Published: 2025-08-01
Risk Management Evaluation Based on ISO/IEC 27005 Framework: A Case Study of ABC Company IT Workshop Room
DOI: 10.35870/ijsecs.v5i2.4549
Muhammad Ferdi Kurniawan, Triana Dewi Salma
- Muhammad Ferdi Kurniawan: Universitas LIA
- Triana Dewi Salma: Universitas LIA
Abstract
ABC Company operates as a technology firm based in France, maintaining its research and development operations in Jakarta. The company produces digital security technologies—biometrics, facial recognition systems, and digital identity solutions—alongside telecommunications and payment products including SIM cards, banking cards, and smart cards. Given how much the company relies on technology and secure information handling, it needs strong systems and infrastructure, especially when dealing with sensitive data. Yet no one has conducted a risk management assessment of the IT workshop room. Several problems have emerged with the physical security of this important area, such as people misusing access privileges and assets going missing. This research evaluates how the company manages information security risks by first identifying what's causing these problems through a fishbone diagram that looks at people, technology, and processes. We then assessed risks using the ISO/IEC 27005:2018 standard across 12 assets, examining threats, current controls, weak points, and what treatments are needed. Our analysis shows three assets (A5, A6, A7) carry high risk, three others (A4, A9, A12) have medium risk, and six assets (A1, A2, A3, A8, A10, A11) present low risk. Using these results, we developed specific recommendations for handling risks associated with each asset to improve information security throughout the company.
Keywords
Risk Management ; Information Security ; Information Technology ; ISO/IEC 27005:2018
Downloads
Article Information
This article has been peer-reviewed and published in the International Journal Software Engineering and Computer Science (IJSECS). The content is available under the terms of the Creative Commons Attribution 4.0 International License.
-
Issue: Vol. 5 No. 2 (2025)
-
Section: Articles
-
Published: August 1, 2025
-
License: CC BY 4.0
-
Copyright: © 2025 Authors
-
DOI: 10.35870/ijsecs.v5i2.4549
AI Research Hub
This article is indexed and available through various AI-powered research tools and citation platforms. Our AI Research Hub ensures that scholarly work is discoverable, accessible, and easily integrated into the global research ecosystem. By leveraging artificial intelligence for indexing, recommendation, and citation analysis, we enhance the visibility and impact of published research.
Muhammad Ferdi Kurniawan
Bachelor of Informatics Study Program, Faculty of Science and Business, Universitas LIA, South Jakarta City, Special Capital Region of Jakarta, Indonesia
Triana Dewi Salma
Bachelor of Informatics Study Program, Faculty of Science and Business, Universitas LIA, South Jakarta City, Special Capital Region of Jakarta, Indonesia
-
Naibaho Sulaiman, R. (2017). Peranan dan perencanaan teknologi informasi dalam perusahaan. Warta Edisi 52, April, 45. https://doi.org/10.46576/wdw.v0i52.253
-
Lionel, E., Leonard, L., Fernando, N., Ong, T., & Septama, V. (2023). Analisis manajemen risiko pada malaya cafe. CEMERLANG: Jurnal Manajemen dan Ekonomi Bisnis, 3(1), 251–266. https://doi.org/10.55606/cemerlang.v3i1.716
-
Hikam, M. L. B., Dewi, F., & Praditya, D. (2024). Analisis manajemen risiko informasi menggunakan ISO/IEC 27005:2018 (studi kasus: PT.XYZ). JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), 9(2), 728–734. https://doi.org/10.29100/jipi.v9i2.4709
-
Agustino, D. (2018). Information security management system analysis menggunakan iso/iec 27001 (studi kasus: stmik stikom bali). Eksplora Informatika, 8(1), 1. https://doi.org/10.30864/eksplora.v8i1.130
-
Fahrudin, N., S, A., & Putra, K. (2022). Penilaian risiko keamanan data karyawan pada sistem informasi dengan menggunakan framework nist sp 800-30 pada pt. abc. Jurnal Ilmiah Teknologi Infomasi Terapan, 8(3). https://doi.org/10.33197/jitter.vol8.iss3.2022.900
-
