommendations for achieving compliance with the requirements of the updated version of the standard.
27
Komal, Komal, Muhammad Habib Mulia, and Rudianto Rudianto. "Audit Keamanan Sistem Informasi Menggunakan Standar ISO/IEC 27001:2013 pada PT Kereta Api Indonesia Persero Daop 1 Jakarta Unit Sistem Informasi." Jurnal Nasional Komputasi dan Teknologi Informasi (JNKTI) 8, no. 2 (2025): 922–29. https://doi.org/10.32672/jnkti.v8i2.8925.
Full textAbstract:
Abstrak - Keamanan informasi merupakan aspek krusial dalam menjaga kerahasiaan, integritas, dan ketersediaan data di era digital, terutama bagi organisasi yang bergantung pada sistem informasi dalam operasionalnya. Penelitian ini bertujuan untuk mengevaluasi kepatuhan PT Kereta Api Indonesia (Persero) Daop 1 Jakarta terhadap standar ISO/IEC 27001:2013 dalam penerapan keamanan informasi serta mengukur tingkat kepuasan pengguna terhadap layanan IT yang diberikan. Metode yang digunakan meliputi wawancara, observasi, serta penyebaran kuesioner kepada 15 responden yang dianalisis menggunakan metode statistik deskriptif. Hasil penelitian menunjukkan bahwa tingkat kepuasan layanan IT berada pada kategori "puas", dengan rata-rata skor 3,54 dari 5, di mana indikator pelayanan dan keandalan memperoleh skor tertinggi (3,80), sedangkan aspek sistem pelaporan mendapat skor terendah (2,80), mengindikasikan perlunya perbaikan dalam mekanisme penyampaian informasi. Selain itu, audit keamanan menemukan bahwa kebijakan keamanan informasi yang diterapkan telah sesuai dengan standar, dengan tingkat kepatuhan tinggi terhadap pengelolaan risiko dan mitigasi insiden keamanan. Namun, masih terdapat beberapa temuan minor yang perlu ditindaklanjuti untuk meningkatkan kepatuhan terhadap standar. Seperti terdapatnya kabel-kabel jaringan yang tidak dalam kondisi rapi. Dengan demikian, penelitian ini merekomendasikan peningkatan pengecekan sistem pemantauan keamanan secara berkala, optimalisasi proses pelaporan insiden, serta peningkatan kecepatan respons layanan IT untuk memastikan kepatuhan berkelanjutan terhadap standar keamanan informasi. Kata kunci: Keamanan Informasi, Audit, ISO/IEC 27001:2013, Layanan, KepuasanAbstract - Information security is a crucial aspect in maintaining the confidentiality, integrity, and availability of data in the digital era, especially for organizations that rely on information systems in their operations. This study aims to evaluate the compliance of PT Kereta Api Indonesia (Persero) Daop 1 Jakarta with the ISO/IEC 27001:2013 standard in information security implementation and to assess user satisfaction with the provided IT services. The methods used include interviews, observations, and the distribution of questionnaires to 15 respondents, which were analyzed using descriptive statistical methods. The results indicate that the level of IT service satisfaction falls within the "satisfied" category, with an average score of 3.54 out of 5, where service and reliability indicators received the highest score (3.80), while the reporting system aspect obtained the lowest score (2.80), suggesting a need for improvement in the information delivery mechanism. Additionally, the security audit found that the implemented information security policies align with the standard, with a high level of compliance in risk management and security incident mitigation. However, some minor findings still need to be addressed to enhance compliance, such as the presence of unorganized network cables. Therefore, this study recommends increasing the frequency of security monitoring system checks, optimizing the incident reporting process, and improving IT service response times to ensure ongoing compliance with information security standards.Keywords: Information Security, Audit, ISO/IEC 27001:2013, Services, Satisfaction
28
Beirami, Nahid, Naser Modiri, and Abbas Toloie Eshlaghi. "Review the implementation of information security management system requirements in hospitals of Tabriz in East Azarbaijan." Journal of Management and Accounting Studies 4, no. 01 (2019): 72–77. http://dx.doi.org/10.24200/jmas.vol4iss01pp72-77.
