Information technology security is crucial for a digital government system to have so that the continuity of business processes can run smoothly. However, the current best practice of information security governance in the Indonesian national government is still inadequate according to various related studies still siloed and scattered and leading to vulnerabilities in the various digital services provided. Therefore, this study aims to develop a best practice framework for managing information security that is aligned with the needs of Indonesia's digital government. This research started by looking for the main framework of information security governance. Then the main components that resulted from that were benchmarked with other Information Security Governance (ISG) best practices from different countries. Finally, it ended up complementing them with information security parameters, other related components, and recommendations, particularly in the Indonesian context, so that the main components and their respective constituent sub-components can be obtained according to the needs of the Indonesian e-government. The cause-and-effect analysis concept analyses the data linkages between the six central components and their respective sub-components. This study concludes that each of main components and sub-components supports each other so that all these things must be carried out in a balanced and continuous manner.
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...IOSRjournaljce
The purpose of the study is to explore and find a research gap in E-Governance Information Security (InfoSec) domain in Indian Context. The study identifies the research gap in E-Governance InfoSec domain and substantiates given research gap with relevant literature review. The study outcomes clearly depict the requirement of research in the field of InfoSec in e-governance domain in a country like India.
ABSTRACT : Computers and digital equipments have evolved from verities of small and large experiments in the 1940s to productive practical data processing systems in the mid 80s. As now and for rely on these systems to process and store useful and vital data and information, as it come to wonder about their ability to protect valuable data.This paper reviews about the concepts of mobile security in Digital India.
KEYWORDS: - Digital India, Mobile Cyber Security, Encryption, DigiLocker , SecureRandom
By applying the emerging approach Soft Systems Methodology (SSM) the authors try to develop Information Systems Security Model for the Ethiopian Banking Industry that can be used as a base or initial concept for those wish to undertake a more and detail study on security aspects of Financial industries.
Application of Soft Systems Methodology (SSM) to develop Information Systems ...Dawit Mekonnen
By applying the emerging approach Soft Systems Methodology (SSM) the authors try to develop Information Systems Security Model for the Ethiopian Banking Industry that can be used as a base or initial concept for those wish to undertake a more and detail study on security aspects of Financial industries.
Issues on Management and Governance of Data Security In HEIsijtsrd
"In higher education, Governance of data security is the data management mechanism that has to be practiced. This is an appropriate management model for the employees in the higher education institution that will understand the role to be played to secure more highly confidential data. This paper aims at issues on management and governance of data security in Higher education institutions HEIs . This will conclude on identifying the factors affecting governance of data security in private higher education system. It also enables to discover the issues in the management and provide appropriate solution for the governance of data security in the HEIs. A research model with factors was proposed for data security governance practice in HEIs. From the research findings, a governance model was derived and proposed for the all new HEIs. Janet Gabriel | Sheik Mohideen Abdul Latheef | Veluswamy Jayavardhanavelu ""Issues on Management and Governance of Data Security In HEIs"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Special Issue | International Conference on Advanced Engineering and Information Technology , November 2018, URL: https://www.ijtsrd.com/papers/ijtsrd19151.pdf
Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/19151/issues-on-management-and-governance-of-data-security-in-heis/janet-gabriel"
Core model of information technology governance system design in local govern...TELKOMNIKA JOURNAL
Information technology governance (ITG) in local government is aimed at a good governance service framework. Reports produced as a result of the framework’s implementation help to improve governance’s openness, potency, and efficiency. A strong governance structure for adopting information technology (IT) is essential to ensuring its best utilization. The governance system should be properly managed to support the organization’s business. Therefore, this research aims to design an ITG system suitable for best practices using the control objectives for information technologies (COBIT) 2019 framework. The recommendations from the core model were processed based on the priority or competence level that local government entities use. It also produced a core model with capability levels of 1 and 2 that do not exist. The recommendation designated for the priority level of 3 was 17. The core model to be assigned a capability level of 4 urgently needed to be implemented was 23 core models.
Framework for Securing Educational E-Government Serviceijcisjournal
Enhancement in technology is leading to a change in the way governments, individuals, institutions and
business entities provide quality services to the citizen. Today's education system plays crucial role for
developing cognizance in society so e-government service is obliged to integrate with educational system.
In this work we proposed a novel framework for integrating educational service within e-government
services. One of the main tasks of this paper is to explore or propose a Secure Examination Management
System (SEMS). The system has been designed using cryptographic primitives, which enables students to
take the exam from anywhere. The student is allowed to take the exam after he gives his necessary
authentication details. In SEMS, it is important to exclude false students while ensuring the privacy for the
honest students. It allows evaluators to share student examination papers for evaluation with proper
authentication. This is done using digital signatures, authentication and confidentiality provided by public
key cryptographic system.
Study and analysis of E-Governance Information Security (InfoSec) in Indian C...IOSRjournaljce
The purpose of the study is to explore and find a research gap in E-Governance Information Security (InfoSec) domain in Indian Context. The study identifies the research gap in E-Governance InfoSec domain and substantiates given research gap with relevant literature review. The study outcomes clearly depict the requirement of research in the field of InfoSec in e-governance domain in a country like India.
ABSTRACT : Computers and digital equipments have evolved from verities of small and large experiments in the 1940s to productive practical data processing systems in the mid 80s. As now and for rely on these systems to process and store useful and vital data and information, as it come to wonder about their ability to protect valuable data.This paper reviews about the concepts of mobile security in Digital India.
KEYWORDS: - Digital India, Mobile Cyber Security, Encryption, DigiLocker , SecureRandom
By applying the emerging approach Soft Systems Methodology (SSM) the authors try to develop Information Systems Security Model for the Ethiopian Banking Industry that can be used as a base or initial concept for those wish to undertake a more and detail study on security aspects of Financial industries.
Application of Soft Systems Methodology (SSM) to develop Information Systems ...Dawit Mekonnen
By applying the emerging approach Soft Systems Methodology (SSM) the authors try to develop Information Systems Security Model for the Ethiopian Banking Industry that can be used as a base or initial concept for those wish to undertake a more and detail study on security aspects of Financial industries.
Issues on Management and Governance of Data Security In HEIsijtsrd
"In higher education, Governance of data security is the data management mechanism that has to be practiced. This is an appropriate management model for the employees in the higher education institution that will understand the role to be played to secure more highly confidential data. This paper aims at issues on management and governance of data security in Higher education institutions HEIs . This will conclude on identifying the factors affecting governance of data security in private higher education system. It also enables to discover the issues in the management and provide appropriate solution for the governance of data security in the HEIs. A research model with factors was proposed for data security governance practice in HEIs. From the research findings, a governance model was derived and proposed for the all new HEIs. Janet Gabriel | Sheik Mohideen Abdul Latheef | Veluswamy Jayavardhanavelu ""Issues on Management and Governance of Data Security In HEIs"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Special Issue | International Conference on Advanced Engineering and Information Technology , November 2018, URL: https://www.ijtsrd.com/papers/ijtsrd19151.pdf
Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/19151/issues-on-management-and-governance-of-data-security-in-heis/janet-gabriel"
Core model of information technology governance system design in local govern...TELKOMNIKA JOURNAL
Information technology governance (ITG) in local government is aimed at a good governance service framework. Reports produced as a result of the framework’s implementation help to improve governance’s openness, potency, and efficiency. A strong governance structure for adopting information technology (IT) is essential to ensuring its best utilization. The governance system should be properly managed to support the organization’s business. Therefore, this research aims to design an ITG system suitable for best practices using the control objectives for information technologies (COBIT) 2019 framework. The recommendations from the core model were processed based on the priority or competence level that local government entities use. It also produced a core model with capability levels of 1 and 2 that do not exist. The recommendation designated for the priority level of 3 was 17. The core model to be assigned a capability level of 4 urgently needed to be implemented was 23 core models.
Framework for Securing Educational E-Government Serviceijcisjournal
Enhancement in technology is leading to a change in the way governments, individuals, institutions and
business entities provide quality services to the citizen. Today's education system plays crucial role for
developing cognizance in society so e-government service is obliged to integrate with educational system.
In this work we proposed a novel framework for integrating educational service within e-government
services. One of the main tasks of this paper is to explore or propose a Secure Examination Management
System (SEMS). The system has been designed using cryptographic primitives, which enables students to
take the exam from anywhere. The student is allowed to take the exam after he gives his necessary
authentication details. In SEMS, it is important to exclude false students while ensuring the privacy for the
honest students. It allows evaluators to share student examination papers for evaluation with proper
authentication. This is done using digital signatures, authentication and confidentiality provided by public
key cryptographic system.
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
ICT Security Policy is a common topic that is being discussed in the public sector, because security incidents happen to organizations that offer online services to the public. These problems or incidents are also affecting the IT Department (BTM) at Marang District Council (MDM), as we also provide computer and internet facilities to our users. Based on the research findings,including inputs gathered from the respondents from Marang District Council, these problems can be reduced by providing a computerized ICT Policy document guideline, creating user awareness programs and by enforcing these ICT Policies. The purpose of this project is to investigate and resolve problems related to the implementation of the security policy in Marang District Council. Furthermore, the ICT Security Policy System is to be designed, developed in order to assist the Information Technology Department (BTM). IT Department also acts as Marang District Council’s ICT Security Secretariat in providing a good and complete ICT security policy document thus ensuring the implementation of ICT security policies are implemented in totality. In addition, these documents must be compliant to the ISO 27001 standard and the Information Technology Security and Communication Policies for the Public Sector, which is developed by MAMPU. The ICT Security Policy System is a web based system and can be accessed from the Internet, providing convenience to all levels of management, IT administrators and users in providing effective and better ICT services.
Information security threats encountered by Malaysian public sector data cen...nooriasukmaningtyas
Data centers are primarily the main targets of cybercriminals and security threats as they host various critical information and communication technology (ICT) services. Identifying the threats and managing the risks associated with data centers have become a major challenge as this will enable organizations to optimize their resources to focus on the most hazardous threats to prevent the potential risks and damages. The objective of this paper is to identify major ICT security threats to data centers in the Malaysian public sector and their causes. The data for this study was collected through interview sessions. A total of 33 respondents from various government organizations were interviewed. The results revealed that the technical threats, spyware, phishing, bluesnarfing threats, social engineering and virus, trojan, malware, ransomware, viral websites threats are the major categories of threats often encountered by the malaysian public sector organizations. The causes for these threats are lack of budget, competent personnel, and manpower for security tasks, user awareness; lack of compliances and monitoring; insufficient security policies and procedures as well as deliberate cyber attacks. The outcome of this study will give a greater degree of awareness and understanding to the ICT security officers, who are entrusted with data center security.
