The design of the Information Security Management System that is made includes all existing processes in a company. Organizations such as universities or institutions need to have a clear security management system. One of the standards that can be used to analyze the level of information security within an organization is ISO 27001:2013. This standard is continuously being developed for the purpose of completing the requirements in terms of implementation of a security system. This study aims to find out how ISO 27001 works and its benefits for an organization. The study employed a literature review methodology. Sources included books, academic papers, internet resources, and personal experiences related to the topic. This study is also expected to be able to help provide a reference for companies to determine the most appropriate security system for the company. In conclusion, the integration of ISO 27001 into an organization's security management system is crucial in today's complex digital landscape. Embracing ISO 27001 not only enhances the overall security framework within an organization but also instills trust among stakeholders and customers in the organization's dedication to data protection.
Read full abstract