A.

Introduction
ISO/IEC 27000 series is the standard that had been adopted internationally for
information security management program in virtually any organization. ISO/IEC 27001
is one of standard from ISO/IEC 27000 that describes the best practice for an information
security management system(ISMS).ISO 27001 cover the following :
i.
ii.
iii.
iv.
v.
vi.
vii.
viii.
ix.
x.
xi.
xii.
xiii.

Information security policies

Organization of information security
Human resource security
Asset management
Access control
Cryptography
Physical and environmental security
Operations security
Communications security
System acquisition, development and maintenance
Supplier relationships
Information security incident management
Information security aspects of business continuity management Compliance; with
internal requirements, such as policies, and with external requirements, such as
laws

B. Company Background
Honda Malaysia Sdn. Bhd. is the subsidiary company for Honda Motor Ltd. that
manufactures motor vehicles. The operation that runs in Malaysias branch include
machining, heat treatment, grinding, and assembling, as well as pre delivery inspection
operations. The two main offices for Honda Malaysia Sdn. Bhd. are in Pagoh, Melaka and
Petaling Jaya, Selangor. The manufacturing plant is in the Pagoh office while the sales
and marketing operation runs at office in Petaling Jaya. The sales and marketing office is
in charge of the financial report of the company, planning on how to achieve sales target
and evaluate the models of cars that relevant to put in Malaysia market. The
manufacturing plant office focuses on the production of the product and product
inspection.

C. Implementation of ISO 27001

i. Security Policy
Security policy is the document that states how an organization plans to keep the
organizations physical and information assets secure. Below is the existing
security policy implemented by Honda.
1. Enforcement Framework for Information Security
Information Security Officer shall be appointed to ensure security and preservation of
information property, which shall be properly managed through establishing and enforcing
appropriate rules and procedures.
2. Management of Information Property
In order to be securely preserved, Information Property shall be appropriately looked after,
in accordance with procedures based on the risk factor associated with such information.
3. Education and Training
All executives and employees shall be duly educated on Information Security, in order to
enhance security awareness and to ensure full enforcement of rules and procedures. Those
in violation of such rules and procedures shall be dealt with in strict and fair manner,
including disciplinary action.
4. Reliable Products and Services
Every possible effort shall be made to provide our customers with reliable products and
services, with full consideration for our customers' information security.
ii. Scope of Information System Management
iii. Security Risk Assessment

D. Summary