Risk Management Evaluation Based on ISO/IEC 27005 Framework: A Case Study of ABC Company IT Workshop Room

Muhammad Ferdi Kurniawan; Triana Dewi Salma

doi:10.35870/ijsecs.v5i2.4549

Published: 2025-08-01

Risk Management Evaluation Based on ISO/IEC 27005 Framework: A Case Study of ABC Company IT Workshop Room

DOI: 10.35870/ijsecs.v5i2.4549

Muhammad Ferdi Kurniawan, Triana Dewi Salma

Affiliation Details

Muhammad Ferdi Kurniawan: Universitas LIA , Indonesia
Triana Dewi Salma: Universitas LIA

Front Cover IJSECS VOLUME 5 NOMOR 2 AGUSTUS 2025

Downloads

PDF

Article Metrics

Views 0
Downloads 0
Scopus Citations
Google Scholar
Crossref Citations
Semantic Scholar
DataCite Metrics
If the link doesn't work, copy the DOI or article title for manual search (API Maintenance).

Abstract

ABC Company operates as a technology firm based in France, maintaining its research and development operations in Jakarta. The company produces digital security technologies—biometrics, facial recognition systems, and digital identity solutions—alongside telecommunications and payment products including SIM cards, banking cards, and smart cards. Given how much the company relies on technology and secure information handling, it needs strong systems and infrastructure, especially when dealing with sensitive data. Yet no one has conducted a risk management assessment of the IT workshop room. Several problems have emerged with the physical security of this important area, such as people misusing access privileges and assets going missing. This research evaluates how the company manages information security risks by first identifying what's causing these problems through a fishbone diagram that looks at people, technology, and processes. We then assessed risks using the ISO/IEC 27005:2018 standard across 12 assets, examining threats, current controls, weak points, and what treatments are needed. Our analysis shows three assets (A5, A6, A7) carry high risk, three others (A4, A9, A12) have medium risk, and six assets (A1, A2, A3, A8, A10, A11) present low risk. Using these results, we developed specific recommendations for handling risks associated with each asset to improve information security throughout the company.

Keywords

Risk Management ; Information Security ; Information Technology ; ISO/IEC 27005:2018

Peer Review Process

This article has undergone a double-blind peer review process to ensure quality and impartiality.

Indexing Information

Discover where this journal is indexed at our indexing page to understand its reach and credibility.

Open Science Badges

This journal supports transparency in research and encourages authors to meet criteria for Open Science Badges by sharing data, materials, or preregistered studies.

How to Cite

Kurniawan, M. F., & Salma, T. D. (2025). Risk Management Evaluation Based on ISO/IEC 27005 Framework: A Case Study of ABC Company IT Workshop Room. International Journal Software Engineering and Computer Science (IJSECS), 5(2). https://doi.org/10.35870/ijsecs.v5i2.4549

Article Information

This article has been peer-reviewed and published in the International Journal Software Engineering and Computer Science (IJSECS). The content is available under the terms of the Creative Commons Attribution 4.0 International License.

Issue: Vol. 5 No. 2 (2025)
Section: Articles
Published: %750 %e, %2025

License: CC BY 4.0
Copyright: © 2025 Authors
DOI: 10.35870/ijsecs.v5i2.4549

AI Research Hub

This article is indexed and available through various AI-powered research tools and citation platforms. Our AI Research Hub ensures that scholarly work is discoverable, accessible, and easily integrated into the global research ecosystem. By leveraging artificial intelligence for indexing, recommendation, and citation analysis, we enhance the visibility and impact of published research.

Scholarly Connection Platforms

Dimensions

Connected Papers

Scite

Google Scholar

Semantic Scholar

Garuda

Scilit

Crossref

BASE

Zenodo

Unpaywall

OpenCitations

Author Biographies

Muhammad Ferdi Kurniawan

Bachelor of Informatics Study Program, Faculty of Science and Business, Universitas LIA, South Jakarta City, Special Capital Region of Jakarta, Indonesia

Triana Dewi Salma

Bachelor of Informatics Study Program, Faculty of Science and Business, Universitas LIA, South Jakarta City, Special Capital Region of Jakarta, Indonesia

