Comprehensive Cybersecurity Framework for Digital Governance: Threat Assessment, Risk Mitigation, and Regulatory Compliance in Indonesia
DOI:
https://doi.org/10.55606/jutiti.v5i3.6379Keywords:
Digital Transformation, Government Cybersecurity, Information Security Framework, Regulatory Compliance, Risk MitigationAbstract
Digital transformation of government administration brings significant benefits in improving public service efficiency and citizen access to information. However, digitalization also opens opportunities for increasingly complex and organized cyber threats. This journal explores a comprehensive cybersecurity framework for digital governance through an extensive literature review that includes threat assessment, risk mitigation strategies, and regulatory compliance analysis. This research analyzes international frameworks (NIST CSF 2.0, ISO/IEC 27001:2022, COBIT 2019), Indonesian national standards (Law No. 1 of 2024 on Information and Electronic Transactions, SPBE, BSSN), and best practices in incident response and Zero Trust Architecture. Results demonstrate that government cybersecurity requires a holistic approach integrating technical aspects, policy, human resources, and governance. This journal recommends implementing a comprehensive cybersecurity framework, enhancing human capital capacity, adopting cutting-edge technology, and fostering inter-institutional coordination to build sustainable cybersecurity resilience for government entities.
Downloads
References
Asyrofi, M. F., & Nugraha, I. G. D. (2025). Cybersecurity of work from anywhere model for government: A systematic literature review. International Journal of Electrical, Computer and Biomedical Engineering, 3(1), 124. https://doi.org/10.62146/ijecbe.v3i1.113
Badan Siber dan Sandi Negara. (2021). Peraturan BSSN Nomor 6 Tahun 2021 tentang Pengawasan Keamanan Informasi Penyelenggara Sistem Elektronik Strategis. Jakarta: BSSN.
Badan Siber dan Sandi Negara. (2024). Peraturan BSSN Nomor 1 Tahun 2024 tentang Pengelolaan Insiden Siber. Jakarta: BSSN.
Badan Siber dan Sandi Negara. (2024). Peraturan BSSN Nomor 7 Tahun 2024 tentang Penilaian Kesesuaian Teknologi Informasi. Jakarta: BSSN.
Badan Siber dan Sandi Negara. (2024). Peraturan BSSN Nomor 8 Tahun 2024 tentang Standar dan Tata Cara Pelaksanaan Audit Keamanan Sistem Pemerintahan Berbasis Elektronik (SPBE). Jakarta: BSSN.
Carello, M. P., Marchetti Spaccamela, A., Querzoni, L., & Angelini, M. (2023). A systematization of cybersecurity regulations, standards and guidelines for the healthcare sector. In Proceedings of IEEE ISI 2023: 20th Annual IEEE International Conference on Intelligence and Security Informatics (pp. 1-6). IEEE. https://doi.org/10.1109/ISI58743.2023.10297246
International Organization for Standardization. (2022). ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection. Information security management systems. Requirements. Geneva: ISO/IEC.
ISACA. (2019). COBIT 2019 - Governance and management of enterprise IT: Framework and objectives. Rolling Meadows: ISACA.
ISACA. (2020). COBIT 2019 and COBIT 5 comparison. Industry News Report. Retrieved from https://www.isaca.org
National Institute of Standards and Technology. (2024). The NIST Cybersecurity Framework 2.0 (Publication CSWP 29). U.S. Department of Commerce. https://doi.org/10.6028/NIST.CSWP.29
Peraturan Presiden Nomor 95 Tahun 2018 tentang Sistem Pemerintahan Berbasis Elektronik. Lembaran Negara Republik Indonesia Tahun 2018 Nomor 192.
Savaş, S., & Karataş, S. (2022). Cyber governance studies in ensuring cybersecurity: An overview of cybersecurity governance. International Cybersecurity Law Review, 3(1), 7-34. https://doi.org/10.1365/s43439-021-00045-4
Shiddique, M. R., & Juned, M. (2023). Human capital development for cybersecurity: Examining BSSN's contributions in the Indonesia-Australia cyber policy dialogue (2018-2020). Journal of Government and Development, 6(4), 215-224. https://doi.org/10.31014/aior.1991.06.04.457
Tempo.co. (2024, June 25). PDNS lumpuh karena serangan ransomware, data terdampak tidak bisa dipulihkan. Retrieved from https://www.tempo.co/hukum/pdns-lumpuh-karena-serangan-ransomware-data-terdampak-tidak-bisa-dipulihkan--45597
Undang-Undang Nomor 1 Tahun 2024 tentang Perubahan Kedua atas Undang-Undang Nomor 11 Tahun 2008 tentang Informasi dan Transaksi Elektronik. Lembaran Negara Republik Indonesia Tahun 2024.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Jurnal Teknik Informatika dan Teknologi Informasi
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
