TY - JOUR
T1 - Framework for critical information infrastructure protection in smart government
T2 - a case study in Indonesia
AU - Putro, Prasetyo Adi Wibowo
AU - Sensuse, Dana Indra
AU - Wibowo, Wahyu Setiawan Setiawan
N1 - Funding Information:
The authors would like to thank Indonesia Endowment Fund for Education (LPDP) from the Ministry of Finance Republic Indonesia for granting the scholarship and supporting this research. This research was also supported by the E-Government and E-Business Laboratory, Faculty of Computer Science, Universitas Indonesia.
Publisher Copyright:
© 2023, Emerald Publishing Limited.
PY - 2023
Y1 - 2023
N2 - Purpose: This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology. Design/methodology/approach: To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM). Findings: The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables. Practical implications: This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services. Originality/value: The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.
AB - Purpose: This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology. Design/methodology/approach: To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM). Findings: The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables. Practical implications: This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services. Originality/value: The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.
KW - Critical information infrastructure
KW - Framework
KW - PreMiSTS
KW - Protection
KW - Smart government
KW - STS
UR - http://www.scopus.com/inward/record.url?scp=85170395135&partnerID=8YFLogxK
U2 - 10.1108/ICS-03-2023-0031
DO - 10.1108/ICS-03-2023-0031
M3 - Article
AN - SCOPUS:85170395135
SN - 2056-4961
VL - 32
SP - 112
EP - 129
JO - Information and Computer Security
JF - Information and Computer Security
IS - 1
ER -