{"title":"使用NISTCSF, CIS CONTROLS v8和ISO/IEC 27002进行网络安全成熟度评估设计","authors":"Ivan Bashofi, Muhammad Salman","doi":"10.1109/CyberneticsCom55287.2022.9865640","DOIUrl":null,"url":null,"abstract":"Cyberspace was created by the development of Information and Communication Technology (ICT). This makes it easier to access, manage information faster and more accurately, and improve the efficiency of performing activities and achieving business goals. On the other hand, the higher the usage of information technology, the higher the potential for organizational security incident gaps and cybercrime. Addressing this issue requires security standards that are appropriate and meet the requirements for organizations to know the maturity of cybersecurity. XYZ Organization is one of the government instances managing Indonesia's critical infrastructures. Although some international security standards have been implemented, the results of preparing for information security management are not yet optimal. Analysis of the NIST, CIS Controls v8, and ISO27002 standards was performed in this research. In addition, the analysis results are used as resources to create a cybersecurity maturity framework through the three standard approaches that underlie ICT management. And for the result, the proposed concepts of the 21 integrated cybersecurity categories are expected to become an asset in terms of XYZ organization's ICT management performance.","PeriodicalId":178279,"journal":{"name":"2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Cybersecurity Maturity Assessment Design Using NISTCSF, CIS CONTROLS v8 and ISO/IEC 27002\",\"authors\":\"Ivan Bashofi, Muhammad Salman\",\"doi\":\"10.1109/CyberneticsCom55287.2022.9865640\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cyberspace was created by the development of Information and Communication Technology (ICT). This makes it easier to access, manage information faster and more accurately, and improve the efficiency of performing activities and achieving business goals. On the other hand, the higher the usage of information technology, the higher the potential for organizational security incident gaps and cybercrime. Addressing this issue requires security standards that are appropriate and meet the requirements for organizations to know the maturity of cybersecurity. XYZ Organization is one of the government instances managing Indonesia's critical infrastructures. Although some international security standards have been implemented, the results of preparing for information security management are not yet optimal. Analysis of the NIST, CIS Controls v8, and ISO27002 standards was performed in this research. In addition, the analysis results are used as resources to create a cybersecurity maturity framework through the three standard approaches that underlie ICT management. And for the result, the proposed concepts of the 21 integrated cybersecurity categories are expected to become an asset in terms of XYZ organization's ICT management performance.\",\"PeriodicalId\":178279,\"journal\":{\"name\":\"2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberneticsCom55287.2022.9865640\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Cybernetics and Computational Intelligence (CyberneticsCom)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberneticsCom55287.2022.9865640","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cybersecurity Maturity Assessment Design Using NISTCSF, CIS CONTROLS v8 and ISO/IEC 27002
Cyberspace was created by the development of Information and Communication Technology (ICT). This makes it easier to access, manage information faster and more accurately, and improve the efficiency of performing activities and achieving business goals. On the other hand, the higher the usage of information technology, the higher the potential for organizational security incident gaps and cybercrime. Addressing this issue requires security standards that are appropriate and meet the requirements for organizations to know the maturity of cybersecurity. XYZ Organization is one of the government instances managing Indonesia's critical infrastructures. Although some international security standards have been implemented, the results of preparing for information security management are not yet optimal. Analysis of the NIST, CIS Controls v8, and ISO27002 standards was performed in this research. In addition, the analysis results are used as resources to create a cybersecurity maturity framework through the three standard approaches that underlie ICT management. And for the result, the proposed concepts of the 21 integrated cybersecurity categories are expected to become an asset in terms of XYZ organization's ICT management performance.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
