Analysis of Implementation of Information Security Based on ISO / IEC 27001:2013 (Case study at the Indonesian Insurance Company)

Analysis of implementation Information Security Based on ISO / IEC 27001:2013 case study at the Indonesian Insurance company. The Indonesian Insurance Company serves millions of workers with heterogeneous backgrounds, manages a broad service network in Indonesia and manages large funds, so it is demanded to be able to provide optimal and excellent services that meet the requirements for each participant. Information Technology has long been applied to provide optimal value for the company, in line with the business strategy, by develope various application systems to support the company's activities, both internal applications and those related to outside companies. Good information security management must be carried out for business continuity to balance the risks and benefits of information technology itself. One of the IT governance frameworks adopted by the Indonesian Insurance Company is Cobit 4.0 and SNI ISO / IEC 27001: 2009 for information security management. This research was conducted to measure the extent of security of information security governance in the application system used by the Indonesian Insurance Company and provide recommendations for improvement that refer to the st