The Contribution of Internal Auditing to Improving the Efficiency of the Information Security System Under ISO 27001 Standard
Main Article Content
Abstract
This study aims to highlight the contribution of internal auditing to improving the efficiency of information security management systems. It utilizes ISO/IEC 27001 as a framework for assessing an organization's compliance with security controls and identifies the role of auditing in identifying vulnerabilities and enhancing information governance. To achieve this, a descriptive-analytical approach was employed to establish a foundation for understanding, along with a case study for practical application. The study concludes that internal auditing is an effective strategic tool for improving the efficiency of information security systems, and that ISO/IEC 27001 is a comprehensive and essential framework for establishing an effective information security system.