Information Security Governance and Management Capability Assessment: A Lesson Learned from Directorate General of Taxes

Jurnal Penelitian Pos dan Informatika Pub Date : 2020-10-01 DOI:10.17933/JPPI.2020.100102

Bandi Ashari

{"title":"Information Security Governance and Management Capability Assessment: A Lesson Learned from Directorate General of Taxes","authors":"Bandi Ashari","doi":"10.17933/JPPI.2020.100102","DOIUrl":null,"url":null,"abstract":"The information has an important role in improving the business operation and serving the decision-making process. The emerging of e-commerce and e-government require more frequent data exchanges included sensitive data. This study will focus on looking at the portrait of the Directorate General of Tax (DGT) in planning and building the ability to enforce IT governance, especially those related to information security. In addition, this research can also be used as a DGT basis for continuous improvement. We use the ISGM capability model to combine COBIT 5 and ISO 27001 as an approach to measure the capability of organizations in governing and manage their information security. We found that DGT’s information security governance and management capability at overall is at level well defined. Almost of ISGM building blocks has been established according to tailor-made policy and standard. With this capability level, DGT’s ISGM could contribute to the business as shown in several DGT’s program. But, to get optimal value from ISGM DGT need to improve the capability level, especially related to organizational aspects like alignment with business strategies and resource management.","PeriodicalId":31332,"journal":{"name":"Jurnal Penelitian Pos dan Informatika","volume":" ","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2020-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Jurnal Penelitian Pos dan Informatika","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17933/JPPI.2020.100102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The information has an important role in improving the business operation and serving the decision-making process. The emerging of e-commerce and e-government require more frequent data exchanges included sensitive data. This study will focus on looking at the portrait of the Directorate General of Tax (DGT) in planning and building the ability to enforce IT governance, especially those related to information security. In addition, this research can also be used as a DGT basis for continuous improvement. We use the ISGM capability model to combine COBIT 5 and ISO 27001 as an approach to measure the capability of organizations in governing and manage their information security. We found that DGT’s information security governance and management capability at overall is at level well defined. Almost of ISGM building blocks has been established according to tailor-made policy and standard. With this capability level, DGT’s ISGM could contribute to the business as shown in several DGT’s program. But, to get optimal value from ISGM DGT need to improve the capability level, especially related to organizational aspects like alignment with business strategies and resource management.

查看原文本刊更多论文

信息安全治理和管理能力评估:来自税务总局的经验教训

信息在改善企业运营和服务决策过程中具有重要作用。电子商务和电子政务的兴起要求更频繁地交换包括敏感数据在内的数据。本研究将重点关注税务总局（DGT）在规划和建设实施IT治理的能力方面的情况，特别是与信息安全相关的治理。此外，本研究还可以作为DGT的基础进行持续改进。我们使用ISGM能力模型将COBIT 5和ISO 27001相结合，作为衡量组织在管理和管理其信息安全方面的能力的方法。我们发现DGT的信息安全治理和管理能力总体上处于明确的水平。几乎所有ISGM构建块都是根据量身定制的政策和标准建立的。有了这种能力水平，DGT的ISGM可以为业务做出贡献，如DGT的几个项目所示。但是，要从ISGM DGT中获得最佳价值，需要提高能力水平，特别是与组织方面有关的能力水平，如与业务战略和资源管理的一致性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Jurnal Penelitian Pos dan Informatika

自引率

0.00%

发文量

审稿时长

3 weeks