EXPLORING CRITICAL SUCCESS FACTORS FOR CYBERSECURITY IN BHUTAN’S GOVERNMENT O...csandit
This paper presents the results of open-ended survey exploring the critical success factors for cybersecurity implementation in government organisations in Bhutan. Successful implementation of cybersecurity depends on a thorough understanding of cyber threats and challenges to the organisational information assets. It also depends on identification of a responsible, dedicated personnel to lead and direct cybersecurity initiatives. Furthermore, it is important to know the critical areas of cybersecurity activities for management to target, prioritise and execute. Understanding of what key things need to be done right by the responsible agency and its leader, at a particular time and in particular context, can lead to better decision making and resource optimisation including skills and knowledge. The survey findings indicate that, among other factors, awareness and training, policy and standards, and adequate financing and budgetary commitment to cybersecurity projects are three most important success factors. Channelling an organisation’s limited resources to these few factors is expected to enhance cybersecurity posture and its management. The research outcome has implications to both government and private organizations in Bhutan.
RANKING CRITERIA OF ENTERPRISE INFORMATION SECURITY ARCHITECTURE USING FUZZY ...ijcsit
Information security against hacking, altering, corrupting, and divulging data is vital and inevitable and it requires an effective management in every organization. Some of the upcoming challenges can be the study
of available frameworks in Enterprise Information Security Architecture (EISA) as well as criteria
extraction in this field. In this study a method has been adopted in order to extract and categorize
important and effective criteria in the field of information security by studying the major dimensions of
EISA including standards, policies and procedures, organization infrastructure, user awareness and
training, security base lines, risk assessment and compliance. Gartner's framework has been applied as a
fundamental model to categorize the criteria. To assess the proposed model, a questionnaire was prepared
and a group of EISA professionals completed it. The Fuzzy TOPSIS was used to quantify the data and prioritize criteria. It could be concluded that the database and database security criteria, inner software security, electronic exchange security and supervising malicious software can be high priorities.
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
Nowadays, use of wireless technology in organizations is a regular act, and we can see this technology erupted in all possible different areas. Related to employing wireless technology those organizations need to apply properly security level, depend on security policy which already defined. If security system applied but not required, or security system required but not provided, leads to improper security system. In this paper we have shown the way to evaluate the data significant and their appropriate security level. Here a model to evaluate the cost of data on security point of view by consideration of some parameters like sensitivity, volume, life, frequency, etc…, this research makes organizations to predict and implement or understand the cost involved for security of their data by measuring the data value. We used questionnaire and survey methodologies to collect the data; and then used SPSS and SAS program to calculate and design a model. In this way regression and BOOTSTARP help us to find accurate result.
A DECISION-MAKING MODEL FOR REINFORCING A CORPORATE INFORMATION SECURITY SYSTEMIAEME Publication
Recently, information security incidents such as personal information leakage have been regarded as serious risk factors that directly affect corporate sales reduction and corporate image loss. In order to manage information security systematically, enterprises have been introducing information security systems more than ever before. This study aims to derive major items of the information security system mainly for corporate organizational management, with a focus on the technology-organizationenvironment (TOE) framework, and suggests a direction for system build-up and management. To this end, the Analytic Hierarchy Process (AHP) was conducted on 20 items derived from previous studies. A survey was conducted among 24 individuals, including 12 corporate internal administrators and 12 corporate external consultants. As a result, it turned out that environmental factors affected the information security system more significantly among technical, organizational, and environmental factors. Notably, 'compliance with legal requirements,' 'protection of information subjects' rights,' and 'increase of the information security awareness' affected the operation of the information security system or related decision-making processes. This finding suggests that although technical and organizational management is also essential when it comes to corporate information security system operation, the system needs to respond swiftly to rapid market changes and legal and administrative changes concerning information security.
Conceptualizing Information Technology Governance Model for Higher Education:...journalBEEI
Information Technology (IT) governance has been emerging as a central issue in many organizations. This is because IT governance is key to realizing IT business value. Past studies have focused on the three aspects of IT governance, namely, structural capability, process capability and relational capability. At the same time, some studies have suggested that IT governance process should be viewed as a learning process rather than a problem solving process. Based on this scenario, the role of knowledge and knowledge based processes should be the central focus of IT governance. As a learning process, IT governance effectiveness can be determined by how much impact IT governance practices has influenced on decision-makers’ thinking and actions. In this case, knowledge capacity absorbed from IT governance experience reflects a certain level of organizational learning (OL) achieved which later influences the level of IT governance performance. Since studies that adopt this perspective is lacking, this paper proposes a conceptual framework based on absorptive capacity approach for an IT governance performance model in the higher education. The paper contributes theoretically by extending the knowledge of IT governance by exploring a new perspective on OL
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
The need for information security within small to mid-size companies is increasing. The risks of information security breach, data loss, and disaster are growing. The impact of IT outages and issues on the company are unacceptable to any size business and their clients. There are many ways to address the security for IT departments. The need to address risks of attacks as well as disasters is important to the IT security policies and procedures. The IT departments of small to medium companies have to address these security concerns within their budgets and other limited resources.Security planning, design, and employee training that is needed requires input and agreement from all levels of the company and management. This paper will discuss security needs and methods to implement them into a corporate infrastructure.
Appling tracking game system to measure user behavior toward cybersecurity p...IJECEIAES
Institutions wrestle to protect their information from threats and cybercrime. Therefore, it is dedicating a great deal of their concern to improving the information security infrastructure. Users’ behaviors were explored by applying traditional questionnaire as a research instrument in data collocate process. But researchers usually suffer from a lack of respondents' credibility when asking someone to fill out a questionnaire, and the credibility may decline further if the research topic relates to aspects of the use and implementation of information security policies. Therefore, there is insufficient reliability of the respondent's answers to the questionnaire’s questions, and the responses might not reflect the actual behavior based on the human bias when facing the problems theoretically. The current study creates a new idea to track and study the behavior of the respondents by building a tracking game system aligned with the questionnaire whose results are required to be known. The system will allow the respondent to answer the survey questions related to the compliance with the information security policies by tracking their behavior while using the system.
E-government security is a key problem to restrict the construction and development of E-government systems in any
country over the world. E-Government security models are widely used in the implementation and development of e- government
systems. Due to the deference situation of the countries over the world there are various security models applied in each country. This
paper reviews different security models in e-government in order to determine important parameters for e-government strategic
planning.
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
To address challenges faced by Small and Medium Enterprises (SMEs) especially in Kenya, this paper aims to establish an Information Technology (IT) framework that can allow SMEs implement cost effective security measures. Particularly this paper discusses IT security requirements and appropriate metrics. There is evidence from the survey to suggest that despite having some IT security measures in place, Kenyan SMEs still face some serious IT security challenges. In the light of the challenges faced by Kenyan SMEs, this work recommends a framework which is supposed among other things provide some metrics of evaluating the effectiveness of implemented security measures. The framework is likely to assist SME stakeholders measure the effectiveness of their security enhancing mechanisms.
Design and Implementation Security Model for Sudanese E-governmentEditor IJCATR
Security is one of the most important issues in E-government projects. E-government applications will be increasingly used
by the citizens of many countries to access a set of services. Currently, the use of the E-government applications arises many
challenges; one of these challenges is the security issues. E-government applications security is a very important characteristic that
should be taken into account. This paper makes an analysis over the security as required for E-government and specify the risks and
challenges that faces E-government projects in Sudan. Finally, the study has proposed security model for Sudanese E-government. The
proposed security model for the Sudanese electronic government is a four layers' model that is divided into sub layers. Each layer will
mitigate group of threats related to an e-services. The model is not generic; it cannot be applied by other countries. It is precisely
designed for Sudanese situation
Securing Cloud Computing Through IT GovernanceITIIIndustries
Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous
opportunities, it comes with risks as well. Information security
is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.
Security risk analysis of bring your own device system in manufacturing compa...TELKOMNIKA JOURNAL
Nowadays information system has become popular used for help effectiveness and efficiency
operation on a company. Bring Your Own Device (BYOD) system is a growing trend in corporate
environment, where employees could access the system from anywhere. BYOD system is system
information development using some technology like a Virtual Private Networks (VPN) or using some
application to make the client on outside network office can access to inside networks with remote system.
The remote system has strength to help employees working anywhere and anytime, that could make some
issue for a security thing. The security issue that can be happen is unauthorized access and lost some
important of company information. XYZ company as a manufacturing company in Tangerang, Indonesia
has been used BYOD system in their company. They want to improve the security of the system with do
risk analysis, with the aim to protect the internal data. The risk analysis use Cybersecurity Framework
NIST will assist organizations to understand the risk of BYOD system. The analysist results obtained by
the use of cybersecurity analysis on BYOD system in XYZ company are found some improvement need to
develop in terms of security system recommended. According to the stages of respond with the analysis
using Cybersecurity NIST framework and ISO/IEC 27002:2013.
Over the past several years, companies are pairing diversity efforts with inclusion initiatives and roles
surrounding innovations that promote diversity of thought [13]. However, much return on investment (ROI) focus
has been on business and corporate functioning in general, but not on specifics related to information governance
(IG). We address this research gap byconsidering various return on investment (ROI) metrics and what might
ground the benefits of diversity and inclusion initiatives related to IG policy. Then, wesuggest what the results
mean in terms of changing and influencing current industry practices.:
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
More Related Content
Similar to Best practice framework for information technology security governance in Indonesian government
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
Increasingly, all kinds of organizations and institutions are adopting the E-business model to conduct their
activities and provide E-Services for their customers. In the process, whether they know it or not, those
organizations are also opening themselves up to the risk of information security breaches. Therefore
protecting an organization’s ICT infrastructure, IT systems, and Data is a vital issue that is often
underestimated. Research has shown that one of the most significant threats to information security comes
not from external attack but rather from the system's users, because they are familiar with the
infrastructure and have access to its resources, but may be unaware of the risks. Moreover, using only
technological solutions to protect an organization’s assets is not enough; there is a need to consider the
human factor by raising users’ security awareness. Our contribution to this problem is to propose an
Information Security Awareness Program that aims at raising and maintaining the level of users’ security
awareness. This paper puts forward a general model for an information security awareness program and
describes how it could be incorporated into an organization’s website through the process of development
life cycle.
ICT Security Policy is a common topic that is being discussed in the public sector, because security incidents happen to organizations that offer online services to the public. These problems or incidents are also affecting the IT Department (BTM) at Marang District Council (MDM), as we also provide computer and internet facilities to our users. Based on the research findings,including inputs gathered from the respondents from Marang District Council, these problems can be reduced by providing a computerized ICT Policy document guideline, creating user awareness programs and by enforcing these ICT Policies. The purpose of this project is to investigate and resolve problems related to the implementation of the security policy in Marang District Council. Furthermore, the ICT Security Policy System is to be designed, developed in order to assist the Information Technology Department (BTM). IT Department also acts as Marang District Council’s ICT Security Secretariat in providing a good and complete ICT security policy document thus ensuring the implementation of ICT security policies are implemented in totality. In addition, these documents must be compliant to the ISO 27001 standard and the Information Technology Security and Communication Policies for the Public Sector, which is developed by MAMPU. The ICT Security Policy System is a web based system and can be accessed from the Internet, providing convenience to all levels of management, IT administrators and users in providing effective and better ICT services.
