scholarly journals Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS

2020 ◽  
Vol 4 (4) ◽  
pp. 225
Author(s):  
Diah Sulistyowati ◽  
Fitri Handayani ◽  
Yohan Suryanto
Keyword(s):  
Information Security ◽  
Business Processes ◽  
Critical Infrastructure ◽  
Readiness Assessment ◽  
Analysis And Design ◽  
Pci Dss ◽  
Security Standard ◽  
The Government ◽  
Security Standards ◽  
Iec 27002

Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities.  However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.

Mapping information security standard ISO 27002 to an ontological structure

2016 ◽  
Vol 24 (5) ◽  
pp. 452-473 ◽  
Author(s):  
Stefan Fenz ◽  
Stefanie Plieschnegger ◽  
Heidi Hobel
Keyword(s):  
Information Security ◽  
Formal Representation ◽  
Content Type ◽  
Security Standard ◽  
Compliance Checking ◽  
Baseline Knowledge ◽  
Standards And Guidelines ◽  
Security Compliance ◽  
Security Standards ◽  
Machine Readable

Purpose The purpose of this paper is to increase the degree of automation within information security compliance projects by introducing a formal representation of the ISO 27002 standard. As information is becoming more valuable and the current businesses face frequent attacks on their infrastructure, enterprises need support at protecting their information-based assets. Design/methodology/approach Information security standards and guidelines provide baseline knowledge for protecting corporate assets. However, the efforts to check whether the implemented measures of an organization adhere to the proposed standards and guidelines are still significantly high. Findings This paper shows how the process of compliance checking can be supported by using machine-readable ISO 27002 control descriptions in combination with a formal representation of the organization’s assets. Originality/value The authors created a formal representation of the ISO 27002 standard and showed how a security ontology can be used to increase the efficiency of the compliance checking process.

scholarly journals Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City)

2020 ◽  
Vol 1 (1) ◽  
pp. 1-11
Author(s):  
Adrian Fathurohman ◽  
R. Wahjoe Witjaksono
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Business Processes ◽  
City Government ◽  
Regional Government ◽  
Government Information ◽  
Analysis And Design ◽  
Information Security Management System ◽  
Regional Service ◽  
Iso 27001

The Department of Communication and Information (Diskominfo) of the Bandung City Government is an agency that has the responsibility of carrying out several parts of the Regional Government in the field of communication and informatics. Based on the composition of the regional service organization Bandung City Diskominfo has five fields and two UPTs which are part of the Bandung City Diskominfo. Bandung City Diskominfo in implementing work programs has IT as a supporter of business processes in government agencies. Based on the results of research conducted that IT management in Bandung City Government Diskominfo found several clauses that were still unfulfilled in this Diskominfo impact on the management of government information security institutions that can affect the performance of Bandung City Government. Therefore, there is a need for standardization that needs to be implemented as a guide that examines the direction in safeguarding information or assets that are considered sensitive to an organization. With the existence of these problems pushed to design information security recommendations based on ISO 27001: 2013 standards at Diskominfo. Also makes the design of IT information security systems that are focused on the control of Annex Information Security Policies, Human Resource Security, Operational Security, Communication Security and Asset Management so that business IT processes can run in accordance with the objectives of the organization. The results of this study are expected to help in securing IT information at the Bandung Diskominfo City and can also improve the goals of an organization.

An Integrated Security Governance Framework for Effective PCI DSS Implementation

2013 ◽  
pp. 177-194
Author(s):  
Mathew Nicho ◽  
Hussein Fakhry
Keyword(s):  
Information Security ◽  
Credit Cards ◽  
Comprehensive Overview ◽  
Technology Infrastructure ◽  
Governance Framework ◽  
Information Technology Infrastructure ◽  
Security Governance ◽  
Pci Dss ◽  
Information Security Governance ◽  
Security Standards

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

scholarly journals EVALUATION OF E-GOVERNMENT INFORMATION SECURITY USING THE DEFENSE IN DEPTH MODEL

2020 ◽  
Vol 3 (1) ◽  
pp. 14-19
Author(s):  
Fanny Novianto
Keyword(s):  
Information Security ◽  
Public Services ◽  
Business Processes ◽  
Descriptive Analysis ◽  
Study Approach ◽  
Physical Defense ◽  
Strategic Value ◽  
Information And Communication ◽  
Defense In Depth ◽  
The Government

The rapid progress of Information and Communication Technology (ICT) makes it easier for people to communicate and get information. Information of strategic value needs to be safeguarded and stakeholders must be aware of all potential vulnerabilities in information and communication system transactions. There are several aspects that must be met in building information security in e-government. The first aspect that must be met is confidentially and privacy. The Ministry of Law and Human Rights of the Republic of Indonesia is currently implementing e-government in internal business processes and public services. One of them is the use of the Correctional Database System (SDP). Data and information in SDP are confidential because one of them contains data and information on criminal offenders in Indonesia. With the use of information technology and the more information presented by the government as part of public services the greater the vulnerability to the security and confidentiality of the information system itself. The research method used is a qualitative method with a case study approach with the application of the defense in depth model to analyze information security involving several layers of security to keep information safe. Descriptive analysis results explain that the design and development of SDPs pay attention to the basic principles of information security, namely confidentiality, integrity and availability of data. But there are vulnerabilities in information security loopholes that are very likely to occur at the layer of host defense, network defense, and physical defense.

