Analysis of Information Security Using ISO 27001 and Triangular Fuzzy Number Weighting

Abstract

The business process of an organization can’t be done properly without appropriate information management, in which information is an important asset that needs to be protected with the utmost care and concern. Information security is a way to protect information from large scale threats, thus to ensure the sustainability of the organization's operational, to reduce business risks and to increase business opportunity and return of investment. This research is conducted to measure the accountability of ISO 27001 in assisting the organization to document the information security policy. ISO/IEC 27001:2005 is a standard of information security that is widely used, openly accepted and implemented, and suitable for providing rules related to implementation and evaluation of the information security system. The assessment from ISO controls and objectives will be converted into a triangular fuzzy number to help in the analysis purpose. The fuzzy number is used to simplify the measurement. The result shows that the organization is not yet complying with the standard procedures of the Information Security Management System so it is needed to document the security policy based on the ISO 27001 framework standard.