Full textAbstract:
The purpose of this study was to investigate and analyze the assumptions and requirements for the implementation of Information Security Management System (ISMS). Methodology: To check assumptions security management system implementation is the population of Tabriz hospitals. Review the requirements and assumptions are based on the standard ISO / IEC 27001, ISO / IEC 27002 test target setting and ISO 27001 standard questionnaire containing 33 questions in 11 control is used. The data were analyzed using descriptive and inferential statistical method that factors in the implementation of information security management system was confirmed. As well as to identify factors contributing to the implementation of information security management system and factor analysis, structural equation model was used PLS smart software that based on its findings to impact and indirect aspects of implementation effectiveness of the system. Results: Using the software, smart-PLS and using structural equation modeling confirmatory factor analysis was performed to measure the test of convergent validity, divergent validity, reliability Security and reliability of observable variables and quality test and measurement model of the 101 comments experts, all the prerequisites and requirements, including information security policy, the organization of information security, asset management, human resources in terms of security, physical and environmental security, communications and operations management, access control, use, development and maintenance, incident management information security, business continuity management and compliance with laws in secure level at %99 is forecast in Tabriz hospitals are effective information security management system. Conclusion: According to prioritize the factors affecting information security management system, operating (after) the most monitors and agents (after) the supply and implementation of information security management system least affected are in Tabriz hospitals.
29
Hemanth, Kumar. "Automating Compliance in Financial Technology through CI/CD Pipelines." International Journal of Innovative Research in Engineering & Multidisciplinary Physical Sciences 7, no. 4 (2019): 1–8. https://doi.org/10.5281/zenodo.14684792.
Full textAbstract:
The Fintech sector is uniquely positioned at the intersection of innovation and regulation. As the industry embraces continuous development, ensuring compliance with stringent financial regulations like PCI DSS, GDPR, and ISO 27001 remains a critical challenge. This paper explores the integration of compliance mechanisms into Continuous Integration/Continuous Deployment (CI/CD) pipelines, offering a detailed analysis of tools, methodologies, and real-world applications. By embedding compliance checks into the development lifecycle, organizations can achieve operational efficiency, robust security, and faster deployment cycles. The study outlines challenges, benefits, and recommendations for scalable and adaptable CI/CD compliance frameworks, setting the foundation for future advancements in Fintech automation.
30
Sanskriti Choubey and Astitwa Bhargava. "Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance." International Journal of Scientific Research in Network Security and Communication 6, no. 2 (2018): 30–33. http://dx.doi.org/10.26438/ijsrnsc/v6i2.3033.
Full text
31
Dionysiou, Ioanna. "An investigation on compliance with ISO 27001 in Cypriot private and public organisations." International Journal of Services and Standards 7, no. 3/4 (2011): 197. http://dx.doi.org/10.1504/ijss.2011.045049.
Full text
32
Ahler, Ekaterina. "The ISO/IEC 27001 standard provides a systematic approach to information security management." Upravlenie kachestvom (Quality management), no. 1 (January 1, 2021): 36–38. http://dx.doi.org/10.33920/pro-1-2101-07.
Full textAbstract:
The company's information security is not only compliance with a set of IT security measures, but also the correct choice of the appropriate standard. Let's look at what standards are aimed at ensuring the information security of the company.
33
Haghighat, Abdullateef, Majid Kalantari, and Mostafa Kolahdoozi. "Providing a Framework to Support the Analysis and Implementation of Information Security Management Systems Based on the ISO/IEC 27001 ISMS Standard in Several Subsidiary Companies of the Ministry of Roads and Urban Development." Management Strategies and Engineering Sciences 7, no. 4 (2025): 23–32. https://doi.org/10.61838/msesj.7.4.3.
