Cyber Security Risk Management Practices: Insights From an ISO 27001 Certified Organization
Keywords:
Cybersecurity Risk Management, ISO 27001, ISO Implementation, Information Security, Organizational AwarenessAbstract
In the increasingly complex and dynamic digital era, cybersecurity risk management has become a critical aspect affecting the operations and sustainability of organizations. This study examines the practice of cybersecurity risk management from the perspective of organizations that have obtained ISO 27001 certification, an international standard that sets the criteria for information security management systems (ISMS). The focus of this research is ISO 27001, one of the world's leading information security standards. This study explores the meaning of ISO 27001, risk management, and the process of implementing this certification within organizations through a literature review. Findings indicate that the implementation of ISO 27001 has a significant impact on the organization's awareness of information security management. The implementation process of ISO 27001 includes a series of steps and approaches designed to help organizations effectively manage cybersecurity risks. This study highlights the importance of implementing ISO 27001 into cybersecurity risk management practices to enhance information security and prevent cyberthreats. The study also evaluates the level of organizational awareness of the ISO 27001 standard and its impact on the implementation of cybersecurity risk management practices. Our findings show that organizations with ISO 27001 certification have a higher awareness of the importance of cybersecurity risk management, thereby supporting the implementation of more effective risk management practices. Thisstudy aims to provide insights and practical guidance for organizations in applying and utilizing cybersecurity risk management according to the ISO 27001 standard. Therefore, this research contributes to the enhancement of awareness and the implementation of better information security standards in thecurrent digital era.
Downloads
References
Al-Mayahi I. M. Sp (2012). Analisis GAP ISO 27001-Studi Kasus, Konferensi Internasional tentang Keamanan dan Manajemen (SAM 12), Las Vegas.
Al-Mayahi, I., & Sa'ad, P. M. (2012). Iso 27001 gap analysis-case study. In Proceedings of the International Conference on Security and Management (SAM) (p. 1). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).
Behnia A., Rashid RA, dan Chaudhry J.A (2012, Februari). Survei Metode Analisis Risiko Keamanan Informasi, Smart Computing Review, vol. 2, no. 1.
Brenner, J. (2007). ISO 27001 risk management and compliance. Risk management, 54(1), 24-29.
Ghazouani M., Medromi H., Sayouti A. (2014, April). Benhadou S., Penggunaan Terpadu ISO27005 Mehari dan Sistem Multi-Agent untuk Merancang Alat Manajemen Risiko Keamanan Informasi yang Komprehensif, International Journal of Applied Information System (IJAIS), Volume 7 - No. 2, Foundation of Computer Science, New York, Amerika Serikat, www.ijais.org.
Hsu, C., Wang, T., & Lu, A. (2016, January). The impact of ISO 27001 certification on firm performance. In 2016 49th Hawaii International Conference on System Sciences (HICSS) (pp. 4842-4848). IEEE.
Iskandar, Syamsul. (2013). Bank dan Lembaga Keuangan Lainnya. Jakarta: IN MEDIA.
Jevelin, J., & Faza, A. (2023). Evaluation the Information Security Management System: A Path Towards ISO 27001 Certification. Journal of Information Systems and Informatics, 5(4), 1240-1256.
Junaid, T. S. (2023). ISO 27001: information security management systems (Doctoral dissertation, Ph. D. thesis, Unspecified Institution. https://doi. org/10.13140/RG. 2.2. 36267.52005).
Kasmir, S. E. (2018). Bank dan lembaga keuangan lainnya edisi revisi.
Latumaerissa, J. R. (2011). Bank dan Lembaga keuangan lain.
Lembaga Standar Inggris. ISO/IEC 27001:2013 (2013). Teknologi Informasi-Teknik Keamanan-Sistem Manajemen Keamanan Informasi-Persyaratan. Swiss. BSI Standard Limited.
Laghnimi, J., Moumane, K., Ahmed, Z., Lamkimel, M., Kacimi, Z., & Wahi, Y. (2024, November). ISO/IEC 27001 Certification in Moroccan Companies: Trends and Future Recommendations. In 2024 World Conference on Complex Systems (WCCS) (pp. 1-6). IEEE.
Liao, K. H., & Chueh, H. E. (2012). Medical Organization Information Security Management Based on ISO27001 Information Security Standard. J. Softw., 7(4), 792-797.
Olaniyi, O. O., Omogoroye, O. O., Olaniyi, F. G., Alao, A. I., & Oladoyinbo, T. O. (2024). Cyberfusion protocols: Strategic integration of enterprise risk management, ISO 27001, and mobile forensics for advanced digital security in the modern business ecosystem. Journal of Engineering Research and Reports, 26(6), 31-49.
PT. Bank Rakyat Indonesia (Persero), Tbk. (2015). Sales Kit BRI April 2015. Jakarta: Bank Rakyat Indonesia.
Sharma, N. K., & Dash, P. K. (2012). Effectiveness of ISO 27001, as an information security management system: an analytical study of financial aspects. Far East Journal of Psychology and Business, 9(3), 42-55.
Todström, S. (2024). The effects of ISO 27001 certification: An interview study investigating what changes have small to medium-sized organizations in Sweden experienced after an ISO 27001 certification.
Ukidve, A., Mantha, S. S., & Reddy, D. N. (2022). Analyzing Mapping of ISO 27001: 2013 Controls for Alignment with Enterprise Risks Management. Asian Journal of Organic & Medicinal Chemistry, 7(2), 123-129.
Zec, M. (2015). Cyber security Measures in SME’s: a study of IT professionals’ organizational cyber security awareness. Linnaeus University, Kalmar. Zugriff unter http://www. divaportal. org/smash/get/diva2, 849211.
Downloads
Published
How to Cite
Issue
Section
Abstract views: 43
,
PDF Downloads: 25
