Impact of Implementation of Information Security Risk Management and Security Controls on Cyber Security Maturity (A Case Study at Data Management Applications of XYZ Institute)

Endro Joko Wibowo

Kalamullah Ramli

SUMMARY

Information security is an important concern for governments and industry due to the increase in cyber attacks during Covid-19. The government is obliged to maintain information security in implementing an Electronic-Based Government System following Presidential Regulation of the Republic of Indonesia Number 95 of 2018. To overcome this problem, the XYZ Institute needs an approach to implementing information security risk management and information security controls. This study aims to risk identification, risk analysis, risk evaluation, risk treatment, risk acceptance, risk control, and analysis of cyber security maturity gaps in the domain of governance, identification, protection, detection, and response. ISO/IEC 27005:2018 as guidance for conducting risk assessments. The code of practice for information security control uses the ISO/IEC 27002:2013 standard and assessing maturity using the cyber security maturity model version 1.10 developed by the National Cyber and Crypto Agency of the Republic of Indonesia. The results show that the cyber maturity value increased from 3.19 to 4.06 after implementing 12 new security controls.

KEYWORDS

Security Risk Management - information security controls - Cyber Security Maturity - ISO/IEC 27005:2018 - ISO/IEC 27002:2013

Free Access

PAGES

pp. 1 - 17

NUMBER

Volumen: 18 Número: Jurnal Parte: 0 (2022)

COLLECTIONS

Computing
Computing

JOURNALS RELATED

JURNAL TEKNIK INFORMATIKA DAN SISTEM INFORMASI
International Journal on Informatics Visualization
COMPUSOFT: An International Journal of Advanced Computer Technology

Articles related

User Behaviours Associated with Password Security and Management

Kay Bryant,John Campbell

Control mechanisms established on the boundary of an information system are an important preliminary step to minimising losses from security breaches. The primary function of such controls is to restrict the use of information systems and resources to au... see more

Revista: Australasian Journal of Information Systems

Open Access

Information System Security Risk Assessment NIST SP 800-30 Framework Selector Data

zeckyan zeckyan

Information security is an action to protect information against various threats in order to ensure the continuity of business processes, as well as minimize or eliminate threat risks and maximize profits and business opportunities for an organization. R... see more

Revista: JURNAL TEKNIK INFORMATIKA DAN SISTEM INFORMASI

Open Access

Design of Information Security Early Detection System DISKOMINFO Bandung Regency

Nazar Firman Pratama

In the Digital Transformation era, technological developments are developing more rapidly, along with the increasingly intensive use of technology, cyber threats are also increasing with a wide variety of attacks. The emergence of various issues regardin... see more

Revista: JURNAL TEKNIK INFORMATIKA DAN SISTEM INFORMASI

Open Access

Information Technology Risk Management at BTSI UKSW Using ISO 31000:2018

Vincent Patrick Pratama Wijaya

Biro Teknologi dan Sistem Informasi (BTSI) is one of the service units tasked with developing and supporting the needs of the academic community regarding the needs of information technology. BTSI always maintains system security and carries out reg... see more

Revista: JURNAL TEKNIK INFORMATIKA DAN SISTEM INFORMASI

Open Access

Risk Risk Assessment and Development of Access Control Information Security Governance Based on ISO/IEC 27001:2013 At XYZ University

laqma dica fitrani

The rapid development of information technology at this time also has an impact on the use of information technology in the university environment. XYZ University as a university that has quite a lot of students also applies information technology to sup... see more

Revista: JURNAL TEKNIK INFORMATIKA DAN SISTEM INFORMASI

Open Access