Information security, cybersecurity and privacy protection. Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security. One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Download Full-text

Developing an Information Security Management System for Libraries Based on an Improved Risk Analysis Methodology Compatible with ISO/IEC 27001

Advances in Intelligent Systems and Computing - Advances in Emerging Trends and Technologies ◽

10.1007/978-3-030-32033-1_34 ◽

2019 ◽

pp. 371-379

Author(s):

María José Bravo Ramos ◽

Sang Guun Yoo

Keyword(s):

Information Security ◽

Risk Analysis ◽

Management System ◽

Security Management ◽

Information Security Management ◽

Analysis Methodology ◽

Information Security Management System ◽

Iec 27001

Download Full-text

Network Information Security Privacy Protection System in Big Data Era

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering - Advanced Hybrid Information Processing ◽

10.1007/978-3-030-36402-1_7 ◽

2019 ◽

pp. 65-73

Author(s):

Lei Ma ◽

Ying-jian Kang ◽

Jian-ping Liu

Keyword(s):

Big Data ◽

Information Security ◽

Privacy Protection ◽

Protection System ◽

Network Information

Download Full-text

Analysis of Information Technology Security Management UKSW SIASAT Using ISO/IEC 27001:2013

IJITEE (International Journal of Information Technology and Electrical Engineering) ◽

10.22146/ijitee.65670 ◽

2021 ◽

Vol 5 (2) ◽

pp. 68

Author(s):

Andeka Rocky Tanaamah ◽

Friska Juliana Indira

Keyword(s):

Information Security ◽

Business Processes ◽

Security Management ◽

Standard Operating Procedure ◽

Job Descriptions ◽

Christian University ◽

Academic Administration ◽

Access Rights ◽

Academic Information ◽

Iec 27001

IT security management is essential for organizations to notice the occurring risks and opportunities because they will profoundly affect the ongoing business processes within the organization. The Satya Wacana Academic Information System, more often called SIASAT, is an IT component playing an essential role in running core business processes at Satya Wacana Christian University under the control of the Information Systems and Technology Bureau. At this time, the implementation of SIASAT has been going well, but there are still some obstacles. Lack of human resources is one of the findings and one it becomes of the most significant risks as it affects the use of infrastructure and information security. This research was conducted using the international standard ISO/IEC 27001:2013, prioritizing information security by taking a planning clause focusing on risk assessment. From the results of this study, there were nine recommendations given. Some of which were the most important, i.e., creating separated standard operating procedure documents for SIASAT, which previously were still affiliated with the Academic Administration Bureau; distributing job descriptions; and providing clear and documented access rights for everyone. It is expected that this research can reduce the occurring risks and can be considered for establishing improvements to enhance academic services in the future.

Download Full-text

An Information Security Model for Implementing the New ISO 27001

Censorship, Surveillance, and Privacy ◽

10.4018/978-1-5225-7113-1.ch013 ◽

2019 ◽

pp. 219-242

Author(s):

Margareth Stoll

Keyword(s):

Information Security ◽

Data Privacy ◽

Business Processes ◽

International Standard Organization ◽

Security Model ◽

Privacy And Security ◽

Holistic Model ◽

Common Structure ◽

Standard Organization ◽

Iec 27001

The importance of data privacy, information availability, and integrity is increasingly recognized. Sharpened legal requirements and increasing data leakages have further promoted data privacy. In order to implement the different requirements in an effective, efficient, and sustainable way, the authors integrate different governance frameworks to their holistic information security and data privacy model. More than 1.5 million organizations worldwide are implementing a standard-based management system. In order to promote the integration of different standards, the International Standard Organization (ISO) released a common structure. ISO/IEC 27001 for information security management was changed accordingly in October 2013. The holistic model fulfills all requirements of the new version. Its implementation in several organizations and the study's results are described. In that way data privacy and security are part of all strategic, tactical, and operational business processes, promote corporate governance and living security, as well as the fulfillment of all standard requirements.

Download Full-text

An efficientt-out-of-noblivious transfer for information security and privacy protection

International Journal of Communication Systems ◽

10.1002/dac.2573 ◽

2013 ◽

Vol 27 (12) ◽

pp. 3759-3767 ◽

Cited By ~ 2

Author(s):

Der-Chyuan Lou ◽

Hui-Feng Huang

Keyword(s):

Information Security ◽

Privacy Protection ◽

Security And Privacy

Download Full-text

A Revised Serverless Authentication Protocol with Forward Security for RFID

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.29-32.2267 ◽

2010 ◽

Vol 29-32 ◽

pp. 2267-2272

Author(s):

Lei He ◽

Yong Gan ◽

Na Na Li ◽

Tao Zhang

Keyword(s):

Computational Complexity ◽

Information Security ◽

Privacy Protection ◽

Authentication Protocol ◽

Forward Security ◽

Authentication Protocols ◽

Rfid System ◽

Security Problem ◽

Lightweight Authentication

Information security problem has become one of the hottest issues in RFID system. More and more researchers begin to study how to provide security protection in the RFID system. In the paper, we mainly research lightweight authentication protocols in RFID system. Firstly, we analyze some protocols. Secondly, we introduce a serverless authentication protocol for RFID system and analyze its security. We find it does not provide forward security. Thirdly, we propose a revised serverless authentication protocol with forward security. It provides two-way authentication and privacy protection, resists tracking and cloning attack as well as the original protocol. Moreover, it provides forward security protection and resists desynchronization attack. For the efficiency, its computational complexity is at the same level with the protocol proposed by Tan et al.

Download Full-text