Managing Information Security Risks in Detecting, Handling, and Preventing Cybersecurity Incidents on Local Government Websites

Authors

  • Syaiful Nurul Anam Amikom Purwokerto University
  • Didit Suhartono Amikom Purwokerto University
  • Agus Pramono Amikom Purwokerto University

DOI:

https://doi.org/10.32493/jtsi.v7i4.44099

Keywords:

Information Security Risk Management; NIST SP 800-30; Cyber Security; Local Government Website; ISO 27002

Abstract

Local government websites are increasingly important for distributing information, providing e-services, and facilitating public engagement. However, digitalization brings cybersecurity challenges that jeopardize the integrity, confidentiality, and availability of information. Cybersecurity incidents pose a serious threat, with risks of data breaches, unauthorized access, and system downtimes affecting the reliability and trustworthiness of public services. To address this problem, this study employs the NIST SP 800-30 framework for information security risk management, focusing on detecting, handling, and preventing cybersecurity incidents. The study involved assessing the maturity level of information security controls to identify any gaps and areas of vulnerability. To enhance the implementation of information security policies, the study also utilized tools such as RM Studio, Kali Linux, and Acunetix Web Vulnerability Scanner, which help in identifying and mitigating potential threats more effectively. The results showed that the maturity level of current information security controls is still below the desired target, revealing a significant gap that needs attention. This indicates that while the method provides a structured approach to identifying and addressing security issues, there are still areas for improvement. By emphasizing systematic improvement and focusing on vulnerable points, the study concludes that adopting a combination of the NIST SP 800-30 framework and ISO 27002 standards, along with clear, documented policies, can enhance cybersecurity resilience, reduce risk, and ultimately protect public services. This approach effectively raises the maturity level of information security controls, although continued efforts are needed to fully meet the targeted security standards.

References

Alexander, R. (2020). Using the Latin Square Design Model in the Prioritzation of Network Security Threats: A Quantitative Study. Journal of Information Security. https://doi.org/10.4236/jis.2020.112006

Bada, M., & Nurse, J. R. C. (2019). Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). Information and Computer Security. https://doi.org/10.1108/ICS-07-2018-0080

Borky, J. M., & Bradley, T. H. (2019). Protecting Information with Cybersecurity. In Effective Model-Based Systems Engineering. https://doi.org/10.1007/978-3-319-95669-5_10

Broeders, D. (2016). The Public Core of the Internet: An international Agenda for Internet Governance. In The Public Core of the Internet: An international Agenda for Internet Governance. https://doi.org/10.26530/oapen_610631

Choejey, P., Fung, C. C., Wong, K. W., Murray, D., & Sonam, D. (2015). Cybersecurity challenges for Bhutan. ECTI-CON 2015 - 2015 12th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology. https://doi.org/10.1109/ECTICon.2015.7206975

Choejey, P., Murray, D., & Che Fung, C. (2016). Exploring Critical Success Factors for Cybersecurity in Bhutan’s Government Organizations. https://doi.org/10.5121/csit.2016.61505

Dawkins, S., & Jacobs, J. (2023). NIST Phish Scale User Guide. National Institute of Standards and Technology, Gaithersburg, MD, NIST TN, 2276.

Dixon Prem Daniel, R., & Sundarraj, R. P. (2020). An e-ADR (Elaborated action design research) approach towards game-based learning in cybersecurity incident detection and handling. Proceedings of the Annual Hawaii International Conference on System Sciences. https://doi.org/10.24251/hicss.2020.623

Du, X., & Chintakovid, T. (2023). A Survey of Cybersecurity Awareness Among Undergraduate Students at Yunnan University of Finance and Economics in China. https://doi.org/10.2991/978-94-6463-172-2_78

Laksmiati, D. (2023). Vulnerability Assessment with Network-Based Scanner Method for Improving Website Security. Journal of Computer Networks, Architecture and High Performance Computing. https://doi.org/10.47709/cnahpc.v5i1.1991

Mateus-Coelho, N. (2023). Editorial - ARIS - Advanced Research on Information Security. ARIS2 - Advanced Research on Information Systems Security. https://doi.org/10.56394/aris2.v3i2.33

Min, K. S., Chai, S. W., & Han, M. (2015). An international comparative study on cyber security strategy. International Journal of Security and Its Applications. https://doi.org/10.14257/ijsia.2015.9.2.02

Pienta, D., Tams, S., & Thatcher, J. B. (2020). Can trust be trusted in cybersecurity? Proceedings of the Annual Hawaii International Conference on System Sciences. https://doi.org/10.24251/hicss.2020.522

Rama, P., & Keevy, M. (2023). Public cybersecurity awareness good practices on government-led websites. International Journal of Research in Business and Social Science (2147- 4478). https://doi.org/10.20525/ijrbs.v12i7.2840

Rukajat, A. (2018). Pendekatan penelitian kuantitatif: quantitative research approach. Deepublish.

Sadik, S., Ahmed, M., Sikos, L. F., & Najmul Islam, A. K. M. (2020). Toward a sustainable cybersecurity ecosystem. Computers. https://doi.org/10.3390/computers9030074

Savas, S., & Karatas, S. (2022). Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance. International Cybersecurity Law Review. https://doi.org/10.1365/s43439-021-00045-4

Session, W., & Muller, S. R. (2022). Technology Threat Avoidance Factors Affecting Cybersecurity Professionals’ Willingness to Share Information. Proceedings of the International Conference on Research in Management & Technovation. https://doi.org/10.15439/2022m4720

Shaheen, K., & Zolait, A. H. (2023). The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain. Information and Computer Security. https://doi.org/10.1108/ICS-06-2022-0108

Shires, J. (2020). Cyber-noir: Cybersecurity and popular culture. Contemporary Security Policy. https://doi.org/10.1080/13523260.2019.1670006

Sia, N. C., Hosseinian-Far, A., & Toe, T. T. (2021). Reasons Behind Poor Cybersecurity Readiness of Singapore’s Small Organizations: Reveal by Case Studies. In Advanced Sciences and Technologies for Security Applications. https://doi.org/10.1007/978-3-030-68534-8_17

van den Berg, B., & Keymolen, E. (2017). Regulating security on the Internet: control versus trust. International Review of Law, Computers and Technology. https://doi.org/10.1080/13600869.2017.1298504

Williams, P. A. H., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem. In Medical Devices: Evidence and Research. https://doi.org/10.2147/MDER.S50048

Downloads

Published

2024-10-31

How to Cite

Anam, S. N., Suhartono, D., & Pramono, A. (2024). Managing Information Security Risks in Detecting, Handling, and Preventing Cybersecurity Incidents on Local Government Websites. Jurnal Teknologi Sistem Informasi Dan Aplikasi, 7(4), 1512–1520. https://doi.org/10.32493/jtsi.v7i4.44099