Analysis of Employee Capacity Gap in Managing Network Security and Its Implementation Towards Insider Threat Prevention

Felix Noel Sitorus; Ruki Harwahyu

doi:10.57152/malcom.v5i2.1878

Authors

Felix Noel Sitorus Universitas Indonesia
Ruki Harwahyu Universitas Indonesia

DOI:

https://doi.org/10.57152/malcom.v5i2.1878

Keywords:

Employee Capacity, Gap Analysis, Insider Threat Prevention, ISO 27001, Network Security

Abstract

Network security is crucial for protecting organizational information in the rapidly evolving digital era. Threats to networks do not only come from external sources, such as malware or hacking, but also from within the organization, known as insider threats. These threats can cause significant losses, whether due to intentional or unintentional actions by employees or internal parties with access to the system. Therefore, employees' ability to manage network security is key to addressing these threats. Handling insider threats must be a top priority for organizations. This study aims to analyze the employee capacity gap in managing network security and its impact on preventing insider threats in XYZ Organization. By implementing ISO 27001 security standards, particularly within the context of the Information Security Management System (ISMS) using the PDCA approach, this research evaluates how human resource management relates to information asset management and network security maintenance. The findings indicate that gaps in employees' knowledge and skills regarding network security significantly contribute to vulnerabilities against insider threats. This study also highlights how the implementation of ISO 27001, which emphasizes asset analysis and the PDCA cycle, can help organizations improve information security governance and prevent insider threats

Downloads

Download data is not yet available.

References

I. Setiawan, A. R. Sekarini, R. Waluyo, and F. N. Afiana, “Manajemen Risiko Sistem Informasi Menggunakan ISO 31000 dan Standar Pengendalian ISO/EIC 27001 di Tripio Purwokerto,” MATRIK?: Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, vol. 20, no. 2, pp. 389–396, May 2021, doi: 10.30812/matrik.v20i2.1093.

BSSN, ‘BSSN: Indeks Keamanan Siber RI Peringkat 24 dari 194 Negara’ CNN Indonesia. Accessed: Jan. 02, 2025. [Online]. Available: https://www.cnnindonesia.com/teknologi/20210907150335-185-690926/bssn-indeks-keamanan-siber-ri-peringkat-24-dari-194-negara

M. said Hasibuan and R. Y. Rahman, “Evaluasi Keamanan Informasi Pada Sman 1 Xyz Menggunakan Indeks Kami Versi 4.2,” JURNAL FASILKOM, vol. 13, no. 02, pp. 181–187, Aug. 2023, doi: 10.37859/jf.v13i02.4916.

F. Olaoye, “Insider Threat Detection and Prevention,” 2024. [Online]. Available: https://www.researchgate.net/publication/383565287

Darian Rizaludin and M. Noor Al-Azam, “Automatic Sign of Commencement of Work from Enterprise Resource Planning.” [Online]. Available: http://ip.address.api/index.php?

D. Hariyadi, M. Kusuma, and A. Sholeh, “Digital Forensics Investigation on Xiaomi Smart Router Using SNI ISO/IEC 27037:2014 and NIST SP 800-86 Framework,” 2021.

A.-H. Julianda, R. Fauzi, R. A. Nugraha, and J. S. Informasi, “Pages 242-255 ISSN?: 2597-4084 Published By STIE Amkop Makassar Analisis Dan Perancangan Domain Data Security Management Menggunakan Dama,” 2022.

R. N. J. Meimo Nakashita et al., “Analisis Manajemen Risiko Teknologi Informasi dengan Metode FMEA dan Kontrol ISO 27001:2013 Pada Perusahaan Kontruksi Kapal,” Jurnal Ilmiah Media Sisfo, vol. 18, no. 2, pp. 166–176, Oct. 2024, doi: 10.33998/mediasisfo.2024.18.2.1795.

M. Abdul, F. Ys, B. Parga Zen, and D. E. Wasitarini, “Penerapan Sistem Manajemen Keamanan Informasi ISO 27001 pada Perpusnas RI dalam mendukung Keamanan Tata Kelola Teknologi Informasi,” 2023.

A. Lisa Maryanto, M. Noor Al Azam, A. Nugroho, and P. Sistem Informasi, “Evaluasi Manajemen Keamanan Informasi Pada Perusahaan Pemula Berbasis Teknologi Menggunakan Indeks Kami Evaluation Of Information Security Management In Technology-Based Beginning Company Using The Kami Index,” vol. 11, no. 1, 2022.

I. M. Lopes, T. Guarda, and P. Oliveira, “Implementation of ISO 27001 Standards as GDPR Compliance Facilitator,” Journal of Information Systems Engineering and Management, vol. 4, no. 2, 2019, doi: 10.29333/jisem/5888.

J. Kajian Stratejik Ketahanan Nasional Jurnal Kajian Stratejik Ketahanan Nasional Volume, R. Hendra Kurniawan, A. Rivai Ras, R. Hendra, and A. Rivai, “Analisis Ancaman Terhadap Penerapan Framework Manajemen Insiden Di Indonesia,” 2019. [Online]. Available: https://scholarhub.ui.ac.id/jksknAvailableat:https://scholarhub.ui.ac.id/jkskn/vol2/iss2/4

P. Perpustakaan Daerah Provinsi Sumatera Selatan, C. Renaldi Simanjuntak, S. Akbar Pratama, G. Barovih, and I. Teknologi dan Bisnis Palcomtech, “Remanajemen Jaringan Menggunakan Framework NIST Network Remanagement Using the NIST Framework at the Regional Library of South Sumatra Province,” 2023.

I. Herrera Montano, J. J. García Aranda, J. Ramos Diaz, S. Molina Cardín, I. de la Torre Díez, and J. J. P. C. Rodrigues, “Survey of Techniques on Data Leakage Protection and Methods to address the Insider threat,” Cluster Comput, vol. 25, no. 6, pp. 4289–4302, Dec. 2022, doi: 10.1007/s10586-022-03668-2.

R. A. Alsowail and T. Al-Shehari, “Techniques and countermeasures for preventing insider threats,” PeerJ Comput Sci, vol. 8, 2022, doi: 10.7717/PEERJ-CS.938.

M. N. Al-Mhiqani et al., “A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations,” Aug. 01, 2020, MDPI AG. doi: 10.3390/app10155208.

Wikipedia, “Manajemen risiko.” Accessed: Jan. 03, 2025. [Online]. Available: https://id.wikipedia.org/wiki/Manajemen_risiko#cite_note-1

V. Yasin, S. Tinggi, M. Informatika, and D. K. Jayakarta, “Kajian Cyber Security Dalam Rangka Koperasi Menghadapi Revolusi Industri 4.0,” 2023, doi: 10.52362/jisamar.v7i3.1132.

H. Ardiyanti, “CYBER-SECURITY DAN TANTANGAN PENGEMBANGANNYA DI INDONESIA.” [Online]. Available: http://kominfo.go.id/index.php/content/detail/3980/

M. Abdul, F. Ys, B. Parga Zen, and D. E. Wasitarini, “Penerapan Sistem Manajemen Keamanan Informasi ISO 27001 pada Perpusnas RI dalam mendukung Keamanan Tata Kelola Teknologi Informasi,” 2023.

M. Mirtsch, J. Kinne, and K. Blind, “Exploring the Adoption of the International Information Security Management System Standard ISO/IEC 27001: A Web Mining-Based Analysis,” IEEE Trans Eng Manag, vol. 68, no. 1, pp. 87–100, Feb. 2021, doi: 10.1109/TEM.2020.2977815.

A. Zulfikri, F. P. E. Putra, M. A. Huda, H. Hasbullah, M. Mahendra, and M. Surur, “Analisis Keamanan Jaringan Dari Serangan Malware Menggunakan Filtering Firewall Dengan Port Blocking,” Digital Transformation Technology, vol. 3, no. 2, pp. 857–863, Dec. 2023, doi: 10.47709/digitech.v3i2.3379.

