Standar Dan Kerangka Kerja Keamanan Informasi: ISO 27000 Information Security Management System

1. The document discusses ISO standards related to information security management systems, including ISO 27000, ISO 27001, and ISO 27002. 2. ISO 27000 provides an overview and vocabulary for information security management systems. ISO 27001 specifies requirements for an information security management system. ISO 27002 provides guidelines for information security management. 3. The standards are part of a family of ISO standards that provide guidance for organizations to manage information security risks and implement an effective information security management system.

Uploaded by

Devianita

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

235 views16 pages

Standar Dan Kerangka Kerja Keamanan Informasi: ISO 27000 Information Security Management System

Uploaded by

Devianita

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 16

Standar dan Kerangka

Kerja Keamanan
Informasi
ISO 27000 Information Security Management System
Keamanan Informasi

•Pengelolaan keamanan informasi yang baik dan

efektif adalah di mana suatu organisasi
memperhitungkan seluruh proses baik
operasional dan organisasional termasuk pihak
yang terkait dengan keamanan informasi.
ISO 27000 Information Security
Management System
ISO dan IEC (International Electrotechnical Commission) bersepakat dalam
mengembangkan standar keamanan informasi seri 2700x.
1. ISO 27000:2009 - Information Security Management System - Overview
and vocabulary
2. ISO 27001:2005 - Information Security Management System -
Requirements
3. ISO 27002:2005 – Code of Practise for Information Security Management
System
4. ISO 27003:2010 – Information Security Management
System Implementation Guidance
5. ISO 27004:2009 – Information Security Management System Measurement
6. ISO 27005:2008 – Information Security Risk Management System
7. ISO 27006:2011 – Requirements for Bodles Providing Audit and
Certification of Informastion Security Management System
ISO 27000
Information Security Management System
8. ISO 27007:2011 – Guidelines for Information Security Management System Auditting
(Focused on the Management System).
9. ISO 27008:2011 – Guidance for Auditors on ISMS Controls (Focused on Information Security
Controls)
10. ISO 27010:2011 – Information Technology – Security Techniques –Information
Security Management for Inter-sector and Inter-Organizational Communications
11. ISO 27011:2008 – Information Security Management Guidelines for
Telecommunication Organizational based on ISO/IEC 27002.
12. ISO 27013:2015 – Guideline on the Integrated implmentation of ISO/IEC 20000-1 and
ISI/IEC 27001
13. ISO 27014 : Information Security Governance Framework
14. ISO 27015 : Information Security Management Guidelines for the Finance and Insurances
Sectors
15. ISO 27016 – Information Security Management – Organiozational Economics [DRAFT]
16. ISO 27017 – Security in Cloud Computing [DRAFT]
ISO 27000
Information Security Management System
17. ISO 27018 – Code of Practice for Data Protection Controls for Public Cloud
Computing Services [DRAFT]
18. ISO 27019 – Information Security Management Guidelines based on ISO 27002
for Process Control Systems Specific to the Energy Industry [DRAFT]
19. ISO 27031:2011 – Guidelines for Information and Communication
Technology Readiness for Business Cntinuity.
20. ISO 27032:2012 – Guidelines for Cyber Security
21. ISO 27033:2008 – IT Network Security, a Multi-part Standard based on
ISO/IEC 18028:2006
22. ISO 27034:2011 – Guidelines for Application Security (part 1 published rest in
DRAFT)
23. ISO 27033:2011 – Information Security Incident Management
24. ISO 27036 – Information Security for Suppler Realtionship [DRAFT]
25. ISO 27037:2012 – Guidelines for Identification, Collection, Acquisition and
Preservation of Digital Evidence.
ISO 27000
Information Security Management System
26. ISO 27038 – Specification for Digital Redaction [DRAFT]
27. ISO 27038 – Selection, Development and Operations of
Intrusion Detection (and preventation) [DRAFT]
28. ISO 27040 – Storage Security [DRAFT]
29. ISO 27041 – Guidelines for the Analysis and
Interpretation of Digital Evidence [DRAFT]
30. ISO 27042 – Guidelines for the Analysis and
Interpretation of Digital Evidence [DRAFT]
31. ISO 27043 – Digital evidence investigation Principles
and Process [DRAFT]
32. ISO 27799:2008 – Information Security Management
in Health using ISO/IEC 27002.
Standar ISO 13335
Standar ISO 13335 merupakan standar yang
digunakan untuk Management of Information
and Communications Technology Security.
Standar ini berisi arahan umum untuk
menginisiasi dan mengimplementasikan proses
manajemen keamanan teknologi inforkan masi.
Standar ini hanya menyediakan instruksi untuk
mengelola keamanan teknologi informasi,
bukan sebagai solusi keamanannya.
ISO 27001

