Title: Analysis of ISO27001 Implementation for Enterprises and SMEs in Indonesia

Year of Publication: Nov - 2014
Page Numbers: 50-58
Authors: Candiwan Candiwan
Conference Name: The International Conference on Cyber-Crime Investigation and Cyber Security (ICCICS2014)
- Malaysia


Implementation of information security management especially ISO27001 is still rare in developing countries, in order to know the readiness of company both large companies (enterprises) and small & medium sized enterprises (SMEs) for obtaining certification of ISO27001:2013 so we do the survey to enterprise & SME. The research method implemented in this paper is qualitatif method which uses ISO27001:13 based on main clauses and annex controls which use the simplified maturity level. From this resulted research, we can known how far the position of ISO27001 implementation is from standard’s the requirements for enterprises and SMEs in Indonesia. Based on the reasearch, this can be concluded that implementation of main clause’s requirements of ISO 27001 in enterprises is more than in SMEs. Furthermore, regarding Annex Controls implementation, this can be stated that information security policy is taken into account by management in enterprise and SME. This is showed by the highest maturity level of information security policy for enterprise and SME. However, the domain that isn’t taken attention by management (the lowest maturity level) is system aquisation, development and maintenance for enterprise dan supplier relationships for SME. Furthermore, the number of control that fulfill the requirement of control ISO27001:13 (maturity level 5) for enterprise are more than SME, however the number of controls that are parlty compliant and not compliant for enterprise are less than the number of controls for SME