Standardization of Information Security Management in the Banking Sector using the ISO 27001:2022 Framework

  • Kamil Ryanto Faculty of Computer Science, Esa Unggul University,Jl.Arjuna Utara 9, Jakarta
  • Vitri Tundjungsari Faculty of Computer Science, Esa Unggul University,Jl.Arjuna Utara 9, Jakarta
Keywords: Standardization, Bank, ISO 27001:2022, Cyber Security, Evaluation

Abstract

This research discusses evaluations related to cyber security standardization in the banking sector at Bank Victoria International Tbk using qualitative methods and data collection techniques, interviews and focus group discussions. The focus of this research is evaluation related to Data Leaks, Threats of Attacks from outside, and Policies for preventing cybercrime in banking using the ISO 27001:2022 Framework. The location of this research was carried out at Bank Victoria International Tbk. The location for this research was chosen because Bank Victoria is one of the banks that is currently carrying out a preventive implementation process in preventing cybercrime by implementing ISO 27001:2022 related to Cyber Security. The problems that will be explained in this thesis research are First, how does PT. Bank Victoria is taking precautions regarding data leaks using the ISO 27001:2022 framework (1). Second, how does PT Bank Victoria carry out monitoring and monitoring related to external threats or attacks that could harm the bank using the ISO 27001:2022 framework (2). Third, how to comply with procedures, policies or regulators related to process flow and security controls for the use of information technology at PT. Bank Victoria uses the ISO 27001:2022 Framework (3). The conclusion of this research is that Bank Victoria International Tbk is still in the stage of improvement in terms of cyber security, although currently PT Bank Victoria is showing good preventive measures by forming a special organizational structure to handle legality issues and implementing cybercrime prevention applications, but this has not been stated in the Policy.

References

Acquisti, A. (2010). The economics of personal data and the economics of privacy. Economics, 11, 24.

Aginsa, A., Edward, I. Y. M., & Shalannanda, W. (2016, August). Enhanced information security management system framework design using ISO 27001 and zachman framework-A study case of XYZ company. In 2016 2nd International Conference on Wireless and Telematics (ICWT) (pp. 62-66). IEEE.

Ahmad, A., Maynard, S. B., & Park, S. (2020). Information security strategies to manage cybersecurity threats in financial institutions. Computers & Security, 92, 102232. https://doi.org/10.1016/j.cose.2020.102232

Ahmed, S. R. (2020). Identity Crime Framework and Model: Five Components of Identity Crime and the Different Illegal Methods of Acquiring and Using Identity Information and Documents. In Preventing Identity Crime: Identity Theft and Identity Fraud (pp. 46-186). Brill Nijhoff.

Aksenta, A., Irmawati, I., Ridwan, A., Hayati, N., Sepriano, S., Herlinah, H., ... & Ginting, T. W. (2023). Literasi Digital: Pengetahuan & Transformasi Terkini Teknologi Digital Era Industri 4.0 dan Sociaty 5.0. PT. Sonpedia Publishing Indonesia.

Alcaraz, C., & Lopez, J. (2013). Wide-area situational awareness for critical infrastructure protection. Computers & Security, 31(4), 221-233. https://doi.org/10.1016/j.cose.2013.05.003

Alcaraz, C., & Zeadally, S. (2015). Critical infrastructure protection: Requirements and challenges for the 21st century. Computers & Security, 49, 39-58. https://doi.org/10.1016/j.cose.2014.11.006

Alharbi, F. S. (2020). Dealing with Data Breaches Amidst Changes In Technology. International Journal of Computer Science and Security (IJCSS), 14(3), 108-115.

Ali, S., Anwar, Z., & He, X. (2019). Comparative analysis of IT governance frameworks for banking institutions. Procedia Computer Science, 154, 162-167. https://doi.org/10.1016/j.procs.2019.01.162

Aprilia, S. (2021). Permasalahan Financial Technology Ilegal Di Indonesia (Bachelor's thesis, Fakultas Syariah dan Hukum Universitas Islam Negeri Syarif Hidayatullah Jakarta).

Barona, R., & Anita, E. M. (2017, April). A survey on data breach challenges in cloud computing security: Issues and threats. In 2017 International conference on circuit, power and computing technologies (ICCPCT) (pp. 1-8). IEEE.