Handayani, N., Wibowo, H., Sari, D., Satria, Y., & Gifari, A. (2019). Risk assessment of information system of faculty of engineering university diponegoro using failure mode effect and analysis method based on framework iso 27001. Teknik, 39(2), 78. https://doi.org/10.14710/teknik.v39i2.15918
-
Isnaini, K., Sari, G., & Kuncoro, A. (2023). Analisis risiko keamanan informasi menggunakan iso 27005:2019 pada aplikasi sistem pelayanan desa. Eksplora Informatika, 13(1), 37-45. https://doi.org/10.30864/eksplora.v13i1.696
-
Mahardika, K., Wijaya, A., & Cahyono, A. (2019). Manajemen risiko teknologi informasi menggunakan iso 31000: 2018 (studi kasus: cv. xy). Sebatik, 23(1), 277-284. https://doi.org/10.46984/sebatik.v23i1.572
-
Ningrum, F., Riwanto, Y., Pratiwi, I., & Fikri, M. (2024). Analisis keamanan sistem informasi perguruan tinggi berbasis indeks kami. Jurnal Informatika Polinema, 10(3). https://doi.org/10.33795/jip.v10i3.5154
-
Sinaga, R., & Taan, F. (2024). Penerapan iso/iec 27001:2022 dalam tata kelola keamanan sistem informasi: evaluasi proses dan kendala. Nuansa Informatika, 18(2), 46-54. https://doi.org/10.25134/ilkom.v18i2.205
-
Ariyani, S., & Sudarma, M. (2016). Implementation of the ISO/IEC 27005 in risk security analysis of management information system. Journal of Engineering Research and Applications, 6(8), 1-6.
-
Agrawal, V. (2016). Towards the ontology of ISO/IEC 27005: 2011 risk management standard. In HAISA (pp. 101-111).
-
Ariyani, S., & Sudarma, M. (2016). Implementation of the ISO/IEC 27005 in risk security analysis of management information system. Journal of Engineering Research and Applications, 6(8), 1-6.
-
Utami, G. C., Supramaji, A. B., & Isnaini, K. N. (2023). Penilaian risiko keamanan informasi pada website dengan metode DREAD dan ISO 27005:2018. JUSTINDO (Jurnal Sistem dan Teknologi Informasi Indonesia), 8(1), 47–56. https://doi.org/10.32528/justindo.v8i1.219
-
Syahid, P. P., Saedudin, R. R., & Rahmad, B. (2018). Implementasi dan penilaian risk assessment atas infrastruktur teknologi informasi di pt. xyz menggunakan framework cobit 5. e-Proceeding of Engineering, 5(1), 1400–1410. https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/view/6238
-
Putri, M. K., & Hakim, A. R. (2021). Perancangan manajemen risiko keamanan informasi layanan jaringan MKP berdasarkan kerangka kerja ISO/IEC 27005:2018 dan NIST SP 800-30 revisi 1. Info Kripto, 15(3), 134–141. https://doi.org/10.56706/ik.v15i3.34
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright and Licensing Agreement
Authors who publish with this journal agree to the following terms:
1. Copyright Retention and Open Access License
- Authors retain full copyright of their work
- Authors grant the journal right of first publication under the Creative Commons Attribution 4.0 International License (CC BY 4.0)
- This license allows unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited
2. Rights Granted Under CC BY 4.0
Under this license, readers are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, including commercial use
- No additional restrictions — the licensor cannot revoke these freedoms as long as license terms are followed
3. Attribution Requirements
All uses must include:
- Proper citation of the original work
- Link to the Creative Commons license
- Indication if changes were made to the original work
- No suggestion that the licensor endorses the user or their use
4. Additional Distribution Rights
Authors may:
- Deposit the published version in institutional repositories
- Share through academic social networks
- Include in books, monographs, or other publications
- Post on personal or institutional websites
Requirement: All additional distributions must maintain the CC BY 4.0 license and proper attribution.
5. Self-Archiving and Pre-Print Sharing
Authors are encouraged to:
- Share pre-prints and post-prints online
- Deposit in subject-specific repositories (e.g., arXiv, bioRxiv)
- Engage in scholarly communication throughout the publication process
6. Open Access Commitment
This journal provides immediate open access to all content, supporting the global exchange of knowledge without financial, legal, or technical barriers.