Information security threats encountered by Malaysian public sector data cen...nooriasukmaningtyas
Data centers are primarily the main targets of cybercriminals and security threats as they host various critical information and communication technology (ICT) services. Identifying the threats and managing the risks associated with data centers have become a major challenge as this will enable organizations to optimize their resources to focus on the most hazardous threats to prevent the potential risks and damages. The objective of this paper is to identify major ICT security threats to data centers in the Malaysian public sector and their causes. The data for this study was collected through interview sessions. A total of 33 respondents from various government organizations were interviewed. The results revealed that the technical threats, spyware, phishing, bluesnarfing threats, social engineering and virus, trojan, malware, ransomware, viral websites threats are the major categories of threats often encountered by the malaysian public sector organizations. The causes for these threats are lack of budget, competent personnel, and manpower for security tasks, user awareness; lack of compliances and monitoring; insufficient security policies and procedures as well as deliberate cyber attacks. The outcome of this study will give a greater degree of awareness and understanding to the ICT security officers, who are entrusted with data center security.
EXPLORING CRITICAL SUCCESS FACTORS FOR CYBERSECURITY IN BHUTAN’S GOVERNMENT O...csandit
This paper presents the results of open-ended survey exploring the critical success factors for cybersecurity implementation in government organisations in Bhutan. Successful implementation of cybersecurity depends on a thorough understanding of cyber threats and challenges to the organisational information assets. It also depends on identification of a responsible, dedicated personnel to lead and direct cybersecurity initiatives. Furthermore, it is important to know the critical areas of cybersecurity activities for management to target, prioritise and execute. Understanding of what key things need to be done right by the responsible agency and its leader, at a particular time and in particular context, can lead to better decision making and resource optimisation including skills and knowledge. The survey findings indicate that, among other factors, awareness and training, policy and standards, and adequate financing and budgetary commitment to cybersecurity projects are three most important success factors. Channelling an organisation’s limited resources to these few factors is expected to enhance cybersecurity posture and its management. The research outcome has implications to both government and private organizations in Bhutan.
RANKING CRITERIA OF ENTERPRISE INFORMATION SECURITY ARCHITECTURE USING FUZZY ...ijcsit
Information security against hacking, altering, corrupting, and divulging data is vital and inevitable and it requires an effective management in every organization. Some of the upcoming challenges can be the study
of available frameworks in Enterprise Information Security Architecture (EISA) as well as criteria
extraction in this field. In this study a method has been adopted in order to extract and categorize
important and effective criteria in the field of information security by studying the major dimensions of
EISA including standards, policies and procedures, organization infrastructure, user awareness and
training, security base lines, risk assessment and compliance. Gartner's framework has been applied as a
fundamental model to categorize the criteria. To assess the proposed model, a questionnaire was prepared
and a group of EISA professionals completed it. The Fuzzy TOPSIS was used to quantify the data and prioritize criteria. It could be concluded that the database and database security criteria, inner software security, electronic exchange security and supervising malicious software can be high priorities.
WIRELESS SECURITY MEASUREMENT USING DATA VALUE INDEXIJNSA Journal
Nowadays, use of wireless technology in organizations is a regular act, and we can see this technology erupted in all possible different areas. Related to employing wireless technology those organizations need to apply properly security level, depend on security policy which already defined. If security system applied but not required, or security system required but not provided, leads to improper security system. In this paper we have shown the way to evaluate the data significant and their appropriate security level. Here a model to evaluate the cost of data on security point of view by consideration of some parameters like sensitivity, volume, life, frequency, etc…, this research makes organizations to predict and implement or understand the cost involved for security of their data by measuring the data value. We used questionnaire and survey methodologies to collect the data; and then used SPSS and SAS program to calculate and design a model. In this way regression and BOOTSTARP help us to find accurate result.
A DECISION-MAKING MODEL FOR REINFORCING A CORPORATE INFORMATION SECURITY SYSTEMIAEME Publication
Recently, information security incidents such as personal information leakage have been regarded as serious risk factors that directly affect corporate sales reduction and corporate image loss. In order to manage information security systematically, enterprises have been introducing information security systems more than ever before. This study aims to derive major items of the information security system mainly for corporate organizational management, with a focus on the technology-organizationenvironment (TOE) framework, and suggests a direction for system build-up and management. To this end, the Analytic Hierarchy Process (AHP) was conducted on 20 items derived from previous studies. A survey was conducted among 24 individuals, including 12 corporate internal administrators and 12 corporate external consultants. As a result, it turned out that environmental factors affected the information security system more significantly among technical, organizational, and environmental factors. Notably, 'compliance with legal requirements,' 'protection of information subjects' rights,' and 'increase of the information security awareness' affected the operation of the information security system or related decision-making processes. This finding suggests that although technical and organizational management is also essential when it comes to corporate information security system operation, the system needs to respond swiftly to rapid market changes and legal and administrative changes concerning information security.
Conceptualizing Information Technology Governance Model for Higher Education:...journalBEEI
Information Technology (IT) governance has been emerging as a central issue in many organizations. This is because IT governance is key to realizing IT business value. Past studies have focused on the three aspects of IT governance, namely, structural capability, process capability and relational capability. At the same time, some studies have suggested that IT governance process should be viewed as a learning process rather than a problem solving process. Based on this scenario, the role of knowledge and knowledge based processes should be the central focus of IT governance. As a learning process, IT governance effectiveness can be determined by how much impact IT governance practices has influenced on decision-makers’ thinking and actions. In this case, knowledge capacity absorbed from IT governance experience reflects a certain level of organizational learning (OL) achieved which later influences the level of IT governance performance. Since studies that adopt this perspective is lacking, this paper proposes a conceptual framework based on absorptive capacity approach for an IT governance performance model in the higher education. The paper contributes theoretically by extending the knowledge of IT governance by exploring a new perspective on OL
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
The need for information security within small to mid-size companies is increasing. The risks of information security breach, data loss, and disaster are growing. The impact of IT outages and issues on the company are unacceptable to any size business and their clients. There are many ways to address the security for IT departments. The need to address risks of attacks as well as disasters is important to the IT security policies and procedures. The IT departments of small to medium companies have to address these security concerns within their budgets and other limited resources.Security planning, design, and employee training that is needed requires input and agreement from all levels of the company and management. This paper will discuss security needs and methods to implement them into a corporate infrastructure.
Appling tracking game system to measure user behavior toward cybersecurity p...IJECEIAES
Institutions wrestle to protect their information from threats and cybercrime. Therefore, it is dedicating a great deal of their concern to improving the information security infrastructure. Users’ behaviors were explored by applying traditional questionnaire as a research instrument in data collocate process. But researchers usually suffer from a lack of respondents' credibility when asking someone to fill out a questionnaire, and the credibility may decline further if the research topic relates to aspects of the use and implementation of information security policies. Therefore, there is insufficient reliability of the respondent's answers to the questionnaire’s questions, and the responses might not reflect the actual behavior based on the human bias when facing the problems theoretically. The current study creates a new idea to track and study the behavior of the respondents by building a tracking game system aligned with the questionnaire whose results are required to be known. The system will allow the respondent to answer the survey questions related to the compliance with the information security policies by tracking their behavior while using the system.
E-government security is a key problem to restrict the construction and development of E-government systems in any
country over the world. E-Government security models are widely used in the implementation and development of e- government
systems. Due to the deference situation of the countries over the world there are various security models applied in each country. This
paper reviews different security models in e-government in order to determine important parameters for e-government strategic
planning.
Information Technology (IT) Security Framework for Kenyan Small and Medium En...CSCJournals
To address challenges faced by Small and Medium Enterprises (SMEs) especially in Kenya, this paper aims to establish an Information Technology (IT) framework that can allow SMEs implement cost effective security measures. Particularly this paper discusses IT security requirements and appropriate metrics. There is evidence from the survey to suggest that despite having some IT security measures in place, Kenyan SMEs still face some serious IT security challenges. In the light of the challenges faced by Kenyan SMEs, this work recommends a framework which is supposed among other things provide some metrics of evaluating the effectiveness of implemented security measures. The framework is likely to assist SME stakeholders measure the effectiveness of their security enhancing mechanisms.
Design and Implementation Security Model for Sudanese E-governmentEditor IJCATR
Security is one of the most important issues in E-government projects. E-government applications will be increasingly used
by the citizens of many countries to access a set of services. Currently, the use of the E-government applications arises many
challenges; one of these challenges is the security issues. E-government applications security is a very important characteristic that
should be taken into account. This paper makes an analysis over the security as required for E-government and specify the risks and
challenges that faces E-government projects in Sudan. Finally, the study has proposed security model for Sudanese E-government. The
proposed security model for the Sudanese electronic government is a four layers' model that is divided into sub layers. Each layer will
mitigate group of threats related to an e-services. The model is not generic; it cannot be applied by other countries. It is precisely
designed for Sudanese situation
Securing Cloud Computing Through IT GovernanceITIIIndustries
Lack of alignment between information technology (IT) and the business is a problem facing many organizations. Most organizations, today, fundamentally depend on IT. When IT and the business are aligned in an organization, IT delivers what the business needs and the business is able to deliver what the market needs. IT has become a strategic function for most organizations, and it is imperative that IT and business are aligned. IT governance is one of the most powerful ways to achieve IT to business alignment. Furthermore, as the use of cloud computing for delivering IT functions becomes pervasive, organizations using cloud computing must effectively apply IT governance to it. While cloud computing presents tremendous
opportunities, it comes with risks as well. Information security
is one of the top risks in cloud computing. Thus, IT governance must be applied to cloud computing information security to help manage the risks associated with cloud computing information security. This study advances knowledge by extending IT governance to cloud computing and information security governance.
Security risk analysis of bring your own device system in manufacturing compa...TELKOMNIKA JOURNAL
Nowadays information system has become popular used for help effectiveness and efficiency
operation on a company. Bring Your Own Device (BYOD) system is a growing trend in corporate
environment, where employees could access the system from anywhere. BYOD system is system
information development using some technology like a Virtual Private Networks (VPN) or using some
application to make the client on outside network office can access to inside networks with remote system.
The remote system has strength to help employees working anywhere and anytime, that could make some
issue for a security thing. The security issue that can be happen is unauthorized access and lost some
important of company information. XYZ company as a manufacturing company in Tangerang, Indonesia
has been used BYOD system in their company. They want to improve the security of the system with do
risk analysis, with the aim to protect the internal data. The risk analysis use Cybersecurity Framework
NIST will assist organizations to understand the risk of BYOD system. The analysist results obtained by
the use of cybersecurity analysis on BYOD system in XYZ company are found some improvement need to
develop in terms of security system recommended. According to the stages of respond with the analysis
using Cybersecurity NIST framework and ISO/IEC 27002:2013.
