NIST Cybersecurity Framework in the Lens of Indonesian Internal Auditors

Darojatum Muthi’atur Rofi’ah

doi:10.31538/iijse.v8i2.6027

Darojatum Muthi’atur Rofi’ah Universitas Airlangga, Surabaya, Indonesia

DOI: https://doi.org/10.31538/iijse.v8i2.6027

Keywords: Internal audit, cybersecurity framework, NIST

Abstract

This study interprets the application of the NIST Cybersecurity Framework (CSF) by Indonesian internal auditors. Employing Paul Ricoeur’s hermeneutic phenomenology and Interpretative Phenomenological Analysis (IPA), this research delves into the meaning of CSF from the perspective of internal auditors, including its adaptation to local organizational culture and the factors shaping its effectiveness. Key findings reveal that CSF transcends its role as a technical guide, acting instead as a driver for cybersecurity culture transformation. This study’s implications emphasize the necessity of cross-departmental collaboration, context-specific security policy departments, and the enhancement of internal auditor competencies. The novelty of this research lies in its application of in-depth interpretative analysis, showing CSF as an adaptive tool fostering cybersecurity systems attuned to Indonesia’s unique characteristics.

Downloads

Download data is not yet available.

Author Biography

Darojatum Muthi’atur Rofi’ah, Universitas Airlangga, Surabaya, Indonesia

As a Master's student in Accounting at Universitas Airlangga, I am passionate about delving into the intricacies of auditing, from internal controls to forensic investigations. My academic journey has been fueled by a curiosity for the complexities of accounting and tax, and I am eager to contribute to the field through research and analysis. Beyond the numbers, I am a creative individual with a lifelong love of writing, a skill I have honed since elementary school. This unique blend of analytical and creative thinking allows me to approach research with a fresh perspective.

References

Ahmi, A., Saidin, S. Z., & Abdullah, A. (2014). IT Adoption by Internal Auditors in Public Sector: A Conceptual Study. Procedia - Social and Behavioral Sciences, 164. https://doi.org/10.1016/j.sbspro.2014.11.151

Amanda, D., Mutiah, N., & Rahmayudha, S. (2023). Analisis Tingkat Kematangan Keamanan Informasi Menggunakan NIST Cybersecurity Framework dan CMMI. Coding Jurnal Komputer dan Aplikasi, 11(2). https://doi.org/10.26418/coding.v11i2.65088

Ardianto, A., Anridho, N., Ngelo, A. A., Ekasari, W. F., & Haider, I. (2023). Internal audit function and investment efficiency: Evidence from public companies in Indonesia. Cogent Business and Management, 10(2). https://doi.org/10.1080/23311975.2023.2242174

Balafif, S. (2023). Penyesuaian Model Ketahanan Siber Umkm Di Indonesia Dengan Nist Cybersecurity Framework. Jurnal Informatika: Jurnal Pengembangan IT, 8(3). https://doi.org/10.30591/jpit.v8i3.5662

Bozkus Kahyaoglu, S., & Caliyurt, K. (2018). Cyber security assurance process from the internal audit perspective. Managerial Auditing Journal, 33(4). https://doi.org/10.1108/MAJ-02-2018-1804

Handoyo, E., & Izza Eka Nigrum. (2024). Penilaian risiko keamanan siber kampus menggunakan framework cybersecurity NIST 1.1. Jurnal CoSciTech (Computer Science and Information Technology), 4(3). https://doi.org/10.37859/coscitech.v4i3.5628

Hidayat, V. K., & Wang, G. (2023). A Comprehensive Cybersecurity Maturity Study for Nonbank Financial Institution. Journal of System and Management Sciences, 13(5). https://doi.org/10.33168/JSMS.2023.0534

Kotter, J. P. (2007). Leading change: Why transformation efforts fail. Dalam Harvard Business Review (Vol. 85, Nomor 1). https://doi.org/10.1007/978-1-137-16511-4_7

Kunaifi, A., Ali Sad, A., & Mawardi, A. (2023). Opportunities Analysis of Indonesian Sharia Bank (BSI) Become Top 5 Bank in Indonesia Based on Asset Strength and Vision Mission. Majapahit Journal of Islamic Finance and Management, 2(1), 1–22. https://doi.org/10.31538/mjifm.v2i1.21

Maria Alina, C., Elena Cerasela, S., & Gabriela, G. (2017). Internal Audit Role in Cybersecurity. Economic Sciences Series, 17(2).

National Institute of Standards and Technology. (2023). NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework Note to Reviewers. U.S. Department of Commerce.

NIST. (2018). Framework for Improving Critical Infrastructure Cybersecurity [v1.1 Draft]. National Institute of Standards and Technology.

