Standardization of Information Security Management in the Banking Sector using the ISO 27001:2022 Framework
Abstract
This research discusses evaluations related to cyber security standardization in the banking sector at Bank Victoria International Tbk using qualitative methods and data collection techniques, interviews and focus group discussions. The focus of this research is evaluation related to Data Leaks, Threats of Attacks from outside, and Policies for preventing cybercrime in banking using the ISO 27001:2022 Framework. The location of this research was carried out at Bank Victoria International Tbk. The location for this research was chosen because Bank Victoria is one of the banks that is currently carrying out a preventive implementation process in preventing cybercrime by implementing ISO 27001:2022 related to Cyber Security. The problems that will be explained in this thesis research are First, how does PT. Bank Victoria is taking precautions regarding data leaks using the ISO 27001:2022 framework (1). Second, how does PT Bank Victoria carry out monitoring and monitoring related to external threats or attacks that could harm the bank using the ISO 27001:2022 framework (2). Third, how to comply with procedures, policies or regulators related to process flow and security controls for the use of information technology at PT. Bank Victoria uses the ISO 27001:2022 Framework (3). The conclusion of this research is that Bank Victoria International Tbk is still in the stage of improvement in terms of cyber security, although currently PT Bank Victoria is showing good preventive measures by forming a special organizational structure to handle legality issues and implementing cybercrime prevention applications, but this has not been stated in the Policy.
References
Acquisti, A. (2010). The economics of personal data and the economics of privacy. Economics, 11, 24.
Aginsa, A., Edward, I. Y. M., & Shalannanda, W. (2016, August). Enhanced information security management system framework design using ISO 27001 and zachman framework-A study case of XYZ company. In 2016 2nd International Conference on Wireless and Telematics (ICWT) (pp. 62-66). IEEE.
Ahmad, A., Maynard, S. B., & Park, S. (2020). Information security strategies to manage cybersecurity threats in financial institutions. Computers & Security, 92, 102232. https://doi.org/10.1016/j.cose.2020.102232
Ahmed, S. R. (2020). Identity Crime Framework and Model: Five Components of Identity Crime and the Different Illegal Methods of Acquiring and Using Identity Information and Documents. In Preventing Identity Crime: Identity Theft and Identity Fraud (pp. 46-186). Brill Nijhoff.
Aksenta, A., Irmawati, I., Ridwan, A., Hayati, N., Sepriano, S., Herlinah, H., ... & Ginting, T. W. (2023). Literasi Digital: Pengetahuan & Transformasi Terkini Teknologi Digital Era Industri 4.0 dan Sociaty 5.0. PT. Sonpedia Publishing Indonesia.
Alcaraz, C., & Lopez, J. (2013). Wide-area situational awareness for critical infrastructure protection. Computers & Security, 31(4), 221-233. https://doi.org/10.1016/j.cose.2013.05.003
Alcaraz, C., & Zeadally, S. (2015). Critical infrastructure protection: Requirements and challenges for the 21st century. Computers & Security, 49, 39-58. https://doi.org/10.1016/j.cose.2014.11.006
Alharbi, F. S. (2020). Dealing with Data Breaches Amidst Changes In Technology. International Journal of Computer Science and Security (IJCSS), 14(3), 108-115.
Ali, S., Anwar, Z., & He, X. (2019). Comparative analysis of IT governance frameworks for banking institutions. Procedia Computer Science, 154, 162-167. https://doi.org/10.1016/j.procs.2019.01.162
Aprilia, S. (2021). Permasalahan Financial Technology Ilegal Di Indonesia (Bachelor's thesis, Fakultas Syariah dan Hukum Universitas Islam Negeri Syarif Hidayatullah Jakarta).
Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud computing security: Issues and threats. In 2017 International conference on circuit, power and computing technologies (ICCPCT) (pp. 1-8). IEEE.
