Penerapan Standar Keamanan Informasi Menggunakan Framework ISO/IEC 27005:2011 di Lapan Bandung

Information Security standard help to ensure security consistency across the business and usually contain security controls relating to the implementation of specific technology, hardware or software. It is important that a company understands standards so the company can choose the standard that are the most relevant to their organization. ISO 27000 is the international standard for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within an organization. ISO/IEC 27005:2011 provides guidelines for information security risk management. It supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach. Risk Management is one of the cornerstones of a mature and functional information security program that provides business value to an organization. The object of this research in LAPAN Bandung is to conduct risk assessment and analysis infrastructure LAPAN RDSA in Bandung. This study uses qualitative and semi-quantitative analysis with the case study method. This risk analysis using the approach of the standard ISO / IEC 27005: 2011.