Over the past several years, companies are pairing diversity efforts with inclusion initiatives and roles
surrounding innovations that promote diversity of thought [13]. However, much return on investment (ROI) focus
has been on business and corporate functioning in general, but not on specifics related to information governance
(IG). We address this research gap byconsidering various return on investment (ROI) metrics and what might
ground the benefits of diversity and inclusion initiatives related to IG policy. Then, wesuggest what the results
mean in terms of changing and influencing current industry practices.:
Similar to Best practice framework for information technology security governance in Indonesian government (20)
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
Developing a smart system for infant incubators using the internet of things ...IJECEIAES
This research is developing an incubator system that integrates the internet of things and artificial intelligence to improve care for premature babies. The system workflow starts with sensors that collect data from the incubator. Then, the data is sent in real-time to the internet of things (IoT) broker eclipse mosquito using the message queue telemetry transport (MQTT) protocol version 5.0. After that, the data is stored in a database for analysis using the long short-term memory network (LSTM) method and displayed in a web application using an application programming interface (API) service. Furthermore, the experimental results produce as many as 2,880 rows of data stored in the database. The correlation coefficient between the target attribute and other attributes ranges from 0.23 to 0.48. Next, several experiments were conducted to evaluate the model-predicted value on the test data. The best results are obtained using a two-layer LSTM configuration model, each with 60 neurons and a lookback setting 6. This model produces an R 2 value of 0.934, with a root mean square error (RMSE) value of 0.015 and a mean absolute error (MAE) of 0.008. In addition, the R 2 value was also evaluated for each attribute used as input, with a result of values between 0.590 and 0.845.
A review on internet of things-based stingless bee's honey production with im...IJECEIAES
Honey is produced exclusively by honeybees and stingless bees which both are well adapted to tropical and subtropical regions such as Malaysia. Stingless bees are known for producing small amounts of honey and are known for having a unique flavor profile. Problem identified that many stingless bees collapsed due to weather, temperature and environment. It is critical to understand the relationship between the production of stingless bee honey and environmental conditions to improve honey production. Thus, this paper presents a review on stingless bee's honey production and prediction modeling. About 54 previous research has been analyzed and compared in identifying the research gaps. A framework on modeling the prediction of stingless bee honey is derived. The result presents the comparison and analysis on the internet of things (IoT) monitoring systems, honey production estimation, convolution neural networks (CNNs), and automatic identification methods on bee species. It is identified based on image detection method the top best three efficiency presents CNN is at 98.67%, densely connected convolutional networks with YOLO v3 is 97.7%, and DenseNet201 convolutional networks 99.81%. This study is significant to assist the researcher in developing a model for predicting stingless honey produced by bee's output, which is important for a stable economy and food security.
A trust based secure access control using authentication mechanism for intero...IJECEIAES
The internet of things (IoT) is a revolutionary innovation in many aspects of our society including interactions, financial activity, and global security such as the military and battlefield internet. Due to the limited energy and processing capacity of network devices, security, energy consumption, compatibility, and device heterogeneity are the long-term IoT problems. As a result, energy and security are critical for data transmission across edge and IoT networks. Existing IoT interoperability techniques need more computation time, have unreliable authentication mechanisms that break easily, lose data easily, and have low confidentiality. In this paper, a key agreement protocol-based authentication mechanism for IoT devices is offered as a solution to this issue. This system makes use of information exchange, which must be secured to prevent access by unauthorized users. Using a compact contiki/cooja simulator, the performance and design of the suggested framework are validated. The simulation findings are evaluated based on detection of malicious nodes after 60 minutes of simulation. The suggested trust method, which is based on privacy access control, reduced packet loss ratio to 0.32%, consumed 0.39% power, and had the greatest average residual energy of 0.99 mJoules at 10 nodes.
Fuzzy linear programming with the intuitionistic polygonal fuzzy numbersIJECEIAES
In real world applications, data are subject to ambiguity due to several factors; fuzzy sets and fuzzy numbers propose a great tool to model such ambiguity. In case of hesitation, the complement of a membership value in fuzzy numbers can be different from the non-membership value, in which case we can model using intuitionistic fuzzy numbers as they provide flexibility by defining both a membership and a non-membership functions. In this article, we consider the intuitionistic fuzzy linear programming problem with intuitionistic polygonal fuzzy numbers, which is a generalization of the previous polygonal fuzzy numbers found in the literature. We present a modification of the simplex method that can be used to solve any general intuitionistic fuzzy linear programming problem after approximating the problem by an intuitionistic polygonal fuzzy number with n edges. This method is given in a simple tableau formulation, and then applied on numerical examples for clarity.
The performance of artificial intelligence in prostate magnetic resonance im...IJECEIAES
Prostate cancer is the predominant form of cancer observed in men worldwide. The application of magnetic resonance imaging (MRI) as a guidance tool for conducting biopsies has been established as a reliable and well-established approach in the diagnosis of prostate cancer. The diagnostic performance of MRI-guided prostate cancer diagnosis exhibits significant heterogeneity due to the intricate and multi-step nature of the diagnostic pathway. The development of artificial intelligence (AI) models, specifically through the utilization of machine learning techniques such as deep learning, is assuming an increasingly significant role in the field of radiology. In the realm of prostate MRI, a considerable body of literature has been dedicated to the development of various AI algorithms. These algorithms have been specifically designed for tasks such as prostate segmentation, lesion identification, and classification. The overarching objective of these endeavors is to enhance diagnostic performance and foster greater agreement among different observers within MRI scans for the prostate. This review article aims to provide a concise overview of the application of AI in the field of radiology, with a specific focus on its utilization in prostate MRI.
Seizure stage detection of epileptic seizure using convolutional neural networksIJECEIAES
According to the World Health Organization (WHO), seventy million individuals worldwide suffer from epilepsy, a neurological disorder. While electroencephalography (EEG) is crucial for diagnosing epilepsy and monitoring the brain activity of epilepsy patients, it requires a specialist to examine all EEG recordings to find epileptic behavior. This procedure needs an experienced doctor, and a precise epilepsy diagnosis is crucial for appropriate treatment. To identify epileptic seizures, this study employed a convolutional neural network (CNN) based on raw scalp EEG signals to discriminate between preictal, ictal, postictal, and interictal segments. The possibility of these characteristics is explored by examining how well timedomain signals work in the detection of epileptic signals using intracranial Freiburg Hospital (FH), scalp Children's Hospital Boston-Massachusetts Institute of Technology (CHB-MIT) databases, and Temple University Hospital (TUH) EEG. To test the viability of this approach, two types of experiments were carried out. Firstly, binary class classification (preictal, ictal, postictal each versus interictal) and four-class classification (interictal versus preictal versus ictal versus postictal). The average accuracy for stage detection using CHB-MIT database was 84.4%, while the Freiburg database's time-domain signals had an accuracy of 79.7% and the highest accuracy of 94.02% for classification in the TUH EEG database when comparing interictal stage to preictal stage.
Analysis of driving style using self-organizing maps to analyze driver behaviorIJECEIAES
Modern life is strongly associated with the use of cars, but the increase in acceleration speeds and their maneuverability leads to a dangerous driving style for some drivers. In these conditions, the development of a method that allows you to track the behavior of the driver is relevant. The article provides an overview of existing methods and models for assessing the functioning of motor vehicles and driver behavior. Based on this, a combined algorithm for recognizing driving style is proposed. To do this, a set of input data was formed, including 20 descriptive features: About the environment, the driver's behavior and the characteristics of the functioning of the car, collected using OBD II. The generated data set is sent to the Kohonen network, where clustering is performed according to driving style and degree of danger. Getting the driving characteristics into a particular cluster allows you to switch to the private indicators of an individual driver and considering individual driving characteristics. The application of the method allows you to identify potentially dangerous driving styles that can prevent accidents.
Hyperspectral object classification using hybrid spectral-spatial fusion and ...IJECEIAES
Because of its spectral-spatial and temporal resolution of greater areas, hyperspectral imaging (HSI) has found widespread application in the field of object classification. The HSI is typically used to accurately determine an object's physical characteristics as well as to locate related objects with appropriate spectral fingerprints. As a result, the HSI has been extensively applied to object identification in several fields, including surveillance, agricultural monitoring, environmental research, and precision agriculture. However, because of their enormous size, objects require a lot of time to classify; for this reason, both spectral and spatial feature fusion have been completed. The existing classification strategy leads to increased misclassification, and the feature fusion method is unable to preserve semantic object inherent features; This study addresses the research difficulties by introducing a hybrid spectral-spatial fusion (HSSF) technique to minimize feature size while maintaining object intrinsic qualities; Lastly, a soft-margins kernel is proposed for multi-layer deep support vector machine (MLDSVM) to reduce misclassification. The standard Indian pines dataset is used for the experiment, and the outcome demonstrates that the HSSF-MLDSVM model performs substantially better in terms of accuracy and Kappa coefficient.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
CFD Simulation of By-pass Flow in a HRSG module by R&R Consult.pptxR&R Consult
CFD analysis is incredibly effective at solving mysteries and improving the performance of complex systems!
Here's a great example: At a large natural gas-fired power plant, where they use waste heat to generate steam and energy, they were puzzled that their boiler wasn't producing as much steam as expected.
R&R and Tetra Engineering Group Inc. were asked to solve the issue with reduced steam production.
An inspection had shown that a significant amount of hot flue gas was bypassing the boiler tubes, where the heat was supposed to be transferred.
R&R Consult conducted a CFD analysis, which revealed that 6.3% of the flue gas was bypassing the boiler tubes without transferring heat. The analysis also showed that the flue gas was instead being directed along the sides of the boiler and between the modules that were supposed to capture the heat. This was the cause of the reduced performance.
Based on our results, Tetra Engineering installed covering plates to reduce the bypass flow. This improved the boiler's performance and increased electricity production.
It is always satisfying when we can help solve complex challenges like this. Do your systems also need a check-up or optimization? Give us a call!
Work done in cooperation with James Malloy and David Moelling from Tetra Engineering.
More examples of our work https://www.r-r-consult.dk/en/cases-en/
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Best practice framework for information technology security governance in Indonesian government
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 12, No. 6, December 2022, pp. 6522~6534
ISSN: 2088-8708, DOI: 10.11591/ijece.v12i6.pp6522-6534 6522
Journal homepage: http://ijece.iaescore.com
Best practice framework for information technology security
governance in Indonesian government
Rika Yuliana1
, Zainal Arifin Hasibuan2
1
Information Technology Study Programme, State Islamic University Ar-Raniry, Banda Aceh, Indonesia
2
Faculty of Computer Science, Universitas Dian Nuswantoro, Semarang, Indonesia
Article Info ABSTRACT
Article history:
Received Aug 6, 2021
Revised Jun 12, 2022
Accepted Jul 7, 2022
Information technology security is crucial for a digital government system to
have so that the continuity of business processes can run smoothly.
However, the current best practice of information security governance in the
Indonesian national government is still inadequate according to various
related studies still siloed and scattered and leading to vulnerabilities in the
various digital services provided. Therefore, this study aims to develop a
best practice framework for managing information security that is aligned
with the needs of Indonesia's digital government. This research started by
looking for the main framework of information security governance. Then
the main components that resulted from that were benchmarked with other
Information Security Governance (ISG) best practices from different
countries. Finally, it ended up complementing them with information
security parameters, other related components, and recommendations,
particularly in the Indonesian context, so that the main components and their
respective constituent sub-components can be obtained according to the
needs of the Indonesian e-government. The cause-and-effect analysis
concept analyses the data linkages between the six central components and
their respective sub-components. This study concludes that each of main
components and sub-components supports each other so that all these things
must be carried out in a balanced and continuous manner.
