Pengukuran Kematangan Keamanan Siber pada Perusahaan Teknologi Informasi dengan Framework Center for Internet Security Controls

Authors

  • Mohammad Afdhal Jauhari STMIK Jakarta STI&K
  • Bheta Agus Wardijono STMIK Jakarta STI&K
  • Ega Hegarini Universitas Gunadarma

DOI:

https://doi.org/10.33020/saintekom.v14i1.610

Keywords:

cybersecurity, cybersecurity maturity, security policies, maturity measurement, security analysis

Abstract

This research evaluates the cybersecurity maturity of a technology information company in Jakarta, using the CIS Controls framework that encompasses all controls within Implementation Group 1 (IG1). The company has not conducted formal measurements regarding cybersecurity maturity, leading to uncertainty about the effectiveness of security efforts. The aim of this study is to measure, assess, and provide recommendations to enhance cybersecurity within the company. The research methodology involves an assessment of CIS Controls implementation and maturity level measurements. The measurement results indicate a low level of maturity, with an overall score of 0.41. The company needs to make significant improvement efforts in the cybersecurity aspect. Recommendations derived from this analysis emphasize the need for policy enhancements, control improvements, and increased employee training, serving as a guide for the company to strengthen weak cybersecurity aspects. The company should adopt a sustainable approach with management commitment and active engagement of all stakeholders.

Downloads

Download data is not yet available.

References

Amazon Web Service. (2023). What Is Cybersecurity? Amazon Web Services. https://aws.amazon.com/what-is/cybersecurity/

Cahyanto, T. A., Wahanggara, V., & Ramadana, D. (2017). Analisis dan Deteksi Malware Menggunakan Metode Malware Analisis Dinamis dan Malware Analisis Statis. Jurnal Sistem & Teknologi Informasi Indonesia, 2(1). https://doi.org/10.32528/justindo.v2i1.1037

Center for Internet Security. (t.t.). About us. Center for Internet Security. Diambil 27 Desember 2022, dari https://www.cisecurity.org/about-us/

Center for Internet Security. (2021). CIS Critical Security Controls Version 8. Center for Internet Security.

Center for Internet Security. (2023). The Cost of Cyber Defense CIS Controls Implementation Group 1 (V. Stocchetti & T. Sager, Ed.). Center for Internet Security. https://www.cisecurity.org/controls/

Februari, P., & Fitria. (2019). Audit Sistem Keamanan Informasi Menggunakan ISO 27001 pada SMKN 1 Pugung, Lampung. Jurnal CoreIT, 5(2), 44–48. https://doi.org/10.24014/coreit.v5i2.8276

Hanifah, F., Budiyono, A., & Widjajarto, A. (2021). Analisa Kerentanan pada Vulnerable Docker Menggunakan Alienvault dan Docker Bench for Security dengan Acuan Framework CIS Control. e-Proceeding of Engineering, 8(5), 8879–8885. https://openlibrarypublications.telkomuniversity.ac.id/index.php/engineering/article/view/15914

Kramer, S., & Bradfield, J. C. (2010). A General Definition of Malware. Journal in Computer Virology, 6(2), 105–114. https://doi.org/10.1007/s11416-009-0137-1

Najib, M., Purnomosidi D.P, B., & Nugroho, M. A. (2022). Implementasi Security Auditor untuk Standardisasi Instalasi Server pada Layanan SaaS Menggunakan CIS Benchmark. Cyber Security dan Forensik Digital, 5(2), 83–88. https://doi.org/10.14421/csecurity.2022.5.2.3929

Prabaswara, J. (2020). Perancangan dan Implementasi Sistem Security Control Assessment Berbasis Web [Universitas Esa Unggul]. https://digilib.esaunggul.ac.id/perancangan-dan-implementasi-sistem-security-control-assessment-berbasis-web-19673.html

Rimbarawa, Z. I., Kholisoh, E., Rahmayani, Z. P., & Redaksi, D. (2021). Systematic Literature Review: Permasalahan Ransomware pada Aplikasi Berbasis Cloud. JURNAL INTECH, 2(2), 19–22. https://doi.org/10.54895/intech.v2i2.877

Sam Bocetta. (2021, Maret 3). 3 Security Issues Overlooked by the NIST Framework. Network Computing. https://www.networkcomputing.com/network-security/3-security-issues-overlooked-nist-framework

Sama, H., Licen, L., Saragi, J. S. D., Erline, M., Kelvin, K., Hartanto, Y., Winata, J., & Devalia, M. (2021). Studi Komparasi Framework NIST dan ISO 27001 Sebagai Standar Audit Dengan Metode Deskriptif Studi Pustaka. Rabit: Jurnal Teknologi dan Sistem Informasi Univrab, 6(2), 116–121. https://doi.org/10.36341/rabit.v6i2.1752

Shamma, B. (2018). Implementing CIS Critical Security Controls for Organizations on a Low-Budget (Nomor December) [University of Houston]. https://hdl.handle.net/10657/4048

Downloads

PlumX Metrics

Published

31-03-2024

How to Cite

Jauhari, Mohammad Afdhal, Bheta Agus Wardijono, and Ega Hegarini. 2024. “Pengukuran Kematangan Keamanan Siber Pada Perusahaan Teknologi Informasi Dengan Framework Center for Internet Security Controls”. Jurnal Saintekom : Sains, Teknologi, Komputer Dan Manajemen 14 (1):72-83. https://doi.org/10.33020/saintekom.v14i1.610.

Issue

Section

Articles