Managing Information Security Risks in Detecting, Handling, and Preventing Cybersecurity Incidents on Local Government Websites
DOI:
https://doi.org/10.32493/jtsi.v7i4.44099Keywords:
Information Security Risk Management; NIST SP 800-30; Cyber Security; Local Government Website; ISO 27002Abstract
Local government websites are increasingly important for distributing information, providing e-services, and facilitating public engagement. However, digitalization brings cybersecurity challenges that jeopardize the integrity, confidentiality, and availability of information. Cybersecurity incidents pose a serious threat, with risks of data breaches, unauthorized access, and system downtimes affecting the reliability and trustworthiness of public services. To address this problem, this study employs the NIST SP 800-30 framework for information security risk management, focusing on detecting, handling, and preventing cybersecurity incidents. The study involved assessing the maturity level of information security controls to identify any gaps and areas of vulnerability. To enhance the implementation of information security policies, the study also utilized tools such as RM Studio, Kali Linux, and Acunetix Web Vulnerability Scanner, which help in identifying and mitigating potential threats more effectively. The results showed that the maturity level of current information security controls is still below the desired target, revealing a significant gap that needs attention. This indicates that while the method provides a structured approach to identifying and addressing security issues, there are still areas for improvement. By emphasizing systematic improvement and focusing on vulnerable points, the study concludes that adopting a combination of the NIST SP 800-30 framework and ISO 27002 standards, along with clear, documented policies, can enhance cybersecurity resilience, reduce risk, and ultimately protect public services. This approach effectively raises the maturity level of information security controls, although continued efforts are needed to fully meet the targeted security standards.
References
Alexander, R. (2020). Using the Latin Square Design Model in the Prioritzation of Network Security Threats: A Quantitative Study. Journal of Information Security. https://doi.org/10.4236/jis.2020.112006
Bada, M., & Nurse, J. R. C. (2019). Developing cybersecurity education and awareness programmes for small- and medium-sized enterprises (SMEs). Information and Computer Security. https://doi.org/10.1108/ICS-07-2018-0080
Borky, J. M., & Bradley, T. H. (2019). Protecting Information with Cybersecurity. In Effective Model-Based Systems Engineering. https://doi.org/10.1007/978-3-319-95669-5_10
Broeders, D. (2016). The Public Core of the Internet: An international Agenda for Internet Governance. In The Public Core of the Internet: An international Agenda for Internet Governance. https://doi.org/10.26530/oapen_610631
Choejey, P., Fung, C. C., Wong, K. W., Murray, D., & Sonam, D. (2015). Cybersecurity challenges for Bhutan. ECTI-CON 2015 - 2015 12th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology. https://doi.org/10.1109/ECTICon.2015.7206975
Choejey, P., Murray, D., & Che Fung, C. (2016). Exploring Critical Success Factors for Cybersecurity in Bhutan’s Government Organizations. https://doi.org/10.5121/csit.2016.61505
Dawkins, S., & Jacobs, J. (2023). NIST Phish Scale User Guide. National Institute of Standards and Technology, Gaithersburg, MD, NIST TN, 2276.
Dixon Prem Daniel, R., & Sundarraj, R. P. (2020). An e-ADR (Elaborated action design research) approach towards game-based learning in cybersecurity incident detection and handling. Proceedings of the Annual Hawaii International Conference on System Sciences. https://doi.org/10.24251/hicss.2020.623
Du, X., & Chintakovid, T. (2023). A Survey of Cybersecurity Awareness Among Undergraduate Students at Yunnan University of Finance and Economics in China. https://doi.org/10.2991/978-94-6463-172-2_78
Laksmiati, D. (2023). Vulnerability Assessment with Network-Based Scanner Method for Improving Website Security. Journal of Computer Networks, Architecture and High Performance Computing. https://doi.org/10.47709/cnahpc.v5i1.1991
Mateus-Coelho, N. (2023). Editorial - ARIS - Advanced Research on Information Security. ARIS2 - Advanced Research on Information Systems Security. https://doi.org/10.56394/aris2.v3i2.33
Min, K. S., Chai, S. W., & Han, M. (2015). An international comparative study on cyber security strategy. International Journal of Security and Its Applications. https://doi.org/10.14257/ijsia.2015.9.2.02
Pienta, D., Tams, S., & Thatcher, J. B. (2020). Can trust be trusted in cybersecurity? Proceedings of the Annual Hawaii International Conference on System Sciences. https://doi.org/10.24251/hicss.2020.522
Rama, P., & Keevy, M. (2023). Public cybersecurity awareness good practices on government-led websites. International Journal of Research in Business and Social Science (2147- 4478). https://doi.org/10.20525/ijrbs.v12i7.2840
Rukajat, A. (2018). Pendekatan penelitian kuantitatif: quantitative research approach. Deepublish.
Sadik, S., Ahmed, M., Sikos, L. F., & Najmul Islam, A. K. M. (2020). Toward a sustainable cybersecurity ecosystem. Computers. https://doi.org/10.3390/computers9030074
Savas, S., & Karatas, S. (2022). Cyber governance studies in ensuring cybersecurity: an overview of cybersecurity governance. International Cybersecurity Law Review. https://doi.org/10.1365/s43439-021-00045-4
Session, W., & Muller, S. R. (2022). Technology Threat Avoidance Factors Affecting Cybersecurity Professionals’ Willingness to Share Information. Proceedings of the International Conference on Research in Management & Technovation. https://doi.org/10.15439/2022m4720
Shaheen, K., & Zolait, A. H. (2023). The impacts of the cyber-trust program on the cybersecurity maturity of government entities in the Kingdom of Bahrain. Information and Computer Security. https://doi.org/10.1108/ICS-06-2022-0108
Shires, J. (2020). Cyber-noir: Cybersecurity and popular culture. Contemporary Security Policy. https://doi.org/10.1080/13523260.2019.1670006
Sia, N. C., Hosseinian-Far, A., & Toe, T. T. (2021). Reasons Behind Poor Cybersecurity Readiness of Singapore’s Small Organizations: Reveal by Case Studies. In Advanced Sciences and Technologies for Security Applications. https://doi.org/10.1007/978-3-030-68534-8_17
van den Berg, B., & Keymolen, E. (2017). Regulating security on the Internet: control versus trust. International Review of Law, Computers and Technology. https://doi.org/10.1080/13600869.2017.1298504
Williams, P. A. H., & Woodward, A. J. (2015). Cybersecurity vulnerabilities in medical devices: A complex environment and multifaceted problem. In Medical Devices: Evidence and Research. https://doi.org/10.2147/MDER.S50048
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Syaiful Nurul Anam, Didit Suhartono, Agus Pramono
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
Jurnal Teknologi Sistem Informasi dan Aplikasi have CC BY-NC or an equivalent license as the optimal license for the publication, distribution, use, and reuse of scholarly work.
In developing strategy and setting priorities, Jurnal Teknologi Sistem Informasi dan Aplikasi recognize that free access is better than priced access, libre access is better than free access, and libre under CC BY-NC or the equivalent is better than libre under more restrictive open licenses. We should achieve what we can when we can. We should not delay achieving free in order to achieve libre, and we should not stop with free when we can achieve libre.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) License
YOU ARE FREE TO:
- Share - copy and redistribute the material in any medium or format
- Adapt - remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms