Bob Hardian Syahbuddin, Bob Hardian Syahbuddin and Wachid Yoga Afrida, Wachid Yoga Afrida and Fatimah Azzahro, Fatimah Azzahro and Achmad Nizar Hidayanto, Achmad Nizar Hidayanto (2020) The Implementation of Multiple Information Security Governance (ISG) Frameworks Strategy and Critical Success Factors in Indonesia’s Oil and Gas Industry: Case Study of PT X. Jurnal Sistem Informasi (Journal of Information System), 16 (2). pp. 43-56. ISSN e-ISSN:2502-6631
Text
The Implementation of Multiple Information SecurityGovernance (ISG).pdf - Other Download (406kB) |
Abstract
Oil and gas industry are among the largest contributor to the Indonesia’s foreign exchange. Many believe that information technology will be major driver for economic wealth in the oil and gas Industry. However, implementing information technology to support corporate business process brings vast information security risks. There is a need of comprehensive information security governance that can comply to information security standards and regulations. This research is conducted to evaluate the use of multiple ISG frameworks for implementing information security governance in a multinational oil and gas company. In detail, we evaluate the effectiveness of such framework, assess its implementation maturity level, and identify the success and inhibiting factors for implementing ISG frameworks. This study shows that framework XYZ, as a multiple ISG framework, is effective to cover the controls of ISO 17799, COSO, and IT Risk Framework at once. Meanwhile, the observed case study indicated lack of compliancy of Framework XYZ followed by the invention of gap between current ISG implementation efforts and company visions. Lastly, several success and inhibiting factors are identified in the ISG framework implementation at PT X.
Item Type: | Article |
---|---|
Uncontrolled Keywords: | Technology Governance," International Journal of Auditing (17:1), pp. 75-99. Furnell, S. M., Clarke, N., Werlinger, R., Hawkey, K., and Beznosov, K. 2009. “An Integrated View of Human, Organizational, and Technological Challenges of IT Security Management,” Information Management & Computer Security (17:1), pp. 4–19. Kankanhalli, A., Teo, H. H., Tan, B. C. Y., and Wei, K. K. 2003. “An Integrative Study of Information Systems Security Effectiveness,” International Journal of Information Management (23:2), pp. 139–154. Knapp, K. J., Marshall, T. E., Rainer Jr., R. K., and Ford, F. N. 2011. “Information Security Effectiveness,” International Journal of Information Security and Privacy (1:2), pp. 37–60. Pfleeger, C., and Pfleeger, S. L. 2012. Analyzing Computer Security: A Threat/Vulnerability/Countermeasure Approach, Massachusetts: Prentice Hall. Purser, S. 2004. A Practical Guide to Managing Information Security, Norwood: Artech House. Solms, V. 2007. The Relationship between Corporate Governance, Information Technology (IT) Governance and Information Security Governance and ICT Risk Management System to Support Information Security Governance, Johannesburg: University of Johannesburg. |
Subjects: | T Technology > T Technology (General) |
Divisions: | Faculty of Engineering, Science and Mathematics > School of Electronics and Computer Science |
Depositing User: | Mrs Ni Made Yunia Dwi Savitri |
Date Deposited: | 17 Nov 2022 01:31 |
Last Modified: | 17 Nov 2022 01:31 |
URI: | http://eprints.triatmamulya.ac.id/id/eprint/1751 |
Actions (login required)
View Item |