Improving the public service that is transparent and accountable should be the focus of the Ministry of Religious Affairs as one of government’s institutions. Therefore, as information and communication technology (ICT) serves as an important factor supporting the Ministry of Religious Affairs public service, ICT should be managed appropriately to ensure that the quality of the service can be maintained. In the implementation of ICT governance, information security is one of important factors that needs careful attention considering ICT governance performance will be impaired if information security as one of the main ICT governance’s components experiences problems with regard to the confidentiality of information security, integrity and availability. The Ministry of Religious Affair still has a lot of problems in terms of information security but until now has not had any Information Security Management System. In addition, based on the results of the assessment of information security index (KAMI) conducted by the Ministry of Information and Communication Technology in 2015, the information security in the Ministry of Religious Affair in the lowest category. With this research, the author tried to design an Information Security Management System for the Ministry of Religious Affairs using the ISO 27001-2013 framework. The result was evaluated by a team of experts and then recommended as a draft of Information Systems Security Management for the Ministry of Religious Affairs.