Pengukuran Kematangan Keamanan Siber pada Perusahaan Teknologi Informasi dengan Framework Center for Internet Security Controls
DOI:
https://doi.org/10.33020/saintekom.v14i1.610Keywords:
cybersecurity, cybersecurity maturity, security policies, maturity measurement, security analysisAbstract
This research evaluates the cybersecurity maturity of a technology information company in Jakarta, using the CIS Controls framework that encompasses all controls within Implementation Group 1 (IG1). The company has not conducted formal measurements regarding cybersecurity maturity, leading to uncertainty about the effectiveness of security efforts. The aim of this study is to measure, assess, and provide recommendations to enhance cybersecurity within the company. The research methodology involves an assessment of CIS Controls implementation and maturity level measurements. The measurement results indicate a low level of maturity, with an overall score of 0.41. The company needs to make significant improvement efforts in the cybersecurity aspect. Recommendations derived from this analysis emphasize the need for policy enhancements, control improvements, and increased employee training, serving as a guide for the company to strengthen weak cybersecurity aspects. The company should adopt a sustainable approach with management commitment and active engagement of all stakeholders.
Downloads
References
Amazon Web Service. (2023). What Is Cybersecurity? Amazon Web Services. https://aws.amazon.com/what-is/cybersecurity/
Cahyanto, T. A., Wahanggara, V., & Ramadana, D. (2017). Analisis dan Deteksi Malware Menggunakan Metode Malware Analisis Dinamis dan Malware Analisis Statis. Jurnal Sistem & Teknologi Informasi Indonesia, 2(1). https://doi.org/10.32528/justindo.v2i1.1037
Center for Internet Security. (t.t.). About us. Center for Internet Security. Diambil 27 Desember 2022, dari https://www.cisecurity.org/about-us/
Center for Internet Security. (2021). CIS Critical Security Controls Version 8. Center for Internet Security.
Center for Internet Security. (2023). The Cost of Cyber Defense CIS Controls Implementation Group 1 (V. Stocchetti & T. Sager, Ed.). Center for Internet Security. https://www.cisecurity.org/controls/
Februari, P., & Fitria. (2019). Audit Sistem Keamanan Informasi Menggunakan ISO 27001 pada SMKN 1 Pugung, Lampung. Jurnal CoreIT, 5(2), 44–48. https://doi.org/10.24014/coreit.v5i2.8276
Hanifah, F., Budiyono, A., & Widjajarto, A. (2021). Analisa Kerentanan pada Vulnerable Docker Menggunakan Alienvault dan Docker Bench for Security dengan Acuan Framework CIS Control. e-Proceeding of Engineering, 8(5), 8879–8885. https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/view/15914
Kramer, S., & Bradfield, J. C. (2010). A General Definition of Malware. Journal in Computer Virology, 6(2), 105–114. https://doi.org/10.1007/s11416-009-0137-1
Najib, M., Purnomosidi D.P, B., & Nugroho, M. A. (2022). Implementasi Security Auditor untuk Standardisasi Instalasi Server pada Layanan SaaS Menggunakan CIS Benchmark. Cyber Security dan Forensik Digital, 5(2), 83–88. https://doi.org/10.14421/csecurity.2022.5.2.3929
Prabaswara, J. (2020). Perancangan dan Implementasi Sistem Security Control Assessment Berbasis Web [Universitas Esa Unggul]. https://digilib.esaunggul.ac.id/perancangan-dan-implementasi-sistem-security-control-assessment-berbasis-web-19673.html
Rimbarawa, Z. I., Kholisoh, E., Rahmayani, Z. P., & Redaksi, D. (2021). Systematic Literature Review: Permasalahan Ransomware pada Aplikasi Berbasis Cloud. JURNAL INTECH, 2(2), 19–22. https://doi.org/10.54895/intech.v2i2.877
Sam Bocetta. (2021, Maret 3). 3 Security Issues Overlooked by the NIST Framework. Network Computing. https://www.networkcomputing.com/network-security/3-security-issues-overlooked-nist-framework
Sama, H., Licen, L., Saragi, J. S. D., Erline, M., Kelvin, K., Hartanto, Y., Winata, J., & Devalia, M. (2021). Studi Komparasi Framework NIST dan ISO 27001 Sebagai Standar Audit Dengan Metode Deskriptif Studi Pustaka. Rabit: Jurnal Teknologi dan Sistem Informasi Univrab, 6(2), 116–121. https://doi.org/10.36341/rabit.v6i2.1752
Shamma, B. (2018). Implementing CIS Critical Security Controls for Organizations on a Low-Budget (Nomor December) [University of Houston]. https://hdl.handle.net/10657/4048
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Mohammad Afdhal Jauhari, Bheta Agus Wardijono, Ega Hegarini
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Copyright :
By submitting manuscripts to Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen, the author agrees with this policy. No specific document approval is required.
- The copyright in each article belongs to the author.
- Authors retain all their rights to the published work, not limited to the rights set forth in this page.
- Authors acknowledge that Saintekom Journal: Science, Technology, Computers and Management as the first to publish under the Creative Commons Attribution 4.0 International license (CC BY-SA).
- The author may submit the paper separately, arrange for non-exclusive distribution of the manuscript that has been published in this journal into other versions (e.g. sent to the author's institutional respository, publication into a book, etc.), by acknowledging that the manuscript has been first published Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen;
- The author warrants that the article is original, written by the named author, has not been previously published, contains no unlawful statements, does not infringe the rights of others, is subject to copyright exclusively held by the author.
- If the article is jointly prepared by more than one author, each author submitting the manuscript warrants that he or she has been authorized by all co-authors to agree to copyright and license notices (agreements) on their behalf, and agrees to inform co-authors of the terms of this policy. Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen will not be held liable for anything that may arise due to internal author disputes.
Lisensi :
Jurnal Saintekom : Sains, Teknologi, Komputer dan Manajemen is published under the terms of the Creative Commons Attribution 4.0 International License (CC BY-SA). This license permits anyone to:.
- Share - copy and redistribute this material in any form or format;
- Adaptation - modify, alter, and create derivatives of this material for any purpose.
- Attribution - you must give appropriate credit, include a link to the license, and state that changes have been made. You may do this in any appropriate manner, but it does not imply that the licensor endorses you or your use.
- Similar Sharing - If you modify, alter, or create a derivative of this material, you must distribute your contribution under the same license as the original material.