Text

Desain instrumen penilaian tingkat kematangan keamanan siber (Cybersecurity Maturity Assessment) berdasarkan NIST CSF, Cobit 2019, ISO/IEC 27002 dan PCI DSS

---

Abstrak:
Penerapan keamanan siber diperlukan untuk memastikan bahwa tujuan organisasi dapat tercapai dengan aman. Untuk meningkatkan keamanan siber, langkah-langkah pengendalian harus diambil untuk mengukur sejauh mana keamanan siber telah diimplementasikan, yang sering disebut sebagai Penilaian Kematangan Keamanan Siber (Cybersecurity Maturity Assessment). Ada berbagai standar yang dapat digunakan untuk menilai sejauh mana strategi keamanan siber di organisasi telah matang dan efektif. Namun, penggunaan satu standar untuk keamanan siber dalam proses bisnis dapat menjadi tantangan bagi organisasi dalam mengelola keamanan siber. Hal ini dapat terjadi karena standar tersebut tidak dapat mencakup seluruh ruang lingkup keamanan pada teknologi informasi (TI). Penelitian ini melakukan perancangan instrumen Cybersecurity Maturity Assessment berdasarkan NIST CSF, COBIT 2019, ISO/IEC 27002, dan PCI DSS. Tahapan perancangan desain intrumen Cybersecurity Maturity Assessment dilakukan dengan identifikasi komponen pada standar, kemudian melakukan pemetaan variabel evaluasi yang akan menjadi kontrol objek dari penilaian pada setiap kategori yang menggunakan acuan kerangka kerja hasil pemetaan Diah, Fitri dan Yohan. Hasil penelitian pada instrumen ini menghasilkan 21 kategori dan 46 subkategori dengan jumlah 190 pertanyaan. Penetapan skor menggunakan skala Likert dengan interval 1-5 dan kategori penilaian mengacu pada metode Capability Maturity Model Integration (CMMI), sementara validasi terhadap hasil perancangan instrumen dilakukan dengan menggunakan metode expert judgement.

Abstract:
Cybersecurity needs to be implemented to ensure specific security measures are in place, allowing companies or organizations to achieve their objectives. To enhance cybersecurity, control measures need to be taken to assess the extent to which cybersecurity has been implemented, known as Cybersecurity Maturity Assessment. There are various standards that can be used to assess how mature and effective an organization's cybersecurity strategy is. However, using a single standard for cybersecurity in business processes can pose challenges for organizations in managing cybersecurity, as it may not cover the entire scope of information technology (IT) security. This research designs a Cybersecurity Maturity Assessment instrument based on NIST CSF, COBIT 2019, ISO/IEC 27002, and PCI DSS. The stages of designing the Cybersecurity Maturity Assessment instrument involve identifying components within the standards, and then mapping evaluation variables that will serve as control objects for assessments in each category, using the framework provided by Diah, Fitri, and Yohan's mapping results. The results of the designed instrument show 21 categories and 46 subcategories of mapped evaluation variables with a total of 190 questions. Scoring was determined using a Likert scale with a range of 1-5, and the assessment categories were based on the Capability Maturity Model Integration (CMMI) method. Validation of the instrument design was conducted using the expert judgment method.

---

Availability

Detail Information

Series Title

--

Call Number

2023 AZI d

Publisher

Bogor : Politeknik Siber dan Sandi Negara., 2023

Collation

xiii, 70 halaman

Language

Indonesia

ISBN/ISSN

--

Classification

Rekayasa Keamanan Siber

Content Type

-

Media Type

-

Carrier Type

-

Edition

--

Subject(s)

NIST CSF
COBIT 2019
Cybersecurity Maturity Assessment
Desain Instrumen
ISO/IEC 27002
PCI DSS

Specific Detail Info

--

Statement of Responsibility

Aziiza Ratnadewati Pratama

Other version/related

File Attachment

Comments

---

You must be logged in to post a comment