Documente Academic
Documente Profesional
Documente Cultură
Sejak penerbitan pertama ISO/IEC 17799 pada Desember 2000, ISO/IEC selalu sibuk dalam
melakukan standarisasi information security management practices
and requirements. Selanjutnya, penerbitan ISO/IEC 27001 tentang "Information Security
Management System (ISMS) requirements” dan revisi ISO/IEC 17799 pada tahun 2005 adalah
merupakan tonggak utama dalam perjalanan perkembangan standarisasi information security
management.
ISO/IEC 27000 Series juga dikenal sebagai "ISMS Family of Standards” atau istilah
pendeknya "ISO27K”. Standard ISO 27000 Series secara spesifik telah ditetapkan oleh ISO
untuk urusan yang terkait dengan information security. ISO 27000 Series memberikan
rekomendasi tentang information security management, risks dan controls di dalam konteks
Information Security Management System (ISMS) secara keseluruhan, dimana dari segi design
ISO 27000 Series mirip dengan management systems for quality assurance (ISO 9000 Series)
dan environmental protection (ISO 14000 Series).
Untuk melihat perkembangan keluarga ISO 27000 lebih lanjut, silakan simak Rangkuman
tentang ISO 27000 Series.
ISO 27000: Information security management systems — Overview and vocabulary, contains
definitions of information security used as basic terminology in the ISO 27000 series.
ISO 27002: Code of practice for information security management, related to ISO 27001
document, this document contains practical guide for implementing ISMS of an organization.
ISO 27006: Requirements for bodies providing audit and certification of information security
management systems.
ISO 27007: Guidelines for information security management systems auditing (focused on the
management system)
ISO 27008: Guidance for auditors on ISMS controls (focused on the information security
controls) – In preparation.
ISO 27015: Information security management guidelines for the finance and insurance sectors.
ISO 27017: The suggestion was that ISO 27010 through ISO 27019 will all cover information
security within specific fields and industries – subject to change.
ISO 27018: The suggestion was that ISO 27010 through ISO 27019 will all cover information
security within specific fields and industries - subject to change.
ISO 27019: The suggestion was that ISO 27010 through ISO 27019 will all cover information
security within specific fields and industries - subject to change.
ISO 27020:2010-12 : Standard Dentistry – Brackets and tubes for use in orthodontics…it is not
ISO 27000 series family.
ISO 27031: Guidelines for information and communications technology readiness for business
continuity – In preparation.
ISO 27032: Information technology — Security techniques — Guidelines for cybersecurity.
ISO 27034-5 : Application security — Part 5: Protocols and application security controls data
structure.
ISO 27799: Health Informatics: Information security management in health using ISO/IEC
17799
Tujuan Manajemen sistem 27000 adalah untuk menunjukan secara jelas/nyata bagaimana
kontrol manajemen terhadap keamanan informasi. ISO 27000 didesign untuk memastikan
adanya kontrol keamanan yang memadai dan proposional untuk melindungi asset informasi &
meyakinkan pihak-pihak yang berkepentingan.
1. Ruang lingkup
2. Acuan normatif
3. Istilah dan Defenisi
4. Sistem Manajemen Keamanan Informasi (SMKI)
5. Tanggung Jawab Manajemen
6. Audit Internal SMKI
7. Tinjauan Manajemen SMKI
8. Peningkatan SMKI
9. Lampiran A : Sasaran Pengendalian
10. Lampiran B : Prinsip OECD & ISO 27001
11. Lampiran C : Kesesuaian dengan ISO 9001 & ISO 14001