Development of Information Security Management Systems under ISO/IEC 27001:2013 Standard: Case Study of Ministry of Public Health Internet Data Center (MOPH IDC)

Abstract

The rapid development of convenient and inexpensive technology creates the unlimited access to information technology, resulting rapidly driven economy and society, more revenue and less difference of people. However, cyber threats become more aggressive along with the growth of digital economy and society. In this regards, Information and Communication Technology Center of Ministry of Public Health (MOPH), developed the Information Security Management Systems (ISMS) with the objective to protect information assets related to information technology services of MOPH Internet Data Center from potential internal and external threats, whether intentional or unintentional, in order to proof ISMS quality by applying ISO/IEC 27001:2013 Standard. The procedures consisted of: (1) the study of Information Security Management Systems Standard; (2) the analysis of risks on information technology of organization; (3) the development of ISMS and information technology security process in accordance with ISO/ IEC 27001:2013 Standard; and (4) the suggestion on creating information technology security process. The results from the satisfaction evaluation responded by ISMS users under ISO/IEC 27001:2013 Standard indicated that the users in Group 1 (virtual machine and web hosting) had the highest overall satisfaction (average score 3.99), while those in Group 2 (vendors) had high overall satisfaction (average score 4.17) and those in Group 3 (general users) also had high overall satisfaction (average score 3.98). The Information and Communication Technology Center applied ISO/IEC 27001:2013 Standard to increase and standardize the security of the organization with successful results. However, the cyber threats and their impacts on the organization still exist. Therefore, MOPH personnel should knowledgeable on the matter and be able to recognize the threats. Strong manpower, budgetary and technology support is required in order to achieve the goal.