Implementation of Information Security Audit for the Sales System in a Peruvian Company

Leoncio Cueva Ruiz, Misael Lazo Amado, Jeremy Rodrigez Carrasco, Laberiano Andrade-Arenas


Technology has been updated over the last few years, and this has been generating a worldwide impact as currently, in this pandemic, several companies have been victims of information theft through hacks, as some companies do not have audits so that they can protect their information. The management of computer security audits in companies is very important to detect possible risks and manage business control by applying continuity management in each disaster. The article's main objective is to implement an audit plan and information security through ISO 27001 for a sales system to improve computer security. The literature review is on the definition of several processes that are part of our implementation development. Our methodology employed five stages of project management (Start, Planning, Execution, Monitoring and control, and closure), explaining the procedure and definition of each stage. The case study is the development of each stage that identifies the risks and obtains a solution to any threat. The results are the treatments of the risks carried out in the company, explaining the compliance with the clause and controls of ISO 27001 in the company. Finally, the analysis of the indicators of each policy of the company to know the improvement the company Domingez.


Audit; continuity management; information security; ISO 27001; project management.

Full Text:



W. Boehmer, "Appraisal of the effectiveness and efficiency of an information security management system based on iso 27001," in 2008 Second International Conference on Emerging Security Information, Systems and Technologies, IEEE, 2008, pp. 224-231.

R. Almeida, R. Lourinho, M. Mira da Silva, and R. Pereira, "A model for assessing cobit 5 and iso 27001 simultaneously," in 2018 IEEE 20th Conference on Business Informatics (CBI), vol. 01, 2018, pp. 60-69.

T. Suryanto, "Audit delay and its implication for fraudulent financial reporting: A study of companies listed in the indonesian stock exchange," 2016.

S. Nurizzati, “Effect of accounting information systemsfor credit sales and trade receivables on cash receipts,”JASa (Jurnal Akuntansi, Audit dan Sistem InformasiAkuntansi), vol. 4, no. 1, pp. 126–131, 2020.

E. G. Vorobiev, S. A. Petrenko, I. V. Kovaleva, and I. K. Abrosimov, "Analysis of computer security incidents using fuzzy logic," in 2017 XX IEEE International Conference on Soft Computing and Measurements (SCM), 2017, pp. 369-371.

D. C. Villagran-Vizcarra, D. D. Ram'irezochoa, C. Barbamart'inez, and A. J. Barroso-Barajas, "Importancia de la capacitacion' del personal a traves de una cultura de seguridad ' informatica importance of staff training through a ' culture of computer security," lio-Septiembre-2018, p. 11, 2018.

B. Hartadi, "Pengaruh fee audit, rotasi kap, dan reputasi auditor terhadap kualitas audit di bursa efek indonesia," EKUITAS (Jurnal Ekonomi dan Keuangan), vol. 16, no. 1, pp. 84-104, 2018.

W.-H. Tsai, H.-C. Chen, J.-C. Chang, J.-D. Leu, D. C. Chen, and Y. Purbokusumo, "Performance of the internal audit department under erp systems: Empirical evidence from taiwanese firms," Enterprise Information Systems, vol. 9, no. 7, pp. 725-742, 2015. DOI: 10 . 1080/17517575.2013.830341. eprint: 10.1080/17517575.2013.830341. [Online]. Available:

Y. Chen, K. Ramamurthy, and K.-W. Wen, "Impacts of comprehensive information security programs on information security culture," Journal of Computer Information Systems, vol. 55, no. 3, pp. 11-19, 2015.

W. A. Cram, J. G. Proudfoot, and J. D'arcy, "Organizational information security policies: A review and research framework," European Journal of Information Systems, vol. 26, no. 6, pp. 605-641, 2017.

D. Achmadi, Y. Suryanto, and K. Ramli, "On developing information security management system (isms) framework for iso 27001-based data center," in 2018 International Workshop on Big Data and Information Security (IWBIS), IEEE, 2018, pp. 149-157.

C. Schmitz and S. Pape, "Lisra: Lightweight security risk assessment for decision support in information security," Computers & Security, vol. 90, p. 101 656, 2020.

