Development of an Integrated it Risk Management Framework for Electronic-Based Government Systems: A Case Study of The XYZ Ministry

  • Irfan Erfian Nurdin Bina Nusantara University, Jakarta Pusat, Indonesia
DOI: https://doi.org/10.31538/iijse.v7i1.4322
Keywords: IT Risk Management, Electronic Government System, SPBE index

Abstract

This study establishes a robust IT risk management and governance framework for The XYZ Ministry. The design combines ISO 31000 and NIST SP 800-30 methodologies, tailored for electronic-based government systems and alignment with regulatory mandates. The research emphasizes improved IT risk management, incident response, and disaster recovery, targeting optimal electronic-based government operations. Adapting this model offers solutions for central and local government entities. Using ISO 31000 and NIST SP 800-30 revision 1, a risk priority matrix was produced, showcasing the relationship between assets and threats, and identifying varying risk levels. Specifically, the most significant risk at The XYZ Ministry was outdated policies. This risk is due to the slow adaptation to central government regulations and current IT standards. This highlights the need for the ministry to incorporate risk management outcomes into its IT governance, essential for risk mitigation and strategic alignment with government directives.

Downloads

Download data is not yet available.

References

Abied, O., O. Ibrahim, and S. N.-I. Mat Kamal. (2022). "Adoption of cloud computing in E-government: A systematic literature review." Pertanika Journal of Science & Technology. https://doi.org/10.47836/pjst.30.1.36

Agung, Muhammad Zakuan. (2019). "Perancangan Disaster Recovery Plan Sistem Informasi Akademik dengan Pendekatan Kerangka Kerja NIST 800-34." JTERA (Jurnal Teknologi Rekayasa). https://doi.org/10.31544/jtera.v4.i2.2019.157-166

Akkiyat, Ikram, and Nissrine Souissi. (2019). "Modelling Risk Management Process According to ISO." International Journal of Recent Technology and Engineering (IJRTE) Volume 8 No 2: https://doi.org/10.35940/ijrte.B3751.078219.

Allioui, Hanane, and Youssef Mourdi. (2023). “Unleashing the Potential of AI: Investigating Cutting-Edge Technologies That Are Transforming Businesses.” International Journal of Computer Engineering and Data Science (IJCEDS) 3(2), 1–12.

Barafort, Béatrix, Antoni Lluís Mesquida, and Antònia Mas. (2018). "Integrated Risk Management Process Assessment Model for IT Organizations Based on ISO 31000 in an ISO Multi-Standards Context." Computer Standards and Interfaces 60 https://doi.org/10.1016/j.csi.2018.04.010

Brunner, Michael, Clemens Sauerwein, and Michael Felde. (2020). "Risk Management Practices in Information Security: Exploring the Status Quo in the DACH Region." Computers and Security https://doi.org/10.1016/j.cose.2020.101776

Fazlida, M.R., and Jamaliah Said. (2015). "Information Security: Risk, Governance and Implementation." Procedia Economics and Finance 28 (April) https://doi.org/10.1016/s2212-5671(15)01106-5

Fazlidaa, M.R., and Jamaliah Said. (2015). "Information Security: Risk, Governance and Implementation Setback." Procedia Economics and Finance https://doi.org/10.1016/S2212-5671(15)01106-5

Fikri, Muhamad Al. (2019). "Risk assessment using NIST SP 800-30 revision 1 and ISO 27005 combination technique in profit-based organization: Case study of ZZZ information system application in ABC agency." Procedia Computer Science (Elsevier).

Gordon, Lawrence A. , Martin P. Loeb, and Lei Zhou. (2020). "Integrating cost–benefit analysis into the NIST Cybersecurity Framework via the Gordon–Loeb Model." Journal of Cybersecurity DOI: 10.1093/cybsec/tyaa005.

HM, Jogiyanto, Willy Abdillah, dan Sigit Suyantoro. (2011). Sistem tatakelola teknologi informasi. Yogyakarta: Andi, 2011.

Iin, Hurin. 2017. Manajemen Risiko Teknologi Informasi Padaproyek Perusahaan Xyz Melalui Kombinasi Cobit, Pmbok, Dan Iso 31000. Surabaya: Institut Teknologi Sepuluh Nopember.

Joshi, Anant, Laury Bollen, Harold Hassink, and Steven. (2018). "Explaining IT Governance Disclosure through the Constructs of IT Governance Maturity and IT Strategic Role." Information and Management Vol 55 https://doi.org/10.1016/j.im.2017.09.003

Kasidi. (2010). Risk management. Bogor: Ghalia Indonesia.