Pramono, S. E. (2008). Transformasi Peran Internal Auditor dan Pengaruhnya Bagi Organisasi. Media Riset Akuntansi, Auditing & Informasi, 3(2). https://doi.org/10.25105/mraai.v3i2.2820

Pundmann, S., Juergens, M., Young, C., Kovesdy, G., & Wilson, G. (2017). Cybersecurity and the role of internal audit - An urgent call to action. An urgent call to action.

Putri, T. S., Mutiah, N. M., & Prawira, D. P. (2022). ANALISIS MANAJEMEN RISIKO KEAMANAN INFORMASI MENGGUNAKAN NIST CYBERSECURITY FRAMEWORK DAN ISO/IEC 27001:2013 (Studi Kasus: Badan Pusat Statistik Kalimantan Barat). Coding Jurnal Komputer dan Aplikasi, 10(02). https://doi.org/10.26418/coding.v10i02.54972

Putro, P. A. W., Sensuse, D. I., & Wibowo, W. S. S. (2024). Framework for critical information infrastructure protection in smart government: a case study in Indonesia. Information and Computer Security, 32(1). https://doi.org/10.1108/ICS-03-2023-0031

PwC. (2014). Why you should adopt the NIST cybersecurity framework. PwC, May.

Retnowardhani, A., Diputra, R. H., & Triana, Y. S. (2019). Security risk analysis of bring your own device (BYOD) system in manufacturing company at Tangerang. Telkomnika (Telecommunication Computing Electronics and Control), 17(2). https://doi.org/10.12928/TELKOMNIKA.v17i2.10165

Ricoeur, P., & Thompson, J. B. (2016). Hermeneutics and the human sciences: Essays on language, action and interpretation. Dalam Hermeneutics and the Human Sciences: Essays on Language, Action and Interpretation. https://doi.org/10.1017/CBO9781316534984

Risfa, M., & Lestari, W. (2023). Metamorfosis Peran Auditor Internal. Owner, 7(3). https://doi.org/10.33395/owner.v7i3.1528

Sama, H., Licen, L., Saragi, J. S. D., Erline, M., Kelvin, K., Hartanto, Y., Winata, J., & Devalia, M. (2021). STUDI KOMPARASI FRAMEWORK NIST DAN ISO 27001 SEBAGAI STANDAR AUDIT DENGAN METODE DESKRIPTIF STUDI PUSTAKA. Rabit: Jurnal Teknologi dan Sistem Informasi Univrab, 6(2). https://doi.org/10.36341/rabit.v6i2.1752

Sawyer, L. B. (2003). Sawyer’s Internal Auditing: The Practice of Modern Internal Auditing. The Institute of Internal Auditors.

Sensuse, D. I., Putro, P. A. W., Rachmawati, R., & Sunindyo, W. D. (2022). Initial Cybersecurity Framework in the New Capital City of Indonesia: Factors, Objectives, and Technology. Dalam Information (Switzerland) (Vol. 13, Nomor 12). https://doi.org/10.3390/info13120580

Sherina Darmawati, D. (2022). Pengaruh Auditor Internal dan Kebijakan Manajeman Terhadap Efektivitas Keamanan Siber. Jurnal Ekonomi Trisakti, 2(2).

Soemarso, S. R. (2005). Akuntansi suatu pengantar, edisi kelima. Jakarta: Salemba Empat, 5.

Spencer Pickett, K. H. (2015). The internal auditing handbook: Third edition. Dalam The Internal Auditing Handbook: Third Edition. https://doi.org/10.1002/9781119201717

Sri, D. J., Perwakilan, P., Provinsi, B., & Selatan, S. (t.t.). Auditor Internal Pemerintah di Era Dgital.

Stafford, T., Deitz, G., & Li, Y. (2018). The role of internal audit and user training in information security policy compliance. Managerial Auditing Journal, 33(4). https://doi.org/10.1108/MAJ-07-2017-1596

Sugara, V. I., Syahrial, H., & Syafrullah, M. (2019). Sistem Pemeriksaan Keamanan Informasi Menggunakan National Institute of Standards and Technology (NIST) Cybersecurity Framework. Komputasi: Jurnal Ilmiah Ilmu Komputer dan Matematika, 16(1). https://doi.org/10.33751/komputasi.v16i1.1591

Tan, T., & Soewito, B. (2022). Manajemen Risiko Serangan Siber Menggunakan Framework NIST Cybersecurity di Universitas ZXC. Journal of Information System, Applied, Management, Accounting and Research, 6(2).

The Institute of Internal Auditors (IIA). (2013). The IIA’s Global Internal Audit Competency. IIA.