Recommendations for a Framework for Handling Security Incidents of Electronic-Based Government Systems (SPBE) using the ISO/IEC 27035: 2023 Standard

  • Stefanus Lugas Prastowo Master of Electrical Engineering Department, Faculty of Engineering, Universitas Indonesia, Depok, 16424, Indonesia (ID)
  • Dodi Sudiana Master of Electrical Engineering Department, Faculty of Engineering, Universitas Indonesia, Depok, 16424, Indonesia (ID)
Keywords: :Electronic Government System (SPBE), security incident management, ISO/IEC 27035:2023, Indonesian Ombudsman

Viewed = 0 time(s)

Abstract

The rapid development of Electronic Government Systems (EoBS) has brought significant improvements in the efficiency and accessibility of public services. However, the increasing reliance on these systems has also increased concerns about their security and the potential impact of security incidents on government operations and citizen trust. In order to address these challenges, this study proposes a framework for handling security incidents using the ISO/IEC 27035:2023 standard as a reference. The ISO/IEC 27035:2023 standard provides a comprehensive approach to incident management, covering the entire life cycle from preparation and identification to containment, eradication, and recovery. The recommended institution is the Ombudsman of the Republic of Indonesia, a government institution that carries out the function of overseeing the implementation of public services and receiving public complaints regarding alleged maladministration of public services. The preparation of the framework begins with a thorough analysis of the Ombudsman's existing security practices and potential threats to its electronic systems. This assessment is used as a basis for ensuring that the proposed solution is tailored to the specific needs and vulnerabilities of the institution. The stages carried out are preparation, identification, containment, eradication, recovery, and lessons learned. The recommendations produce a framework and insights that government agencies can use to adopt the ISO 27035:2023 standard. This study also shows that the implementation of the standard is relevant and in line with the SPBE policy in Indonesia.



References

Akkiyat, I., & Souissi, N. (2019). Modelling Risk Management Process According to ISO Standard. International Journal of Recent Technology and Engineering (IJRTE), 8(2), 5830–5835. https://doi.org/10.35940/ijrte.B3751.078219

Bohme, R. (2013). The Economics of Information Security and Privacy (R. Böhme, Ed.). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-39498-0

Fathurohman, A., & Witjaksono, R. W. (2020). Analysis and Design of Information Security Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study: District of Government of Bandung City). Bulletin of Computer Science and Electrical Engineering, 1(1), 1–11. https://doi.org/10.25008/bcsee.v1i1.2

Information Technology-Information security incident management. (2023). Part 2 : Guidelines to Plan and Prepare for Incident Response, I.

ISO 27035-2:2023. (2023). Information Technology-Information security incident management - Part 2 : Guidelines to plan and prepare for incident response.

Kristanto, T., Sholik, M., Rahmawati, D., & Nasrullah, M. (2019). Analisis Manajemen Keamanan Informasi Menggunakan Standard ISO 27001:2005 Pada Staff IT Support Di Instansi XYZ. JISA(Jurnal Informatika Dan Sains), 2(2). https://doi.org/10.31326/jisa.v2i2.497

Malik, M.S. (2021). Cybersecurity Incident Response and Management (pp. 32–44). https://doi.org/10.4018/978-1-7998-4162-3.ch002

Rahman, N. H., & Choo, K.-K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45–69. https://doi.org/10.1016/j.cose.2014.11.006

Shinde, N., & Kulkarni, P. (2021). Cyber incident response and planning: a flexible approach. Computer Fraud & Security, 2021(1), 14–19. https://doi.org/10.1016/S1361-3723(21)00009-9

Singh, J., & Cobbe, J. (2019). The Security Implications of Data Subject Rights. IEEE Security & Privacy, 17(6), 21–30. https://doi.org/10.1109/MSEC.2019.2914614

Tøndel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information security incident management: Current practice as reported in the literature. Computers & Security, 45, 42–57. https://doi.org/10.1016/j.cose.2014.05.003

Wahyuni, S., Raazi, I. M., & Dwitawati, I. (2022). Analisis Teknik Penyerangan Phishing Pada Social Engineering Terhadap Keamanan Informasi di Media Sosial Profesional Menggunakan Kombinasi Black Eye dan Setoolkit. Jurnal Nasional Komputasi Dan Teknologi Informasi (JNKTI), 5(1), 49–55. https://doi.org/10.32672/jnkti.v5i1.3962

Published
2024-07-16
Section
Articles
How to Cite
Prastowo, S. L., & Sudiana, D. (2024). Recommendations for a Framework for Handling Security Incidents of Electronic-Based Government Systems (SPBE) using the ISO/IEC 27035: 2023 Standard. JINAV: Journal of Information and Visualization, 5(1), 107-114. https://doi.org/10.35877/454RI.jinav2747