{"title":"基于ISO/IEC 27001:2013的ISMS规划,在差距分析阶段使用层次分析法(案例研究:XYZ研究所)","authors":"Johan Candra, O. Briliyant, Sion Rebeca Tamba","doi":"10.1109/TSSA.2017.8272916","DOIUrl":null,"url":null,"abstract":"The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.","PeriodicalId":271883,"journal":{"name":"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)","volume":"35 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"ISMS planning based on ISO/IEC 27001:2013 using analytical hierarchy process at gap analysis phase (Case study : XYZ institute)\",\"authors\":\"Johan Candra, O. Briliyant, Sion Rebeca Tamba\",\"doi\":\"10.1109/TSSA.2017.8272916\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.\",\"PeriodicalId\":271883,\"journal\":{\"name\":\"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"volume\":\"35 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TSSA.2017.8272916\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 11th International Conference on Telecommunication Systems Services and Applications (TSSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TSSA.2017.8272916","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
ISMS planning based on ISO/IEC 27001:2013 using analytical hierarchy process at gap analysis phase (Case study : XYZ institute)
The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
