TY - GEN
T1 - Practical Implementation of Information Security Management in the Energy Sector Insights from An Oil and Gas Organization in Indonesia
AU - Prabowo, Hadi
AU - Shihab, Muhammad Rifki
AU - Aji, Rizal Fathoni
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/9/24
Y1 - 2018/9/24
N2 - Information security is considered as an important facet of IT management in the energy industry, which ranks as the top five targets of cyber-attacks around the world, including in Indonesia. In this case-study action research, we unrevealed the way an organization in the oil and gas industry improve its information security management up to par to that of ISO 27001:2013. Data was gathered by means of a series of FGDs in which the researchers were actively involved as a team member. This research clarified the steps undertook, from the generation of risk registers, its mitigation, and the development of SOA. Furthermore, a gap analysis of the organization's current condition compared with the standards of ISO 27001:2013 was analyzed. Finally, a set of recommendations was offered to improve the organization's information security management in order to meet to standards of ISO27001:2013.
AB - Information security is considered as an important facet of IT management in the energy industry, which ranks as the top five targets of cyber-attacks around the world, including in Indonesia. In this case-study action research, we unrevealed the way an organization in the oil and gas industry improve its information security management up to par to that of ISO 27001:2013. Data was gathered by means of a series of FGDs in which the researchers were actively involved as a team member. This research clarified the steps undertook, from the generation of risk registers, its mitigation, and the development of SOA. Furthermore, a gap analysis of the organization's current condition compared with the standards of ISO 27001:2013 was analyzed. Finally, a set of recommendations was offered to improve the organization's information security management in order to meet to standards of ISO27001:2013.
KW - Energy
KW - ISO 27001
KW - Information security
KW - Information security management
KW - Oil and Gas
UR - http://www.scopus.com/inward/record.url?scp=85055556099&partnerID=8YFLogxK
U2 - 10.1109/IWBIS.2018.8471716
DO - 10.1109/IWBIS.2018.8471716
M3 - Conference contribution
AN - SCOPUS:85055556099
T3 - 2018 International Workshop on Big Data and Information Security, IWBIS 2018
SP - 159
EP - 163
BT - 2018 International Workshop on Big Data and Information Security, IWBIS 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2018 International Workshop on Big Data and Information Security, IWBIS 2018
Y2 - 12 May 2018 through 13 May 2018
ER -