scholarly journals Influence of Information Security Culture on the Information Security Governance Capabilities (Case Study: PT XYZ)

2021 ◽  
Vol 1 (2) ◽  
pp. 62-74
Author(s):  
Kevin Suwandi ◽  
Johan Setiawan
Keyword(s):  
Information Security ◽  
Corporate Culture ◽  
Quantitative Methods ◽  
Security Culture ◽  
Security Governance ◽  
Qualitative And Quantitative Methods ◽  
It Department ◽  
Information Security Governance ◽  
Information Security Culture ◽  
Capability Level

Objective – To analyze the relationship between a company’s information security approach/culture with its information security governance capabilities based on COBIT 5 framework and provide recommendations that can be used to improve the company's information security capabilities per COBIT 5 standard. Methodology – The research uses qualitative and quantitative methods by conducting interviews and distributing questionnaires to 3 members of the IT Department at PT XYZ. Findings – The research found that the measured COBIT 5 processes (APO13 and DSS05) failed to reach the expected target (level 4), with each DSS05 and APO13 can only reach level 1 and 2 respectively. In addition, several flaws were also found in the company’s information security culturethat may have contributed directly or indirectly to the current state of the company’s information security capabilities. Novelty – In this study, the researchers expand the previous study on information security culture conducted in 2010 by performing a security audit on a company's IT department to analyze the connection between corporate culture, especially information security culture and the capability level of information security governance. The company thus can make improvements or corrections to its information security approach/culture based on the recommendations provided with COBIT 5 framework. Keywords: Capability Level; COBIT; Governance; Information Security Culture. 

scholarly journals Information Security Governance and Management Capability Assessment: A Lesson Learned from Directorate General of Taxes

2020 ◽  
Vol 10 (1) ◽  
pp. 15-26
Author(s):  
Bandi Ashari
Keyword(s):  
Information Security ◽  
Building Blocks ◽  
Business Strategies ◽  
Sensitive Data ◽  
Security Governance ◽  
Management Capability ◽  
Optimal Value ◽  
Directorate General ◽  
Information Security Governance ◽  
Capability Level

The information has an important role in improving the business operation and serving the decision-making process. The emerging of e-commerce and e-government require more frequent data exchanges included sensitive data. This study will focus on looking at the portrait of the Directorate General of Tax (DGT) in planning and building the ability to enforce IT governance, especially those related to information security. In addition, this research can also be used as a DGT basis for continuous improvement. We use the ISGM capability model to combine COBIT 5 and ISO 27001 as an approach to measure the capability of organizations in governing and manage their information security. We found that DGT’s information security governance and management capability at overall is at level well defined. Almost of ISGM building blocks has been established according to tailor-made policy and standard. With this capability level, DGT’s ISGM could contribute to the business as shown in several DGT’s program. But, to get optimal value from ISGM DGT need to improve the capability level, especially related to organizational aspects like alignment with business strategies and resource management.

scholarly journals Information Security Governance and Management Capability Assessment: A Lesson Learned from Directorate General of Taxes

2020 ◽  
Vol 10 (1) ◽  
pp. 15
Author(s):  
Bandi Ashari
Keyword(s):  
Information Security ◽  
Building Blocks ◽  
Business Strategies ◽  
Sensitive Data ◽  
Security Governance ◽  
Management Capability ◽  
Optimal Value ◽  
Directorate General ◽  
Information Security Governance ◽  
Capability Level

The information has an important role in improving the business operation and serving the decision-making process. The emerging of e-commerce and e-government require more frequent data exchanges included sensitive data. This study will focus on looking at the portrait of the Directorate General of Tax (DGT) in planning and building the ability to enforce IT governance, especially those related to information security. In addition, this research can also be used as a DGT basis for continuous improvement. We use the ISGM capability model to combine COBIT 5 and ISO 27001 as an approach to measure the capability of organizations in governing and manage their information security. We found that DGT’s information security governance and management capability at overall is at level well defined. Almost of ISGM building blocks has been established according to tailor-made policy and standard. With this capability level, DGT’s ISGM could contribute to the business as shown in several DGT’s program. But, to get optimal value from ISGM DGT need to improve the capability level, especially related to organizational aspects like alignment with business strategies and resource management.

The formation of information security culture of college students

2019 ◽  
pp. 29-36
Author(s):  
I. D. Rudinskiy ◽  
D. Ya. Okolot
Keyword(s):  
College Students ◽  
Information Security ◽  
Information Society ◽  
Technical Aspect ◽  
Data Sources ◽  
Structural Components ◽  
Security Culture ◽  
The Individual ◽  
Information Security Culture ◽  
Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Sign in / Sign up

Export Citation Format

Share Document