Utilizing ISO 27001:2022 In Information Security Design For BPRCCo SME Digital Transformation
##plugins.themes.academic_pro.article.main##
Published
Sep 25, 2024
Abstract
In the industrial revolution 4.0 era, organizations like BPRCCo need to carry out Digital Transformation (TD) to remain competitive. However, the main challenge in this process is information security which is often result of TD failure. Previous research highlights the importance of ambidextrous information security management (traditional and agile approaches) for large banks in achieving TD, especially in information security. However, this approach has not been proven for small-scale banks such as BPR. Therefore, this research aims to develop recommendations for information security management system (SMKI) solutions that are relevant for MSMEs and estimate improvements in their capabilities to support TD. The research method involves Design Science Research (DSR), including problem identification, requirements specification, design and development, demonstration, and evaluation. Data was collected through interviews and data analysis, then analyzed using the ISMS framework based on the ISO 27001:2022 standard. Based on the results of risk analysis and mapping of previous research, it was found that AB control in the PDCA and Annex cycles is a priority for BPRCCo. Next, a number of solutions were designed based on ISMS practices. This recommendation is prepared as an implementation roadmap that can help BPRCCo prepare and fully implement ISMS in critical areas to support TD. This research contributes to the understanding of ISMS for small-scale banks, especially as a case study for SME, and for similar organizations.
##plugins.themes.academic_pro.article.details##
This work is licensed under a Creative Commons Attribution 4.0 International License.
Hak Cipta :
Penulis yang mempublikasikan manuskripnya di jurnal ini menyetujui ketentuan berikut:
- Hak cipta pada setiap artikel adalah milik penulis.
- Penulis mengakui bahwa Ranah Research : Journal of Multidisciplinary Research and Development berhak menjadi yang pertama menerbitkan dengan lisensi Creative Commons Attribution 4.0 International (Attribution 4.0 International CC BY 4.0) .
- Penulis dapat mengirimkan artikel secara terpisah, mengatur distribusi non-eksklusif manuskrip yang telah diterbitkan dalam jurnal ini ke versi lain (misalnya, dikirim ke repositori institusi penulis, publikasi ke dalam buku, dll.), dengan mengakui bahwa manuskrip telah diterbitkan pertama kali di Ranah Research.
References
De Haes, S., Caluwe, L., Huygh, T., & Joshi, A. (2020). Management for Professionals Governing Digital Transformation. http://www.springer.com/series/10101
Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal of Information Security, 04(02), 92–100. https://doi.org/10.4236/jis.2013.42011
Gong, Y., Yang, J., & Shi, X. (2020). Towards a comprehensive understanding of digital transformation in government: Analysis of flexibility and enterprise architecture. Government Information Quarterly, 37(3). https://doi.org/10.1016/j.giq.2020.101487
Hadiono, K., Candra, R., & Santi, N. (2020). Menyongsong Transformasi Digital. Proceeding SENDIU, 81–84.
Halim, A. (2020). Pengaruh Pertumbuhan Usaha Mikro, Kecil dan Menengah Terhadap Pertumbuhan Ekonomi Kabupaten Mamuju. Jurnal Ilmiah Ekonomi Pembangunan, 1(2), 157–172.
