Authors : Dio Febrilian Tanjung; Oky Dwi Nurhayati; Adi Wibowo

Volume/Issue : Volume 9 - 2024, Issue 6 - June

Google Scholar : https://tinyurl.com/bdeuvucs

Scribd : https://tinyurl.com/mrcs73sk

DOI : https://doi.org/10.38124/ijisrt/IJISRT24JUN1212

Abstract : This study explores the application of three cybersecurity frameworks: NIST CSF 2.0, ISO/IEC 27001:2022, and CIS Control v8, resulting in the synthesis of 22 key components: Organizational context, Risk management processes, Assignment of security roles, Security policy implementation, Governance, monitoring, Third-party risk management, Inventory and management of assets, Risk identification and analysis, Continuous improvement, Access control, account management, Security awareness and training, Data protection, encryption, Configuration and maintenance management, Network and software security, Continuous monitoring, anomaly detection, Incident detection and analysis, Incident response planning, Incident analysis and prioritization, Incident response communication, and Incident mitigation. These syntheses serve as recommendations and information security controls applicable to government agencies. The frameworks provide guidance for developing information security measures, preparing necessary documents, and implementing technical steps to enhance information security.

Keywords : NIST CSF 2.0, ISO/IEC 27001:2022, CIS Control v8, Information Security, Cybersecurity Frameworks, Government Agencies.

References :

1. D. . Tanjung, O. A, and A. . Widodo, “Analisis Manajemen Risiko Startup Pada Masa Pandemi Covid-19 Startup Risk Management Analysis During Covid-19 Pandemic Using,” J. Teknol. Inf. dan Ilmu Komput., vol. 8, no. 3, pp. 635–642, 2021, doi: 10.25126/jtiik.202184914.
2. H. M. Astuti, F. A. Muqtadiroh, E. W. T. Darmaningrat, and C. U. Putri, “Risks Assessment of Information Technology Processes Based on COBIT 5 Framework: A Case Study of ITS Service Desk,” Procedia Comput. Sci., vol. 124, pp. 569–576, 2017, doi: 10.1016/j.procs.2017.12.191.
3. A. Amiruddin, H. G. Afiansyah, and H. A. Nugroho, “Cyber-Risk Management Planning Using NIST CSF v1.1, NIST SP 800-53 Rev. 5, and CIS Controls v8,” Proc. - 3rd Int. Conf. Informatics, Multimedia, Cyber, Inf. Syst. ICIMCIS 2021, pp. 19–24, 2021, doi: 10.1109/ICIMCIS53775.2021.9699337.
4. Pemerintah Pusat, “Peraturan Presiden Nomor 95 Tahun 2018 tentang Sistem Pemerintahan Berbasis Elektronik,” Menteri Huk. Dan Hak Asasi Mns. Republik Indones., p. 110, 2018.
5. P. A. W. Putro, D. I. Sensuse, and W. S. S. Wibowo, “Framework for critical information infrastructure protection in smart government: a case study in Indonesia,” Inf. Comput. Secur., vol. 32, no. 1, pp. 112–129, 2024, doi: 10.1108/ICS-03-2023-0031.
6. D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative analysis and design of cybersecurity maturity assessment methodology using nist csf, cobit, iso/iec 27002 and pci dss,” Int. J. Informatics Vis., vol. 4, no. 4, pp. 225–230, 2020, doi: 10.30630/joiv.4.4.482.
7. NIST, “NIST Cybersecurity Framework (CSF) Version 2.0.” National Institute of Standards and Technology, 2024. [Online]. Available: https://www.nist.gov/cyberframework
8. ISO and IEC, “ISO/IEC 27001:2022 - Sistem Manajemen Keamanan Informasi - Persyaratan,” ISO/IEC 27001:2022, vol. 2022. International Organization for Standardization (ISO), Jenewa, Swiss, 2022. doi: 10.2307/j.ctv30qq13d.