Information Security Compliance Framework for Data Center in Utility Company
DOI:
https://doi.org/10.53840/myjict5-2-136Keywords:
Compliance, Data Center, Framework, Information Security ComplianceAbstract
The utility organization has already implemented some of security framework and compliance in their data center to secure the data centers of valuable information. However, the implementation of security framework and compliance, still has several issues relates to some restricted areas. There is no effective security framework and compliance, being implemented in their data center such as access control management system at the entrance of the building zone. Therefore, the objective of this research is to develop information security compliance framework in data center in utility company. This research applied qualitative method namely semi structured interviews for data collection. The contribution of this research will help professionals and security management organizations to understand the best ways they can be used to improve physical security within the context of information security compliance frameworks that play an important role.
Downloads
References
Achmadi, D., Suryanto, Y., & Ramli, K. (2018). On Developing Information Security Management System (ISMS) Framework for ISO 27001-based Data Center. 2018 International Workshop on Big Data and Information Security (IWBIS), Jakarta, 149-157.
Sayana, S.A. (2003). Approach to Auditing Network Security. Information Systems Control Journal, 5.
Doelitzscher, F. (2014). Security audit compliance for cloud computing.
Krishnan, R. (2017). Security and Privacy in Cloud Computing. Master's Thesis.
Trappe, W. (2015). The challenges facing physical layer security. IEEE Communications Magazine, 6, 16-20.
Boehmer, W. (2008). Appraisal of the effectiveness and efficiency of an information security management system based on ISO 27001. The Second International Conference on Emerging Security Information, Systems and Technologies. IEEE, 224-231.
Brenner, J. (2007). ISO 27001: Risk Management and Compliance.
Ismail, W., Alwi, N.H.M., Ismail, R., Bahari, M., & Zakaria, O. (2018). Readiness of Information Security Management Systems (ISMS) Policy on Hospital Staff Using e-Patuh System. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10, 47-52.
The Stationery Office. (2007). Office of Government Commerce, Service Operation Book (Itil). No. 978-0113310463.
Haes, D., Van Grembergen, S., Joshi, W. A., & Huygh, T. (2020). COBIT as a Framework for Enterprise Governance of IT. Springer, Cham.
Purba, A., & Soetomo, M. (2018). Assessing Privileged Access Management (PAM) using ISO 27001: 2013 Control. ACMIT Proceedings, 5, 65-76.
Ramgovind, S., Eloff, M., & Smith, E. (2010). The management of security in Cloud computing. 10.1109/ISSA.2010.5588290, 1-7.
ISO. (2019). ISO/IEC 27001 Information security management. From https://www.iso.org/isoiec-27001-information-security.html.
Van Grembergen, S., Joshi, W. A., & Huygh, T. (2020). Enterprise governance of information technology. Springer, Cham, 25-162.
Mubashir, A. S. (2014). Integration of information security essential controls into information technology infrastructure-A proposed framework. International Journal of Applied, 4.
Singhal, H., & Kar, A. K. (2015). Information Security concerns in Digital Services: Literature review and a multi-stakeholder approach. International Conference on Advances in Computing, Communications and Informatics (ICACCI), IEEE, 901-906.
Gergely, A., Claude, C., & Lecat, W. (2011). Protecting against physical resource monitoring. Proceedings of the 10th annual ACM workshop on Privacy in the electronic society (WPES '11).
Tipton, H.F., & Hernandez, S. (2012). Business Continuity & Disaster Recovery Planning.
Bauer, L., & Kerschbaum, F. (2014). What are the most important challenges for access control in new computing domains, such as mobile, cloud and cyber-physical systems? Proceedings of the 19th ACM symposium on Access control models and technologies. ACM, 127-128.
Silva, F. F., & Carlos, A.G.F. (2014). Smart City Security Issues: Depicting Information Security Issues in the Role of an Urban Environment. Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing (UCC '14). IEEE Computer Society, 842-847.
Lavy, S., & Dixit, M.K. (2010). Literature review on design terror mitigation for facility managers in public access buildings. Facilities, 28, 542-563.
Fomin, V.V., Vries, H., & Barlette, Y. (2008). ISO/IEC 27001 information systems security management standard: exploring the reasons for low adoption. EUROMOT 2008 Conference, France.
Barlette, Y., & Fomin, V. V. (2008). Exploring the Suitability of IS Security Management Standards for SMEs. Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008), 308-308.
Kurnianto, A., Isnanto, R., & Aris, P. W. (2013). Assessment of Information Security Management System based on ISO/IEC 27001:2013 On Subdirectorate of Data Center and Data Recovery Center. Ministry of Internal Affairs E3S Web Conf.
ISO. (2019). ISO/IEC 27001 Information security management. From https://www.iso.org/isoiec-27001-information-security.html.
Nobody at OPM to blame for massive data breach. (2015). From https://www.usatoday.com/story/news/politics/2015/06/23/opm-hack-senate-archuleta-hearing/29153773/.
What Is Information Security. (2019). Cisco. https://www.cisco.com/c/en/us/products/security/what-is-information-security-infosec.html.