Full textAbstract:
The purpose of the present study is to provide a model-based framework to support the analysis and implementation of information security management systems based on the ISO/IEC 27001 ISMS standard in several subsidiary companies of the Ministry of Roads and Urban Development. The research strategy used in this study is a sequential exploratory mixed-methods approach. In the present research, by utilizing the results of this phase and through in-depth and semi-structured interviews with seven relevant managers from ten examined companies, the components related to the objectives and prerequisites for implementing information security management systems based on the ISO/IEC 27001 ISMS standard were identified. The collected data were then analyzed using thematic analysis, which is one of the efficient and flexible methods, and the MAXQDA10 software. Subsequently, to validate and prioritize the identified components, a questionnaire was distributed among the employees of the ten companies, including deputies, managers, and operational staff, as another step of the research. By leveraging the obtained results, the final framework for the objectives and prerequisites for the establishment of organizational security management based on the ISO/IEC 27001 ISMS standard in the intended dimensions was presented. Furthermore, structural equation modeling (SEM) was applied using the Smart PLS software to examine the causal relationships between variables. In the case study, the framework was planned to be implemented in several subsidiary companies of the Ministry of Roads and Urban Development to evaluate its effectiveness, which will confirm or reject the proposed framework's objectives. Accordingly, 430 questionnaires derived from the qualitative research section were distributed among the statistical sample. The research findings indicate that five categories—compliance with other standards, organizational motivation, implementation, consequences and outcomes, and context—emerged from the qualitative thematic analysis. In the quantitative section, structural equation modeling demonstrated that context, implementation, integration with other standards, and organizational motivation significantly impact the outcomes and consequences of implementing information security management systems based on the ISO/IEC 27001 ISMS standard.
34
Vivek Madan. "The Role of Compliance in Cybersecurity: Strengthening the Digital Fortress." International Journal of Scientific Research in Computer Science, Engineering and Information Technology 11, no. 2 (2025): 3757–61. https://doi.org/10.32628/cseit25112851.
Full textAbstract:
In today's digitally driven world, cybersecurity compliance is emerging as a core pillar of modern risk management. As cyber threats grow in sophistication and frequency, aligning with frameworks like GDPR, ISO/IEC 27001, HIPAA, SOC 2, and NIST 800-53 goes far beyond checking regulatory boxes. These standards represent a strategic approach to digital risk fostering operational resilience, organizational trust, and long-term excellence. This article dives into the measurable value of cybersecurity compliance, utilizing industry data, visual benchmarks, and a compliance maturity model. It also unpacks the challenges organizations face during implementation and provides a set of modern strategies to navigate them successfully. Ultimately, this paper positions compliance not just as a requirement but as a business enabler.
35
Beirami, Nahid, Naser Modiri, and Abbas Toloie Eshlaghi. "Check assumptions and requirements for the implementation of Information Security Management System hospital in Tabriz." Journal of Management and Accounting Studies 4, no. 01 (2019): 60–71. http://dx.doi.org/10.24200/jmas.vol4iss01pp60-71.
Full textAbstract:
the purpose of this study was to investigate and analyze the assumptions and requirements for the implementation of Information Security Management System (ISMS). Methodology: To check assumptions security management system implementation is the population of Tabriz hospitals. Because information security, is considered most hospitals cooperate and only 8 hospitals of Tabriz, as the population of the study. Review the requirements and assumptions are based on the standard ISO / IEC 27001, ISO / IEC 27002 test target setting and ISO 27001 standard questionnaire containing 33 questions in 11 control is used. To analyze the data descriptive and inferential statistical methods were used that implementation of information security management system was confirmed. As well as to identify factors affecting the implementation of information security management system and factor analysis, structural equation model was used PLS smart software that based on its findings indirectly relates to impact the four dimensions of implementation effectiveness of the system. The study findings were presented. Results: Using the software, smart-PLS and using structural equation modeling confirmatory factor analysis was performed to measure the test of convergent validity, divergent validity, reliability Security and reliability of observable variables and quality test and measurement model of the 101 comments experts, all the prerequisites and requirements, including information security policy, the organization of information security, asset management, human resources in terms of security, physical and environmental security, communications and operations management, access control, use, development and maintenance, incident management information security, business continuity management and compliance with laws Brpyadh at 99 per cent is forecast in Tabriz hospitals are effective information security management system. Conclusion: According to prioritize the factors affecting Brpyadh information security management system, operating (after) the most monitors and agents (after) the supply and implementation of information security management system Brpyadh least affected are in Tabriz hospitals.
