SISTEM MANAJEMEN KEAMANAN INFORMASI ISO/IEC 27001:2022: Panduan Lengkap dan Implementasi

Authors

Dr. Nungky Awang Chandra, S.Si., M.TI.
Universitas Mercu Buana

Keywords:

Sistem, Manajemen, Keamanan, Informasi, ISO, IEC

Synopsis

Ancaman keamanan siber yang semakin kompleks, kebocoran data, serta tuntutan kepatuhan terhadap berbagai regulasi menjadikan pengelolaan keamanan informasi sebagai kebutuhan strategis bagi setiap organisasi. Buku “SISTEM MANAJEMEN KEAMANAN INFORMASI ISO/IEC 27001:2022 Panduan Lengkap dan Implementasi” hadir sebagai referensi komprehensif bagi organisasi yang ingin memahami dan menerapkan standar keamanan informasi secara sistematis dan terstruktur. Buku ini membahas secara mendalam konsep, prinsip, serta tahapan implementasi ISO/IEC 27001, yaitu standar internasional yang memberikan kerangka kerja dalam membangun, menerapkan, memantau, dan meningkatkan Sistem Manajemen Keamanan Informasi  untuk melindungi kerahasiaan, integritas, dan ketersediaan informasi organisasi. Melalui pendekatan yang praktis dan aplikatif, buku ini menjelaskan bagaimana organisasi dapat memulai penerapan SMKI mulai dari tahap inisiasi, perencanaan, implementasi, monitoring, hingga peningkatan berkelanjutan, termasuk pembentukan tim implementasi, penyusunan kebijakan keamanan informasi, metodologi manajemen risiko, serta pengelolaan dokumen dan kontrol keamanan. Selain itu, buku ini juga membahas berbagai aspek penting dalam pengelolaan keamanan informasi seperti manajemen risiko, pengelolaan sumber daya, audit internal, tindakan korektif, serta evaluasi efektivitas sistem keamanan informasi. Penjelasan dilengkapi dengan contoh penerapan praktis, tabel, serta pendekatan analisis yang dapat membantu organisasi memahami langkah-langkah implementasi secara lebih sistematis. Penerapan ISO/IEC 27001 tidak hanya membantu organisasi dalam melindungi aset informasi, tetapi juga memberikan berbagai manfaat strategis seperti meningkatkan kepercayaan pelanggan dan mitra bisnis, mendukung kepatuhan terhadap regulasi perlindungan data, meningkatkan efisiensi operasional, serta meminimalkan dampak serangan siber. Buku ini juga menyoroti pentingnya tata kelola keamanan informasi yang baik serta peran lembaga sertifikasi dan regulator dalam memastikan bahwa proses sertifikasi dilakukan oleh badan yang kompeten dan diakui secara nasional maupun internasional.

Downloads

Download data is not yet available.

References

Ahmad, A. (2018). Cyber incident response management. Journal of Cybersecurity.

Ahmad, A., Bosua, R., & Scheepers, R. (2015). Protecting organizational competitive advantage. Information Management & Computer Security.

AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior.

Alotaibi, F. (2020). Information security management maturity. Information Systems Journal.

Alshaikh, M. (2020). Developing cybersecurity capability maturity models. Computers & Security.Amin, H.E., Samhat, A.E., Chamoun, M., Oueidat, L., Feghali, A.(2024). An Integrated Approach to Cyber Risk Management with Cyber Threat Intelligence Framework to Secure Critical Infrastructure. Journal of Cybersecurity and Privacy, MDPI,4, 357-381.

Alshboul, Y. (2019). Information security governance frameworks. International Journal of Information Security.

Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed Systems (3rd ed.). Wiley.

Bada, M., Sasse, A., & Nurse, J. (2019). Cybersecurity awareness campaigns. Computers & Security.

Behl, A. (2017). Cybersecurity and Cyberwar. Oxford University Press.

Behl, A., & Behl, K. (2017). Cybersecurity and Cyberwar.