•ISO 27001 (Information

Technology - Security
Techniques – Information Security Management
Systems Requirement Spesification) merupakan standar
internasional pertama yang bisa di sertifikasi untuk manajemen
keamanan informasi.
•Standar ini berisi rekomendasi umum untuk menjalankan dan
meningkatkan dokumentasi manajemen keamana sistem informasi
dengan mempertimbangkan berbagai risiko.
ISO 27002

•Sebelumnya ISO 27002 dikenal dengan nama ISO 17799:2005

(InformationTechnology - Code of Practice for
Information Security Management) memiliki tujuan untuk
menentukan kerangka kerja manajemen keamanan informasi. Standar
ini fokus terhadap langkah-langkah yang diperlukan untuk membangun
fungsionalitas sistem manajemen keamanan dan
mengimplementasikannya ke dalam organisasi. rekomendasi dari
standar ini khususnya untuk tingkat manajemen dan tidak banyak
• memiliki informasi teknis yang spesifik.
ISO 27005

ISO 27005 (Information Security Risk

Management) merupakan standar yang
berisi rekomendasi umum untuk
manajemen risiko keamanan informasi.
Standar ini digunakan untuk mendukung
implementasi ISO 27001.
ISO 27006

ISO 27006 (Information Technology - Security

Techniques – Requirements for The
Accreditation of Bodies Providing Certification
of Information Security Management Systems)
berisi penjelasan dari persyaratan yang
dibutuhkan untuk mengakreditasi sertifikasi
ISMS dan detail prosesnya secara spesifik.
International Organization for
Standarization
▪ ISO merupakan
(ISO)
badan27001:2009
standar internasional yang
mengembangkan dan mempublikasikan sebuah
sistem manajemen untuk menilai mutu organisasi.
▪ Badan Standarisasi Nasional (BSN) mempublikasikan
Standar Nasional Indonesia (SNI) ISO/IEC 27001:2009
yang diadopsi dari ISO/IEC 27001:2005 dalam rangka
mendukung sistem keamanan informasi bagi
lembaga penyelenggara pelayanan publik.
▪ Dalam menerapkan sistem manajemen
keamanan informasi (SMKI), ISO 27001
mendefinisikan 11 klausul, 39 objektif kontrol,
dan 133 kontrol (Kemenpora, 2012)
Kelompok Kebutuhan
Pengendalian
Keamanan
Proses Perancangan
Manajemen Keamanan
Informasi
▪ Tujuan Standar ISO 27001:2009 adalah
sebagai acuan untuk pembangunan,
pengoperasian, pengimplementasian,
peninjauan, pengawasan, pemeliharaan dan
perbaikan sistem manajemen keamanan
informasi.
▪ ISO 27001 menggunakan siklus Plan-Do-
Check-Act (PDCA)
Siklus PDCA pada ISO 27001

Sumber: A.T. Kearney Analysis,

2013
Siklus PDCA pada ISO 27001
Plan
• Pada tahap ini dilakukan penetapan tujuan, aturan,
proses, dan prosedur yang sesuai untuk mengelola
risiko dan meningkatkan keamanan informasi. Hal
ini bertujuan agar dapat memberikan hasil sesuai
dengan tujuan dan kebijakan organisasi.
Do
• Selanjutnya dilakukan penerapan dan jalannya
aturan, kontrol, kebijakan, proses dan prosedur
sistem manajemen keamanan informasi (SMKI)
yang sudah dipilih di tahap sebelumnya.