Bosch, J., Faber, R., & Broy, M. (2017). From software product lines to data product lines. Applied Computing and Informatics, 13(3), 169-179. https://doi.org/10.1016/j.aci.2017.07.003

Brotby, W. K., & Hildebrandt, R. (2021). Information security management principles. Computers & Security, 104, 102295. https://doi.org/10.1016/j.cose.2021.102295

Brotby, W., Endicott-Popovsky, B., & Zafar, H. (2020). Cybersecurity management: A comprehensive approach. Computers & Security, 98, 102081. https://doi.org/10.1016/j.cose.2020.102081

Cherdantseva, Y., & Hilton, J. (2013). A reference model of information assurance & security. Computers & Security, 38, 18-28. https://doi.org/10.1016/j.cose.2013.04.004

Colwill, C. (2009). Human factors in information security: The insider threat–Who can you trust these days? Computers & Security, 28(6), 370-374. https://doi.org/10.1016/j.cose.2008.10.009

Dharani, L. I. C., Idayanti, S., & Rahayu, K. (2024). Perlindungan Hukum terhadap Tindakan Phishing di Media Sosial. Penerbit NEM.

Fernández-Medina, E., Villalba, L. J. G., & Alcaraz, C. (2017). Cost-benefit analysis of information security management systems. Computers & Security, 70, 25-37. https://doi.org/10.1016/j.cose.2017.08.002

Huang, R., & Pearlson, K. E. (2019). Managing the information security function in financial institutions. Journal of Business Research, 95, 280-292. https://doi.org/10.1016/j.jbusres.2018.10.055

Huang, X., Xie, M., Li, G., & Liu, C. (2019). A survey of efficient and effective secure data-sharing schemes in cloud computing. Computers & Security, 91, 1-18. https://doi.org/10.1016/j.cose.2019.04.011

Humphreys, E. (2008). Information security management standards: Compliance, governance and risk management. Computers & Security, 27(5-6), 342-352. https://doi.org/10.1016/j.cose.2008.03.002

Hwang, W., Lee, J., & Kang, C. (2021). Designing a security strategy for financial information systems. Applied Computing and Informatics, 17(2), 156-170. https://doi.org/10.1016/j.aci.2020.100092

Li, J., & Paxson, V. (2019). A large-scale empirical study of security patches. Future Generation Computer Systems, 96, 142-155. https://doi.org/10.1016/j.future.2019.05.030

Luo, X., Brody, R., Seazzu, A., & Burd, S. (2016). Social engineering: The neglected human factor for information security management. Computers & Security, 56, 57-70. https://doi.org/10.1016/j.cose.2016.02.008

Mace, R., Stevens, R., & Drew, M. (2022). Evaluating the effectiveness of ISO 27001 in the banking sector. Computers & Security, 109, 102221. https://doi.org/10.1016/j.cose.2021.102221

Martin, K. D., Borah, A., & Palmatier, R. W. (2017). Data privacy: Effects on customer and firm performance. Journal of marketing, 81(1), 36-58. https://doi.org/10.1509/jm.15.0497

Mazzone, M., Figus, A., Celentano, M. G., Foggia, P., Vento, M., & Sansone, C. (2022). Explainable AI meets complex human machine collaboration: A perspective. Computers in Human Behavior, 130, 107321. https://doi.org/10.1016/j.chb.2022.107321

Mellado, D., Fernández-Medina, E., & Piattini, M. (2014). A comparison of the security requirements of ISO/IEC 27001 and ISO/IEC 27002. Computers & Security, 36, 40-47. https://doi.org/10.1016/j.cose.2014.09.007

Mohamed, M., & Weber, S. (2020). Adaptive cybersecurity: Strategies and policies. Array, 6, 100063. https://doi.org/10.1016/j.aci.2020.100063

Müller, R., & Berg, P. (2019). IT governance and the role of business. Journal of Cleaner Production, 230, 59-69. https://doi.org/10.1016/j.jclepro.2019.03.120

Park, S. H., Lee, H. S., & Kim, J. (2018). Real-time threat detection in banking: Policy and practice. Computers & Security, 76, 22-34. https://doi.org/10.1016/j.cose.2018.02.013

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management. Syngress. https://doi.org/10.1016/B978-0-12-802044-8.00001-5

Pereira, A. C., & Romero, F. (2017). A review of the meanings and the implications of the Industry 4.0 concept. Procedia Manufacturing, 13, 1206-1214. https://doi.org/10.1016/j.promfg.2017.09.139

Rahmatullah, A. (2024). Perlindungan Hukum Bagi Nasabah Pada Pinjaman Online Menurut Hukum Ekonomi Syariah. Al-Mudharabah: Jurnal Ekonomi dan Keuangan Syariah, 5(1), 1-20. https://doi.org/10.22373/al-mudharabah.v5i1.4529

Ramachandran, G., Han, S., & Krishnan, M. (2017). Cybersecurity for industrial control systems: SCADA systems. Journal of Information Security and Applications, 35, 100-116. https://doi.org/10.1016/j.jisa.2016.06.003

Ravindran, A., & Sinha, P. (2022). The evolving role of cybersecurity in financial institutions. Computers & Security, 112, 102302. https://doi.org/10.1016/j.cose.2021.102302

Rehman, M. H. U., Ashraf, I., & Gohar, A. (2020). Enhancing cybersecurity through effective IT governance in financial institutions. Computers & Security, 92, 101762. https://doi.org/10.1016/j.cose.2019.101762

Saulina, A. R., & Syah, T. Y. R. (2018). How service quality influence of satisfaction and trust towards consumer loyalty in Starbucks coffee Indonesia. International Advanced Research Journal in Science, Engineering and Technology, 5(10), 11-19.