36
John Robinson, Rachel. "Information security systems development and implementation—A development sector analysis." BOHR International Journal of Smart Computing and Information Technology 5, no. 1 (2024): 12–19. https://doi.org/10.54646/bijscit.2024.40.
Full textAbstract:
The aim of this study was to examine the Information Security Strategy (ISS) of World View International, comparing its policies, procedures, and processes against industry standards such as ISO 27001, risk assessment techniques, and proven incident management response and access control strategies. Our analysis highlights significant improvements in World View's ISS over recent years. Compared to existing works published in 2024, our findings indicate a 15% increase in compliance with ISO 27001 standards, a 10% advancement in the effectiveness of risk assessment methodologies compared to 2023, and a 20% enhancement in incident management response strategies relative to 2022 benchmarks. The paper critically evaluates World View International's IT security strategy, identifying gaps and providing recommendations for better alignment with industry best practices. The recommendations derived from this critical review aim to elevate the organization's security policy and enhance its standing in the global arena. The paper concludes with actionable steps for World View International, intended to bolster their security posture and better align their ISS with current market standards.
37
Chagas, Carlos Henrique Leão, and Andrew Hemerson Galeno Rodrigues. "ANÁLISE DO PROCESSO DE IMPLEMENTAÇÃO DE UM SISTEMA DE GESTÃO DA SEGURANÇA DA INFORMAÇÃO COM BASE NA ISO/IEC 27001." Revista ft 29, no. 142 (2025): 08–09. https://doi.org/10.69849/revistaft/pa10202501192208.
Full textAbstract:
The theme of this research is the implementation of an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard in an information technology organization. The main objective was to analyze the ISMS implementation process, addressing the stages of the PDCA cycle (Plan, Do, Check, Act) and the challenges faced by the organization. The methodology adopted was qualitative and exploratory, using case study, participant observation and document analysis to identify assets, assess risks and implement security controls. The main results showed significant improvements in information security governance, with increased resilience against cyber threats, strengthening customer confidence and optimizing internal processes. The risk matrix and the risk treatment plan stood out as effective tools in prioritizing corrective actions and allocating resources. It is concluded that, although formal ISO/IEC 27001 certification has not yet been obtained, the implementation of the ISMS has resulted in notable advances in the protection of information assets, contributing to regulatory compliance and a security-oriented organizational culture. The study offers practical insights for organizations seeking to improve their information security management strategies.
38
Godwin Nzeako, Michael Oladipo Akinsanya, Oladapo Adeboye Popoola, Excel G Chukwurah, Chukwuekem David Okeke, and Ijeoma Scholastica Akpukorji. "Theoretical insights into IT governance and compliance in banking: Perspectives from African and U.S. regulatory environments." International Journal of Management & Entrepreneurship Research 6, no. 5 (2024): 1457–66. http://dx.doi.org/10.51594/ijmer.v6i5.1094.
Full textAbstract:
This review paper provides a comprehensive comparative analysis of IT governance and compliance within the banking sectors of Africa and the U.S., highlighting the intricacies of navigating diverse regulatory environments. Through examining governance strategies, compliance mechanisms, and best practices, the paper underscores the adaptation of frameworks like COBIT, ISO/IEC 27001, and ITIL to meet regional regulatory demands and operational challenges. Key insights reveal significant differences in regulatory landscapes, technological maturity, and cybersecurity and risk management approaches. The analysis identifies best practices and lessons that can be leveraged globally, suggesting areas for future research including emerging technologies and the impact of global regulations. This work aims to enhance understanding of IT governance and compliance, offering valuable perspectives for banks, regulators, and policymakers. Keywords: IT Governance, Compliance, Banking Sector, Regulatory Environment, Cybersecurity, Emerging Technologies.