Hartati, T. (2017). Perencanaan Sistem Manajemen Keamanan Informasi Bidang Akademik Menggunakan ISO 27001:2013. Jurnal Ilmiah Manajemen Informatika Dan Komputer, 01(02), 63–70. https://doi.org/https://doi.org/10.32485/kopertip.v1i02.24
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design Science in Information Systems Research. MIS Quarterly, 28(1), 75–105. https://www.jstor.org/stable/25148625
Loonam, J., Eaves, S., Kumar, V., & Parry, G. (2018). Towards Digital Transformation: Lessons learned from Traditional Organisations. In J.E.L. classification codes D83 (Vol. 86). https://doi.org/https://doi.org/10.1002/jsc.2185
Mulyana, R., Rusu, L., & Perjons, E. (2021a). Association for Information Systems Association for Information Systems IT Governance Mechanisms In7uence on Digital Transformation: IT Governance Mechanisms In7uence on Digital Transformation: A Systematic Literature Review A Systematic Literature Review. https://aisel.aisnet.org/amcis2021
Mulyana, R., Rusu, L., & Perjons, E. (2021b). IT Governance Mechanisms Infuence on Digital Transformation: A Systematic Literature Review. Twenty-Seventh Americas Conference on Information Systems, 1–10. https://aisel.aisnet.org/amcis2021
Mulyana, R., Rusu, L., & Perjons, E. (2023). How Hybrid IT Governance Mechanisms Influence Digital Transformation and Organizational Performance in the Banking and Insurance Industry of Indonesia. Information Systems Development, Organizational Aspects and Societal Trends (ISD2023 Proceedings), 1–12.
Mulyana, R., Rusu, L., & Perjons, E. (2024a). Association for Information Systems Association for Information Systems Key Ambidextrous IT Governance Mechanisms In>uence on Key Ambidextrous IT Governance Mechanisms In>uence on Digital Transformation and Organizational Performance in Digital Transformation and Organizational Performance in Indonesian Banking and Insurance Indonesian Banking and Insurance. https://aisel.aisnet.org/pacis2024
Mulyana, R., Rusu, L., & Perjons, E. (2024b). Key ambidextrous IT governance mechanisms for successful digital transformation: A case study of Bank Rakyat Indonesia (BRI). Digital Business, 4(2), 1–19. https://doi.org/10.1016/j.digbus.2024.100083
Muthaiyah, S., & Zaw, T. O. K. (2018). ISO/IEC 27001 Implementation in SMEs: Investigation on Management of Information Assets. https://doi.org/10.5958/0976-5506.2018.02112.5
Panggabean, A. (2021). Memahami dan Mengelola Transformasi Digital. Trakia University. https://doi.org/https://doi.org/10.31219/osf.io/s36wq
Panjaitan, B., Abdurrahman, L., & Mulyana, R. (2021). The Development of Information Security Management System Implementation Based on ISO 27001: 2013 Using Annex Control : in PT. XYZ Case Study Data Center. E-Proceeding of Engineering, 8(2), 2813–2825.
POJK. (2016). Standar Penyelenggaraan Teknologi Informasi bagi Bank Perkreditan Rakyat dan Bank Pembiayaan Rakyat Syariah. Nomor 75/POJK.03/2016.
POJK. (2024). Bank Perekonomian Rakyat dan Bank Perekonomian Rakyat Syariah.
Ramadhani, A. (2018). Keamanan Informasi. Journal of Information and Library Studies, 1(1), 39–51. https://doi.org/10.30999/n-jils.v1i1.249
Shabri, H., Azlina, N., Said, M., Syariah, P., Ekonomi, F., Bisnis, D., Syarif, U., & Jakarta, H. (2020). Transformasi Digital Industri Perbankan Syariah Indonesia. Journal of Islamic Economics, 3(2), 228–234. https://doi.org/https://doi.org/10.58958/elkahfi.v3i02.88
Srijani, N. (2020). Peran UMKM (Usaha Mikro Kecil Menengah) Dalam Meningkatkan Kesejahteraan Masyarakat. Jurnal Ilmiah Ekonomi Dan Pembelajarannya, 8(2), 191–201.
Suci, Y. R. (2017). Perkembangan UMKM (Usaha Mikro Kecil dan Menengah) di Indonesia. Jurnal Ilmiah Cano Ekonomos, 6(1), 51–58.
Triandi, B. (2019). Keamanan Informasi secara Aksiologi Dalam Menghadapi Era Revolusi Industri 4.0. In JURIKOM) (Vol. 6, Issue 5). http://ejurnal.stmik-budidarma.ac.id/index.php/jurikom|Page477
Zaoui, F., & Souissi, N. (2020). Roadmap for digital transformation: A literature review. Procedia Computer Science, 175, 621–628. https://doi.org/10.1016/j.procs.2020.07.090