PENERAPAN STANDAR KEAMANAN INFORMASI MENGGUNAKAN FRAMEWORK ISO/IEC 27005:2011 di LAPAN BANDUNG

Radiant Victor Imbar, Asa Ednatry Ayala

Abstract


Information Security standard help to ensure security consistency across the business and usually contain security controls relating to the implementation of specific technology, hardware or software. It is important that a company understands standards so the company can choose the standard that are the most relevant to their organization. ISO 27000 is the international standard for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within an organization. ISO/IEC 27005:2011 provides guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Risk Management is one of the cornerstones of a mature and functional information security program that provides business value to an organization. The object of this research  in LAPAN Bandung is to conduct risk assessment and analysis infrastructure LAPAN RDSA in Bandung. This study uses qualitative and semi-quantitative analysis with the case study method. This risk analysis using the approach of the standard ISO / IEC 27005: 2011

Full Text:

PDF

References


A. Kadir and T. Ch. Triwahyuni, Pengantar Teknologi Informasi, Yogyakarta: ANDI Yogyakarta, 2013.

T. Sutabri, Analisis Sistem Infromasi, Yogyakarta: ANDI Yogyakarta, 2012.

H. Siahaan, Manajemen Risiko, Jakarta: PT. Elex Media Komputindo, 2007.

I. Fahmi, SE, Msi., Manajemen Risiko, Bandung: Alfabeta, 2010.

S. Djojosoedarso, Prinsip-prinsip Manajemen Risiko Ansuransi, Jakarta: Salemba Empat, 2005.

M. E. Whitman and H. J. Mattord, Principles of Information Security, United States: Course Technology, 2012.

C. D, G. S, R. G and W. P, Project Risk Management Guidelines: Managing Risk in Large Projects and Complex Procurements, Chichester, West Sussex: John Wiley & Sons Ltd, 2004.

G. M. Husein and R. V. Imbar, “Analisis Manajemen Resiko Teknologi Informasi Penerapan Pada Document Management System di PT. Jabar Telematika (JATEL,” Jurnal Teknologi Informasi Sistem Informasi , vol. 1, no. 2, p. 2, 2015.

“ISO/IEC 27001,” ISO/IEC 27001, 2013.

“ISO 27005,” ISO 27005, 2011.

H. P, Fundamentals of Risk Management:Understanding, Evaluating, and Implementing Effective Risk Management, London: Kogan Page, 2010.

Peltier, Informatin Security Risk Analysis Third Edition, Boston USA: Auerbach publications, 2014.

G. Hughes, Five Steps to IT Risk Management Best Practices, 2006.

B. Djohanputro, Ph.D., Manajemen Risiko Korporat, Jakarta: PPM, 2008.

J. A. Cazemier and P. O. Et Al, Information Security Management with ITIL, Netherlands: Van Haren Publishing, 2010.




DOI: http://dx.doi.org/10.28932/jutisi.v4i1.770

Refbacks

  • There are currently no refbacks.


Copyright (c) 2018 Jurnal Teknik Informatika dan Sistem Informasi