PT XYZ is one of the government-owned enterprises of the Republic of Indonesia that engaged in agribusiness. PT XYZ already has an information security management system (ISMS), but there are still several obstacles that are found, such as low personnel attention to information security, the need to remain compliant with government regulations, to technical constraints that arise, so PT XYZ wants to improve its information security-related capabilities. This study aims to determine the current condition of the existing ISMS  at PT XYZ and provide recommendations for improving the ISMS. This research uses information security controls based on the ISO/IEC 27001: 2022 standard to get the information security condition gap, then divides the information technology (IT) assets owned by the IT division of PT XYZ into several categories using the ISO/IEC 27005: 2018 standard, and conducts a risk assessment using the gap result data, namely the selected information security controls. Then recommendations were made based on the ISO/IEC 27002:2022 standard. The findings of this study were the discovery of 17 ISO/IEC 27001:2022 control activities whose value results were not maximised. These 17 controls are then divided into 3 categories of recommendations based on the urgency, from the results of the risk assessment.

KPMG, “KPMG global tech report 2023,” 2023.

WEC, “Global Cybersecurity Outlook 2023,” 2023.

PwC, “The C-suite playbook: Putting security at the epicenter of innovation,” 2023.

Kementerian BUMN, “KAMI BERTRANSFORMASI - LAPORAN TAHUNAN 2021 ANNUAL REPORT,” 2021. [Daring]. Tersedia pada: www.bumn.go.id

Accenture, “State of Cybersecurity Resilience 2023,” 2023.

ISO, SNI ISO/IEC 27001:2022. 2023. [Daring]. Tersedia pada: www.bsn.go.id

MENTERI BADAN USAHA MILIK NEGARA REPUBLIK INDONESIA, “Pedoman Tata Kelola dan Kegiatan Korporasi Signifikan Badan Usaha Milik Negara.” Jakarta, 2023.

J. Recker, Scientific Research in Information Systems. Berlin: Springer, 2013. [Daring]. Tersedia pada: http://www.springer.com/series/10440

M. Von Rosing, A.-W. Scheer, dan H. Von Scheel, The Complete Business Process Handbook, vol. 1. Elsevier, 2015.

Abuzar Asra, Puguh Bodro Irawan, dan Agus Purwoto, Metode penelitian survei. In Media, 2016.

ISO, ISO/IEC 27005:2018. 2018.