<![CDATA[PT XYZ is one of the government-owned enterprises of the Republic of Indonesia that engaged in agribusiness. PT XYZ already has an information security management system (ISMS), but there are still several obstacles that are found, such as low personnel attention to information security, the need to remain compliant with government regulations, to technical constraints that arise, so PT XYZ wants to improve its information security-related capabilities. This study aims to determine the current condition of the existing ISMSĀ at PT XYZ and provide recommendations for improving the ISMS. This research uses information security controls based on the ISO/IEC 27001: 2022 standard to get the information security condition gap, then divides the information technology (IT) assets owned by the IT division of PT XYZ into several categories using the ISO/IEC 27005: 2018 standard, and conducts a risk assessment using the gap result data, namely the selected information security controls. Then recommendations were made based on the ISO/IEC 27002:2022 standard. The findings of this study were the discovery of 17 ISO/IEC 27001:2022 control activities whose value results were not maximised. These 17 controls are then divided into 3 categories of recommendations based on the urgency, from the results of the risk assessment.]]>
Copyrights © 2024