39
Kumar, Harsh. "Cloud Compliance Security Optimization." INTERNATIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 09, no. 06 (2025): 1–9. https://doi.org/10.55041/ijsrem49485.
Full textAbstract:
Abstract— Managing compliance with diverse regulatory standards in cloud environments poses considerable operational challenges for modern enterprises. Manual processes, duplicated efforts, and lack of traceability often complicate the audit lifecycle, especially when multiple frameworks like PCI DSS, ISO 27001, SOC 1, SOC 2, and C5 are involved. This paper introduces a scalable compliance optimization framework developed and deployed within Enterprise internal audit ecosystem to streamline audit readiness and control management. The framework integrates tools such as Compliance manager, Signavio, internal Wiki pages, Jira, and GitHub to establish a unified system for control mapping, ownership tagging, evidence tracking, and automated workflows. Real-time application of the framework during active audits resulted in measurable improvements: reuse of common controls reduced preparation time by over 50 hours, walkthrough sessions were consolidated by nearly 30%, and automated notifications significantly enhanced task accountability among over 560 control owners. The proposed framework not only improves audit efficiency but also lays the foundation for intelligent compliance systems, with future directions including AI-driven audit assistants, predictive monitoring, and real-time compliance dashboards.
40
Ahmad, Mohd Ridzam, Mohd Hafeez Osman, Azizol Abdullah, and Khaironi Yatim Sharif. "Evolution of Information Security Awareness towards Maturity: A Systematic Review." International Journal on Advanced Science, Engineering and Information Technology 14, no. 5 (2024): 1738–47. http://dx.doi.org/10.18517/ijaseit.14.5.20234.
Full textAbstract:
This systematic review provides an in-depth analysis of existing information security awareness (ISA) maturity models. This review synthesizes findings from 25 scholarly articles, identifying standard dimensions such as risk management, organizational culture, training programs, policy compliance, and technical measures. Despite diverse approaches, significant gaps are evident, particularly the absence of tailored models for specific organizational types like public sector entities. Additionally, the reliance on self-reported data and expert opinions in many models introduces biases, limiting their applicability. The findings underscore the need for organizations to adopt a comprehensive approach to ISA maturity, combining technical controls with behavioral assessments. This holistic view is essential for developing robust ISA maturity frameworks to address evolving cyber threats. Emphasizing compliance with established standards, such as ISO/IEC 27001, is critical to enhancing ISA across industries. Future research should focus on validating and refining ISA maturity models in diverse contexts and industries. This includes testing models in different organizational settings to ensure broader applicability and developing frameworks integrating technical and behavioral dimensions. Addressing sector-specific tailoring, integrating technical and managerial aspects, and providing rigorous empirical validation are critical for developing more effective and adaptable models. Developing ISA maturity models specifically tailored for the public sector is vital due to these organizations' unique challenges and responsibilities. Utilizing updated versions of standards like ISO 27000 series provides a robust framework for maintaining high information security awareness and preparedness standards.
41
Basri, Ahmedi, and Ibrahimi Aferdita. "Mastering information security through standard implementation." International Journal of Informatics and Communication Technology 13, no. 3 (2024): 428–35. https://doi.org/10.11591/ijict.v13i3.pp428-435.
Full textAbstract:
This paper aims to enhance information security within an organization, considering the perennial concern for security in organizations utilizing ICT applications. Educational institutions also exhibit deficiencies in the domain of data security. The adoption of international organization for standardization (ISO) 27001-2013 served to pinpoint potential vulnerabilities and non-compliance with safety standards, aiming to minimize associated risks. Through this framework, an assessment of data security within public educational institutions in our country was conducted, focusing on a public university as a case study. Given the sensitive nature of this field, guidance is provided on identifying security-related issues based on ISO 27001 standards and on-ground situations. Surveys were employed, aligning with the required standards, to scan the prevailing situation. Data from surveys at public academic institution were collected and analyzed using the SPSS application. The findings underscore instances where security protocols can prevent or mitigate abuses, consequently enhancing the overall level of data security. Emphasizing education as a pivotal recommendation, this study advocates for educating personnel who handle sensitive data, derived from the application of these standards. This paper accounts for potential risks that could expose organizational weaknesses and thoroughly elucidates the steps and procedures undertaken in this approach, substantiated by illustrated examples.
