Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City)


  • Adrian Fathurohman School of Industrial and System Engineering, Telkom University
  • R. Wahjoe Witjaksono School of Industrial and System Engineering, Telkom University



Information Security Management System, ISMS, Clause, ISO 270001: 2013, ANNEX


The Department of Communication and Information (Diskominfo) of the Bandung City Government is an agency that has the responsibility of carrying out several parts of the Regional Government in the field of communication and informatics. Based on the composition of the regional service organization Bandung City Diskominfo has five fields and two UPTs which are part of the Bandung City Diskominfo. Bandung City Diskominfo in implementing work programs has IT as a supporter of business processes in government agencies. Based on the results of research conducted that IT management in Bandung City Government Diskominfo found several clauses that were still unfulfilled in this Diskominfo impact on the management of government information security institutions that can affect the performance of Bandung City Government. Therefore, there is a need for standardization that needs to be implemented as a guide that examines the direction in safeguarding information or assets that are considered sensitive to an organization. With the existence of these problems pushed to design information security recommendations based on ISO 27001: 2013 standards at Diskominfo. Also makes the design of IT information security systems that are focused on the control of Annex Information Security Policies, Human Resource Security, Operational Security, Communication Security and Asset Management so that business IT processes can run in accordance with the objectives of the organization. The results of this study are expected to help in securing IT information at the Bandung Diskominfo City and can also improve the goals of an organization.


Download data is not yet available.


K. C. Laudon and J. P. Laudon, "Management information systems: new approaches to organization and technology," Up. Saddle River, NJ, 1998.

R. K. Rainer Jr, C. A. Snyder, and H. H. Carr, "Risk analysis for information technology," J. Manag. Inf. Syst., vol. 8, no. 1, pp. 129-147, 1991.

A. Behnia, R. A. Rashid, and J. A. Chaudhry, "A survey of information security risk analysis methods," SmartCR, vol. 2, no. 1, pp. 79-94, 2012.

G. Stoneburner, A. Goguen, and A. Feringa, "Risk management guide for information technology systems," Nist Spec. Publ., vol. 800, no. 30, pp. 800-830, 2002.

P. Hopkin, Fundamentals of risk management: understanding, evaluating and implementing effective risk management. Kogan Page Publishers, 2018.

T. R. Peltier, Information security risk analysis. CRC press, 2005.

E. J. Vaughan and T. Vaughan, Fundamentals of risk and insurance. John Wiley & Sons, 2007.

T. Humphreys, "State-of-the-art information security management systems with ISO/IEC 27001: 2005," ISO Manag. Syst., vol. 6, no. 1, 2006.

W. Boehmer, "Appraisal of the effectiveness and efficiency of an information security management system based on ISO 27001," in 2008 Second International Conference on Emerging Security Information, Systems and Technologies, 2008, pp. 224-231.

B. Shojaie, H. Federrath, and I. Saberi, "Evaluating the effectiveness of ISO 27001: 2013 based on Annex A," in 2014 Ninth International Conference on Availability, Reliability and Security, 2014, pp. 259-264.

M. Syafrizal and S. Kom, "Information Security Management System (ISMS) MenggunakanStandar ISO/IEC 27001: 2005," J. DASI, vol. 10, no. 1, pp. 92-117, 2009.

T. D. K. Informasi, "Panduan Penerapan Tata Kelola Keamanan Informasi bagi Penyelenggara Pelayanan Publik," Republik Indones. Kementeri. Komun. dan Inform., 2011.

A. Hevner and S. Chatterjee, "Design science research in information systems," in Design research in information systems, Springer, 2010, pp. 9-22.




How to Cite

Fathurohman, A., & Witjaksono, R. W. (2020). Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), 1–11.