Desain Instrumen Pengukuran Tingkat Kematangan Keamanan Siber Sektor Pemerintahan

Penulis

  • Tiska Hardiana Sekolah Teknik Elektro dan Informatika, Institut Teknologi Bandung, Indonesia
  • Suhardi Sekolah Teknik Elektro dan Informatika, Institut Teknologi Bandung, Indonesia

DOI:

https://doi.org/10.52436/1.jpti.1124

Kata Kunci:

instrumen penilaian, kematangan keamanan siber, NIST CSF, Perban 4/2021, instansi pemerintah, self-assessment

Abstrak

Abstrak
Keamanan siber menjadi isu penting bagi instansi pemerintah dalam menghadapi ancaman digital yang semakin kompleks. Penelitian ini bertujuan merancang instrumen pengukuran tingkat kematangan keamanan siber khusus untuk sektor pemerintahan di Indonesia, mengacu pada kerangka kerja NIST CSF versi 2.0 dan regulasi nasional Perban BSSN Nomor 4 Tahun 2021, yang mengatur tata kelola keamanan informasi dan standar teknis dalam implementasi SPBE. Penelitian ini menggunakan Design Science Research Methodology (DSRM), dengan integrasi Qualitative Content Analysis (QCA) dan Framework Alignment Matrix (FAM) sebagai bagian dari metodologi untuk melakukan sintesis literatur, pemetaan regulasi, dan penyusunan indikator. Instrumen yang dikembangkan berupa self-assessment berbasis kuesioner evaluatif, dilengkapi skala kematangan yang disusun berdasarkan prinsip Capability Maturity Model (CMM). Hasilnya, instrumen ini memiliki enam domain utama, yaitu Tata Kelola, Identifikasi, Proteksi, Deteksi, Penanggulangan, dan Pemulihan dengan 106 indikator yang dikodifikasi dan dipetakan ke dalam 66 komponen regulasi nasional. Validasi awal melalui simulasi penilaian di salah satu instansi pemerintah menunjukkan bahwa instrumen ini mampu merepresentasikan kondisi aktual keamanan siber organisasi, mempermudah evaluasi mandiri, dan mendukung pengambilan keputusan berbasis data. Kesimpulannya, instrumen ini dinilai praktis, komprehensif, dan relevan dengan kebutuhan sektor publik, serta memiliki potensi besar untuk diimplementasikan secara luas sebagai alat bantu evaluasi dan perbaikan berkelanjutan kapabilitas keamanan siber pada instansi pemerintahan di Indonesia.

Abstract
Cybersecurity is a crucial issue for government institutions in addressing increasingly complex digital threats. This study aims to design a cybersecurity maturity assessment instrument tailored for Indonesia’s public sector, referencing the NIST CSF version 2.0 framework and Perban BSSN Number 4 of 2021, which governs information security management and technical standards in e-government implementation. The research adopts the Design Science Research Methodology (DSRM) and incorporates Qualitative Content Analysis (QCA) and the Framework Alignment Matrix (FAM) as part of the methodology to synthesize literature, map regulatory requirements, and structure relevant indicators. The resulting instrument is a self-assessment tool in the form of an evaluative questionnaire, supported by a maturity scale based on the principles of the Capability Maturity Model (CMM). It comprises six main domains—Governance, Identification, Protection, Detection, Response, and Recovery—with 106 indicators codified and mapped into 66 national regulatory components. Initial validation through a simulated assessment in a government agency demonstrated that the instrument effectively represents the current state of organizational cybersecurity, facilitates self-evaluation, and supports data-driven decision-making. In conclusion, the instrument is practical, comprehensive, and well-aligned with the needs of the public sector, offering significant potential to be widely implemented as a tool for continuous evaluation and improvement of cybersecurity capabilities within Indonesian government institutions.

Unduhan

Data unduhan belum tersedia.

Referensi

BSSN, “LANSKAP KEAMANAN SIBER INDONESIA 2024,” 2024. Accessed: Mar. 13, 2025. [Online]. Available: https://www.bssn.go.id/monitoring-keamanan-siber/

Republik Indonesia, Peraturan Presiden Republik Indonesia Nomor 95 Tahun 2018 Tentang Sistem Pemerintahan Berbasis Elektronik. Indonesia, 2018.

Badan Siber dan Sandi Negara, Peraturan Badan Siber dan Sandi Negara Nomor 4 Tahun 2021 tentang Pedoman Manajemen Keamanan Informasi Sistem Pemerintahan Berbasis Elektronik dan Standar Teknis dan Prosedur Keamanan Sistem Pemerintahan Berbasis Elektronik. Indonesia, 2021.

A. Rabii, S. Assoul, K. Ouazzani Touhami, and O. Roudies, “Information and cyber security maturity models: a systematic literature review,” Oct. 01, 2020, Emerald Group Holdings Ltd. doi: 10.1108/ICS-03-2019-0039.

N. T. Le and D. B. Hoang, “Can maturity models support cyber security?,” in 2016 IEEE 35th International Performance Computing and Communications Conference (IPCCC), 2016. doi: 10.1109/PCCC.2016.7820663.

M. C. Paulk, B. Curtis, M. B. Chrissis, and C. V Weber, “Capability Maturity Model SM for Software, Version 1.1,” 1993. [Online]. Available: http://www.rai.com

Carnegie Mellon University, Capability Maturity Model Integration (CMMI SM), Version 1.1. 2002.

