Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution

Leonel Hernandez Collante; Andri Pranolo; Aji Prasetya Wibawa

doi:10.32397/tesea.vol5.n2.635

Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution

Authors

Leonel Hernandez Collante Institución Universitaria de Barranquilla IUB https://orcid.org/0000-0002-3467-4797
Andri Pranolo Universitas Ahmad Dahlan
Aji Prasetya Wibawa Universitas Negeri Malang

DOI:

https://doi.org/10.32397/tesea.vol5.n2.635

Keywords:

Implementation, Security, Information, Risk, Analysis, ISMS

Abstract

This research was carried out to generate an implementation plan for the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis at the IUB university institution. The connotation of security has been extended over time due to technological advances and the introduction of new information systems, which simultaneously generate new security challenges. Likewise, the instruments to guarantee the confidentiality, integrity, and availability of information have become a fundamental strategy to ensure the security of public and private organizations. The preparation of this plan includes the methodological cycle, where they indicate a series of phases and their corresponding activities to implement the ISMS ISO 27001:2013, with procedural characteristics that support the entire implementation process from beginning to end, facilitating due process and continuity. Likewise, an analysis of the Information security risk plan is carried out, of which there is significant progress. The result of this cycle will be a plan with a schedule of activities so that the organization links all the personnel around compliance with the standard, raising awareness regarding the importance of information security and the development of activities in phases that, within the stipulated times, will be able to have the ISMS fully operational

Downloads

Download data is not yet available.

References

Downloads

Published

2024-11-20

How to Cite

Hernandez Collante, L., Pranolo, A., & Prasetya Wibawa, A. (2024). Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution. Transactions on Energy Systems and Engineering Applications, 5(2), 1–20. https://doi.org/10.32397/tesea.vol5.n2.635

Download Citation

Issue

Vol. 5 No. 2 (2024): Transactions on Energy Systems and Engineering Applications (In Progress)

Section

Special Section: Selected Papers from the 2023 IEEE Colombian Caribbean Conference

License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution 4.0 International License, which allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.