P. Shamala, R. Ahmad, A. Zolait, and M. Sedek, "Integrating information quality dimensions into information security risk management (isrm)," Journal of Information Security and Applications, vol. 36, pp. 1-10, 2017.

S. Bauer, E. W. Bernroider, and K. Chudzikowski, "Prevention is better than cure! designing information security awareness programs to overcome users' noncompliance with information security policies in banks," computers & security, vol. 68, pp. 145-159, 2017

A. Brown, "Why are non-malicious employees noncompliant: Guidance for identifying employee negligence and implementing information security policies to reduce employees inadvertently becoming insider threats," PhD thesis, Utica College, 2020.

S. Mishra, R. D. Raut, B. E. Narkhede, B. B. Gardas, and P. Priyadarshinee, "To investigate the critical risk criteria of business continuity management by using analytical hierarchy process," International Journal of Management Concepts and Philosophy, vol. 11, no. 1, pp. 94-115, 2018.

I. M. Lopes, T. Guarda, and P. Oliveira, "Implementation of iso 27001 standards as gdpr compliance facilitator," Journal of Information Systems Engineering & Management, vol. 2, no. 4, pp. 1-8, 2019.

C. Carvalho and E. Marques, "Adapting iso 27001 to a public institution," in 2019 14th Iberian Conference on Information Systems and Technologies (CISTI), 2019, pp. 1-6. DOI: 10.23919/CISTI.2019.8760870.

B. Barafort, A.-L. Mesquida, and A. Mas, "Integrating risk management in it settings from iso standards and management systems perspectives," Computer Standards & Interfaces, vol. 54, pp. 176-185, 2017.

T. Aven, "Risk assessment and risk management: Review of recent advances on their foundation," European Journal of Operational Research, vol. 253, no. 1, pp. 1- 13, 2016.

L. Almeida and A. Respıcio, "Decision support for selecting information security controls," Journal of Decision Systems, vol. 27, no. sup1, pp. 173-180, 2018.

R. Kalaiprasath, R. Elankavi, D. R. Udayakumar, et al., "Cloud. security and compliance-a semantic approach in end to end security," International Journal Of Mechanical Engineering And Technology (Ijmet), vol. 8, no. 5, pp. 987-994, 2017.

P. Rosenberger and J. Tick, "Suitability of pmbok 6th edition for agile-developed it projects," in 2018 IEEE 18th International Symposium on Computational Intelligence and Informatics (CINTI), 2018, pp. 000 241- 000 246. DOI: 10.1109/CINTI.2018.8928226.

M. Huda and S. Azizah, "Implementation of pmbok 5th standard to improve the performance and competitiveness of contractor companies," International Journal of Civil Engineering and Technology, vol. 9, no. 6, pp. 1256-1266, 2018.

J. J. Chamba Mera et al., "Development of a disaster recovery plan (drp) for the ti ' unit of the amco corporation," Master's thesis, Espol, 2017.

A. A. Taiwo, F. A. Lawal, and P. E. Agwu, "Vision and mission in organization: Myth or heuristic device?" The International Journal of Business & Management, vol. 4, no. 3, 2016.

S. A. Bowen, "Mission and vision," The international encyclopedia of strategic communication, pp. 1- 9, 2018.

P. Navarro, P. Cronemyr, and M. Huge-Brodin, "Greening logistics by introducing process management-a viable tool for freight transport companies going green," in Supply Chain Forum: An International Journal, Taylor & Francis, vol. 19, 2018, pp. 204-218.

W. A. Cram, J. G. Proudfoot, and J. D'arcy, "Organizational information security policies: A review and research framework," European Journal of Information Systems, vol. 26, no. 6, pp. 605-641, 2017.

K. Hone and J. H. P. Eloff, "Information security ¨ policy-what do international information security standards say?" Computers & security, vol. 21, no. 5, pp. 402-409, 2002.

J. R. C. Nurse, S. Creese, and D. De Roure, "Security risk assessment in internet of things systems," IT Professional, vol. 19, no. 5, pp. 20-26, 2017. DOI: 10.1109/ MITP.2017.3680959.



  • There are currently no refbacks.

Published by INSIGHT - Indonesian Society for Knowledge and Human Development