42
Chandra, Nungky Awang, Kalamullah Ramli, Anak Agung Putri Ratna, and Teddy Surya Gunawan. "Information Security Risk Assessment Using Situational Awareness Frameworks and Application Tools." Risks 10, no. 8 (2022): 165. http://dx.doi.org/10.3390/risks10080165.
Full textAbstract:
This paper describes the development of situational awareness models and applications to assess cybersecurity risks based on Annex ISO 27001:2013. The risk assessment method used is the direct testing method, namely audit, exercise and penetration testing. The risk assessment of this study is classified into three levels, namely high, medium and low. A high-risk value is an unacceptable risk value. Meanwhile, low and medium risk values can be categorized as acceptable risk values. The results of a network security case study with security performance index indicators based on the percentage of compliance with ISO 27001:2013 annex controls and the value of the risk level of the findings of the three test methods showed that testing with the audit method was 38.29% with a moderate and high-risk level. While the test results with the tabletop exercise method are 75% with low and moderate risk levels. On the other hand, the results with the penetration test method are 16.66%, with moderate and high-risk levels. Test results with unacceptable risk values or high-risk corrective actions are taken through an application. Finally, corrective actions have been verified to prove there is an increase in cyber resilience and security.
43
Hernandez Collante, Leonel, Andri Pranolo, and Aji Prasetya Wibawa. "Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution." Transactions on Energy Systems and Engineering Applications 5, no. 2 (2024): 1–20. http://dx.doi.org/10.32397/tesea.vol5.n2.635.
Full textAbstract:
This research was carried out to generate an implementation plan for the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis at the IUB university institution. The connotation of security has been extended over time due to technological advances and the introduction of new information systems, which simultaneously generate new security challenges. Likewise, the instruments to guarantee the confidentiality, integrity, and availability of information have become a fundamental strategy to ensure the security of public and private organizations. The preparation of this plan includes the methodological cycle, where they indicate a series of phases and their corresponding activities to implement the ISMS ISO 27001:2013, with procedural characteristics that support the entire implementation process from beginning to end, facilitating due process and continuity. Likewise, an analysis of the Information security risk plan is carried out, of which there is significant progress. The result of this cycle will be a plan with a schedule of activities so that the organization links all the personnel around compliance with the standard, raising awareness regarding the importance of information security and the development of activities in phases that, within the stipulated times, will be able to have the ISMS fully operational
44
Ahmedi, Basri, and Aferdita Ibrahimi. "Mastering information security through standard implementation." International Journal of Informatics and Communication Technology (IJ-ICT) 13, no. 3 (2024): 428. http://dx.doi.org/10.11591/ijict.v13i3.pp428-435.
Full textAbstract:
This paper aims to enhance information security within an organization, considering the perennial concern for security in organizations utilizing ICT applications. Educational institutions also exhibit deficiencies in the domain of data security. The adoption of international organization for standardization (ISO) 27001-2013 served to pinpoint potential vulnerabilities and non-compliance with safety standards, aiming to minimize associated risks. Through this framework, an assessment of data security within public educational institutions in our country was conducted, focusing on a public university as a case study. Given the sensitive nature of this field, guidance is provided on identifying security-related issues based on ISO 27001 standards and on-ground situations. Surveys were employed, aligning with the required standards, to scan the prevailing situation. Data from surveys at public academic institution were collected and analyzed using the SPSS application. The findings underscore instances where security protocols can prevent or mitigate abuses, consequently enhancing the overall level of data security. Emphasizing education as a pivotal recommendation, this study advocates for educating personnel who handle sensitive data, derived from the application of these standards. This paper accounts for potential risks that could expose organizational weaknesses and thoroughly elucidates the steps and procedures undertaken in this approach, substantiated by illustrated examples.
