Utilizing ISO 27001:2022 In Information Security Design For BPRCCo SME Digital Transformation

##plugins.themes.academic_pro.article.main##

Fandi Ahmad Atqan Setyoso
Rahmat Mulyana
Ryan Adhitya Nugraha

Abstract

In the era of Industry 4.0, incumbent organizations like BPRCCo must undergo Digital Transformation (DT) to remain competitive. However, a significant challenge in this process is ensuring information security, a critical factor often leading to the failure of DT initiatives. Previous studies have emphasized the importance of ambidextrous information security management—balancing traditional and agile approaches—for large banks in achieving successful DT, particularly concerning information security. However, this approach has yet to be validated for small-scale banks like BPRs. Therefore, this research aims to develop tailored recommendations for an Information Security Management System (ISMS) suitable for Small and Medium Enterprises (SME) and assess the potential enhancements in their capabilities to support DT. The research employs Design Science Research (DSR) methodology, encompassing problem identification, requirements specification, design and development, demonstration, and evaluation phases. Data was gathered through interviews and data analysis, and subsequently analyzed using the ISMS framework aligned with the ISO 27001:2022 standard. The risk analysis and review of previous studies revealed that 29 control in the PDCA cycle and Annex are critical priorities for BPRCCo. Based on this, several ISMS-based solutions were designed. These recommendations are presented as an implementation roadmap that can guide BPRCCo in preparing and fully implementing ISMS in crucial areas to support its DT efforts. This research contributes to the understanding of ISMS in small-scale banking, offering valuable insights through a case study approach relevant to SMEs and similar organizations.

##plugins.themes.academic_pro.article.details##

How to Cite
Ahmad Atqan Setyoso, F., Mulyana, R. and Adhitya Nugraha, R. (2024) “Utilizing ISO 27001:2022 In Information Security Design For BPRCCo SME Digital Transformation”, Ranah Research : Journal of Multidisciplinary Research and Development, 6(6), pp. 2544-2553. doi: 10.38035/rrj.v6i6.1121.