ISO 27000 for Info Security Experts
100% (1)
ISO 27000 for Info Security Experts
4 pages
Sosialisasi Perubahan Format Baru Ujian CA - 18 Nov 2021
No ratings yet
Sosialisasi Perubahan Format Baru Ujian CA - 18 Nov 2021
47 pages
COBIT PAM Presentation PDF
No ratings yet
COBIT PAM Presentation PDF
70 pages
Smki Vs Smap Vs SMM Vs SML v02
No ratings yet
Smki Vs Smap Vs SMM Vs SML v02
52 pages
Materi - Roni Sadrah - ISO SNI 27037 - Posisi Ahli Forensik Digital - Revisi
100% (1)
Materi - Roni Sadrah - ISO SNI 27037 - Posisi Ahli Forensik Digital - Revisi
23 pages
Jadwal Sertifikasi Internal Auditor 2024
No ratings yet
Jadwal Sertifikasi Internal Auditor 2024
4 pages
Presentation IT Governance
No ratings yet
Presentation IT Governance
18 pages
1201 Engagement Planning
No ratings yet
1201 Engagement Planning
3 pages
SOP Keamanan Informasi ISO 27001
No ratings yet
SOP Keamanan Informasi ISO 27001
7 pages
Pengelolaan Keamanan Informasi 2024 Juli
No ratings yet
Pengelolaan Keamanan Informasi 2024 Juli
101 pages
Keamanan Data Arsip Digital - Signed
No ratings yet
Keamanan Data Arsip Digital - Signed
27 pages
Sudarsan Jayaraman - MIgrating To COBIT 5
No ratings yet
Sudarsan Jayaraman - MIgrating To COBIT 5
62 pages
Cobit Soal
No ratings yet
Cobit Soal
36 pages
Contoh Soal Tes Toeic
100% (1)
Contoh Soal Tes Toeic
2 pages
DASAR - Slide Fondasi Audit Internal - Hananto Widhiatmoko (PUBLISH)
No ratings yet
DASAR - Slide Fondasi Audit Internal - Hananto Widhiatmoko (PUBLISH)
58 pages
ISO 27001 Audit Plan Overview
No ratings yet
ISO 27001 Audit Plan Overview
20 pages
Cyber Security Awareness Ver.1.0
100% (2)
Cyber Security Awareness Ver.1.0
20 pages
Capítulo 1 CISA
No ratings yet
Capítulo 1 CISA
42 pages
Isaca'S Cobit Assessment Programme (Based On COBIT 5)
No ratings yet
Isaca'S Cobit Assessment Programme (Based On COBIT 5)
33 pages
Botswana Alignment of COBIT To Botswana IT Audit Presentation
No ratings yet
Botswana Alignment of COBIT To Botswana IT Audit Presentation
25 pages
Strategic Planning of Information System: Resume - COBIT PT. Kereta Api Indonesia
No ratings yet
Strategic Planning of Information System: Resume - COBIT PT. Kereta Api Indonesia
9 pages
Tanuwijaya, Sarno - 2010 - Comparation of CobiT Maturity Model and Structural Equation Model For Measuring The Alignment Between Univers
No ratings yet
Tanuwijaya, Sarno - 2010 - Comparation of CobiT Maturity Model and Structural Equation Model For Measuring The Alignment Between Univers
13 pages
COBIT-5-Assurance Res Eng 1213
No ratings yet
COBIT-5-Assurance Res Eng 1213
17 pages
ISO 27001:2022 Annex A Control Updates
No ratings yet
ISO 27001:2022 Annex A Control Updates
19 pages
ISO 27001:2022 Training Overview
100% (4)
ISO 27001:2022 Training Overview
73 pages
Day 2 Part 3 IT-Security Laws Und Standards
No ratings yet
Day 2 Part 3 IT-Security Laws Und Standards
15 pages
Analysis of The Implementation of ISO 27001 2022 A
No ratings yet
Analysis of The Implementation of ISO 27001 2022 A
13 pages
ISO 27001 and the PDCA Cycle Explained
No ratings yet
ISO 27001 and the PDCA Cycle Explained
26 pages
ISO 27001 for IT Professionals
No ratings yet
ISO 27001 for IT Professionals
26 pages
PCI Training Awareness ISO-IEC 27001 - 2013 - Rev01
