Abstract
The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