An Integrated Security Governance Framework for Effective PCI DSS Implementation

2011 ◽  
Vol 5 (3) ◽  
pp. 50-67 ◽  
Author(s):  
Mathew Nicho ◽  
Hussein Fakhry ◽  
Charles Haiber
Keyword(s):  
Information Security ◽  
Credit Cards ◽  
Comprehensive Overview ◽  
Technology Infrastructure ◽  
Governance Framework ◽  
Security Governance ◽  
Pci Dss ◽  
Information Security Governance ◽  
Security Standards ◽  
And Control

This paper analyses relevant IT governance and security frameworks/standards used in IT assurance and security to propose an integrated framework for ensuring effective PCI DSS implementation. Merchants dealing with credit cards have to comply with the Payment Card Industry Data Security Standards (PCI DSS) or face penalties for non-compliance. With more transactions based on credit cards, merchants are finding it costly and increasingly difficult to implement and interpret the PCI standard. One of the top reasons cited for merchants to fail PCI audit, and a leading factor in data theft, is the failure to adequately protect stored cardholder data. Although implementation of the PCI DSS is not a guarantee for perfect protection, effective implementation of the PCI standards can be ensured through the divergence of the PCI standard into wider information security governance to provide a comprehensive overview of information security based not only on security but also security audit and control. The contribution of this paper is the development of an integrated comprehensive security governance framework for ‘information security’ (rather than data protection) incorporating Control Objectives for Information and related Technology (COBIT), Information Technology Infrastructure Library (ITIL) and ISO 27002.

scholarly journals Study case Remote Access for PCI DSS Compliance at Company in Jakarta

2016 ◽  
Vol 3 (2) ◽  
pp. 35-41
Author(s):  
Rony Andry Anthony Sihotang
Keyword(s):  
Data Security ◽  
Remote Access ◽  
Team Development ◽  
Pci Dss ◽  
Electronic Transactions ◽  
Public Areas ◽  
International Payment ◽  
Security Standard ◽  
The Government ◽  
Internal Networks

The growth of electronic transactions in Indonesia has grown tremendously since the start of the government program of the Non-Cash National Movement (GNNT) by Bank Indonesia since 2014. It is expected that the use of cash will be replaced by electronic transactions (cashless) using ATM cards, debit cards, credit cards, electronic cards. Electronic transactions must be reliable and secure, this is what drives 5 international payment networks such as American Express, Discover, JCB, Mastercard and Visa create a data security standard to secure cardholder data PCI DSS (Payment Card Industry Data Security Standard). PCI DSS has always evolved to always keep cardholder data secure for transaction and now PCI DSS has released PCI DSS version 3.2 in April 2016. Employees need to connect to internal private networks or corporation’s network over the Internet from home or public areas such as hotels, airports, cafe mall etc. Security becomes a major consideration when access to internal networks or corporation’s network from insecure network. In this case study, one company with head office located in Jakarta, Indonesia with team development located in Seoul, South Korea. Also see the connection between convenience and security when implementing remote access in accordance with PCI DSS requirements.

Pengembangan Sistem Informasi Siklus Pendapatan pada PT XYZ (Pendekatan Studi Kasus)

2014 ◽  
Vol 5 (1) ◽  
pp. 12-19
Author(s):  
Yohannes Kurniawan ◽  
Janastasha Christie Parapaga
Keyword(s):  
Information System ◽  
Information Systems ◽  
Business Processes ◽  
Design Method ◽  
Accounting Information ◽  
Accounting Information System ◽  
Accounting Information Systems ◽  
Analysis And Design ◽  
Research Goal ◽  
Revenue Cycle

The research goal is to identify and analyze the need of accounting information system related to the revenue cycle at PT XYZ. This paper designing the useful of accounting information systems to support the current business processes, especially on the revenue cycle process. The design method is an Object Oriented Analysis and Design (OOAD) which refers to the modeling and design requirements discipline. And the result achieved by analysis and design of accounting information systems can support current activities of the revenue cycle, especially for the documentation and store of transaction data, and generate reports in accordance with company requirements. Conclusions derived from the analysis and design is the implementation of a webbased application that can help PT XYZ to do the work in different places, such as marketing office, head office and especially at the exhibition. Index Terms - Accounting Information System, revenue cycle, OOAD 

Sign in / Sign up

Export Citation Format

Share Document