Open Journal Systems

Kajian Dimensi Budaya Keamanan Informasi dalam Berbagai Organisasi

       Nur Andita Prasetyo, Bambang Setiawan

Abstract


Budaya keamanan informasi yang sangat diperlukan dalam mengamankan data pribadi maupun data perusahaan. Penilaian tingkat budaya umumnya dilakukan dengan menghitung nilai indeks (indikator komposit) yang dibentuk dari dimensi-dimensi atau faktor-faktor yang mempengaruhi budaya tersebut. Penelitian ini bertujuan untuk mendapatkan faktor-faktor budaya keamanan informasi yang dapat digunakan untuk membentuk indeks tingkat budaya keamanan informasi. Metode yang digunakan adalah Sistematic Literature Review (SLR). SLR digunakan untuk mengidentifikasi, mengkaji, membahas, dan membahas semua penelitian yang tersedia dengan bidang fenomena yang menarik, dengan pertanyaan penelitian tertentu yang relevan. Penelitian ini mempelajari 39 makalah penelitian terkait budaya keamanan informasi pada organisasi dan individu antara tahun 2012 hingga 2021. Ada sembilan jenis organisasi yang dibahas, antara lain kesehatan, pemerintahan, Industri Kecil dan Menengah, organisasi publik, finansial, organisai umum, perusahaan perdagangan, telekomunikasi, dan akademik. Hasil penelitian menunjukkan bahwa ada 11 faktor yang digunakan dalam penilaian budaya keamanan informasi, yaitu kesadaran, kebijakan, pelatihan, pemantauan, kepatuhan, pengetahuan, pendidikan, perilaku, strategi, manajemen perubahan dan komunikasi. Dimana ada empat faktor yang digunakan lebih dari 25% makalah, yaitu kesadaran, kebijakan, pelatihan dan pemantauan.


  http://dx.doi.org/10.31544/jtera.v7.i1.2022.73-82

Keywords


dimensi; budaya keamanan informasi; organisasi; keamanan informasi

Full Text:

  PDF

References


N. S, Safa, M. Sookhaka, R. V. Solms, S. Furnell, N. A. Ghania and T. Herawana, "Information security conscious care behaviour formation in organizations," Computers & Security, pp. 65-78, 2015.

A. A. Maidabino and A.N. Zainab, "A holistic approach to collection security implementation in university libraries," Library Collections, Acquisitions, & Technical Services, pp. 107-120, 2012.

A. da Veiga and N. Martins, "Improving the information security culture through monitoring and implementation actions illustrated through a case study," Computers & Security, pp. 162-176, 2015.

A. Nasir, R. A. Arshah and M. R. A. Hamid, "Information Security Policy Compliance Behavior Based on Comprehensive Dimensions of Information Security Culture: A Conceptual Framework," Information System and Data Mining, pp. 56-60, 2017.

A. Al Hogail, "Design and validation of information security culture framework," Computers in Human Behavior, pp. 567-575, 2015.

A. Nasir, R. A. Arshah and M. R. A. Hamid, "A dimension-based information security culture model and its relationship with employees’ security behavior: A case study in Malaysian higher educational institutions," Information Security Journal: A Global Perspective 28, no. 3, pp. 55-80, 2019

T. O. Nævestad, S. F. Meyer and J. H. Honerud, "Organizational information security culture in critical infrastructure: Developing and testing a scale and its relationships to other measures of information security," in Safety and Reliability, London, Taylor & Francis Group, pp. 3021-3029, 2018.

A. Nasir, R. A. Arshah, M. R. A. Hamid and S. Fahmy, "An analysis on the dimensions of information security culture concept: A review," Journal of Information Security and Applications, pp. 12-22, 2019.

S. Orehek and G. Petrič, "A systematic review of scales for measuring information security culture," Information and Computer Security, pp. 133-158, 2021.

I. Okere, J. van Niekerk and M. Carroll, "Assessing Information Security Culture: A Critical Analysis of Current Approaches," Information Security for South Africa (ISSA), pp. 136-143, 2012.

A. da Veiga and N. Martins, "Information Security Culture: A Comparative Analysis of Four Assessments," European Conference on Information Management and Evaluation, pp. 49-57, 2014.

J. Valuch, T. Gábriš and O. Hamulak, "Cyber Attacks, Information Attacks, and Postmodern Warfare," Baltic Journal of Law & Politics, vol. 10, iss. 1, pp. 63-89, 2017.

S. Kim, G. Heo, E. Zio, J. Shin and Jae-guSong, "Cyber attack taxonomy for digital environment in nuclear power plants," Nuclear Engineering and Technology, pp. 995-1001, 2020.

N. H. Hassan and Z. Ismail, "A conceptual model for investigating factors influencing information security culture in healthcare environment," International Congress on Interdisciplinary Business and Social Science 2012 (ICIBSoS 2012), pp. 1007 – 1012, 2012.

M. A. Alnatheer, "Understanding and Measuring Information Security Culture in Developing Countries: Case of Saudi Arabia," PhD diss., Queensland University of Technology, 2012.

A. Fagerström, "Creating, Maintaining and Managing an Information Security Culture," KPMG Oy Ab, 2013.

I. Al-Mayahi and S. P. Mansoor, "Information Security Culture Assessment: Case Study," In 2013 IEEE Third International Conference on Information Science and Technology (ICIST), pp. 789-792. IEEE, 2013.

J. D’Arcy and G. Greene, "Security culture and the employment relationship as drivers of employees’ security compliance," Information Management & Computer Security, pp. 474 - 489, 2014.

Y. Chen, K. (Ram) Ramamurthy and K. Wen, "Impacts of Comprehensive Information Security Programs on Information Security Culture," Journal of Computer Information Systems, pp. 11-19, 2015.