Keywords:
Best practice
Digital government
Framework
Indonesia
Information and
communication technology
Security governance
This is an open access article under the CC BY-SA license.
Corresponding Author:
Rika Yuliana
Information Technology Study Programme, State Islamic University Ar-Raniry
Banda Aceh, Kopelma Darussalam, Aceh Province, Indonesia
Email: rika.yuliana@ar-raniry.ac.id
1. INTRODUCTION
Information security is a vital component in the planning process of integrated information
technology in organizations, particularly in the Indonesian government [1]. This is caused by the fact that the
government is in the process of developing digital government systems as well as smart cities altogether, so
the security aspect is one of the major concerns for the government in providing a better service to
stakeholders. Due to the need to maintain the quality of services provided by the Indonesian government in
terms of confidentiality, integrity, and availability for digital government systems, the government should
fulfill the needs of users up to the highest level of information technology security maturity. Furthermore,
security aspects are linked to smart cities where cyber physical systems are not only used by citizens but can
also be modified by hackers and identity thieves [2]. Based on several studies from references [3], [4] and
facts from the real world [5], Indonesia, however, does not yet have a comprehensive best-practice
framework for managing information security. It affects many services that have not been utilized optimally
due to the vulnerability of malware attacks, crashes, and other related problems.
2. Int J Elec & Comp Eng ISSN: 2088-8708
Best practice framework for information technology security governance … (Rika Yuliana)
6523
Various issues and problems that arise from the use of e-government technology in Indonesia
increase day by day, especially those related to information security. For example, the vulnerability of a
government website being hacked by irresponsible parties can result in disruption of the services that can be
provided to the community. It can also create a bad stigma in the community. Although the government and
related stakeholders are concerned with the importance of information security in e-government services,
which can be seen in the integration of security aspects in the implementation of Indonesia’s digital
government and various related research, there are still gaps in the application of information security
governance. It can happen because the researchers involved have only looked at information security in
Indonesia from a technical standpoint. Thus, it also causes various impacts on the lives of Indonesian society
members, such as identity theft. Moreover, the study shows that this challenge needs to be addressed in three
ways: the development of governance's practicality, adaptability, and measurability, and its subsequent
alignment with the organization [6]. Therefore, Indonesia's government should have comprehensive guidance
on how to govern information security, particularly in the form of best practices derived from related
frameworks and governance for reaching the highest level of information security maturity in the
implementation of Indonesia’s digital government as the country is still evolving and growing.
According to [7], security has evolved from a narrow and specific isolated issue to a strategic
business problem with "from the basement to boardroom" implications. The main point is that organizations
must protect themselves. Moreover, they must also develop strategies to ensure that their businesses are
resilient enough to exploit the opportunities relating to the digitalization. Besides that, information
technology governance is a component of organizational governance that entails the role and implementation
of relational processes, structures, and mechanisms. It allows business and information technology (IT)
stakeholders to do the tasks of promoting business or IT alignment and the formation and protection of IT
business value. The "Infrastructure State" evaluation assesses the extent to which IT has been able to sustain
the robust and reliable infrastructure required to meet business needs effectively. It is accomplished by
comparing each platform domain to risk-based criteria to assess the potential effect on business continuity,
security, and/or compliance [8]. These problems, if not handled properly, will cause financial losses that will
harm the business and jeopardize the sustainability of the organization both in the short and long term [9].
Information security must be flexible to handle every situation and a variety of requirements from
different information, systems, or organizations [10]. Information security management (ISM) is a
sustainable, structured and systematic approach within security for managing and protecting organizational
information from being infiltrated by irresponsible parties. To ensure information remains secure, many
organizations have implemented ISM by establishing and reviewing information security (IS) policies,
processes, procedures and organizational structures. Organizations also need to validate some of the ISM
factors and elements that contribute to the success of ISM to guide practitioners in implementing proper ISM
[11].
There are numerous standards, frameworks, laws, guidelines, and best practice references available
to advise information security managers on how they implement security controls. A significant portion of
these guidelines is only applicable to specific countries, particularly where the data protection and privacy
rules are mostly implemented. These guidelines are also reinforced by the whole industry-specific advisors
that can help the information security managers to inform executive managers about the best controls
implementation to maintain businesses safety and security. The manager must also consider what is truly
important for the organization and designs a security management system that is still relevant, proportionate,
and takes it into account the organization's risk tolerance and the best approach to business continuity [12].
Today, in every organization, IT services must be provided in such a way that cost-effective,
reduces security threats and complies with legal and regulatory requirements. The equations are challenging
to solve and, in some cases, may seem impossible. In order to survive in this environment, the proposed
information system security governance (ISS-GOV) model in the form of an internal repository seems
appropriate for this purpose. Implementers currently have a framework for implementing IT strategies, plans
and processes, for defining metrics, benchmarks, and auditing, as well as integrating security issues to reduce
risk [13].
Based on these concepts and developments in the realm of information security, Indonesia urgently
requires a comprehensive information security governance framework in accordance with the current
development requirements of e-government systems. Basically, there is a relationship between aspects of
information security and information technology governance as shown in Figure 1 and also a relationship
between IT security and cyber security as shown in Figure 2 [14]. However, the study by [15] proves that
cybersecurity governance in Indonesia’s government agencies is still lacking and not yet integrated and the
need to combine various related matters [16]. Besides that, research shows that the continuous development
of the Internet and technology, such as big data, means that public service information is getting more
attention [17], while the maturity level of information security (cybersecurity) in Indonesia is still deficient
[18], so that a proposed framework is required to manage information security in accordance with the needs
3. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 12, No. 6, December 2022: 6522-6534
6524
of Indonesia's digital government to reach the optimum level of information security maturity. Therefore, this
study aims to propose a best practice framework in information security governance so that it can be
implemented in Indonesian e-government.
Figure 1. Information security governance positioned [14]
Figure 2. The relationship between information and communication security, information security and cyber
security [14]
2. RESEARCH METHOD
Basically, information security is a crucial matter that works integrated with organizational
governance and is related to data management, applications, business processes and infrastructure/technology
[19] so that it affects various organizational management activities from the operational level to the strategic
level of the organization [14]. In addition, there are multiple stages involved in the security life cycle process
in the information security development process. It starts from the set of assessing, designing, implementing,
and maintaining information assets under security principles [20]. Therefore, the components of the
information security best practice framework for digital governance in Indonesia are arranged in line with
these concepts, which are adjusted to several standards, frameworks, laws, guidelines, and best practice
references related to the Indonesian national context.
In carrying out activities to develop a framework for best practice in information security for the
Indonesian electronic government system, this involved various prior studies resulting from the incorporation
of related frameworks and recommendations from experts who are proficient in information security. When
the concepts of both frameworks are applied in parallel, they create synergy that benefits all high-level areas
of an organization. By combining these principles, a comprehensive set of rules that embraces and secures
the business while also cultivating an IS culture can be created for information security governance (ISG)
implementation. Nevertheless, it has the potential for misinterpretation, so organizations should act in one
direction first, e.g., business-oriented, then in another, e.g., security-oriented, and finally to synthesize [21].
Based on that fact, this study was begun by looking for the main framework of information security
governance that comes from a combination of the cyber-physical system (CPS) security governance model
[22] and several critical success factor (CSF) components of information security derived from [23] and [24]
4. Int J Elec & Comp Eng ISSN: 2088-8708
Best practice framework for information technology security governance … (Rika Yuliana)
6525
based on the concept developed by [25]. Then the main components were benchmarked [26] with other ISG
best practices stemming from other related countries to get practical insights and lessons learned to refine
these critical components. In the final stage, these main information security governance components were
complemented by information security parameters [27], other related components [28], and recommendations
[29], particularly in the Indonesian context, so that the main components and their respective constituent
subcomponents were able to be merged altogether, resulting in relevant activities according to the needs of
Indonesian e-government. The research method can be illustrated in Figure 3, followed by detailed research
steps in conducting the first step of the research methodology as shown in Figure 4.
Figure 3. Research methodology
Figure 4. Detailed research steps in the first stage of research methodology
3rd Stage
Current Information Security
parameters in Indonesia
Government [27]
Other related components in
Information security (Related
elements for Indonesia) [28]
Other related recommendations in
cybersecurity (Direction of action
in Indonesia) [29]
2nd Stage
Information and Communication Technology Security benchmark with other related countries [26]
1st Stage
CPS security governance model [22] Information security CSF [23][24]
mapping
mapping mapping
IT Security best practice
subcomponents
5. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 12, No. 6, December 2022: 6522-6534
6526
3. RESULTS AND DISCUSSION
Research conducted by [7] revealed that security should be seen as an indispensable feature in a
digital context. Therefore, organizations need to start adjusting digital security governance according to their
current needs. The study supports practitioners and decision-makers on how organizations and their security
approaches are impacted by digitalization. Thus, in this section, the results from each stage are discussed
within each sub section in order to get clear explanations about the results.
3.1. Key components from stage 1
Based on the stages listed in the research method, the results of a proposed best practice framework
for information security in the Indonesian government are obtained, consisting of six main frameworks and
then the sub-components of each of these main frameworks, namely evaluation, direction, observation,
performance conformance, action skills (compliance), and operational processes (policies and procedures).
The six main best practice frameworks for information technology security for the Indonesian government
can be seen in Figure 5. These six things are interrelated to one another so that if one component or
sub-component is ignored, it will affect overall performance. It will have the potential to weaken the ongoing
governance system. Therefore, it is necessary to have synergistic coordination between the two at a strategic
level so that the balance and compatibility between them can be adequately maintained so that the objectives
of the Indonesian government can be achieved. Each component and subcomponent needs to be assessed for
the effectiveness of each to suit the system requirements.
Figure 5. Key components of information technology security best practice framework for Indonesian
government
3.2. Results from stage 2 (benchmarking the results from the first stage with existing Information and
Communication Technology (ICT) governance best practices in certain countries)
Current practices of ICT governance in several countries are facing rapid changes due to various
challenges coming to government territory. Therefore, they need to establish a secure system for digital
government in order to be ready and take proper action when dealing with security issues. In the following
paragraphs, a brief discussion of information and communication technology security governance best
practices from related countries is presented by taking into account key aspects in Indonesia digital
government [30], [31], which consists of United States, Malaysia and Africa because of the political system,
human resources index and geolocation closed similarities with Indonesia respectively.
The American government has a unique way of governing physical and cyber security functions
applied across many issues and many interdependent stakeholders. The steps have been developed and
implemented in such a way over many years. They continue to be improved and are the outcome of
progressing commitment by different pioneers from the state official and administrative branches of
government, education, private and not-for-profit organizations. Over the five states, governors have come up
with leadership and responsibility for this issue [32]. The functional aspects included in the security
framework consist of identify, protect, detect, respond, and recover and each of these aspects is accompanied
by their respective components and subcomponents [33].
