Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS

Abstract

Read online

Data or Information security in today's digital era is crucial in every organization that needs to pay attention. Management of organizational information is one of the components in realizing Good Corporate Governance. The measure of an adequate level of protection is an indicator of the cybersecurity awareness aspects of an organization's business processes in the short, medium, and long term, especially in the field that deals with information and communication technology (ICT). To make this happen, it requires a security standard that is appropriate and follows its needs to help organizations know the maturity level of cybersecurity in protecting its information security. The ABC organization is one of the Government agencies that manage the critical infrastructure and Indonesian digital economies. The organization has currently implemented several international security standards through its planning, implementation, evaluation document, and ICT activities. However, based on the national information security readiness assessment, information security management readiness results are still not optimal. In this study, an analysis of the NIST, ISO 27002, COBIT, and PCI DSS security standards has been carried out, which are ABC organizational security standards in managing ICT by assigned tasks and functions. Furthermore, the analysis result is used as materials for drafting a cybersecurity maturity framework through the four standard approaches that have become the basis for ICT management. The proposed concept of twenty-one integrated cybersecurity categories is expected to be a capital in measure ICT management performance in ABC organizations.

Keywords

• ict, cybersecurity maturity, nist, iso 27002, cobit and pci dss