Journal of information and communication convergence engineering

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

ISM Application Tool, A Contribution to Address the Barrier of Information Security Management System Implementation

  • Received : 2019.11.30
  • Accepted : 2020.03.12
  • Published : 2020.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

Information-security management systems (ISMSs) are becoming very important, even for micro, small, and medium enterprises (MSMEs). However, implementing an ISMS is not an easy task. Many obstacles must be overcome, e.g., complexity, document tracking, competency management, and even changing cultures. The objective of our study is to provide ISMS application tools, based on ISO 27001:2013 ISM frameworks. The application was developed on the Odoo Open Enterprise Resource Planning platform. To validate its feasibility for future improvement, the application was implemented by an MSME company. For this implementation, information-security-related users gave their feedback through a questionnaire. The distributed feedback questionnaire consists of nine assessment parameters, covering topics from the application's technical aspects to users' experiences. Based on the questionnaire feedback, all users of the application were satisfied with its performance.

Keywords

References

  1. J. W. Candra, O. C. Briliyant, and S. R. Tamba, "ISMS planning based on ISO/IEC 27001:2013 using analytical hierarchy process at gap analysis phase (Case study : XYZ institute)," in Proceedings of the 2017 11th International Conference on Telecommunication Systems Services and Applications, TSSA 2017, 2018, vol. 2018-January, no. 4, pp. 1-6. DOI: 10.1109/IWBIS.2018.8471700.
  2. D. Achmadi, Y. Suryanto, and K. Ramli, "On Developing Information Security Management System (ISMS) Framework for ISO 27001-based Data Center," in 2018 International Workshop on Big Data and Information Security, IWBIS 2018, 2018, pp. 149-157. DOI: 10.1109/IWBIS.2018.8471700.
  3. Department for Digital Culture Media and Sport, "Cyber Security Breaches Survey 2016," 2018. DOI: 10.13140/RG.2.1.4332.6324.
  4. F. G. I. T. U.S. Congress, Office of Technology Assessment, "Electronic Record Systems and Individual Privacy," no. June, 1986. DOI: 10.1016/0167-4048(86)90061-1.
  5. N. Sakiba, "Security challenges for e-learning ecosystems," Master's thesis, Norwegian University of Science and Technology, 2017.
  6. H. W. Glaspie and W. Karwowski, "Human Factors in Information Security Culture: A Literature Review," in International Conference on Human Factors in Cybersecurity, 2017, 2019, vol. 593, no. January. DOI: 10.1007/978-3-319-94782-2.
  7. A. Retnowardhani, R. H. Diputra, and Y. S. Triana, "Security risk analysis of bring your own device (BYOD) system in manufacturing company at Tangerang," TELKOMNIKA (Telecommunication Comput. Electron. Control.), vol. 17, no. 2, p. 753, Apr. 2019. DOI: 10.12928/telkomnika. v17i2.10165.
  8. The Ministry of Communication and Informatic, Regulation of the Indonesia Minister of Communication and Information Technology RI number 4 of 2016 concerning information security management system, 2016, p. 29. (In Bahasa Indonesia)
  9. A. B. Setiawan, "Kajian Kesiapan Keamanan Informasi Instansi Pemerintah Dalam Penerapan E-Government," J. Masy. Telemat. dan Inf., vol. 4, no. 2, pp. 109-126, 2013.
  10. M. Gehrmann, "Combining ITIL, COBIT and ISO / IEC 27002 for structuring comprehensive information technology for management in organizations," Navus - Rev. Gest. e Technol., vol. 2, no. 2, pp. 66-77, 2012.
  11. M. Sadikin, R. Yusuf, and L. Mitaliska, "Combining ITAF and ISO 27004 to Perform IS Audit in Higher Education Institution," in International Conference on Recent Innovations in Computer Science and Information Technology (ICRICSIT-2015), 2015, pp. 1-6.
  12. ISO, "The ISO Survey of Management System Standard Certifications 2016 Executive," 2017.
  13. A. H. Tajfar, M. M. Maymand, F. Rezasoltani, and P. Rezasoltani, "Ranking the barriers of implementing Information Security Management System and Investigation of readiness rate of exploration management," J. Inf. Technol. Manag., vol. 6, no. 4, pp. 551-556, 2015.
  14. S. Al-Dhahri, M. Al-Sarti, and A. Abdul, "Information Security Management System," Int. J. Comput. Appl., vol. 158, no. 7, pp. 29-33, 2017. DOI: 10.5120/ijca2017912851.
  15. L. Tot, G. Grubor, and T. Marta, "Introducing the information security management system in cloud computing environment," Acta Polytech. Hungarica, vol. 12, no. 3, pp. 147-166, 2015.
  16. H. Susanto, M. N. Almunawar, and Y. C. Tuan, "Information Security Challenge and Breaches: Novelty Approach on Measuring ISO 27001 Readiness Level," Int. J. Eng. Technol., vol. 2, no. 1, pp. 67-75, 2012. DOI: 10.1109/IWBIS.2018.8471700
  17. M. Bakri and N. Irmayana, "The Information Security using SIMHP BPKP Menggunakan Standar ISO 27001," J. TEKNOKOMPAK, vol. 11, no. 2, pp. 41-44, 2017. (In Bahasa Indosia)
  18. M. Zammani and R. Razali, "An empirical study of information security management success factors," Int. J. Adv. Sci. Eng. Inf. Technol., vol. 6, no. 6, pp. 904-913, 2016. DOI: 10.18517/ijaseit.6.6.1371.
  19. A. Ganesh, K. N. Shanil, C. Sunitha, and A. M. Midhundas, "OpenERP/Odoo - An open source concept to ERP solution," in Proceedings of the 6th International Advanced Computing Conference, IACC 2016, 2016, no. February, pp. 112-116. DOI: 10.1109/IACC.2016.30.
  20. M. Adhi Prasnowo et al., "Designing Odoo's enterprise resource planning (ERP) in micro, small and medium enterprises (MSMEs)," J. Phys. Conf. Ser., vol. 1175, no. 1, 2019. DOI: 10.1088/1742-6596/1175/1/012202.
  21. Yulia, G. S. Budhi, and S. N. Hendratha, "Odoo data mining module using market basket analysis," J. Inf. Commun. Converg. Eng., vol. 16, no. 1, pp. 52-59, 2018. DOI: 10.6109/jicce.2018.16.1.52.
  22. R. Akbar et al., "The Implementation of Enterprise Resources Planning (ERP) for Information System of Purchasing, Sales and Stock," J. Teknoif, vol. 3, no. 2, pp. 29-40, 2015. (In Bahasa Indonesia)