ISO/IEC 27001:2022

ISO/IEC 27001:2022 (Sistem Manajemen Keamanan Informasi)

ISO/IEC 27001:2022 atau ISMS ( Information Security Management System ) adalah standar internasional sistem manajemen keamanan informasi yaitu sebuah metode khusus yang terstruktur tentang pengamanan informasi yang diakui secara internasional yang sebelumnya ISO/IEC 27001:2013. ISO/IEC 27001 merupakan dokumen sistem manajemen keamanan informasi atau Information Security Management System, biasa disebut ISMS, yang memberikan gambaran secara umum mengenai apa saja yang harus dilakukan oleh sebuah perusahaan dalam usaha mereka untuk mengevaluasi, mengimplementasikan dan memelihara keamanan informasi di perusahaan berdasarkan ”best practise” dalam pengamanan informasi.

Pengamanan informasi adalah suatu proses perlindungan terhadap informasi untuk memastikan beberapa hal berikut ini:
•   Kerahasiaan (confidentiality): memastikan bahwa informasi hanya dapat diakses oleh pihak yang memiliki
wewenang.
•   Integritas (integrity): memastikan bahwa informasi tetap akurat dan lengkap, serta informasi tersebut tidak
dimodifikasi tanpa otorisasi yang jelas.
•   Ketersediaan (availability): memastikan bahwa informasi dapat diakses oleh pihak yang memiliki wewenang
ketika dibutuhkan.

Pengamanan informasi tersebut dapat dicapai dengan melakukan suatu kontrol yang terdiri dari kebijakan, proses, prosedur, struktur organisasi, serta fungsi-fungsi infrastruktur TI. Dengan kata lain ISO/IEC 27001 adalah suatu cara untuk melindungi dan mengelola informasi berdasarkan pendekatan yang sistematis terhadap risiko bisnis, untuk mempersiapkan, mengimplementasikan, mengoperasikan, mengawasi, meninjau kembali, memelihara, serta meningkatkan pengamanan informasi.

Mengapa harus menerapkan standar ISO/IEC 27001:2022?
•   Semua kegiatan harus sesuai dengan tujuan dan proses pengamanan informasi yang              didefinisikan dengan jelas dan didokumentasikan dalam suatu kebijakan dan prosedur.
•   Standar ini memberikan kontrol pengamanan, yang dapat digunakan oleh organisasi              untuk diimplementasikan berdasarkan kebutuhan spesifik bisnis organisasi.
•   Semua pengukuran pengamanan yang digunakan dalam ISMS harus                                     diimplementasikan sebagai hasil dari analisis risiko untuk mengeliminasi atau untuk               mengurangi level risiko hingga level   yang dapat diterima.
•   Suatu proses harus dapat memastikan adanya verifikasi secara berkelanjutan                        terhadap semua elemen sistem pengamanan melalui audit dan review.
•   Suatu proses harus dapat memastikan continuous improvement dari semua elemen informasi dan sistem manajemen pengamanan dengan mengadopsi model PDCA (Plan-Do-Check-Act)

Manfaat dengan diterapkannya ISO 27001:2022 bagi organisasi antara lain :
•   Membantu organisasi terkait dengan kesesuaian terhadap kebutuhan standar                        keamanan informasi yang sudah teruji (best practice dalam pengamanan informasi)
•   Membuat pengaruh positif dalam hal citra perusahaan, nilai, dan persepsi yang baik              dari pihak lain.
•   Memastikan bahwa organisasi memiliki kontrol terkait keamanan informasi terhadap           lingkungan proses bisnisnya yang mungkin menimbulkan risiko atau gangguan.
•   Meningkatkan kepercayaan pelanggan, pihak ketiga, dan seluruh stakeholder yang                ada terhadap pelayanan yang diberikan melalui organisasi.
•   Membantu organisasi dalam menjalankan perbaikan yang berkesinambungan di                    dalam pengelolaan  keamanan informasi.
•   Membuat pelaksanaan setiap proses menjadi lebih sistematis dan merubah budaya              kerja organisasi.
•   Meminimalkan resiko melalui proses risk assessment yang professional,                                   terstandarisasi dan komprehensif dalam kerangka manajemen resiko.
•   Meningkatkan efektivitas dan keandalan pengamanan informasi.
•   Diferensiasi pasar.
•   Salah satu standar pengamanan informasi yang diakui di seluruh dunia.
•   Kemungkinan rendahnya pembayaran premi asuransi yang harus dibayar kepada                perusahaan asuransi karena standar yang sudah teruji.
•   Patuh terhadap hukum dan undang-undang seperti UU ITE, dll.
•   Meningkatkan profit perusahaan.
•   Menunjukkan tata kelola yang baik dalam penanganan informasi.
•   Manajemen senior memiliki tanggung jawab keamanan informasi, sehingga staf lebih            fokus terhadap tanggungjawabnya.
•   Adanya review yang independen terkait ISMS dengan adanya audit setiap tahun.
•   Dapat digabung atau diintegrasi dengan sistem manajemen lainnya seperti ISO 9001,         ISO 14001, ISO 31000, ISO/IEC 27701, ISO/IEC 42001.
•   Adanya mekanisme untuk mengukur berhasil atau tidaknya kontrol pengamanan
Prinsip 1 – Confidentiality