Bishop, M. (2019). Computer Security: Art and Science. Addison-Wesley.

Calder, A. (2022). ISO/IEC 27001:2022 – A Pocket Guide. IT Governance Publishing.

Calder, A., & Moir, S. (2020). Information Security Based on ISO 27001. IT Governance Publishing.

Calder, A., & Watkins, S. (2019). IT Governance: An International Guide to Data Security. Kogan Page.

Cavusoglu, H., Mishra, B., & Raghunathan, S. (2018). The economics of information security. Management Science.

Chen, T. (2018). Cybersecurity risk management. IEEE Security & Privacy.

Cisco. (2022). Annual Cybersecurity Report.

Colwill, C. (2019). Human factors in information security. Information Security Technical Report.

Conti, M., & Kumar, A. (2018). A survey on security in IoT. IEEE Communications Surveys.

Crossler, R. (2018). A comprehensive review of cybersecurity research. Journal of the Association for Information Systems.

Da Veiga, A. (2020). Information security culture measurement. Computers & Security.

Darktrace. (2021). Cyber Threat Report.

Deloitte. (2022). Global Cyber Risk Survey.

Dhillon, G., & Backhouse, J. (2018). Information security management in the new millennium. Communications of the ACM.

Dosari, K.A., & Fetais, N.(2023). Risk-Management Framework and Information-Security Systems for Small and Medium Enterprises (SMEs): AMeta-Analysis Approach. Journal of Electronics, MDPI,12, 3629.

ENISA. (2021). Cybersecurity Threat Landscape.

ENISA. (2022). Threat Landscape Report.

EY. (2022). Global Information Security Survey.

Garcia, I.D.S., Mejia, J., Gilabert, T.S.F. (2023). Cybersecurity Risk assessment: A Systematic Mapping Review, Proposal, and Validation. Journal of Applied Science, MDPI, 13, 395.

Gartner. (2022). Cybersecurity Strategic Roadmap.

Google. (2022). Threat Analysis Report.

Gordon, L., Loeb, M., & Zhou, L. (2019). Investing in cybersecurity. Journal of Accounting and Public Policy.

Hall, J. (2016). Accounting Information Systems. Cengage.

Hodson, C.J. (2024). Cyber Risk Management. London EC1V3RS United Kingdom: Kogan Page Limited.

Humphreys, E. (2016). Information security management standards. Information Security Journal.

IBM Security. (2023). Cost of Data Breach Report.

ISACA. (2019). COBIT 2019 Framework.

ISACA. (2020). CISM Review Manual.

ISACA. (2021). CISA Review Manual.

ISF. (2021). Information Security Forum Report.

ISO. (2012). ISO/IEC 27035 Information Security Incident Management.

ISO. (2013). ISO/IEC 27017 Cloud Security Controls.

ISO. (2018). ISO 31000 Risk Management Guidelines.

ISO. (2018). ISO/IEC 27005 Information Security Risk Management.

ISO. (2019). ISO/IEC 27701 Privacy Information Management.

ISO. (2022). ISO/IEC 27001:2022 Information Security Management Systems — Requirements.

ISO. (2022). ISO/IEC 27002:2022 Information Security Controls.

Karyda, M. (2019). Information security policy compliance. Information Systems Frontiers.

Kaspersky Lab. (2022). Global Cybersecurity Outlook.

Kizza, J. (2019). Guide to Computer Network Security. Springer.

KPMG. (2022). Cybersecurity Considerations Report.

Krutz, R., & Vines, R. (2017). The CISSP Prep Guide. Wiley.

Lallie, H. et al. (2021). Cyber security in the age of COVID-19. Computers & Security.

Landoll, D. (2016). The Security Risk assessment Handbook. CRC Press.

Laudon, K., & Laudon, J. (2021). Management Information Systems. Pearson.

Leirvik, R. (2023). Understand, Manage, and Measure Cyber Risk : Practical Solution for Creating a Sustainable Cyber Program. Arlington, VA, USA : Apress.

Maiwald, E. (2019). Network Security. McGraw-Hill.