References

Anugerah, M. (2023). Manajemen Keamanan Informasi untuk Transformasi Digital Insurco Berbasis Cobit 2019 Focus Area Information Security. Jurnal Sistem Informasi, 5(3), 452–467. https://doi.org/https://doi.org/10.31849/zn.v5i3.15275
Artha, U., Mulyana, R., & Ramadani, L. (2022). Analisis Kualitatif Pengaruh Tata Kelola TI Terhadap Transformasi Digital dan Kinerja: Studi Kasus Asuransi A. JURIKOM (Jurnal Riset Komputer), 9(5), 1302–1312. https://doi.org/10.30865/jurikom.v9i5.4797
De Haes, S., Caluwe, L., Huygh, T., & Joshi, A. (2020). Management for Professionals Governing Digital Transformation. http://www.springer.com/series/10101
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal of Information Security, 04(02), 92–100. https://doi.org/10.4236/jis.2013.42011
Dwi, Y. W., Dewi, M., Mulyana, R., & Santoso, A. F. (n.d.). Penggunaan COBIT 2019 I&T Risk Management untuk Pengelolaan Risiko Transformasi Digital BankCo.
Gong, Y., Yang, J., & Shi, X. (2020). Towards a comprehensive understanding of digital transformation in government: Analysis of flexibility and enterprise architecture. Government Information Quarterly, 37(3). https://doi.org/10.1016/j.giq.2020.101487
Hadiono, K., Candra, R., & Santi, N. (2020). Menyongsong Transformasi Digital. Proceeding SENDIU, 81–84.
Haikal, H., Ananza, R. H., Darmawan, I., & Mulyana, R. (2019). Design of Information Security Governance for E-Government Using ISO 27001:2013 Standard (Case Study: Diskominfotik of West Bandung Regency). E-Proceeding of Engineering, 6(2), 8368–8374.
Halim, A. (2020). Pengaruh Pertumbuhan Usaha Mikro, Kecil dan Menengah Terhadap Pertumbuhan Ekonomi Kabupaten Mamuju. Jurnal Ilmiah Ekonomi Pembangunan, 1(2), 157–172.
Hartati, T. (2017). Perencanaan Sistem Manajemen Keamanan Informasi Bidang Akademik Menggunakan ISO 27001:2013. Jurnal Ilmiah Manajemen Informatika Dan Komputer, 01(02), 63–70. https://doi.org/https://doi.org/10.32485/kopertip.v1i02.24
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems Research. MIS Quarterly, 28(1), 75–105. https://www.jstor.org/stable/25148625
Loonam, J., Eaves, S., Kumar, V., & Parry, G. (2018). Towards Digital Transformation: Lessons learned from Traditional Organisations. In J.E.L. classification codes D83 (Vol. 86). https://doi.org/https://doi.org/10.1002/jsc.2185
Mulyana, R., Rusu, L., & Perjons, E. (2021a). Association for Information Systems Association for Information Systems IT Governance Mechanisms In7uence on Digital Transformation: IT Governance Mechanisms In7uence on Digital Transformation: A Systematic Literature Review A Systematic Literature Review. https://aisel.aisnet.org/amcis2021
Mulyana, R., Rusu, L., & Perjons, E. (2021b). IT Governance Mechanisms Infuence on Digital Transformation: A Systematic Literature Review. Twenty-Seventh Americas Conference on Information Systems, 1–10. https://aisel.aisnet.org/amcis2021
Mulyana, R., Rusu, L., & Perjons, E. (2023). How Hybrid IT Governance Mechanisms Influence Digital Transformation and Organizational Performance in the Banking and Insurance Industry of Indonesia. Information Systems Development, Organizational Aspects and Societal Trends (ISD2023 Proceedings), 1–12.
Mulyana, R., Rusu, L., & Perjons, E. (2024a). Association for Information Systems Association for Information Systems Key Ambidextrous IT Governance Mechanisms In>uence on Key Ambidextrous IT Governance Mechanisms In>uence on Digital Transformation and Organizational Performance in Digital Transformation and Organizational Performance in Indonesian Banking and Insurance Indonesian Banking and Insurance. https://aisel.aisnet.org/pacis2024
Mulyana, R., Rusu, L., & Perjons, E. (2024b). Key ambidextrous IT governance mechanisms for successful digital transformation: A case study of Bank Rakyat Indonesia (BRI). Digital Business, 4(2), 1–19. https://doi.org/10.1016/j.digbus.2024.100083
Muthaiyah, S., & Zaw, T. O. K. (2018). ISO/IEC 27001 Implementation in SMEs: Investigation on Management of Information Assets. https://doi.org/10.5958/0976-5506.2018.02112.5
Panggabean, A. (2021). Memahami dan Mengelola Transformasi Digital. Trakia University. https://doi.org/https://doi.org/10.31219/osf.io/s36wq
Panjaitan, B., Abdurrahman, L., & Mulyana, R. (2021). The Development of Information Security Management System Implementation Based on ISO 27001: 2013 Using Annex Control : in PT. XYZ Case Study Data Center. E-Proceeding of Engineering, 8(2), 2813–2825.
Patricia, I., Ph, D., & Ness, L. R. (2015). Are We There Yet? Data Saturation in Qualitative Research. Walden Faculty and Staff Publications. https://scholarworks.waldenu.edu/facpubs/455
POJK. (2016). Standar Penyelenggaraan Teknologi Informasi bagi Bank Perkreditan Rakyat dan Bank Pembiayaan Rakyat Syariah. Nomor 75/POJK.03/2016.
POJK. (2024). Bank Perekonomian Rakyat dan Bank Perekonomian Rakyat Syariah.
Prayudi, R. A., Mulyana, R., & Fauzi, R. (2023). SEIKO : Journal of Management & Business Pengendalian Digitalisasi FintechCo Melalui Perancangan Pengelolaan Keamanan Informasi Berbasis COBIT 2019 Information Security Focus Area. SEIKO : Journal of Management & Business, 6(2), 388–406.
Rahmadana, A., Mulyana, R., & Santoso, A. F. (n.d.). Pemanfaatan COBIT 2019 Information Security Dalam Merancang Manajemen Keamanan Informasi Pada Transformasi BankCo.
Ramadhani, A. (2018). Keamanan Informasi. Journal of Information and Library Studies, 1(1), 39–51. https://doi.org/10.30999/n-jils.v1i1.249
Riznawati, N., Mulyana, R., & Santoso, A. F. (2023). SEIKO : Journal of Management & Business Pendayagunaan COBIT 2019 DevOps dalam Merancang Manajemen Pengembangan TI Agile pada Transformasi Digital BankCo. SEIKO : Journal of Management & Business, 6(2), 2023–2223.
Shabri, H., Azlina, N., Said, M., Syariah, P., Ekonomi, F., Bisnis, D., Syarif, U., & Jakarta, H. (2020). Transformasi Digital Industri Perbankan Syariah Indonesia. Journal of Islamic Economics, 3(2), 228–234. https://doi.org/https://doi.org/10.58958/elkahfi.v3i02.88
Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research projects. Education for Information, 22(2), 63–75. https://doi.org/10.3233/EFI-2004-22201
Srijani, N. (2020). Peran UMKM (Usaha Mikro Kecil Menengah) Dalam Meningkatkan Kesejahteraan Masyarakat. Jurnal Ilmiah Ekonomi Dan Pembelajarannya, 8(2), 191–201.
Suci, Y. R. (2017). Perkembangan UMKM (Usaha Mikro Kecil dan Menengah) di Indonesia. Jurnal Ilmiah Cano Ekonomos, 6(1), 51–58.
Tarbiyatuzzahrah, Bq. D., Mulyana, R., & Santoso, A. F. (2023). Penggunaan COBIT 2019 GMO dalam Menyusun Pengelolaan Layanan TI Prioritas pada Transformasi Digital BankCo. JTIM : Jurnal Teknologi Informasi Dan Multimedia, 5(3), 218–238. https://doi.org/10.35746/jtim.v5i3.400
Triandi, B. (2019). Keamanan Informasi secara Aksiologi Dalam Menghadapi Era Revolusi Industri 4.0. In JURIKOM) (Vol. 6, Issue 5). http://ejurnal.stmik-budidarma.ac.id/index.php/jurikom|Page477
Viamianni, A., Mulyana, R., & Dewi, F. (2023). COBIT 2019 INFORMATION SECURITY FOCUS AREA IMPLEMENTATION FOR REINSURCO DIGITAL TRANSFORMATION. JIKO (Jurnal Informatika Dan Komputer), 6(2). https://doi.org/10.33387/jiko.v6i2.6366
Zaoui, F., & Souissi, N. (2020). Roadmap for digital transformation: A literature review. Procedia Computer Science, 175, 621–628. https://doi.org/10.1016/j.procs.2020.07.090