Karakteristik informasi di mana mereka yang hanya punya akses dan kebutuhan dapat mengakses informasi tertentu.

Prinsip 2 – Integrity
Kualitas atau keadaan yang utuh, lengkap, dan tidak rusak. Integritas informasi bebas dari ancaman korupsi, kerusakan, kehancuran, atau gangguan lain.

Prinsip 3 – Availability
karakteristik informasi yang memungkinkan pengguna mengakses informasi dalam format yang berguna tanpa interfensi atau obstruksi.

Prinsip 4 – Privacy
informasi yang dikumpulkan, digunakan dan disimpan oleh sebuah organisasi hanya dengan tujuan yang dinyatakan oleh pemilik data pada saat dikumpulkan. Privacy berarti bahwa informasi akan digunakan apabila diketahui oleh orang yg menyediakannya.

Prinsip 5 – Identification
Sistem informasi memiliki karakteristik identifikasi ketika mampu mengenali pengguna individu.(username atau ID lainnya).

Prinsip 6 – Authentication
terjadi ketika kontrol membuktikan bahwa pengguna memiliki identitas yg ia klaim.

Prinsip 7 – Authorization
Menjamin bahwa pengguna (orang atau komputer) telah secara khusus dan secara eksplisit disahkan oleh otoritas yang tepat untuk mengakses, memperbarui, atau menghapus isi dari aset informasi.

Prinsip 8 – Accountability
Informasi ada ketika kontrol memberikan jaminan bahwa setiap kegiatan yang dilakukan dapat dikaitkan dengan seseorang bernama atau proses otomatis.

DC Konsultan menyediakan layanan mulai Konsultansi, Gap Assessment, Program Pelatihan, Pembuatan Prosedur / Dokumen  sampai dengan pendampingan audit sertifikasi ISO/IEC 27001:2022 Sistem Manajemen Keamanan Informasi. Hubungi kami untuk mendapatkan pendampingan dan penawaran terbaik.

31 thoughts on “ISO/IEC 27001:2022”

  2. I needed to write you the tiny note to say thank you once again for these incredible information you’ve documented on this page. This has been unbelievably generous with you to provide freely precisely what most people could have advertised for an e book in order to make some dough for their own end, mostly considering that you could have tried it if you ever wanted. The strategies as well served to be the good way to recognize that other people online have the identical desire like my personal own to know significantly more related to this problem. I know there are thousands of more fun occasions in the future for people who view your website.

    Reply

  3. Sweet blog! I found it while surfing around on Yahoo News. Do you have any suggestions on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Thanks

    Reply

    1. its is so easy. You must:
      1. Add URL (please search at google)
      2. You can use Backlink Tools
      3. You can use Ping o matic
      4. You can use free online advertise
      5. you can use forum to introduce your site
      I am sure you can GET number ONE. because My Site just 2 month my site on PAGE ONE…All of free or no money….:)
      Good luck and Thank You.

      Reply

    1. its is so easy. You must:
      1. Add URL (please search at google)
      2. You can use Backlink Tools
      3. You can use Ping o matic
      4. You can use free online advertise
      5. you can use forum to introduce your site
      I am sure you can GET number ONE. because My Site just 2 month my site on PAGE ONE…All of free or no money….:)
      Good luck and Thank You.