45
Kamal, Mustafa, Muhamad Muhamad, Yupit Sudianto, et al. "Information Technology Security Audit at the YDSF National Zakat Institution Using the ISO 27001 Framework." Jurnal Sisfokom (Sistem Informasi dan Komputer) 13, no. 1 (2024): 98–103. http://dx.doi.org/10.32736/sisfokom.v13i1.1987.
Full textAbstract:
In this era of cyber crimes, data security is an important aspect that needs special attention from an organization. This is reinforced by the ratification of Law Number 27 of 2022 on personal data security. The National Zakat Amil Institute (LAZNAS) Yayasan Dana Sosial al Falah (YDSF) as an institution with a legal entity and having data on more than 100,000 donors and partners, it also has an obligation to protect the personal data of donors and partners. The focus of this research is to evaluate and audit information technology at the LAZNAS YDSF, especially regarding the security aspect of information technology. Evaluations and audits were carried out using the ISO 27001 framework as a standardization of information technology security at the international level. In this study, information technology audits were conducted using quantitative methods. The assessment was carried out on seven main clauses that are priorities for the LAZNAS YDSF based on management priorities: compliance clauses, risk management, policies, assets, physical and environmental management, access control, and incident management. Data were collected using a questionnaire distributed to all the LAZNAS YDSF managers and employees. Fifty-five respondents, ranging from management to staff, were involved in filling out the questionnaire, ranging from management to staff. Based on the recapitulation of answers from respondents, it was found that the risk management and access control clauses had good results, with scores of 2,727 and 2,796. The compliance and incident management clauses have scores of 2.381 and 2.53, respectively; therefore, improvement efforts need to be made. By evaluating and auditing information technology that refers to the ISO 27001 standard, it is hoped that LAZNAS YDSF can protect and maintain the confidentiality, integrity, and availability of information, and manage and control information security risks.
46
Biroğul, Serdar, Özkan Şahin, and Hüseyn əsgərli. "Exploring the Impact of ISO/IEC 42001:2023 AI Management Standard on Organizational Practices." Advances in Artificial Intelligence Research 5, no. 1 (2025): 14–22. https://doi.org/10.54569/aair.1709628.
Full textAbstract:
This paper examines the technical, operational, and strategic impacts of implementing the ISO/IEC 42001:2023 Artificial Intelligence (AI) Management System standard, which is a critical factor for companies adapting to the transformative effects of AI technologies in the business world. Aimed at ensuring the ethical and reliable governance of AI systems, this standard assists organizations in developing transparent, unbiased, fair and sustainable AI solutions. The framework provided by ISO/IEC 42001:2023 is also discussed in terms of its benefits in critical areas such as data security, operational efficiency, regulatory compliance and competitive advantage. In this context, it is emphasized that companies can adopt AI applications not only as a technical innovation but also as a strategic management element. The integration processes between ISO/IEC 42001:2023 AI Management System and ISO/IEC 27001:2022 Information Security Management System are presented, highlighting how these two standards complement each other. An analysis is provided on how principles of information security, risk management, and transparency can be effectively implemented within AI systems. In conclusion, the adoption of the ISO/IEC 42001:2023 AI management system enables companies to manage AI applications within a secure and ethical framework while achieving a sustainable competitive advantage in their digital transformation processes.
47
Gusrion, Deval. "Audit Infrastruktur IT Dalam Memenuhi Kebutuhan Bisnis." KOMTEKINFO 8, no. 1 (2021): 49–56. http://dx.doi.org/10.35134/komtekinfo.v8i1.1649.
Full textAbstract:
The audit of the Information Technology infrastructure in this journal uses the ISO 27001 standard which iscarried out at a company engaged in the service sector in West Sumatra Province. As a company that is quitedeveloped and already has an adequate IT infrastructure in running its business, it is felt necessary to carryout an IT audit to ensure whether the IT devices they have already have adequate internal controls and at thesame time as preventive measures for business risks such as: operational, reputation , legal, compliance andstrategic. Given that IT is an important asset in operations that can increase the added value andcompetitiveness of a company while its implementation contains various risks, companies need toimplement IT Governance.
