{"title":"整合 ISO 27002 和 27004 的信息安全管理系统评估模型","authors":"Khafidh Sunny Al Fajri, Ruki Harwahyu","doi":"10.57152/malcom.v4i2.1245","DOIUrl":null,"url":null,"abstract":"The rapid development of information and communication technology has also led to a significant increase in cybercrime activities. According to the Annual Cybersecurity Monitoring Report by the National Cyber and Cryptography Agency, there were 495 million instances of traffic anomalies or attempted attacks in 2020, which rose to 1.6 billion in 2021 in Indonesia. Implementing the ISO 27001 standard for information security management system (ISMS) can help mitigate these cyber-attack attempts. However, with various levels of resources and organizational commitment, different levels of ISMS maturity can be achieved. Therefore, there is a need for an ISMS assessment model. This is crucial, considering cyber incidents such as data breaches in organizations that have implemented or are certified with ISO 27001. This research proposed a concept of ISMS assessment model by integrating ISO 27002 and 27004 to a case study (Directorate XYZ), where the guidance function of ISO 27002 is transformed into assessment parameters and ISO 27004 for measuring performance. Using this model, the score of the case study’s ISMS was found to be 53.925, which is still below the established standard of 80.","PeriodicalId":507205,"journal":{"name":"MALCOM: Indonesian Journal of Machine Learning and Computer Science","volume":"70 5","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Information Security Management System Assessment Model by Integrating ISO 27002 and 27004\",\"authors\":\"Khafidh Sunny Al Fajri, Ruki Harwahyu\",\"doi\":\"10.57152/malcom.v4i2.1245\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The rapid development of information and communication technology has also led to a significant increase in cybercrime activities. According to the Annual Cybersecurity Monitoring Report by the National Cyber and Cryptography Agency, there were 495 million instances of traffic anomalies or attempted attacks in 2020, which rose to 1.6 billion in 2021 in Indonesia. Implementing the ISO 27001 standard for information security management system (ISMS) can help mitigate these cyber-attack attempts. However, with various levels of resources and organizational commitment, different levels of ISMS maturity can be achieved. Therefore, there is a need for an ISMS assessment model. This is crucial, considering cyber incidents such as data breaches in organizations that have implemented or are certified with ISO 27001. This research proposed a concept of ISMS assessment model by integrating ISO 27002 and 27004 to a case study (Directorate XYZ), where the guidance function of ISO 27002 is transformed into assessment parameters and ISO 27004 for measuring performance. Using this model, the score of the case study’s ISMS was found to be 53.925, which is still below the established standard of 80.\",\"PeriodicalId\":507205,\"journal\":{\"name\":\"MALCOM: Indonesian Journal of Machine Learning and Computer Science\",\"volume\":\"70 5\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-02-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"MALCOM: Indonesian Journal of Machine Learning and Computer Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.57152/malcom.v4i2.1245\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"MALCOM: Indonesian Journal of Machine Learning and Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.57152/malcom.v4i2.1245","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
信息和通信技术的快速发展也导致网络犯罪活动大幅增加。根据国家网络和密码管理局的《年度网络安全监测报告》,2020 年印尼发生了 4.95 亿次流量异常或攻击企图,2021 年这一数字将上升到 16 亿次。实施 ISO 27001 信息安全管理系统(ISMS)标准有助于减少这些网络攻击企图。然而,由于资源和组织承诺的不同,ISMS 的成熟度也会不同。因此,需要一个 ISMS 评估模型。考虑到在已实施或通过 ISO 27001 认证的组织中发生的数据泄露等网络事件,这一点至关重要。本研究通过将 ISO 27002 和 27004 整合到案例研究(XYZ 局)中,提出了 ISMS 评估模型的概念,其中 ISO 27002 的指导功能被转化为评估参数,而 ISO 27004 则用于衡量绩效。使用该模型后发现,案例研究的 ISMS 得分为 53.925,仍低于 80 分的既定标准。
Information Security Management System Assessment Model by Integrating ISO 27002 and 27004
The rapid development of information and communication technology has also led to a significant increase in cybercrime activities. According to the Annual Cybersecurity Monitoring Report by the National Cyber and Cryptography Agency, there were 495 million instances of traffic anomalies or attempted attacks in 2020, which rose to 1.6 billion in 2021 in Indonesia. Implementing the ISO 27001 standard for information security management system (ISMS) can help mitigate these cyber-attack attempts. However, with various levels of resources and organizational commitment, different levels of ISMS maturity can be achieved. Therefore, there is a need for an ISMS assessment model. This is crucial, considering cyber incidents such as data breaches in organizations that have implemented or are certified with ISO 27001. This research proposed a concept of ISMS assessment model by integrating ISO 27002 and 27004 to a case study (Directorate XYZ), where the guidance function of ISO 27002 is transformed into assessment parameters and ISO 27004 for measuring performance. Using this model, the score of the case study’s ISMS was found to be 53.925, which is still below the established standard of 80.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