No ratings yet
PCI Training Awareness ISO-IEC 27001 - 2013 - Rev01
112 pages
Chapter 3 - Is Security Management, Standards and Regulations
No ratings yet
Chapter 3 - Is Security Management, Standards and Regulations
8 pages
ISO 2700 Series for IT Students
No ratings yet
ISO 2700 Series for IT Students
6 pages
XM The ISO 27000 Family of Standards 230516
No ratings yet
XM The ISO 27000 Family of Standards 230516
1 page
ISO 27001:2015 Overview by TÜV SÜD
100% (1)
ISO 27001:2015 Overview by TÜV SÜD
23 pages
Webinar Iso27001 2022 Transition November 2022 r4
No ratings yet
Webinar Iso27001 2022 Transition November 2022 r4
73 pages
ISMS 27K Standards
No ratings yet
ISMS 27K Standards
25 pages
Web Content: ISO/IEC 27001 ISO 27000 Series
No ratings yet
Web Content: ISO/IEC 27001 ISO 27000 Series
7 pages
Presentaion
No ratings yet
Presentaion
14 pages
Iso 27001
80% (5)
Iso 27001
7 pages
Iso 27001 PDF
No ratings yet
Iso 27001 PDF
7 pages
Information Security Management Tools
No ratings yet
Information Security Management Tools
48 pages
ISO 27001 Introduction Priso27001introduction1-221125112118-4f2bb00a
100% (1)
ISO 27001 Introduction Priso27001introduction1-221125112118-4f2bb00a
40 pages
ISO/IEC 27000 (Free) : 1 2018 Vocabulary Standard
No ratings yet
ISO/IEC 27000 (Free) : 1 2018 Vocabulary Standard
28 pages
ISO 27001 and Friends Your Ultimate Security Squad
No ratings yet
ISO 27001 and Friends Your Ultimate Security Squad
21 pages
The Published ISO27K About IT-Security
No ratings yet
The Published ISO27K About IT-Security
3 pages
Priso27001introduction1 221125112118 4f2bb00a
No ratings yet
Priso27001introduction1 221125112118 4f2bb00a
40 pages
ISO 27001 and Friends - Your Ultimate Security Squad!
No ratings yet
ISO 27001 and Friends - Your Ultimate Security Squad!
21 pages
ISACA ISO Overview
No ratings yet
ISACA ISO Overview
13 pages
Family
No ratings yet
Family
11 pages
ISO 27000 Series Guide for Businesses
No ratings yet
ISO 27000 Series Guide for Businesses
31 pages
ISO Standards Mari Seeba
No ratings yet
ISO Standards Mari Seeba
29 pages
Security Standard PPT - 4
No ratings yet
Security Standard PPT - 4
42 pages
03 Risk Management Dan Audit - IsMS v1.1. Maret 2019
No ratings yet
03 Risk Management Dan Audit - IsMS v1.1. Maret 2019
62 pages
Topic 8 - IsO 27001
No ratings yet
Topic 8 - IsO 27001
29 pages
Overview of ISO/IEC 27000 Standards
No ratings yet
Overview of ISO/IEC 27000 Standards
123 pages
ISO/IEC 27001 and IT Baseline Protection (IT-Grundschutz) : Amgad Mahmoud, Felix Schmidt, Gerd Siebert
No ratings yet
ISO/IEC 27001 and IT Baseline Protection (IT-Grundschutz) : Amgad Mahmoud, Felix Schmidt, Gerd Siebert
3 pages
ISO/IEC 27001 and IT Baseline Protection (IT-Grundschutz) : Amgad Mahmoud, Felix Schmidt, Gerd Siebert
No ratings yet
ISO/IEC 27001 and IT Baseline Protection (IT-Grundschutz) : Amgad Mahmoud, Felix Schmidt, Gerd Siebert
3 pages
ISO 27000 Overview
No ratings yet
ISO 27000 Overview
1 page
GRC 3 PDF
No ratings yet
GRC 3 PDF
54 pages
ISO 27001:2005 vs 2013 Control Mapping
No ratings yet
ISO 27001:2005 vs 2013 Control Mapping
33 pages
BMI Tanzania Insurance Report Q4 2016
No ratings yet
BMI Tanzania Insurance Report Q4 2016
57 pages
MSDS All DNA RNA Purification Kits
No ratings yet
MSDS All DNA RNA Purification Kits
6 pages
Prefix and Suffix
No ratings yet
Prefix and Suffix
57 pages
Question & Answers: Commercial Negotiation
100% (2)
Question & Answers: Commercial Negotiation
12 pages
The Ventersdorp Contact Reef Model in The Kloof Go 2014 International Journa
No ratings yet
The Ventersdorp Contact Reef Model in The Kloof Go 2014 International Journa
17 pages
Global Insurance Risk Insights
No ratings yet
Global Insurance Risk Insights
10 pages
3RD Ptest
No ratings yet
3RD Ptest
5 pages
STS Software Diagnostic Output and Error Messages
No ratings yet
STS Software Diagnostic Output and Error Messages
480 pages
TASER 7 and TASER 7 CQ User Manual
No ratings yet
TASER 7 and TASER 7 CQ User Manual
50 pages
A Morphological Analysis of Derivational Suffixes in Short Stories
No ratings yet
A Morphological Analysis of Derivational Suffixes in Short Stories
17 pages
Ee Uppsc Ae MCQ
No ratings yet
Ee Uppsc Ae MCQ
18 pages
Dynamic Ultra Plus: SAE 15W-40
No ratings yet
Dynamic Ultra Plus: SAE 15W-40
2 pages
SF1, SF2, SF5 - 2018 - G9 (Year III) - (DD) MELON
No ratings yet
SF1, SF2, SF5 - 2018 - G9 (Year III) - (DD) MELON
9 pages
Branham's Prophetic Legacy
No ratings yet
Branham's Prophetic Legacy
18 pages
Sds Sefar Nytal Quicktal 5604-03-2025 En-Au
No ratings yet
Sds Sefar Nytal Quicktal 5604-03-2025 En-Au
10 pages
Shanti Business School: PGDM Trimester-Iii End Term Examination JULY - 2015
No ratings yet
Shanti Business School: PGDM Trimester-Iii End Term Examination JULY - 2015
8 pages
Shivam Ind. Training Final
No ratings yet
Shivam Ind. Training Final
29 pages
KG Lesson of Festival (15-16 & 19 - 21 January - 2025
No ratings yet
KG Lesson of Festival (15-16 & 19 - 21 January - 2025
2 pages
CH 13
No ratings yet
CH 13
120 pages
MTM 2.0 For Bike MS
No ratings yet
MTM 2.0 For Bike MS
4 pages
Experimental Cold Storage Energy Use
No ratings yet
Experimental Cold Storage Energy Use
6 pages
Dean Iricen
No ratings yet
Dean Iricen
19 pages
Grade 12 Career Guidance Module: "The Choice of Choosing"
100% (5)
Grade 12 Career Guidance Module: "The Choice of Choosing"
25 pages
Intellectual Revolutions in History
No ratings yet
Intellectual Revolutions in History
29 pages
Edgar Dale
No ratings yet
Edgar Dale
4 pages
Food Processing & Packaging Course
No ratings yet
Food Processing & Packaging Course
18 pages
Digital Marketing Insights
No ratings yet
Digital Marketing Insights
12 pages
Encounter Essay TEMEN OBLAK
No ratings yet
Encounter Essay TEMEN OBLAK
7 pages
Brain Balancing Protocol Dr. Karen March 2014
100% (2)
Brain Balancing Protocol Dr. Karen March 2014
5 pages
EKC 315A Danfoss Rs8cS302
No ratings yet
EKC 315A Danfoss Rs8cS302
16 pages

Standar Dan Kerangka Kerja Keamanan Informasi: ISO 27000 Information Security Management System

Uploaded by

Standar Dan Kerangka Kerja Keamanan Informasi: ISO 27000 Information Security Management System

Uploaded by

Standar dan Kerangka

•Pengelolaan keamanan informasi yang baik dan

•ISO 27001 (Information

•Sebelumnya ISO 27002 dikenal dengan nama ISO 17799:2005

ISO 27005 (Information Security Risk

ISO 27006 (Information Technology - Security

Sumber: A.T. Kearney Analysis,

You might also like