ISMS Planning Based On ISO/IEC 27001:2013 Using Analytical Hierarchy Process at Gap Analysis Phase (Case Study : XYZ Institute)

The biggest challenge in information security planning is how to acquire precision in the gap analysis phase. According to the information security management system (ISMS) implementation guide based on ISO/IEC 27001:2013, the planning of ISMS has 5 stages. The 5 stages are : defining the range, perform gap analysis, accomplish risk assessment, determine the control and target, and determine the policy and procedure of ISMS. The gap analysis stage is required to assess the organization's current position toward ISMS implementation. This research suggested the use of AHP to determine which information security control that most relate to the organization needs and goals. We will conduct the process in one of Indonesia's organization called the XYZ institute. The result of this research is prioritization of information security gap handling that will be useful for XYZ institute to support their processes of ISO/IEC 27001:2013 implementation.