NIST, “The NIST Cybersecurity Framework (CSF) 2.0,” Feb. 2024. doi: 10.6028/NIST.CSWP.29.

Badan Siber dan Sandi Negara, PERATURAN BADAN SIBER DAN SANDI NEGARA NOMOR 6 TAHUN 2021 TENTANG ORGANISASI DAN TATA KERJA BADAN SIBER DAN SANDI NEGARA. Indonesia, 2021.

A. Shaked, L. Tabansky, and Y. Reich, “Incorporating Systems Thinking into a Cyber Resilience Maturity Model,” IEEE Engineering Management Review, vol. 49, no. 2, pp. 110–115, Apr. 2021, doi: 10.1109/EMR.2020.3046533.

Y. Maleh, A. Sahid, and M. Belaissaoui, “A MATURITY FRAMEWORK FOR CYBERSECURITY GOVERNANCE IN ORGANIZATIONS,” EDPACS, vol. 63, no. 6, pp. 1–22, 2021, doi: 10.1080/07366981.2020.1815354.

M. Zammani, R. Razali, and D. Singh, “Organisational Information Security Management Maturity Model,” International Journal of Advanced Computer Science and Applications, vol. 12, no. 9, pp. 668–678, 2021, doi: 10.14569/IJACSA.2021.0120974.

J. Vom Brocke, A. Hevner, and A. Maedche, Design Science Research. Cases. Springer, 2020. doi: https://doi.org/10.1007/978-3-030-46781-4.

Klaus. Krippendorff, Content analysis?: an introduction to its methodology. Sage, 2004.

M. E. Whitman and H. J. Mattord, Management of Information Security, Sixth Edition. Cengage, 2018.

R. Wendler, “The maturity of maturity model research: A systematic mapping study,” Inf Softw Technol, vol. 54, no. 12, pp. 1317–1339, Dec. 2012, doi: 10.1016/j.infsof.2012.07.007.

T. De Bruin et al., “Understanding the Main Phases of Developing a Maturity Assessment Model,” in Australasian (ACIS) ACIS 2005 Proceedings, 2005. [Online]. Available: http://aisel.aisnet.org/acis2005/109

G. Büyüközkan and M. Güler, “Cybersecurity maturity model: Systematic literature review and a proposed model,” Technol Forecast Soc Change, vol. 213, Apr. 2025, doi: 10.1016/j.techfore.2025.123996.

A. Aliyu et al., “A holistic cybersecurity maturity assessment framework for higher education institutions in the United Kingdom,” Applied Sciences (Switzerland), vol. 10, no. 10, May 2020, doi: 10.3390/app10103660.

M. N. Y. Marican, S. A. Razak, A. Selamat, and S. H. Othman, “Cyber Security Maturity Assessment Framework for Technology Startups: A Systematic Literature Review,” IEEE Access, vol. 11, pp. 5442–5452, 2023, doi: 10.1109/ACCESS.2022.3229766.

M. J. Butkovic and R. A. Caralli, “Advancing Cybersecurity Capability Measurement Using the CERT ®-RMM Maturity Indicator Level Scale CERT ® Division,” 2013. [Online]. Available: http://www.sei.cmu.edu

S. Almuhammadi and M. Alsaleh, “Information Security Maturity Model for Nist Cyber Security Framework,” Academy and Industry Research Collaboration Center (AIRCC), Feb. 2017, pp. 51–62. doi: 10.5121/csit.2017.70305.

A. M. Rea-Guaman, T. San Feliu, J. A. Calvo-Manzano, and I. D. Sanchez-Garcia, “Comparative study of cybersecurity capability maturity models,” in Communications in Computer and Information Science, Springer Verlag, 2017, pp. 100–113. doi: 10.1007/978-3-319-67383-7_8.

A. Ibrahim, C. Valli, I. McAteer, and J. Chaudhry, “A security review of local government using NIST CSF: a case study,” Journal of Supercomputing, vol. 74, no. 10, pp. 5171–5186, Oct. 2018, doi: 10.1007/s11227-018-2479-2.

J. Venable, J. Pries-Heje, and R. Baskerville, “FEDS: A Framework for Evaluation in Design Science Research,” European Journal of Information Systems, vol. 25, no. 1, pp. 77–89, Jan. 2016, doi: 10.1057/ejis.2014.36.

ISACA, Implementing the NIST Cybersecurity Framework Using COBIT 2019. 2019. [Online]. Available: www.instagram.com/isacanews/

A. Tarhan, O. Turetken, and H. A. Reijers, “Business process maturity models: A systematic literature review,” Inf Softw Technol, vol. 75, pp. 122–134, Jul. 2016, doi: 10.1016/j.infsof.2016.01.010.

L. Bernardo, S. Malta, and J. Magalhães, “An Evaluation Framework for Cybersecurity Maturity Aligned with the NIST CSF,” Electronics (Switzerland), vol. 14, no. 7, Apr. 2025, doi: 10.3390/electronics14071364.

##submission.downloads##

Diterbitkan

2025-11-20

Cara Mengutip

Hardiana, T., & Suhardi, S. (2025). Desain Instrumen Pengukuran Tingkat Kematangan Keamanan Siber Sektor Pemerintahan. Jurnal Pendidikan Dan Teknologi Indonesia, 5(11), 3288-3305. https://doi.org/10.52436/1.jpti.1124

Terbitan

Vol 5 No 11 (2025): JPTI - November 2025

Bagian

Artikel

Lisensi

Creative Commons License

Artikel ini berlisensi Creative Commons Attribution 4.0 International License.