Abstract

Information is one of the organization's assets. It also determines the values of the company whether the company is a professional and trustworthy in keeping information both internal corporate information as well as information from the user side. But in carrying out its functions, the company would meet a variety of information security threats. Confidentiality, integrity, authenticity, and non-repudiation is information security aspects that concern the company to maintain business continuity and achieve its goals. Therefore, companies need to conduct a information security management. Based on the requirements above, the authors want to design a framework that can be used by companies to manage the security of information on the company. This framework will be the foundation for the company to implement the Information Security Management System in the right direction. This is done by adopting the ISO 27001 standard of the ISMS and mapping all aspect to company's perspective. ISMS Framework are often high-level and theoretical, and do not offer practical suggestion to support their operationalization or implementation by practitioners. Here, the author presents a practitioner-oriented ISMS Framework to support XYZ Company.