Data collected by [34] through document analysis and interviews has confirmed that the ISG is
present in several Malaysian public sector documents. The element in the ISG came from a combination of
the information security aspects of ICT with non-ICT so that an ISG policy has become complete and does
ICT security
Governance Best
Practices for
Indonesia
Government
Direction
Evaluation
observation
operational
processes
(policies &
Procedures)
Action skills
(compliance)
Performance
conformance
6. Int J Elec & Comp Eng ISSN: 2088-8708
Best practice framework for information technology security governance … (Rika Yuliana)
6527
not overlap. The development of the ISG framework has been an integrated program involving policy-
making institutions in public sector administration in Malaysia. Integrated development has resulted in a
comprehensive ISG framework for use by public sector agencies in Malaysia. The components are
governance approaches, good practices, risk management, organizational management, training and
awareness, implementation methods, and laws and regulations. The four components will undergo a
continuous cycle of design, implementation, assessment, and follow-up processes. These elements could be
combined with Malaysia's cybersecurity principles [35].
The information security model that applies in Nigeria has been emphasized in the general aspect of
security. The model shows how e-government systems relate to their customers by using two-way certificate
authentication with valid user authentication for each service. After the authentication point, users log in and
run the specified service. This system ensures that all communications between parties within the
e-government infrastructure are encrypted. The framework recommended the use of session keys because
session keys are randomly generated, making it difficult for attackers to intercept messages on the network.
This framework has security middleware, which is basically the link between the public key infrastructure
system and the application. All applications run to ensure that the system is generally safe. This middleware
acts as an interface between applications, access controls, server management, cryptographic tools, and other
important physical mechanisms. Role-based access control allows for proper assignment of responsibilities
based on the policies specified in the strategic framework and is primarily based on hierarchical
considerations. This allows system administrators to dynamically manage user access, making it easier to see
who, where, when, and when the connection was initiated. Valid users who gain access are also identified
and reported accordingly [36].
These main components of information technology security governance (ITSG) for Indonesia's
e-government resulting from the first stage are then compared with other countries in handling the same
issues to refine them. By seeing Table 1, America has all of the main components, while Malaysia and South
Africa have some of them. Nevertheless, these countries complement one another and can validate the
research findings that Indonesia's digital government needs all of these components to adequately protect the
digital system in running the daily operations with its related stakeholders.
Table 1. Comparing main components of ITSG
Key Components
Country
USA Malaysia South Africa Indonesia (Results)
Evaluation √ required
Direction √ √ required
Observation √ √ √ required
Operational processes (policies and procedures) √ √ required
Action skills (compliance) √ √ √ required
Performance conformance √ √ required
3.3. Results from stage 3
In this section, each of the key components which have been benchmarked with certain related
countries is discussed one by one in more detail. When discussing each key component, they are elaborated
with current information security parameters, related elements, as well as recommendations in the Indonesia
context, specifically in order to acquire a complete/big picture of best practice framework in information
security governance in the Indonesian government. However, it is also possible to see the gap within each
best practice subcomponent as another outcome that cannot be avoided. Nevertheless, these gaps can be used
for future developments in information security governance in Indonesia and other relevant nationalities.
3.3.1. Evaluation
The evaluation stage, often called the assessment stage or audit stage, serves an evaluation by using
the CPS for current and future condition. Each electronic system administrator must examine and make
judgments about current and future use of CPS by including strategy, filling, and provisioning arrangements
(internal, external, or both). The reference of standard assessment follows common criteria (CC). It is a
collection of globally and locally known as technical standards and configurations that enables the
assessment of product safety and information technologies [22]. How people can assess information security
for public administration requires a systematic approach that increases based on the needs of continuous
improvement [37]. The evaluation model developed by Zuo [38] can be used as a benchmark accompanied
by a socio-technical multidimensional approach [39]. The audit implementation relies on advanced standards
and frameworks of IT infrastructure organization, management, and security such as Cobit and ISO 17799
[40].
7. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 12, No. 6, December 2022: 6522-6534
6528
Based on Indonesia government regulation no. 59 in 2020 concerning information security in
particular evaluation which is claimed very important to support the management of Indonesia's e-
government system, evaluation should be aligned with security goal. Moreover, an evaluation can be carried
out by external parties through a maturity level assessment so that they can immediately start to optimize an
information security system. Until now, the framework COBIT 5 [1] and ISO 27001: 2013 [41] are generally
used to analyze the maturity level of information security systems especially in the Indonesia context [42].
Nevertheless, another way that can be used to assess the efficiency of information security is expert systems
[43]. Therefore, Indonesia needs to combine these systems with other tools so that the following five sub-
components are measured correctly and based on their needs. These five sub-components focus on evaluating
alignment between security controls and business, evaluating policies and procedures, evaluating
organization security, evaluating business continuity and recovery plan, and auditing the third-party.
3.3.2. Direction
The directing stage directly serves the preparation and implementation of various plans and policies
to ensure that the use of CPS can connect with the objectives of the security system [22]. Besides, it can also
be accomplished by highlighting and organizing the important points of information security policy,
including the major challenges in the implementation with the need to review and enact policy in a perpetual
process and thorough risk management framework [44]. This stage is necessary to find out the needs that
must be improved from the existing information security system so that the system runs even better in the
future.
3.3.3. Observation
In the observation/monitoring stage, there are two main functions of technology information in the
security system, that are monitoring the conformity between the system and policies and monitoring the
implementation of the system against the plan [22]. Moreover, the ongoing observation is considered to be an
important factor enabling the potential risks, vulnerabilities, and threats that almost any institution may
encounter on a regular basis [23]. A research study analyzes the theory of privacy, trust, commitment, and
compliance to formulate a model that explains observed phenomena in real work environments. The research
is done through monitoring organizational information in practice and makes a conclusion that monitoring
information can improve the information security management (ISM) practices in organizations [45]. If the
ISM practice works well, it will improve the overall organizational practice. There are 5 (five) important
subcomponents in this observation component which can be seen in Table 2. Moreover, the recommended
methods of monitoring information security [46], [47] can be utilized as guidance in implementing
information security monitoring in Indonesia.
Based on the research results that are shown in Table 2, we can see that each of the best practice sub
components needs further development because of the incomplete concrete activities that are available at this
time. In the case of some best practice subcomponents such as incident management, business continuity,
potential conflict and controlling mechanisms and processes, the availability of these activities in Indonesia's
government is still missing, even though related research and recommendations have emerged. Moreover, in
terms of IT infrastructure and daily operation subcomponent, Indonesia has given attention to this part from a
technology point of view, but the relevant activities are miserable. Thus, for all activities within these best
practice subcomponents, needs to be developed by merging the related parameters, elements, and
recommendations. For instance, we can develop various activities based on related elements available within
incident management, such as how to handle physical and logical threats. Other than that, in controlling
mechanisms and processes subcomponents, the related elements need to be developed in such a way to
establish a unit to monitor and control the national IT infrastructure.
3.3.4. Performance conformance
The performance and change of the organization are both ongoing, and both are required to track
and evaluate whether the ISG principles, policies, and procedures are operating in accordance with the
predetermined indicators and criteria [23]. Measuring information security performance is a vital component
of the information security in the management system of the organization. According to a study, information
security is purposefully defined and applied, but the measurements are principally implemented in the
technical and operational levels, while strategic management remains inadequate [39]. Therefore, the three
best practice subcomponents in the performance conformance domain that can be seen in Table 3 are
important goals to achieve. The implementation of the performance conformance activity involves measuring
and reporting the information so that performance can be compared in each period of time.
For the sake of performance conformance, the Indonesian government still has no idea what kind of
activities to handle each of these best practice subcomponents, particularly in terms of providing timely and
8. Int J Elec & Comp Eng ISSN: 2088-8708
Best practice framework for information technology security governance … (Rika Yuliana)
6529
accurate information on IS performance, reviewing IS performance in relation to business outcomes, and
promoting continuous improvement in IS. As a result, even if certain related elements or recommendations
are unavailable for some parts, we must develop these activities based on those two. For instance, in terms of
providing timely and accurate information on IS performance, we should combine these terms between
reporting elements and recommendations in the reporting system in order to develop various activities
relating to this subcomponent part. This is certainly done without ignoring the elements related to
information security in Indonesia.
Table 2. Subcomponent of observation activities
Best practice
subcomponent
IS parameters in Indonesia
Government [27]
Related elements for Indonesia
[28]
Direction of action in Indonesia
(recommendations) [29]
Results/to be
(ITSG activities)
Incident
management
- threat/attack: physical
threat/attack, logical
threat/attack
- Need further
development
Business
continuity
- management procedure: asset,
incident, business continuity,
operational, risk management
- Need further
development
Potential
conflict
- environment: politic, social,
economy.
- Need further
development
Controlling
mechanisms
and processes
- - Establish a unit under the related
government ministry to formally
monitor and control national
infrastructure to help ensure
Indonesia’s security and resilience.
Need further
development
IT infrastructure
and daily
operation
Technology Technology - Need further
development
Table 3. Subcomponent of performance conformance activities
Best practice
subcomponent
IS parameters in
Indonesia
Government [27]
Related elements for
Indonesia [28]
Direction of action in Indonesia
(Recommendations) [29]
Results/to be
(ITSG
activities)
Provide timely and
accurate
information on IS
performance
- Measuring: awareness
maturity, learned from
previous threats,
performance and
processes.
- Need further
development
- Reporting: assessment
report, measurement
report, performance
report.
Create a single reporting system for electronic
system operators for public services to report
and disclose cybercrime incidents and data
breaches, so that action can be taken.
Need further
development
Review IS
performance in relation
to business outcomes
- - Review existing legislation to ensure that it
remains relevant and effective in fighting
cybercrime.
Need further
development
Promote continuous
improvement in IS
- - Strengthen law enforcement & prosecutors’
capabilities to investigate cybercrime and
bring those responsible to justice.
Need further
development
3.3.5. Action skills/compliance
Compliance with laws and regulations is critical and becomes one of the key elements to ensure the
ISG of the organization is effective and sustainable [23]. External rules and regulations frequently govern an
organization's ability to collect information, conduct investigations, and control the networks among other
activities of the information gotten from technology security. Besides, the organization should develop some
requirements to comply with these rules to protect and design new systems and applications, and also
determine how long to store data, or to do encrypting and tokenizing the sensitive data [48].
Two main types of compliance are regulatory compliance and industry compliance. Non-compliance
has various consequences depending on the set of rules in question. In the case of industrial compliance, loss
of privileges related to compliance can occur. In the case of regulatory compliance, non-compliance can
effect harsher penalties, including detention for violating the relevant law [48].
According to a study, coercive pressure, normative pressure, and mimetic pressure have a significant
influence to the organizational information of security compliance. It implies that the advantages of
information security compliance encourage the management to enhance their commitment for information
security compliance [49]. However, the level of awareness in terms of compliance with information security
also needs an attention [50].
9. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 12, No. 6, December 2022: 6522-6534
6530
Based on these concepts, the important subcomponents relating to compliance can be seen in
Table 4. There is only one best practice subcomponent in the context of compliance, namely conforming to
and complying with internal and external information security requirements. The subcomponents consist of
law and regulations, third party engagement, data copy rights, and privacy. As shown from Table 4,
Indonesia still has not yet given any attention to the three of the constituent elements of this subcomponent
because of the absence of information security parameters. In this context, Indonesia's government needs to
develop the respected activities within this subcomponent by merging the related parameters, elements, and
recommendations. For example, in third party engagement, the elements of cooperation and recommendation
in creating and building dedicated civilian and military capabilities need to be merged and expanded so that
they can create various activities within this context in accordance with Indonesia's government
requirements.
Table 4. Subcomponent of compliance activities
Best practice subcomponent IS parameters in
Indonesia
Government [27]
Related
elements for
Indonesia [28]
Direction of action in Indonesia
(Recommendations) [29]
Results / to be
(ITSG
activities)
Conform and
comply with
internal and external
IS requirements
law and
regulations
- Laws and
regulations
Develop a standard marketing
strategy to promote privacy
online for protecting personal
data.
Need further
development
Third party
engagement
- Cooperation:
Governmental,
National, and
International.
Create and build dedicated
civilian and military capability
to help ensure that Indonesia
has the capability to protect
national interests in cyberspace.
Need further
development
Data copy
rights and
privacy
- Legal: computer
fraud, illegal
access, data
interference,
copyright
violation, child
pornography.
- Need further
development
3.3.6. Operational processes (policies and procedures)
Determining the policies or procedures may be relevant to protect specific types of information (e.g.
source code for complex software products). In this case, organizations must consider how valuable the
information is, what the existence of the harm get experiences, and whether the decreasing risk is worth the
cost (money or inconvenience) of protective measurement such as restricted access and others [51]. Most
organizations recognize the needs of monitoring and improving the management of risk and internal security
processes by using security governance procedures [52]. In addition, it also needs to be supported by policies
that can be developed [53] and reused [54] to adapt with the changes of the organization. There are 10 (ten)
important subcomponents in the operational activities of making policies and procedures in the information
technology security as can be seen in Table 5.
In this context, for some parts, it is easier to create various activities relating to each best practice
subcomponent because of the presence of a set of information security parameters, elements, and
recommendations such as protecting classified information. Due to the fact that the related IS parameters in
the Indonesian government are not comphrehensive yet, the relevant activities cannot be generated.
Nevertheless, in other parts, it is taking more effort to create the activities because of the absence of either
related parameters, elements, or recommendations such as an effective business continuity or disaster
recovery plan. As a result, further development for various activities in each subcomponent is important in
order to govern information security in Indonesia's digital government system holistically.
Overall, this study provides general results in regard with the six main components and each of the
supporting sub-components. Moreover, by using the concept of cause-and-effect analysis [55] in analyzing
the data linkages between the six main components along with their respective sub-components, it is
concluded that there are strong relationships between one component and another components. If one
component is neglected or not implemented properly, it will result the disruption of the overall information
security system. It can be seen from the process of components (both in the form of policies and procedures)
that are running. Nevertheless, if these components are not regularly reviewed, the level of effectiveness in
achieving government performance will be difficult to be measured. It makes a result of difficulties when
finding solutions to various complaints from users.
10. Int J Elec & Comp Eng ISSN: 2088-8708
Best practice framework for information technology security governance … (Rika Yuliana)
6531
Table 5. Subcomponent of operational processes activities
Best practice
subcomponent
IS parameters in
Indonesia
Government [27]
Related elements for
Indonesia [28]
Direction of action in Indonesia
(Recommendations) [29]
Results/to
be (ITSG
activities)
Consider IS as an
organization wide
issue:
a. integrate IS with
business activities
Work program
and strategy
- Develop a national cybersecurity strategy
(NCSS).
Need further
development
b. on-going strategic
alignment
- - Promote cybersecurity requirements in
government procurement processes for
managing the national cyber defense.
Need further
development
c. determine clear IS
roles and
responsibilities and
be held accountable.
- Security services:
Prevent, Detect,
Response.
Promote greater levels of trust in online
services, such as e-government and e-
commerce services.
Need further
development
Security goals:
confidentiality,
integrity, availability,
privacy, authenticity,
non-repudiation.
Act in professional
and ethical manner
“IS
Governance”
Organization:
Committee (policy and
coord.), operations
centre, emergency
response team.
Strengthen the role and coordination function
of ID-SIRTII/CC as a national CERT.
Need further
development
Deliver quality and
value to stakeholders:
a. Effective
communication
- - Develop a cybersecurity communication
strategy to strengthen and expand the national
cybersecurity campaign.
Need further
development
b.Effective business
continuity/disaster
recovery plan
- - - Need further
development
Adopt risk-based
approach
“IS Risk
Governance”
- - Need further
development
Protect classified
information
“Asset
Governance”
Assets: Tangible,
Intangible.
Create a formal list of CNIs on multi-
stakeholder consultation, and work with the
companies that own and manage CNIs.
Need further
development
Concentrate on
critical business
applications
- - Establish emergency response asset priorities
in the event a service failure occurs that are
aimed at reducing impact.
Need further
development
Develop systems
securely
ISG
Framework
- - Need further
development
Foster an IS positive
culture
(organizational and
security culture [56])
- Security culture:
Collective Values,
Norms and
Knowledge, Basic
Assumptions and
Beliefs, Artefacts and
Creations.
Develop a single authoritative online portal for
cyber raising awareness amongst governments,
businesses, and civil society across the country.
Raise awareness amongst senior government
officials and board members of the critical
national infrastructure operators of the cyber
risks, and actions they can take to protect
security-sensitive information.
Need further
development
- Human competency:
Sec. operation and
management, ethical
hacking, computer
forensics, Sec.
programming, Sec.
implementation and
Conf., Sec.
architecture and Dev.,
Sec. Policies and Dev,
cryptography, Sec.
analysis
Provide incentive-based cybersecurity solutions
for local cybersecurity products or the cyber
insurance marketplace.
Conduct crisis management exercises at a
national level by inviting the relevant key
national stakeholders to ensure preparations for
national cyber incident responses are well
managed and robust.
Promote cybersecurity training and education
programs designed for all employees at all
levels in government organizations, state-owned
enterprises, private critical infrastructure
providers, and small-medium enterprises.
Need further
development
Set the direction of
investment decisions
- - Identify a center of excellence in cybersecurity
research and education to locate strengths and
providing focused investment to address gaps.
Create a national-level register for information
assurance and cyber security experts across the
public and private sectors as a way of bringing
new talent into the profession.
Need further
development
11. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 12, No. 6, December 2022: 6522-6534
6532
Based on the research results obtained from all three stages, it can be seen that several activities
generated have not been optimal within each subcomponent in terms of existing IS parameters for the
Indonesian government, related elements, and sets of recommendations. Therefore, all the activities inside
each subcomponent should be merged and developed according to the needs already described in each
component to fulfill a broader picture of IT security governance requirements. Moreover, this is due to the
lack of synergy between the current implementation of IT governance and IT security governance, so the
activities related to information security governance need to be improved for their effectiveness in the
Indonesian digital government context and future needs. In addition, information technology security in
Indonesia needs to be continuously developed in line with the development of information technology
infrastructure and the lifestyle fulfillment of society in the future.
4. CONCLUSION
This study concludes that there are six main components to compiling the best practice framework
for information security governance that can be used by the Indonesian government, which consists of
evaluating, directing, monitoring, performance conformance, action skills (compliance), and operational
processes (policies and procedures) components. Each of the main components and sub-components supports
each other, so all these things must be carried out synergistically and proportionately. Within each of these
main components and the supporting sub-components, relevant activities can be generated but still need
further development. Knowing that there are still inadequate activities within each of the subcomponents, it is
necessary to develop them continuously for future needs. Their effectiveness also needs to be analyzed
following the needs of the Indonesian national government in the future. Nevertheless, this best practice
framework for information security governance must be aligned with information technology governance,
which has implications for the IT architecture in the organization.
REFERENCES
[1] R. Umar, I. Riadi, and E. Handoyo, “Information system security analysis based on COBIT 5 framework using capability maturity
model integration (CMMI),” (in Bahasa), Jurnal Sistem Informasi Bisnis, vol. 9, no. 1, pp. 47–54, May 2019,
doi: 10.21456/vol9iss1pp47-54.
[2] F. Khan, R. L. Kumar, S. Kadry, Y. Nam, and M. N. Meqdad, “Cyber physical systems: a smart city perspective,” International
Journal of Electrical and Computer Engineering (IJECE), vol. 11, no. 4, pp. 3609–3616, Aug. 2021,
doi: 10.11591/ijece.v11i4.pp3609-3616.
[3] M. Rizal and Y. Yani, “Cybersecurity policy and its implementation in Indonesia,” JAS (Journal of ASEAN Studies), vol. 4, no. 1,
Aug. 2016, doi: 10.21512/jas.v4i1.967.
[4] K. Kautsarina, O. Rafizan, A. B. Setiawan, and A. S. Sastrosubroto, “Information and communication technology service industry
development in Indonesia,” Australian Journal of Telecommunications and the Digital Economy, vol. 5, no. 3, pp. 50–82,
Sep. 2017, doi: 10.18080/ajtde.v5n3.96.
[5] D. Kardono, “Material 5: SPBE safety,” (in Bahasa), Ministry of Administrative Reform and Bureaucratic Reform, 2020.
[6] W. W. Lidster and S. S. M. Rahman, “Obstacles to implementation of information security governance,” in 17th IEEE
International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International
Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Aug. 2018, pp. 1826–1831, doi:
10.1109/TrustCom/BigDataSE.2018.00276.
[7] S. Leonelli, “Data governance is key to interpretation: reconceptualizing data in data science,” Harvard Data Science Review,
vol. 1, no. 1, Jun. 2019, doi: 10.1162/99608f92.17405bb6.
[8] S. De Haes and W. Van Grembergen, Enterprise governance of information technology: achieving strategic alignment and value
in digital organization. Boston, MA: Springer US, 2009, doi: 10.1007/978-0-387-84882-2.
[9] N. Shariffuddin and A. Mohamed, “IT security and IT governance alignment,” in Proceedings of the 3rd International
Conference on Networking, Information Systems and Security, Mar. 2020, pp. 1–8, doi: 10.1145/3386723.3387843.
[10] B. Lundgren and N. Möller, “Defining information security,” Science and Engineering Ethics, vol. 25, no. 2, pp. 419–441, Apr.
2019, doi: 10.1007/s11948-017-9992-1.
[11] M. Zammani and R. Razali, “An empirical study of information security management success factors,” International Journal on
Advanced Science, Engineering and Information Technology, vol. 6, no. 6, pp. 904–913, Dec. 2016, doi:
10.18517/ijaseit.6.6.1371.
[12] T. Campbell, Practical information security management : a complete guide to planning and implementation. Apress Publisher,
2016.
[13] M. Zaydi, “A conceptual hybrid approach for information security governance,” International Journal of Mathematics and
Computer Science, vol. 16, no. 1, pp. 47–66, 2021.