      Reply

  5. Howdy very cool website!! Man .. Excellent .. Amazing .. I will bookmark your website and take the feeds also…I am satisfied to find numerous helpful info right here within the publish, we’d like develop extra techniques in this regard, thanks for sharing. . . . . .

    Reply

  6. Throughout the great design of things you receive an A+ just for hard work. Where exactly you confused us ended up being in the particulars. As they say, details make or break the argument.. And it couldn’t be much more accurate right here. Having said that, allow me tell you what exactly did do the job. The writing is certainly very persuasive which is possibly why I am making the effort to comment. I do not really make it a regular habit of doing that. 2nd, despite the fact that I can certainly see a leaps in reason you come up with, I am not necessarily sure of just how you seem to unite your ideas which in turn produce the final result. For now I will subscribe to your issue but wish in the future you actually connect your facts much better.

    Reply

  7. One thing I’ve noticed is that there are plenty of fallacies regarding the banking companies intentions if talking about foreclosed. One fantasy in particular is the fact that the bank needs to have your house. The lender wants your hard earned cash, not your home. They want the amount of money they lent you with interest. Averting the bank will undoubtedly draw any foreclosed final result. Thanks for your post.

    Reply

  8. With havin so much content do you ever run into any issues of plagorism or copyright infringement? My site has a lot of exclusive content I’ve either written myself or outsourced but it seems a lot of it is popping it up all over the internet without my agreement. Do you know any solutions to help reduce content from being stolen? I’d truly appreciate it.

    Reply

  9. great publish, very informative. I wonder why the other experts of this sector don’t realize this. You must proceed your writing. I am confident, you have a great readers’ base already!

    Reply

  10. Great post and right to the point. I don’t know if this is truly the best place to ask but do you guys have any ideea where to get some professional writers? Thx 🙂

    Reply

  11. Thank you for any other wonderful post. The place else may just anyone get that type of info in such a perfect method of writing? I’ve a presentation next week, and I am on the search for such information.

    Reply

  13. Thanks for your publication. I also think that laptop computers have become more and more popular these days, and now are sometimes the only form of computer utilised in a household. It is because at the same time that they are becoming more and more reasonably priced, their working power keeps growing to the point where these are as highly effective as desktop through just a few years back.

    Reply

  14. Thanks for your tips. One thing we have noticed is the fact that banks as well as financial institutions really know the spending patterns of consumers and also understand that most of the people max out and about their cards around the holiday seasons. They sensibly take advantage of that fact and commence flooding ones inbox along with snail-mail box with hundreds of no interest APR card offers immediately after the holiday season finishes. Knowing that in case you are like 98% of American open public, you’ll rush at the chance to consolidate card debt and transfer balances for 0 interest rate credit cards.

    Reply

  15. I like the valuable information you supply for your articles. I’ll bookmark your weblog and check once more right here frequently. I’m fairly sure I’ll be told many new stuff proper right here! Good luck for the next!

    Reply

  16. I’m not sure exactly why but this website is loading incredibly slow for me. Is anyone else having this issue or is it a problem on my end? I’ll check back later and see if the problem still exists.

    Reply

  17. magnificent post, very informative. I wonder why the other specialists of this sector don’t notice this. You should continue your writing. I’m confident, you’ve a huge readers’ base already!

    Reply

  18. I just like the valuable info you supply on your articles. I’ll bookmark your weblog and take a look at once more here frequently. I am moderately sure I’ll be told lots of new stuff proper here! Good luck for the next!

    Reply

  19. Interesting blog! Is your theme custom made or did you download it from somewhere? A theme like yours with a few simple adjustements would really make my blog stand out. Please let me know where you got your theme. Kudos

    Reply

  22. I am really impressed with your writing skills and also with the layout on your blog. Is this a paid theme or did you customize it yourself? Either way keep up the nice quality writing, it is rare to see a great blog like this one these days..

    Reply

  23. Please let me know if you’re looking for a article author for your weblog. You have some really good articles and I feel I would be a good asset. If you ever want to take some of the load off, I’d love to write some articles for your blog in exchange for a link back to mine. Please shoot me an email if interested. Cheers!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *