TY - GEN
T1 - Cybersecurity Maturity Assessment Design Using NISTCSF, CIS CONTROLS v8 and ISO/IEC 27002
AU - Bashofi, Ivan
AU - Salman, Muhammad
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Cyberspace was created by the development of Information and Communication Technology (ICT). This makes it easier to access, manage information faster and more accurately, and improve the efficiency of performing activities and achieving business goals. On the other hand, the higher the usage of information technology, the higher the potential for organizational security incident gaps and cybercrime. Addressing this issue requires security standards that are appropriate and meet the requirements for organizations to know the maturity of cybersecurity. XYZ Organization is one of the government instances managing Indonesia's critical infrastructures. Although some international security standards have been implemented, the results of preparing for information security management are not yet optimal. Analysis of the NIST, CIS Controls v8, and ISO27002 standards was performed in this research. In addition, the analysis results are used as resources to create a cybersecurity maturity framework through the three standard approaches that underlie ICT management. And for the result, the proposed concepts of the 21 integrated cybersecurity categories are expected to become an asset in terms of XYZ organization's ICT management performance.
AB - Cyberspace was created by the development of Information and Communication Technology (ICT). This makes it easier to access, manage information faster and more accurately, and improve the efficiency of performing activities and achieving business goals. On the other hand, the higher the usage of information technology, the higher the potential for organizational security incident gaps and cybercrime. Addressing this issue requires security standards that are appropriate and meet the requirements for organizations to know the maturity of cybersecurity. XYZ Organization is one of the government instances managing Indonesia's critical infrastructures. Although some international security standards have been implemented, the results of preparing for information security management are not yet optimal. Analysis of the NIST, CIS Controls v8, and ISO27002 standards was performed in this research. In addition, the analysis results are used as resources to create a cybersecurity maturity framework through the three standard approaches that underlie ICT management. And for the result, the proposed concepts of the 21 integrated cybersecurity categories are expected to become an asset in terms of XYZ organization's ICT management performance.
KW - CIS Controls
KW - CSF
KW - Cybersecurity Maturity
KW - ISO 27002
UR - http://www.scopus.com/inward/record.url?scp=85138328761&partnerID=8YFLogxK
U2 - 10.1109/CyberneticsCom55287.2022.9865640
DO - 10.1109/CyberneticsCom55287.2022.9865640
M3 - Conference contribution
AN - SCOPUS:85138328761
T3 - Proceedings - 2022 IEEE International Conference on Cybernetics and Computational Intelligence, CyberneticsCom 2022
SP - 58
EP - 62
BT - Proceedings - 2022 IEEE International Conference on Cybernetics and Computational Intelligence, CyberneticsCom 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 6th IEEE International Conference on Cybernetics and Computational Intelligence, CyberneticsCom 2022
Y2 - 16 June 2022 through 18 June 2022
ER -