Integrated Strategy For Information System Security Assessment Through The Implementation Of ISO 27001 Standards
DOI:
https://doi.org/10.64803/cessmuds.v1.129Keywords:
information security, ISO/IEC 27001, information security management system, risk management, literature reviewAbstract
Information security has become a critical organizational requirement in the era of digital transformation, as the increasing use of information systems exposes organizations to complex and evolving cyber threats. Information security can no longer be treated solely as a technical issue but must be managed through a structured management framework. This study aims to analyze and synthesize previous research related to the implementation of ISO/IEC 27001 as an international standard for Information Security Management Systems (ISMS). This research adopts a qualitative literature review approach by examining scientific articles, standards documents, and relevant publications related to ISO/IEC 27001, risk management, and information security governance. The analysis focuses on key themes, including risk-based security management, governance structures, continuous improvement using the Plan–Do–Check–Act (PDCA) cycle, and organizational readiness. The results indicate that ISO/IEC 27001 provides a comprehensive framework for strengthening information security governance, improving risk management practices, and enhancing organizational resilience against cyber threats. Furthermore, successful implementation is strongly influenced by leadership commitment, employee awareness, and continuous monitoring mechanisms. This study contributes by providing an integrated understanding of ISO/IEC 27001 implementation from prior studies and offers practical insights for organizations seeking to enhance their information security management practices.
References
Ardian, R., & Siahaan, T. (2023). Implementation of ISO/IEC 27001 in strengthening information security management systems in digital-based organizations. Journal of Information Technology and Security Systems, 8(2), 145–156.
Hakim, A., & Widodo, R. (2024). Strategies for improving ISO 27001-based information security governance: Risk analysis and organizational control. Journal of Information Systems Management, 12(1), 33–47.
Hidayat, F., & Ramadhani, S. (2025). Evaluation of organizational information security readiness through the implementation of the ISO/IEC 27001 framework. Journal of Information Systems Governance, 6(1), 21–34.
Nugroho, D., & Hartati, S. (2022). Application of the PDCA cycle in ISO 27001-based information security management systems. Journal of Information Systems and Technology, 10(3), 289–299.
Pratama, Y., Kurniawan, A., & Lestari, M. (2024). The impact of ISO 27001 implementation on the maturity level of organizational information security. International Journal of Information Security Management, 5(2), 101–113.
Rahman, A., & Putri, D. (2022). Challenges in information security governance in the era of digital transformation. Journal of Informatics and IT Management, 7(1), 55–67.
Sari, N., & Utami, R. (2023). Integration of information security evaluation in ISO 27001-based management decision making. Journal of Administration and Information Technology, 9(4), 212–224.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Kartika Sari, Afsha Harnia, Siti Nur Hidayah, Neng Sri wardhani (Author)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