K. M. Parsons, E. Young, M. A. Butavicius, A. McCormac, M. R. Pattinson and C. Jerram, "The Influence of Organizational Information Security Culture on Information Security Decision Making," Journal of Cognitive Engineering and Decision Making, pp. 117-129, 2015.

A. AlHogail and A. Mirza, "Organizational Information Security Culture Assessment," International Conference on Security and Management SAM 2015, pp. 286-292, 2015.

E. Sherif and S. Furnell, "A Conceptual Model for Cultivating an Information Security Culture," International Journal for Information Security Research (IJISR), pp. 565-573, 2015.

A. Da Veiga and N. Martins, "Information security culture and information protection culture: A validated assessment instrument," Computer Law & Security Review, pp. 243-256, 2015.

A. Al-Hogail, "Cultivating and Assessing an Organizational Information Security Culture; an Empirical Study," International Journal of Security and Its Applications, pp. 163-178, 2015.

A. Al Kalbani, H. Deng and B. Kam, "Organisational Security Culture and Information Security Compliance for E-Government Development: The Moderating Effect of Social Pressure," Pacific Asia Conference on Information Systems (PACIS 2015), pp. 1-11. RMIT University, 2015.

M. Tang, M. Li and T. Zhang, "The impacts of organizational culture on information security culture: a case study," Information Technology and Management 17, no. 2: 179-186. 2015

G. Dhillon, R. Syed and C. Pedron, "Interpreting information security culture: An organizational transformation case study," Computers & Security, pp. 63-69, 2016.

F. Al-Izki and G. R. S. Weir, "Management Attitudes Toward Information Security in Omani Public Sector Organisations," Cybersecurity and Cyberforensics Conference (CCC), pp. 107-112, 2016.

S. Govender, E. Kritzinger and M. Loock, "The Influence of National Culture on Information Security Culture," In 2016 IST-Africa Week Conference, pp. 1-9. IEEE, 2016.

H. C. Pham, D. D. Pham, L. Brennan and J. Richardson, "Information Security and People: A Conundrum for Compliance," Australasian Journal of Information Systems 21, 2017.

A. G. Bello, D. Murray and J. Armarego, "A systematic approach to investigating how information security and privacy can be achieved in BYOD environments," Information & Computer Security, pp. 475-492, 2017.

W. Sung and S. Kang, "An Empirical Study on the Effect of Information Security Activities: Focusing on Technology, Institution, and Awareness," Digital Government Research, pp. 84-93, 2017.

T. R. Vinnakota and N. G. P. L Mandaleeka, "Assessing an Information Security Governance of an Enterprise," US Patent, 2017.

M. N. Masrek, Q. N. Harun and M. K. Zaini, "The Development of an Information Security Culture Scale for the Malaysian Public Organization," International Journal of Mechanical Engineering and Technology (IJMET), p. 1255–1267, 2018.

Choe, A. I. Al-Darwish and Pilsung, "A Framework of Information Security Integrated with Human Factors," International Conference on Human-Computer Interaction, p. 217–229, 2019.

K. Arbanas and N. Z. Hrustek, "Key Success Factors of Information Systems Security," Journal of Information and Organizational Sciences, pp. 131-144, 2019.

Z. Shouran, T. K. Priyambodo and A. Ashari, "Information System Security: Human Aspects," International Journal of Scientific & Technology Research, pp. 111-115, 2019.

H. L. Kim, A. Hovav and J. Han, "Protecting intellectual property from insider threats," Journal of Intellectual Capital, pp. 181-202, 2019.

A. Ključnikov, L. Mura and D. Sklenár, "Information Security Management in SMEs: Factors of Success," Journal of Entrepreneurship and Sustainability Issues, pp. 2081-2094, 2019.

A. Georgiadou, S. Mouzakitis, K. Bounas and D. Askounis, "A Cyber-Security Culture Framework for Assessing Organization Readiness," Journal of Computer Information Systems, pp. 1-11, 2020.

A. da Veiga, L. V. Astakhova, A. Botha and M. Herselman, "Defining organisational information security culture – Perspectives from academia and industry," Computers & Security, 2020.

G. Solomon and I. Brown, "The influence of organisational culture and information security culture on employee compliance behaviour," Journal of Enterprise Information Management, 2020.

P. K. Sari, A. Prasetio, Candiwan, P. W. Handayani, A. N. Hidayanto, S. Syauqina, E. F. Astuti and F. P. Tallei, "Information security cultural differences among health care facilities in Indonesia," Heliyon 7, no. 6, 2021.

A. Tolah, S. M. Furnell and M. Papadaki, "An Empirical Analysis of the Information Security Culture Key Factors Framework," Computers & Security, 2021.

S. Tenzin, "An Investigation of the Factors that Influence Information Security Culture in Government Organisations in Bhutan," Doctoral Dissertation, Murdoch University, 2021.




DOI: http://dx.doi.org/10.31544/jtera.v7.i1.2022.73-82
Abstract 50 View    PDF viewed = 27 View

Refbacks

  • There are currently no refbacks.


Copyright (c) 2022 JTERA (Jurnal Teknologi Rekayasa)

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Copyright @2016-2021 JTERA (Jurnal Teknologi Rekayasa) p-ISSN 2548-737X e-ISSN 2548-8678.

     Lisensi Creative Commons

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

 

JTERA Editorial Office:
Politeknik Sukabumi
Jl. Babakan Sirna 25, Sukabumi 43132, West Java, Indonesia
Phone/Fax: +62 266215417
Whatsapp: +62 81809214709
Website: https://jtera.polteksmi.ac.id
E-mail: jtera@polteksmi.ac.id