McAfee. (2022). Threat Intelligence Report.

Melaku, H.M.(2023). Context-Based and Adaptive Cybersecurity Risk Management Framework. Journal of Risks, MDPI,11, 101.

Microsoft. (2022). Digital Defense Report.

Mitnick, K. (2018). The Art of Invisibility.

Nair, A., & Gresshman, M.R. (2023). Mastering Information Security Compliance Management. Birmingham, B3 2PB, UK : Packt Publishing Ltd.

National Cyber Security Centre. (2022). Cyber Security Annual Report.

NIST. (2020). Cybersecurity Framework.

NIST. (2021). Special Publication 800-53 Security Controls.

OECD. (2021). Cybersecurity Policy Framework.

OWASP. (2021). Top 10 Web Security Risks.

Palo Alto Networks. (2022). Cybersecurity Threat Report.

Parker, D. (2017). Fighting Computer Crime. Wiley.

Peltier, T. (2016). Information Security Risk Analysis. CRC Press.

Peltier, T. (2017). Information Security Policies, Procedures, and Standards. CRC Press.

Pfleeger, C., & Pfleeger, S. (2015). Security in Computing.

Ponemon Institute. (2022). Global Cybersecurity Benchmark Study.

Posthumus, S., & Von Solms, R. (2015). A framework for the governance of information security. Computers & Security.

PwC. (2022). Global Digital Trust Insights.

Ransbotham, S., Mitra, S., & Ramsey, J. (2017). Information security and firm value. MIS Quarterly.

Ross, R., McEvilley, M., & Oren, J. (2016). Systems Security Engineering. NIST.

RSA Security. (2022). Fraud and Risk Intelligence Report.

SANS Institute. (2022). Cybersecurity Survey Report.

Schneier, B. (2015). Secrets and Lies. Wiley.

Siponen, M., Mahmood, M., & Pahnila, S. (2017). Employees’ adherence to security policies. Information & Management.

Smith, R. (2018). Authentication: From Passwords to Public Keys.

Solms, R., & Van Niekerk, J. (2016). From information security to cyber security. Computers & Security.

Sophos. (2022). State of Ransomware Report.

Spears, J., & Barki, H. (2016). User participation in information security risk management. MIS Quarterly.

Stallings, W. (2017). Effective Cybersecurity. Addison-Wesley.

Stallings, W., & Brown, L. (2018). Computer Security Principles and Practice.

Stoneburner, G. et al. (2018). Risk Management Guide for IT Systems.

Symantec. (2022). Internet Security Threat Report.

Tipton, H., & Krause, M. (2016). Information Security Management Handbook.

Trend Micro. (2022). Cyber Risk Landscape.

Venter, H., & Eloff, J. (2017). Information security governance framework. Information Systems Management.

Verizon. (2023). Data Breach Investigation Report.

Von Solms, B., & Von Solms, R. (2018). Cybersecurity and cyberwar. Information Security Journal.

Von Solms, R. (2017). Information security governance. Computers & Security.

Warkentin, M. (2018). Behavioral information security research. MIS Quarterly.

Westerman, G. (2019). Digital risk management. MIT Sloan Management Review.

Whitman, M. (2018). Information security risk management. Journal of Information Privacy and Security.

Whitman, M., & Mattord, H. (2018). Management of Information Security.

Whitman, M., & Mattord, H. (2021). Principles of Information Security.

Williams, P. (2019). Information security governance. Journal of Cybersecurity.

World Economic Forum. (2022). Global Cybersecurity Outlook.

Yang, Y. (2019). Cybersecurity governance model. IEEE Security & Privacy.

Zhang, Y. (2018). Information security risk modeling. Computers & Security.

Zhou, L. (2019). Cybersecurity investment strategies. Journal of Cybersecurity.

Downloads

PDF
Katalog Penerbit

Published

March 25, 2026

Categories

Copyright (c) 2026 Sada Kurnia Pustaka

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Details about the available publication format: PDF

PDF

Physical Dimensions