Cyber Security Audit using CIS CSC, NIST CSF and COBIT 2019 Framework
DOI:
https://doi.org/10.24114/cess.v8i2.43257Keywords:
COBIT 2019, NIST CSF, CIS CSC, Cyber Security, COBIT Performance ModelAbstract
Tingginya penggunaan teknologi dan informasi saat ini mengakibatkan peningkatan risiko dan ancaman keamanan data dan informasi. Dinas Komunikasi dan Informatika Kota Pontianak, dinas pemerintahan yang memanfaatkan dan menggunakan banyak teknologi informasi. Untuk mengetahui sejauh mana kemampuan Dinas Komunikasi dan Informatika Kota Pontianak dalam mengelola keamanan siber, maka diperlukan audit keamanan siber. Audit dapat dilakukan dengan menggabungkan framework CIS CSC (Center for Internet Security Critical Security Controls) untuk membatasi focus area keamanan siber aset TI serta menggunakan NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) dan COBIT 2019 (Control Objective for Information Technologies) untuk melakukan perhitungan level kapabilitas. Perhitungan level kapabilitas menggunakan metode CPM (COBIT Performance Model). Hasil perhitungan level kapabilitas keamanan siber Dinas Komunikasi dan Informatika Kota Pontianak pada Identify (ID) mencapai level 3.9, Protect (PR) mencapai level 3.4, Detect (DE) mencapai level 2.5, dan Respond (RS) mencapai level 4. Terdapat 19 rekomendasi aktivitas untuk dilakukan agar mencapai level keamanan siber yang diinginkan, kemudian dilakukan pemetaan aktivitas rekomendasi ke dalam action priority matrix, 10 aktivitas masuk ke dalam kuadran Quick Wins, dan 9 aktivitas yang masuk ke dalam kuadran Major Projects. The frequent use of technology and information today impacts the increased risk and threats to data and information security. Department of Information and Communications of Pontianak is the department that utilizes and uses a lot of information technology. To find out how far the Pontianak City Communication and Informatics Office is capable of managing cyber security, a cyber security audit is needed. Audits can be conducted by combining the CIS CSC (Center for Internet Security Critical Security Controls) framework to define the cybersecurity focus areas of IT assets and using the NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) and COBIT 2019 (Control Objective for Information Technologies) to calculate the capability level. Capability level calculation uses the CPM (COBIT Performance Model) method. The results of calculating the level of cyber security capability of the Pontianak City Communication and Informatics Service for Identification (ID) reaches level 3.9, Protect (PR) reaches level 3.4, Detect (DE) reaches level 2.5, and Respond (RS) reaches level 4. There are 19 activity recommendations to be carried out in order to achieve the desired level of cybersecurity, then capture recommendation activities into the action priority matrix, 10 activities included in the Quick Wins quadrant, and 9 activities entered into the Major Projects quadrant.References
A. S. Roy, œStudy of Cyber Security Challenges and It™s Emerging Trends on Latest Technologies, 2021.
Profil Dinas Komunikasi dan Informatika Kota Pontianak. Available: diskominfo.pontianak.go.id/tentang/halaman/profil [Terakhir diakses pada 19 Januari 2023]
B. Oana, œ(Cyber) Security Maturity or No (Cyber) Security, 2021.
R. A. Ashari, œRencana penerapan cyber-risk management menggunakan NIST CSF dan COBIT 5, 2018.
NIST, œFramework for Improving Critical Infrastructure Cybersecurity Version 1.1, 2018.
CIS, œCIS Critical Security Controls Version 8, 2021
ISACA, COBIT 2019 œFramework: Introduction and Methodology, 2018
L. R. S. Dhulipalla, ISACA, œUsing COBIT 2019 Performance Management Model to Assess Governance and Management Objectives 2019
ISACA, œImplementing the NIST Cybersecurity Framework Using COBIT 2019, Version 1.0.0, 2019.
E Elue, CISA, and CDPSE, œEffective Capability and Maturity Assessment Using COBIT 2019, 2020
Downloads
Published
Issue
Section
License
Copyright (c) 2023 CESS (Journal of Computer Engineering, System and Science)
This work is licensed under a Creative Commons Attribution 4.0 International License.