Seddigh, N., Gil, T., & Berg, M. (2017). Information systems security and their applications: A review. Computers & Security, 67, 120-132. https://doi.org/10.1016/j.cose.2016.08.006

Setiyawan, W. B. M., Zakariya, H., & Wahtikasari, D. (2020). Perlindungan Data Konsumen Transaksi Online Melalui Penerapan Advance Data Protection System. Wajah Hukum, 4(1), 1-7. http://dx.doi.org/10.33087/wjh.v4i1.179

Setyawan, F. R., Fajrin, Y. A., Prasetyo, S. N., Nuryasinta, R. K., Alam, S., Kurniawan, K. D., & Kurniawan, W. (2024). Preventive Legal Protection Against Leaks Consumer Data by Company Negligence Financial Technology. KnE Social Sciences, 374-383. https://doi.org/10.18502/kss.v8i21.14745

Shaikh, M., Cornelissen, J. P., & Dutton, J. E. (2019). Balancing creativity and efficiency in organizations. Journal of Cleaner Production, 214, 725-738. https://doi.org/10.1016/j.jclepro.2019.01.059

Shen, C., Wang, J., Yan, J., Han, J., & Zheng, Z. (2020). Secure and efficient privacy-preserving online machine learning based on secret sharing and distributed data. Computers & Security, 95, 101789. https://doi.org/10.1016/j.cose.2020.101789

Sims, J. (2022). The changing face of information security: Trends and challenges. Computers & Security, 108, 102671. https://doi.org/10.1016/j.cose.2022.102671

Sitorus, T., & Yustisia, M. (2018). The influence of service quality and customer trust toward customer loyalty: the role of customer satisfaction. International Journal for Quality Research, 12(3), 639.

Soemitra, A. (2022). Perlindungan konsumen terhadap kebocoran data pada jasa keuangan di Indonesia. Juripol (Jurnal Institusi Politeknik Ganesha Medan), 5(1), 288-303.

Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs more holistic approach: A literature review. Computers & Security, 56, 70-81. https://doi.org/10.1016/j.cose.2016.09.001

Sun, X., Wang, Y., & Zhang, J. (2019). Information security in the networked era. Computer Networks, 162, 106866. https://doi.org/10.1016/j.comnet.2019.04.009

Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2011). Information security management system standards: A comparative study of the big five. Journal of King Saud University-Computer and Information Sciences, 23(3), 201-207. https://doi.org/10.1016/j.jksuci.2011.09.007

Tounsi, W., & Rais, H. (2018). A survey on cyber threat intelligence. Future Generation Computer Systems, 92, 86-106. https://doi.org/10.1016/j.future.2017.11.029

Tundis, A., Criscuolo, P., & Zennaro, F. (2019). Advancements in information security: Technological evolutions. Computers & Security, 81, 100-109. https://doi.org/10.1016/j.cose.2018.09.015

Watson, R. T. (2020). Information systems security: Past, present, and future. Computers & Security, 89, 101876. https://doi.org/10.1016/j.cose.2020.101876

Widyastuti, E., & Sugianto, A. (2020). Perlindungan Hukum Terhadap Data Debitur Dalam Pinjam Meminjam Uang Berbasis Teknologi Informasi. Sultra Research Of Law, 2(1), 28-41. https://doi.org/10.54297/surel.v2i1.20

Yao, X., Chen, S., & Zhao, Y. (2019). Blockchain technology for the Internet of Things: Recent advances and future prospects. Future Generation Computer Systems, 92, 617-629. https://doi.org/10.1016/j.future.2019.06.004

Zhang, Q., & Huang, Y. (2017). The effects of cybersecurity on system performance. Computers & Security, 65, 140-150. https://doi.org/10.1016/j.cose.2017.03.009

Published
2024-08-06
How to Cite
Ryanto, K., & Tundjungsari, V. (2024). Standardization of Information Security Management in the Banking Sector using the ISO 27001:2022 Framework. Journal La Multiapp, 5(4), 361-379. https://doi.org/10.37899/journallamultiapp.v5i4.1399