References

Naibaho Sulaiman, R. (2017). Peranan dan perencanaan teknologi informasi dalam perusahaan. Warta Edisi 52, April, 45. https://doi.org/10.46576/wdw.v0i52.253
Lionel, E., Leonard, L., Fernando, N., Ong, T., & Septama, V. (2023). Analisis manajemen risiko pada malaya cafe. CEMERLANG: Jurnal Manajemen dan Ekonomi Bisnis, 3(1), 251–266. https://doi.org/10.55606/cemerlang.v3i1.716
Hikam, M. L. B., Dewi, F., & Praditya, D. (2024). Analisis manajemen risiko informasi menggunakan ISO/IEC 27005:2018 (studi kasus: PT.XYZ). JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), 9(2), 728–734. https://doi.org/10.29100/jipi.v9i2.4709
Agustino, D. (2018). Information security management system analysis menggunakan iso/iec 27001 (studi kasus: stmik stikom bali). Eksplora Informatika, 8(1), 1. https://doi.org/10.30864/eksplora.v8i1.130
Fahrudin, N., S, A., & Putra, K. (2022). Penilaian risiko keamanan data karyawan pada sistem informasi dengan menggunakan framework nist sp 800-30 pada pt. abc. Jurnal Ilmiah Teknologi Infomasi Terapan, 8(3). https://doi.org/10.33197/jitter.vol8.iss3.2022.900
Handayani, N., Wibowo, H., Sari, D., Satria, Y., & Gifari, A. (2019). Risk assessment of information system of faculty of engineering university diponegoro using failure mode effect and analysis method based on framework iso 27001. Teknik, 39(2), 78. https://doi.org/10.14710/teknik.v39i2.15918
Isnaini, K., Sari, G., & Kuncoro, A. (2023). Analisis risiko keamanan informasi menggunakan iso 27005:2019 pada aplikasi sistem pelayanan desa. Eksplora Informatika, 13(1), 37-45. https://doi.org/10.30864/eksplora.v13i1.696
Mahardika, K., Wijaya, A., & Cahyono, A. (2019). Manajemen risiko teknologi informasi menggunakan iso 31000: 2018 (studi kasus: cv. xy). Sebatik, 23(1), 277-284. https://doi.org/10.46984/sebatik.v23i1.572
Ningrum, F., Riwanto, Y., Pratiwi, I., & Fikri, M. (2024). Analisis keamanan sistem informasi perguruan tinggi berbasis indeks kami. Jurnal Informatika Polinema, 10(3). https://doi.org/10.33795/jip.v10i3.5154
Sinaga, R., & Taan, F. (2024). Penerapan iso/iec 27001:2022 dalam tata kelola keamanan sistem informasi: evaluasi proses dan kendala. Nuansa Informatika, 18(2), 46-54. https://doi.org/10.25134/ilkom.v18i2.205
Ariyani, S., & Sudarma, M. (2016). Implementation of the ISO/IEC 27005 in risk security analysis of management information system. Journal of Engineering Research and Applications, 6(8), 1-6.
Agrawal, V. (2016). Towards the ontology of ISO/IEC 27005: 2011 risk management standard. In HAISA (pp. 101-111).
Ariyani, S., & Sudarma, M. (2016). Implementation of the ISO/IEC 27005 in risk security analysis of management information system. Journal of Engineering Research and Applications, 6(8), 1-6.
Utami, G. C., Supramaji, A. B., & Isnaini, K. N. (2023). Penilaian risiko keamanan informasi pada website dengan metode DREAD dan ISO 27005:2018. JUSTINDO (Jurnal Sistem dan Teknologi Informasi Indonesia), 8(1), 47–56. https://doi.org/10.32528/justindo.v8i1.219
Syahid, P. P., Saedudin, R. R., & Rahmad, B. (2018). Implementasi dan penilaian risk assessment atas infrastruktur teknologi informasi di pt. xyz menggunakan framework cobit 5. e-Proceeding of Engineering, 5(1), 1400–1410. https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/view/6238
Putri, M. K., & Hakim, A. R. (2021). Perancangan manajemen risiko keamanan informasi layanan jaringan MKP berdasarkan kerangka kerja ISO/IEC 27005:2018 dan NIST SP 800-30 revisi 1. Info Kripto, 15(3), 134–141. https://doi.org/10.56706/ik.v15i3.34

License & Copyright

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

1. Copyright Retention and Open Access License

Authors retain copyright of their work and grant the journal non-exclusive right of first publication under the Creative Commons Attribution 4.0 International License (CC BY 4.0).

This license allows unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

2. Rights Granted Under CC BY 4.0

Under this license, readers are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material for any purpose, including commercial use
No additional restrictions — the licensor cannot revoke these freedoms as long as license terms are followed

3. Attribution Requirements

All uses must include:

Proper citation of the original work
Link to the Creative Commons license
Indication if changes were made to the original work
No suggestion that the licensor endorses the user or their use

4. Additional Distribution Rights

Authors may:

Deposit the published version in institutional repositories
Share through academic social networks
Include in books, monographs, or other publications
Post on personal or institutional websites

Requirement: All additional distributions must maintain the CC BY 4.0 license and proper attribution.

5. Self-Archiving and Pre-Print Sharing

Authors are encouraged to:

Share pre-prints and post-prints online
Deposit in subject-specific repositories (e.g., arXiv, bioRxiv)
Engage in scholarly communication throughout the publication process

6. Open Access Commitment

This journal provides immediate open access to all content, supporting the global exchange of knowledge without financial, legal, or technical barriers.

Published: 2025-08-01

Risk Management Evaluation Based on ISO/IEC 27005 Framework: A Case Study of ABC Company IT Workshop Room

DOI: 10.35870/ijsecs.v5i2.4549

Muhammad Ferdi Kurniawan, Triana Dewi Salma