2-s2.0-85015889563

[vc_empty_space][vc_empty_space]

[vc_row][vc_column][vc_row_inner][vc_column_inner][vc_separator css=”.vc_custom_1624529070653{padding-top: 30px !important;padding-bottom: 30px !important;}”][/vc_column_inner][/vc_row_inner][vc_row_inner layout=”boxed”][vc_column_inner width=”3/4″ css=”.vc_custom_1624695412187{border-right-width: 1px !important;border-right-color: #dddddd !important;border-right-style: solid !important;border-radius: 1px !important;}”][vc_empty_space][megatron_heading title=”Abstract” size=”size-sm” text_align=”text-left”][vc_column_text]© 2016 IEEE.The objective of information security is assuring the organization’s goals instead of preserving information’s confidentiality, integrity and availability. An information security management should be integrated with the overall organization’s processes. Statistics Indonesia is a government agency which is accountable for providing official statistical data. The information derived from the data then is used as the basis for taking any national public policies. As a matter of fact, this organization has not implemented an information security management. The arising problems then are how well it performs its business process in the context of information security and how to formulate the information security improvement. This study aims to perform the capability assessment of information security management that reflect the requirements of standard ISO/IEC 27001:2013, the most adopted benchmark for information security management systems. We adopt the process of assessment model of standard ISO/IEC 33072:2016, which is published in July 2016. The process of reference model in this new standard consists of 26 domain processes, 6 capability levels and 9 process attributes (PA). Finally, we designed steps performing the assessment and proposed an improvement roadmap since the preliminary assessment results remain at level 0 and 1.[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Author keywords” size=”size-sm” text_align=”text-left”][vc_column_text]Capability assessment,capability level,Government agencies,Information security management systems,Information security managements,Preliminary assessment,Process assessments,Process reference models[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Indexed keywords” size=”size-sm” text_align=”text-left”][vc_column_text]capability level,information security management,process assessment model,process reference model[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Funding details” size=”size-sm” text_align=”text-left”][vc_column_text][/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”DOI” size=”size-sm” text_align=”text-left”][vc_column_text]https://doi.org/10.1109/ICITSI.2016.7858209[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/4″][vc_column_text]Widget Plumx[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row][vc_column][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][/vc_column][/vc_row]