R. A. Alsowail and T. Al-Shehari, “Empirical detection techniques of insider threat incidents,” IEEE Access, vol. 8, pp. 78385–78402, 2020, doi: 10.1109/ACCESS.2020.2989739.

G. G. Prapenan and G. C. Pamuji, “Information System Security Analysis of XYZ Company Using COBIT 5 Framework and ISO 27001:2013,” in IOP Conference Series: Materials Science and Engineering, IOP Publishing Ltd, Aug. 2020. doi: 10.1088/1757-899X/879/1/012047.

Indonesiare, “Mengenal Standard ISO 27001.” Accessed: Jan. 03, 2025. [Online]. Available: https://indonesiare.co.id/id/article/mengenal-standard-iso-27001

K. S. Al Fajri and R. Harwahyu, “Information Security Management System Assessment Model by Integrating ISO 27002 and 27004,” MALCOM: Indonesian Journal of Machine Learning and Computer Science, vol. 4, no. 2, pp. 498–506, Feb. 2024, doi: 10.57152/malcom.v4i2.1245.

D. E. R. Hidayatullah, R. Kunthi, and R. Harwahyu, “Design and Analysis of Information Security Risk Management Based on ISO 27005: Case Study on Audit Management System (AMS) XYZ Internal Audit Department,” International Journal of Electrical, Computer, and Biomedical Engineering, vol. 2, no. 3, Sep. 2024, doi: 10.62146/ijecbe.v2i3.81.

ISO, “ISO/IEC 27001 and related standards Information security management, ISO,” ISO. Accessed: Jan. 03, 2025. [Online]. Available: https://www.iso.org/isoiec-27001-information-security.html

A. Lisa Maryanto, M. Noor Al Azam, A. Nugroho, and P. Sistem Informasi, “Evaluasi Manajemen Keamanan Informasi Pada Perusahaan Pemula Berbasis Teknologi Menggunakan Indeks Kami Evaluation Of Information Security Management In Technology-Based Beginning Company Using The Kami Index,” vol. 11, no. 1, 2022.

J. Landers, S. Spence, and B. Morgan, “Evaluating the Effectiveness of Insider Threat Mitigation Preventive Measures.”

R. N. J. Meimo Nakashita et al., “Analisis Manajemen Risiko Teknologi Informasi dengan Metode FMEA dan Kontrol ISO 27001:2013 Pada Perusahaan Kontruksi Kapal,” Jurnal Ilmiah Media Sisfo, vol. 18, no. 2, pp. 166–176, Oct. 2024, doi: 10.33998/mediasisfo.2024.18.2.1795.

A. Intan Mafiana, L. Hanun, H. Mufidatul Ilmi, and S. Febriliani, “Implementasi Manajemen Keamanan Informasi Berbasis ISO 27001 Pada Sistem Informasi Akademik Universitas,” Journal of Digital Business and Innovation Management JDBIM (Journal of Digital Business and Innovation Management, vol. 2, no. 2, pp. 139–163, 2023, doi: 10.1234/jdbim.v2i2.57580.

P. Rachman, “Implementasi Plan-Do-Check-Act (Pdca) Berbasis Key Performance Indicators (Kpi): Studi Kasus Di Smp-Sma Integral Ar-Rohmah Dau Malang,” Jurnal Manajemen Pendidikan Islam, vol. 04, no. 02, pp. 132–145, 2020, doi: 10.33650/al-tanzim.v4i2.

F. Z. Zebua, A. B. Ndraha, and Y. Telaumbanua, “Evaluasi Implementasi Sistem Keuangan Desa (Siskeudes) Di Desa Orahili Tumori Evaluation Of The Emplementation Of The Village Financial Management System (Siskeudes) In Orahili Tumori Village,” Jurnal EMBA, vol. 10, no. 4, pp. 1410–1416, 1410.

O. A. Nurkholiq, O. Saryono, I. Setiawan, J. Fungsional, L. Kepala, and A. Ahli, “Analisis Pengendalian Kualitas (Quality Control) Dalam Meningkatkan Kualitas Produk”, [Online]. Available: https://jurnal.unigal.ac.id/index.php/ekonologi