Bosch, J., Faber, R., & Broy, M. (2017). From software product lines to data product lines. Applied Computing and Informatics, 13(3), 169-179. https://doi.org/10.1016/j.aci.2017.07.003
Brotby, W. K., & Hildebrandt, R. (2021). Information security management principles. Computers & Security, 104, 102295. https://doi.org/10.1016/j.cose.2021.102295
Brotby, W., Endicott-Popovsky, B., & Zafar, H. (2020). Cybersecurity management: A comprehensive approach. Computers & Security, 98, 102081. https://doi.org/10.1016/j.cose.2020.102081
Cherdantseva, Y., & Hilton, J. (2013). A reference model of information assurance & security. Computers & Security, 38, 18-28. https://doi.org/10.1016/j.cose.2013.04.004
Colwill, C. (2009). Human factors in information security: The insider threat–Who can you trust these days? Computers & Security, 28(6), 370-374. https://doi.org/10.1016/j.cose.2008.10.009
Dharani, L. I. C., Idayanti, S., & Rahayu, K. (2024). Perlindungan Hukum terhadap Tindakan Phishing di Media Sosial. Penerbit NEM.
Fernández-Medina, E., Villalba, L. J. G., & Alcaraz, C. (2017). Cost-benefit analysis of information security management systems. Computers & Security, 70, 25-37. https://doi.org/10.1016/j.cose.2017.08.002
Huang, R., & Pearlson, K. E. (2019). Managing the information security function in financial institutions. Journal of Business Research, 95, 280-292. https://doi.org/10.1016/j.jbusres.2018.10.055
Huang, X., Xie, M., Li, G., & Liu, C. (2019). A survey of efficient and effective secure data-sharing schemes in cloud computing. Computers & Security, 91, 1-18. https://doi.org/10.1016/j.cose.2019.04.011
Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Computers & Security, 27(5-6), 342-352. https://doi.org/10.1016/j.cose.2008.03.002
Hwang, W., Lee, J., & Kang, C. (2021). Designing a security strategy for financial information systems. Applied Computing and Informatics, 17(2), 156-170. https://doi.org/10.1016/j.aci.2020.100092
Li, J., & Paxson, V. (2019). A large-scale empirical study of security patches. Future Generation Computer Systems, 96, 142-155. https://doi.org/10.1016/j.future.2019.05.030
Luo, X., Brody, R., Seazzu, A., & Burd, S. (2016). Social engineering: The neglected human factor for information security management. Computers & Security, 56, 57-70. https://doi.org/10.1016/j.cose.2016.02.008
Mace, R., Stevens, R., & Drew, M. (2022). Evaluating the effectiveness of ISO 27001 in the banking sector. Computers & Security, 109, 102221. https://doi.org/10.1016/j.cose.2021.102221
Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance. Journal of marketing, 81(1), 36-58. https://doi.org/10.1509/jm.15.0497
Mazzone, M., Figus, A., Celentano, M. G., Foggia, P., Vento, M., & Sansone, C. (2022). Explainable AI meets complex human machine collaboration: A perspective. Computers in Human Behavior, 130, 107321. https://doi.org/10.1016/j.chb.2022.107321
Mellado, D., Fernández-Medina, E., & Piattini, M. (2014). A comparison of the security requirements of ISO/IEC 27001 and ISO/IEC 27002. Computers & Security, 36, 40-47. https://doi.org/10.1016/j.cose.2014.09.007
Mohamed, M., & Weber, S. (2020). Adaptive cybersecurity: Strategies and policies. Array, 6, 100063. https://doi.org/10.1016/j.aci.2020.100063
Müller, R., & Berg, P. (2019). IT governance and the role of business. Journal of Cleaner Production, 230, 59-69. https://doi.org/10.1016/j.jclepro.2019.03.120
Park, S. H., Lee, H. S., & Kim, J. (2018). Real-time threat detection in banking: Policy and practice. Computers & Security, 76, 22-34. https://doi.org/10.1016/j.cose.2018.02.013
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Syngress. https://doi.org/10.1016/B978-0-12-802044-8.00001-5
Pereira, A. C., & Romero, F. (2017). A review of the meanings and the implications of the Industry 4.0 concept. Procedia Manufacturing, 13, 1206-1214. https://doi.org/10.1016/j.promfg.2017.09.139
Rahmatullah, A. (2024). Perlindungan Hukum Bagi Nasabah Pada Pinjaman Online Menurut Hukum Ekonomi Syariah. Al-Mudharabah: Jurnal Ekonomi dan Keuangan Syariah, 5(1), 1-20. https://doi.org/10.22373/al-mudharabah.v5i1.4529
Ramachandran, G., Han, S., & Krishnan, M. (2017). Cybersecurity for industrial control systems: SCADA systems. Journal of Information Security and Applications, 35, 100-116. https://doi.org/10.1016/j.jisa.2016.06.003
Ravindran, A., & Sinha, P. (2022). The evolving role of cybersecurity in financial institutions. Computers & Security, 112, 102302. https://doi.org/10.1016/j.cose.2021.102302
Rehman, M. H. U., Ashraf, I., & Gohar, A. (2020). Enhancing cybersecurity through effective IT governance in financial institutions. Computers & Security, 92, 101762. https://doi.org/10.1016/j.cose.2019.101762
Saulina, A. R., & Syah, T. Y. R. (2018). How service quality influence of satisfaction and trust towards consumer loyalty in Starbucks coffee Indonesia. International Advanced Research Journal in Science, Engineering and Technology, 5(10), 11-19.