Kasma, Vira Septiyana, Sarwono Sutikno, and Kridanto Surendro. (2019). "Design of e-Government Security Governance System Using COBIT 2019 : (Trial Implementation in Badan XYZ)." International Conference on ICT for Smart Society (ICISS). https://doi.org/10.1109/ICISS48059.2019.8969808

Kementerian PAN RB. 2022. Reviu Hasil Penilaian Evaluasi SPBE Tahun 2022 Kementerian PPN/Bappenas. Jakarta: Kementerian PAN RB.

Khairiyah, I., Lubis, F., & Nasution, M. L. (2023). Analysis of the Influence of External Factors of Sharia Bank on Non-Performing Financing (NPF) of Indonesian Sharia Commercial Banks. Indonesian Interdisciplinary Journal of Sharia Economics (IIJSE), 6(3), 1838-1851. https://doi.org/10.31538/iijse.v6i3.3899

Kusumastuti, R., Mulyati, H., & Suprayitno, G. (2021). Disclosure Integration of Lean Six Sigma Principles in Sustainable Supply Chain in Poultry Industry. Indonesian Interdisciplinary Journal of Sharia Economics (IIJSE), 4(1), 300-312. https://doi.org/10.31538/iijse.v4i1.1706

Lee, Mordecai, Grant Neeley, and Kendra Stewart. (2021). The Practice of Government Public Relations. Routledge.

Marchiori, Danilo Magno , Ricardo Gouveia Rodrigues, Emerson Wagner Mainardes, and Silvio Popadiuk. (2023). "Smith, J. A., & Jones, M. B. (2019). The role of information technology in optimizing organizational performance in the public and private sectors. Journal of Business and Technology, 45(3), 152-168." Revista de Administração Pública 57(2). http://dx.doi.org/10.1590/0034-761220220221x

Masso, Jhon Eder, Francisco J. Pino, J. Pardo, F. García, and M. Piattini. 2020. "Risk management in the software life cycle: A systematic literature review." Computer Standards & Interfaces. https://doi.org/10.1016/j.csi.2020.103431

Olechowski, A., J. Oehmen, W. Seering, and M. Ben-Daya. (2016). "The professionalization of risk management: What role can the ISO 31000 risk management principles play?" International Journal of Project Management 34(8), 1568–1578. https://doi.org/10.1016/j.ijproman.2016.08.002

Oliveira, De, Fernando Augusto, and Silva Marins. (2017). "The ISO 31000 Standard in Supply Chain Risk." Journal of Cleaner Production https://doi.org/10.1016/j.jclepro.2017.03.054

Settembre-Blundo, Davide, Rocío González-Sánchez, Sonia Medina-Salgado, and Fernando E García-Muiña. (2021). “Flexibility and Resilience in Corporate Decision Making: A New Sustainability-Based Risk Management System in Uncertain Times.” Global Journal of Flexible Systems Management 22(Suppl 2): 107–32.

Shakibazad, Mohammad, and Ali Jabbar Rashidi. (2020). "New Method for Assets Sensitivity Calculation and Technical Risks Assessment in the Information Systems." IET Information Security 14 https://doi.org/10.1049/iet-ifs.2018.5390

Shameli-Sendi, Alireza , Rouzbeh Aghababaei-Barzegar, and Mohamed Cheriet. 2015. "Taxonomy of Information Security Risk Assessment (ISRA)." Computers & Security 57. https://doi.org/10.1016/j.cose.2015.11.001

Stoneburner, Gary, Goguen, Alice, Feringa, and Alexi. (2002). "Risk Management Guide for Information Technology Systems." National Institute of Standards and Technology.

Tanuwijaya, H., and R. Sarno. (2010). "Comparation of CobiT Maturity Model and Structural Equation Model for Measuring the Alignment between University." IJCSNS International Journal of Computer Science and Network Security.

Toha, M., Ulfa, E., & Yanti Sandra Dewi, N. (2021). Analysis of The Implementation of Sharia Strategy Management at BMT Maslahah. Majapahit Journal of Islamic Finance and Management, 1(1), 29-40. https://doi.org/10.31538/mjifm.v1i1.3

Webb, J., and D. Hume. (2018). "Campus IoT Collaboration and Governance using the NIST Cybersecurity Framework." Conference Paper. https://doi.org/10.1049/cp.2018.0025

Wolingpirayat, J. (2007). "E-payment Strategies of Bank Card Innovation." Journal of Internet Banking And Commerce.

Published
2024-01-31
How to Cite
Nurdin, I. (2024). Development of an Integrated it Risk Management Framework for Electronic-Based Government Systems: A Case Study of The XYZ Ministry. Indonesian Interdisciplinary Journal of Sharia Economics (IIJSE), 7(1), 1331-1353. https://doi.org/10.31538/iijse.v7i1.4322
Issue
Vol 7 No 1 (2024): Sharia Economics
Section
Articles

Copyright (c) 2024 Irfan Erfian Nurdin

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Authors who publish with this journal agree to the following terms:

      • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
      • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
      • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.