Recommendations for a Framework for Handling Security Incidents of Electronic-Based Government Systems (SPBE) using the ISO/IEC 27035: 2023 Standard
Viewed = 0 time(s)
Abstract
The rapid development of Electronic Government Systems (EoBS) has brought significant improvements in the efficiency and accessibility of public services. However, the increasing reliance on these systems has also increased concerns about their security and the potential impact of security incidents on government operations and citizen trust. In order to address these challenges, this study proposes a framework for handling security incidents using the ISO/IEC 27035:2023 standard as a reference. The ISO/IEC 27035:2023 standard provides a comprehensive approach to incident management, covering the entire life cycle from preparation and identification to containment, eradication, and recovery. The recommended institution is the Ombudsman of the Republic of Indonesia, a government institution that carries out the function of overseeing the implementation of public services and receiving public complaints regarding alleged maladministration of public services. The preparation of the framework begins with a thorough analysis of the Ombudsman's existing security practices and potential threats to its electronic systems. This assessment is used as a basis for ensuring that the proposed solution is tailored to the specific needs and vulnerabilities of the institution. The stages carried out are preparation, identification, containment, eradication, recovery, and lessons learned. The recommendations produce a framework and insights that government agencies can use to adopt the ISO 27035:2023 standard. This study also shows that the implementation of the standard is relevant and in line with the SPBE policy in Indonesia.
References
Akkiyat, I., & Souissi, N. (2019). Modelling Risk Management Process According to ISO Standard. International Journal of Recent Technology and Engineering (IJRTE), 8(2), 5830–5835. https://doi.org/10.35940/ijrte.B3751.078219
Bohme, R. (2013). The Economics of Information Security and Privacy (R. Böhme, Ed.). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-39498-0
Fathurohman, A., & Witjaksono, R. W. (2020). Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), 1–11. https://doi.org/10.25008/bcsee.v1i1.2
Information Technology-Information security incident management. (2023). Part 2 : Guidelines to Plan and Prepare for Incident Response, I.
ISO 27035-2:2023. (2023). Information Technology-Information security incident management - Part 2 : Guidelines to plan and prepare for incident response.
Kristanto, T., Sholik, M., Rahmawati, D., & Nasrullah, M. (2019). Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001:2005 Pada Staff IT Support Di Instansi XYZ. JISA(Jurnal Informatika Dan Sains), 2(2). https://doi.org/10.31326/jisa.v2i2.497
Malik, M.S. (2021). Cybersecurity Incident Response and Management (pp. 32–44). https://doi.org/10.4018/978-1-7998-4162-3.ch002
Rahman, N. H., & Choo, K.-K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45–69. https://doi.org/10.1016/j.cose.2014.11.006
Shinde, N., & Kulkarni, P. (2021). Cyber incident response and planning: a flexible approach. Computer Fraud & Security, 2021(1), 14–19. https://doi.org/10.1016/S1361-3723(21)00009-9
Singh, J., & Cobbe, J. (2019). The Security Implications of Data Subject Rights. IEEE Security & Privacy, 17(6), 21–30. https://doi.org/10.1109/MSEC.2019.2914614
Tøndel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident management: Current practice as reported in the literature. Computers & Security, 45, 42–57. https://doi.org/10.1016/j.cose.2014.05.003
Wahyuni, S., Raazi, I. M., & Dwitawati, I. (2022). Analisis Teknik Penyerangan Phishing Pada Social Engineering Terhadap Keamanan Informasi di Media Sosial Profesional Menggunakan Kombinasi Black Eye dan Setoolkit. Jurnal Nasional Komputasi Dan Teknologi Informasi (JNKTI), 5(1), 49–55. https://doi.org/10.32672/jnkti.v5i1.3962
Copyright (c) 2024 Stefanus Lugas Prastowo, Dodi Sudiana
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.