Towards Secure Information Systems: Developing and Implementing an Information Security Evaluation Model Using NIST CSF and COBIT 2019
Towards Secure Information Systems: Developing and Implementing an Information Security Evaluation Model Using NIST CSF and COBIT 2019

Summary/Abstract: Ensuring information security in public sector information systems is now more important than ever. Advances in technology and information have not only made daily life easier, but also made the opportunities for cybercrimes vast and inevitable. This study aims to create a framework for evaluation that measure the maturity level of information security in information systems by integrating existing frameworks, NIST Cybersecurity Framework (CSF) and COBIT 2019. The result of this framework development is implemented in a public sector organization called PT XYZ, which has an information system as a tool to assist in the implementation of public services. The Capability Maturity Model Integration (CMMI) method is used to calculate the maturity level. The implemented approach resulted in information security maturity evaluation framework for information systems. This framework includes 118 activities which are divided into 23 categories. The distribution of the integration of the two frameworks contributes 61% activities, the NIST CSF contributes 8% and the COBIT 2019 framework contributes 31% activities. The measurement result of the information security maturity level in the information system at PT XYZ shows that all functions are at level 1 or the initial level. PT XYZ's low information security maturity reveals the critical need for stronger data protection and system resilience. This study introduces a novel approach to demonstrating a practical methodology for integrating two frameworks. The resulting framework enables public sector organizations to assess their security posture, identify areas for improvement, and enhance resilience against cyber threats, strengthening public service and safeguarding data.

• Details
• Contents