Open AccessMeasuring effectiveness of control of information security management system based on SNI ISO/IEC 27004: 2013 standard
Author(s) -
Aldy Putra Aldya,
Sarwono Sutikno,
Yusep Rosmansyah
Publication year - 2019
Publication title -
iop conference series. materials science and engineering
Language(s) - English
Resource type - Journals
eISSN - 1757-899X
pISSN - 1757-8981
DOI - 10.1088/1757-899x/550/1/012020
Subject(s) - information security management system , itil security management , security controls , standard of good practice , computer science , information security , information security management , computer security , control (management) , security management , process (computing) , reliability engineering , security information and event management , security service , engineering , cloud computing security , cloud computing , operating system , artificial intelligence , network security policy
One of the keys to the successful implementation of information security management in an organization is the selection and implementation of an information security management system control that is good and in accordance with the needs of the organization, the information security management system control can be adopted based on ISO/IEC 27001: 2013 standard document. To ensure the success of information security controls, it is necessary to measure the effectiveness of each control applied. SNI ISO/IEC 27004: 2013 is a standard that provides guidance on the development and use of measures and measurements to assess the effectiveness of controls and control groups in the information security management system as stated in the ISO/IEC 27001 standard, but to do the measurement process, required objects and measurement attributes and metrics, which are not explained in detail in the ISO ISO/IEC 27004: 2013 standard. This study aims to assist in measuring the effectiveness of information security management control by generating the flow of steps in determining the object and measurement parameters and the metrics used based on the provisions contained in the ISO ISO/IEC 27004: 2013 standard.