48
Marhad, Siti Suhaida, Siti Zaleha Abd Goni, and Mad Khir Johari Abdullah Sani. "Implementation of Information Security Management Systems for Data Protection in Organizations: A systematic literature review." Environment-Behaviour Proceedings Journal 9, SI18 (2024): 197–203. http://dx.doi.org/10.21834/e-bpj.v9isi18.5483.
Full textAbstract:
This systematic literature review investigates the implementation of Information Security Management Systems (ISMS) as a pivotal strategy for safeguarding organizational information in the digital era. Focusing on key factors influencing ISMS implementation, its impact on data protection, and the methodologies employed, the review underscores the significance of awareness and training in fostering compliance. Emphasizing the ISO/IEC 27001 standard as a prevalent framework, the study reveals positive impacts on organizational performance, financial outcomes, corporate reputation, and branding. The findings advocate for a comprehensive and structured approach to information security, urging future research to explore diverse organizational contexts and industries for a nuanced understanding of ISMS practices and their impact on organizational agility.
49
Ezziane, Zoheir, and Abdulla Al Shamisi. "Improvement of the Organizational Performance through Compliance with Best Practices in Abu-Dhabi." International Journal of IT/Business Alignment and Governance 4, no. 2 (2013): 19–36. http://dx.doi.org/10.4018/ijitbag.2013070102.
Full textAbstract:
Information Technology (IT) governance is considered an integral part of corporate governance that is the accountability of the organization's Board of Executive to ascertain that organization’s information technology assists to achieve the established goals and objectives of the organization, by applying different of well- defined methods, processes and procedures for communication and relationship. This study intends to analyse IT governance practices employed in Abu Dhabi public sector and its contexts. The study used a quantitative research approach which helps to reach the objectives of the study, primary data obtained by formulating a set of questionnaires and secondary data obtained by using the reviewed literature. The research found that most known and recommended international standards and IT frameworks and non IT frameworks are applied by Abu Dhabi public sector. These known frameworks and standards that being used are ISO 9001, ITILv3, ISO 27001, ISO 20000, PMBOK, BSC, and COBIT respectively. These non IT frameworks and IT frameworks are used based on public entities need and to increase the efficiency and the performance of public sector organizations as well to comply with governmental regulations and statute. The study proposes many arrangements and best practices that can be applied by both IT governance Board and IT practitioners to have better IT governance and more control on IT assets. These best practices and recommendations if are enforced in the organizations daily activities will help to improve the quality of delivered services, increase effectiveness of IT governance, lower operational cost, increase interoperability between government bodies and brought knowledge and best practices to organization.
50
Vikas, Kulkarni. "Zero Trust Security in Cloud Banking a Framework for Financial Institutions." International Journal of Leading Research Publication 5, no. 3 (2024): 1–12. https://doi.org/10.5281/zenodo.15051169.
Full textAbstract:
Zero Trust Security is an essential paradigm shift for financial institutions moving towards cloud-based infrastructures. This paper presents a structured framework tailored for the banking sector, ensuring compliance with financial regulations and protecting critical assets against evolving cyber threats. Key Zero Trust principles, architectural considerations, implementation details, and real-world applications in banking environments are explored. Challenges in adoption and future research directions are also discussed. Unlike traditional security models that rely on perimeter defenses, Zero Trust enforces strict identity verification, micro segmentation, and least privilege access. Financial institutions must implement continuous authentication, adaptive risk assessment, and robust encryption mechanisms to mitigate insider threats and sophisticated cyberattacks. By integrating Zero Trust with cloud-native security controls, banks can enhance data confidentiality, integrity, and availability. This paper provides a comprehensive roadmap for adopting Zero Trust strategies while addressing compliance requirements such as PCI-DSS, FFIEC, and ISO 27001 [1, 3].