[14] S. H. von Solms and R. von Solms, Information security governance. Boston, MA: Springer Science and Business Media, 2009,
doi: 10.1007/978-0-387-79984-1_1.
[15] H. Ardiyanti, “Cyber-security and its development challenges in Indonesia,” (in Bahasa), Jurnal Politica Dinamika Masalah
Politik Dalam Negeri dan Hubungan Internasional, vol. 5, no. 1, pp. 95–119, 2014.
[16] Z. Mounia and N. Bouchaib, “A new comprehensive solution to handle information security governance in organizations,” in
Proceedings of the 2nd
International Conference on Networking, Information Systems and Security, 2019, pp. 1–5, doi:
10.1145/3320326.3320382.
[17] C. Wang and X. Jin, “The researches on public service information security in the context of big data,” in Proceedings of the 2020
2nd International Conference on Big Data and Artificial Intelligence, Apr. 2020, pp. 86–92, doi: 10.1145/3436286.3436304.
12. Int J Elec & Comp Eng ISSN: 2088-8708
Best practice framework for information technology security governance … (Rika Yuliana)
6533
[18] A. B. Setiawan, “In the application of E-Government,” (in Bahasa), Jurnal Masyarakat Telematika dan Informasi, vol. 4, no. 2,
pp. 109–126, 2013.
[19] E. Prima, R. Lumanto, and Z. A. Hasibuan, “Evaluation of government public key infrastructure implementation based on
eGovAMAN framework,” Department Homeland University, Carnegie Mellon University, 2013.
[20] E. Prima, Y. G. Sucahyo, and Z. A. Hasibuan, “Mapping the certification authority for e-government procurement system into
eGovAMAN framework,” in International Conference on Advanced Computer Science and Information Systems (ICACSIS), Sep.
2013, pp. 61–65, doi: 10.1109/ICACSIS.2013.6761553.
[21] DHS, State cybersecurity governance case studies. Department of Homeland Security National Association of State Chief
Information Officers, 2017.
[22] DHS, “Cyber resilience review,” Department Homeland University, Carnegie Mellon University, 2011.
[23] A. Jamil and Z. M. Yusof, “Information security governance framework of Malaysia public sector,” Asia-Pacific Journal of
Information Technology and Multimedia, vol. 7, no. 2, pp. 85–98, Dec. 2018, doi: 10.17576/apjitm-2018-0702-07.
[24] S. Perumal, S. Ali Pitchay, G. Narayana Samy, B. Shanmugam, P. Magalingam, and S. Hasan Albakri, “Transformative cyber
security model for Malaysian government agencies,” International Journal of Engineering and Technology, vol. 7, Oct. 2018, doi:
10.14419/ijet.v7i4.15.21377.
[25] S. N. Deekue, “A strategic framework for e-government security: the case in Nigeria,” University of Bedfordshire, 2016.
[26] J. van’t Wout, M. Waage, H. Hartman, M. Stahlecker, and A. Hofman, The integrated architecture framework explained. Berlin,
Heidelberg: Springer Berlin Heidelberg, 2010, doi: 10.1007/978-3-642-11518-9.
[27] B. Rahardjo, Information & network security, (in Bahasa), Bandung: PT Insan Infonesia, 2017.
[28] Y. Li, T. Stafford, B. Fuller, and S. Ellis, “Information securing in organizations,” in Proceedings of the 2019 on Computers and
People Research Conference, Jun. 2019, pp. 125–130, doi: 10.1145/3322385.3322425.
[29] A. B. Setiawan, A. Syamsudin, and A. S. Sastrosubroto, “Information security governance on national cyber physical systems,” in
International Conference on Information Technology Systems and Innovation (ICITSI), Oct. 2016, pp. 1–6, doi:
10.1109/ICITSI.2016.7858210.
[30] S. AlGhamdi, K. T. Win, and E. Vlahu-Gjorgievska, “Information security governance challenges and critical success factors:
systematic review,” Computers and Security, vol. 99, Dec. 2020, doi: 10.1016/j.cose.2020.102030.
[31] G. Gashgari, R. Walters, and G. Wills, “A proposed best-practice framework for information security governance,” in
Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security, 2017, pp. 295–301, doi:
10.5220/0006303102950301.
[32] R. von Solms and J. van Niekerk, “From information security to cyber security,” Computers and Security, vol. 38, pp. 97–102,
Oct. 2013, doi: 10.1016/j.cose.2013.04.004.
[33] Capgemini, “Information security benchmark 2019,” Research Report, 2019.
[34] BSSN, KAMI Index Version 4.0, (in Bahasa), Indonesia Security Guideline Document, 2019.
[35] F. Setiadi, A. Rubhasy, and Z. A. Hasibuan, “Identifying and validating components for national cyber security framework,” in
Third International Conference on Informatics and Computing (ICIC), Oct. 2018, pp. 1–5, doi: 10.1109/IAC.2018.8780441.
[36] Y. Nugraha, “The future of cyber security capacity in Indonesia,” Indonesian Institute of Sciences, 2016.
[37] E. K. Szczepaniuk, H. Szczepaniuk, T. Rokicki, and B. Klepacki, “Information security assessment in public administration,”
Computers and Security, vol. 90, Mar. 2020, doi: 10.1016/j.cose.2019.101709.
[38] J. Zuo, Y. Lu, H. Gao, R. Cao, Z. Guo, and J. Feng, “Comprehensive information security evaluation model based on multi-level
decomposition feedback for IoT,” Computers, Materials and Continua, vol. 65, no. 1, pp. 683–704, 2020, doi:
10.32604/cmc.2020.010793.
[39] K. Prislan, A. Mihelič, and I. Bernik, “A real-world information security performance assessment using a multidimensional socio-
technical approach,” PLoS ONE, vol. 15, Sep. 2020, doi: 10.1371/journal.pone.0238739.
[40] M. Gulzira, B. Gulmira, S. Altynbek, and O. Assel, “The audit method of enterprise’s Information security,” in Proceedings of the
6th
International Conference on Engineering, Sep. 2020, pp. 1–5, doi: 10.1145/3410352.3410761.
[41] V. Monev, “Organisational information security maturity assessment based on ISO 27001 and ISO 27002,” in International
Conference on Information Technologies (InfoTech), Sep. 2020, pp. 1–5, doi: 10.1109/InfoTech49733.2020.9211066.
[42] D. Sulistyowati, F. Handayani, and Y. Suryanto, “Comparative analysis and design of cybersecurity maturity assessment
methodology using NIST CSF, COBIT, ISO/IEC 27002 and PCI DSS,” JOIV : International Journal on Informatics
Visualization, vol. 4, no. 4, Dec. 2020, doi: 10.30630/joiv.4.4.482.
[43] A. Erulanova, G. Soltan, A. Baidildina, M. Amangeldina, and A. Aset, “Expert system for assessing the efficiency of information
security,” in 7th
International Conference on Electrical and Electronics Engineering, Apr. 2020, pp. 355–359, doi:
10.1109/ICEEE49618.2020.9102555.
[44] T. Tagarev and D. Polimirova, “Main considerations in eclaborating organizational information security policies,” in Proceedings
of the 20th
International Conference on Computer Systems and Technologies, Jun. 2019, pp. 68–73, doi:
10.1145/3345252.3345302.
[45] S. E. Change, A. Y. Liu, and Y.-T. J. Jang, “Exploring trust and information monitoring for information security management,” in
10th
International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI), Oct. 2017,
pp. 1–5, doi: 10.1109/CISP-BMEI.2017.8302319.
[46] V. G. Eryshov and D. V. Ilina, “Method of the information security monitoring process in information and telecommunication
systems based on the application of methods of markov random processes,” in Wave Electronics and its Application in
Information and Telecommunication Systems (WECONF), Jun. 2020, pp. 1–4, doi: 10.1109/WECONF48837.2020.9131492.
[47] F. Ö. Sönmez, “A conceptual model for a metric based framework for the monitoring of information security tasks’ efficiency,”
Procedia Computer Science, vol. 160, pp. 181–188, 2019, doi: 10.1016/j.procs.2019.09.459.
[48] J. Andress, Foundations of information security. No Starch Press, 2019.
[49] A. AlKalbani, H. Deng, B. Kam, and X. Zhang, “Information security compliance in organizations: an institutional perspective,”
Data and Information Management, vol. 1, no. 2, pp. 104–114, Dec. 2017, doi: 10.1515/dim-2017-0006.
[50] M. Lubis, R. Fauzi, P. Liandani, and A. R. Lubis, “Information security awareness (ISA) towards the intention to comply and
demographic factors: statistical correspondence analysis,” in Proceedings of the 8th
International Conference on Computer and
Communications Management, Jul. 2020, pp. 79–84, doi: 10.1145/3411174.3411196.
[51] J. Vacca, Computer and information security handbook, 3rd
ed. Morgan Kaufmann, 2013, doi: 10.1016/C2011-0-07051-5.
[52] M. Asgarkhani, E. Correia, and A. Sarkar, “An overview of information security governance,” in International Conference on
Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET), Feb. 2017, pp. 1–4, doi:
10.1109/ICAMMAET.2017.8186666.
[53] H. Paananen, M. Lapke, and M. Siponen, “State of the art in information security policy development,” Computers and Security,
13. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 12, No. 6, December 2022: 6522-6534
6534
vol. 88, Jan. 2020, doi: 10.1016/j.cose.2019.101608.
[54] J. Lobo, E. Bertino, and A. Russos, “On security policy migrations,” in Proceedings of the 25th
ACM Symposium on Access
Control Models and Technologies, Jun. 2020, pp. 179–188, doi: 10.1145/3381991.3395613.
[55] W. Jatmiko et al., Scientific article writing, (in Bahasa), Depok: UI Publishing, 2015.
[56] M. N. Masrek, Q. N. Harun, and M. K. Zaini, “Information security culture for Malaysian public organization: a conceptual
framework,” in 4th
International Conference on Education and Social Sciences (Intcess 2017), pp. 156–166, 2017.
BIOGRAPHIES OF AUTHORS
Rika Yuliana completed her master's level study in Informatics Engineering at
the Bandung Institute of Technology in 2012 and bachelor's degree in Agro-Industrial
Technology at the Bogor Agricultural University in 2006. Currently she is actively involved
as a teaching staff and researcher at the Faculty of Science and Technology (FST) of the
State Islamic University (UIN) Ar-Raniry Banda Aceh. The research fields carried out
include information technology governance and architecture in both corporate and
government organizations. She can be contacted by email: rika.yuliana@ar-raniry.ac.id.
Zainal Arifin Hasibuan was born in Pekan Baru, Indonesia in 1959. He
received B.Sc. degree in Statistic from Bogor Institute of Agriculture, Indonesia, 1986,
M.Sc. and Ph.D. in Information Science, Indiana University, in 1989 and 1995 respectively.
Currently, he is a lecturer and Ph.D. supervisor at Faculty of Computer Science, University
of Indonesia. He is also the Head of Digital Library and Distance Learning. His research
interests include e-learning, digital library, information retrieval, information system, and
software engineering. He can be contacted by email: zhasibua@dsn.dinus.ac.id.