Seddigh, N., Gil, T., & Berg, M. (2017). Information systems security and their applications: A review. Computers & Security, 67, 120-132. https://doi.org/10.1016/j.cose.2016.08.006
Setiyawan, W. B. M., Zakariya, H., & Wahtikasari, D. (2020). Perlindungan Data Konsumen Transaksi Online Melalui Penerapan Advance Data Protection System. Wajah Hukum, 4(1), 1-7. http://dx.doi.org/10.33087/wjh.v4i1.179
Setyawan, F. R., Fajrin, Y. A., Prasetyo, S. N., Nuryasinta, R. K., Alam, S., Kurniawan, K. D., & Kurniawan, W. (2024). Preventive Legal Protection Against Leaks Consumer Data by Company Negligence Financial Technology. KnE Social Sciences, 374-383. https://doi.org/10.18502/kss.v8i21.14745
Shaikh, M., Cornelissen, J. P., & Dutton, J. E. (2019). Balancing creativity and efficiency in organizations. Journal of Cleaner Production, 214, 725-738. https://doi.org/10.1016/j.jclepro.2019.01.059
Shen, C., Wang, J., Yan, J., Han, J., & Zheng, Z. (2020). Secure and efficient privacy-preserving online machine learning based on secret sharing and distributed data. Computers & Security, 95, 101789. https://doi.org/10.1016/j.cose.2020.101789
Sims, J. (2022). The changing face of information security: Trends and challenges. Computers & Security, 108, 102671. https://doi.org/10.1016/j.cose.2022.102671
Sitorus, T., & Yustisia, M. (2018). The influence of service quality and customer trust toward customer loyalty: the role of customer satisfaction. International Journal for Quality Research, 12(3), 639.
Soemitra, A. (2022). Perlindungan konsumen terhadap kebocoran data pada jasa keuangan di Indonesia. Juripol (Jurnal Institusi Politeknik Ganesha Medan), 5(1), 288-303.
Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. Computers & Security, 56, 70-81. https://doi.org/10.1016/j.cose.2016.09.001
Sun, X., Wang, Y., & Zhang, J. (2019). Information security in the networked era. Computer Networks, 162, 106866. https://doi.org/10.1016/j.comnet.2019.04.009
Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information security management system standards: A comparative study of the big five. Journal of King Saud University-Computer and Information Sciences, 23(3), 201-207. https://doi.org/10.1016/j.jksuci.2011.09.007
Tounsi, W., & Rais, H. (2018). A survey on cyber threat intelligence. Future Generation Computer Systems, 92, 86-106. https://doi.org/10.1016/j.future.2017.11.029
Tundis, A., Criscuolo, P., & Zennaro, F. (2019). Advancements in information security: Technological evolutions. Computers & Security, 81, 100-109. https://doi.org/10.1016/j.cose.2018.09.015
Watson, R. T. (2020). Information systems security: Past, present, and future. Computers & Security, 89, 101876. https://doi.org/10.1016/j.cose.2020.101876
Widyastuti, E., & Sugianto, A. (2020). Perlindungan Hukum Terhadap Data Debitur Dalam Pinjam Meminjam Uang Berbasis Teknologi Informasi. Sultra Research Of Law, 2(1), 28-41. https://doi.org/10.54297/surel.v2i1.20
Yao, X., Chen, S., & Zhao, Y. (2019). Blockchain technology for the Internet of Things: Recent advances and future prospects. Future Generation Computer Systems, 92, 617-629. https://doi.org/10.1016/j.future.2019.06.004
Zhang, Q., & Huang, Y. (2017). The effects of cybersecurity on system performance. Computers & Security, 65, 140-150. https://doi.org/10.1016/j.cose.2017.03.009
Copyright (c) 2024 Journal La Multiapp
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.