Alignment of KAMI Index with Global Security Standards in Information Security Risk Maturity Evaluation

Supriyanto, Aji; Jananto, Arief; Razaq, Jeffri Alfa; Hartono, Budi; Damaryanti, Fitri

doi:10.2478/cait-2025-0018

Abstract

Various incidents of information security breaches in Indonesia in 2024, especially in government agencies, are very dangerous. Even the Temporary National Data Center (PDNS) Surabaya was paralyzed in public services. One of the reasons is that adequate security standards have not been implemented, even though in Indonesia, there are already Information Security standards (KAMI Index). This study aims to determine the alignment of the KAMI index with international security standards such as ISO 27001 and NIST based on the main security principles, namely Confidentiality, Integrity, Availability (CIA triad). The method is mapping the alignment of control elements (domains) in the standard based on ontology. The results showed that the level of alignment reached 56 percent (56%), or relatively high. This means harmonization regarding terminology, evaluation methods, and integration in national regulations is still needed to improve alignment with international standards.

References

Al-Suqri, M. N., M. Gillani. A Comparative Analysis of Information and Artificial Intelligence Toward National Security. – IEEE Access, Vol. 10, 2022, pp. 64420-64434.
Search in Google Scholar Back to article
Lee, G., S. Kim, I. Lee, S. Brown, Y. A. Carbajal. Adapting Cybersecurity Maturity Models for Resource‐Constrained Settings: A Case Study of Peru. – The Electronic Journal of Information Systems in Developing Countries, Vol. 91, 2025, No 1, e12350.
Search in Google Scholar Back to article
Pigola, A., P. R. da Costa. Cybersecurity Management: An Empirical Analysis of the Dynamic Capabilities Framework for Enhancing Cybersecurity Intelligence. – Information & Computer Security, 2025.
Search in Google Scholar Back to article
Aminudin, A., A. Supriyanto. Kematangan Risiko Keamanan Informasi Layanan TI Menggunakan Pendekatan NIST dan Standart ISO 27001: 2013 (Studi Kasus: Bapenda Provinsi Jawa Tengah). – AITI, Vol. 21, 2024, No 2, pp. 210-229.
Search in Google Scholar Back to article
Savitri, R., F. Firmansyah, D. Dworo, M. S. Hasibuan. Information Security Measurement Using INDEX KAMI at Metro City. – Journal of Applied Data Sciences, Vol. 5, 2024, No 1, pp. 33-45.
Search in Google Scholar Back to article
Wardhani, W. K., B. Soewito, M. Zarlis. Information Security Evaluation Using Case Study Information Security Index on Licensing Portal Applications. – Journal of Information Systems and Informatics, Vol. 5, 2023, No 4, pp. 1204-1220.
Search in Google Scholar Back to article
Nugroho, S., T. Rochmadi. Analysis of Information Security Readiness Using the Index KAMI. – Decode: Jurnal Pendidikan Teknologi Informasi, Vol. 4, 2024, No 3, pp. 881-886.
Search in Google Scholar Back to article
Sugiarto, P., Y. Suryanto. Evaluation of the Readiness Level of Information System Security at the BAKAMLA Using the KAMI Index Based on ISO 27001: 2013. – Int. J. Mech. Eng., Vol. 7, 2022, No 2, pp. 3607-3614.
Search in Google Scholar Back to article
Sofyan, H., W. Kaswidjanti, L. S. Ilmiyah. Information Security Index (ISI) 4.2 for Information Security Evaluation (Case Study: Sleman Regency Communication and Informatics Office). – In: Proc. of 1st International Conference on Advanced Informatics and Intelligent Information Systems (ICAI3S’23), 2023, Atlantis Press, 2024, pp. 188-200.
Search in Google Scholar Back to article
Waruwu, M., A. Indrati. IDN Media Information Security Management System Maturity Measurement Analysis Using ISO 27001: 2013 and KAMI Index Version 4.0. – International Research Journal of Advanced Engineering and Science, Vol. 6, 2021, No 3, pp. 36-40.
Search in Google Scholar Back to article
Suorsa, M., P. Helo. Information Security Failures Identified and Measured-ISO/IEC 27001:2013 Controls Ranked Based on GDPR Penalty Case Analysis. – Information Security Journal, Vol. 33, 2024, No 3, pp. 285-306.
Search in Google Scholar Back to article
Juma, A. H., A. A. Arman, F. Hidayat. Cybersecurity Assessment Framework: A Systematic Review. – In: Proc. of 10th International Conference on ICT for Smart Society, ICISS 2023, Institute of Electrical and Electronics Engineers Inc., 2023.
Search in Google Scholar Back to article
Apriany, A., A. Wibowo. Analysis of the Implementation of ISO 27001: 2022 and KAMI Index in Enhancing the Information Security Management System in Consulting Firms. – IJCCS (Indonesian Journal of Computing and Cybernetics Systems), Vol. 18, 2024, No 4, pp. 417-428.
Search in Google Scholar Back to article
Putro, P. A. W., D. I. Sensuse, W. S. S. Wibowo. Framework for Critical Information Infrastructure Protection in Smart Government: A Case Study in Indonesia. – Information and Computer Security, Vol. 32, 2024, No 1, pp. 112-129.
Search in Google Scholar Back to article
Kurii, Y., I. Opirskyy. Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001: 2013. – NIST Spec. Publ., Vol. 800, 2022, No 3, pp. 21-32.
Search in Google Scholar Back to article
Sulistyowati, D., F. Handayani, Y. Suryanto. Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002, and PCI DSS. – JOIV: International Journal on Informatics Visualization, Vol. 4, 2020, No 4, pp. 225-230.
Search in Google Scholar Back to article
Schrödter, A., B. E. Weißenberger. The Institutionalization of Digital Compliance. – Management Decision, 2024.
Search in Google Scholar Back to article
Raditya, M., P. Dewanto, T. Oktavia, D. Sundaram. Comparative Study of Information Security Evaluation Models for the Indonesian Government. – Journal of Theoretical and Applied Information Technology, Vol. 28, 2022, pp. 895-914.
Search in Google Scholar Back to article
Supriyanto, A., K. Mustofa. E-Gov Readiness Assessment to Determine the e-Government Maturity Phase. – In: Proc. of 2nd International Conference on Science in Information Technology (ICSITech’16), 2016, Information Science for Green Society and Environment, 2017, pp. 270-275.
Search in Google Scholar Back to article
Gupta, K., V. Mishra, A. Makkar. A Global Cybersecurity Standardization Framework for Healthcare Informatics. – IEEE Journal of Biomedical and Health Informatics, 2024, pp. 1-8.
Search in Google Scholar Back to article
Vakhula, O., Y. Kurii, I. Opirskyy, V. Susukailo. Security as Code Concept for Fulfilling ISO/IEC 27001: 2022 Requirements. – In: CPITS, 2024, pp. 59-72.
Search in Google Scholar Back to article
Djebbar, F., K. Nordstrom. A Comparative Analysis of Industrial Cybersecurity Standards. – IEEE Access, Vol. 11, 2023, pp. 85315-85332.
Search in Google Scholar Back to article
Singh, A. K., B. D. K. Patro. Security of Low Computing Power Devices: A Survey of Requirements, Challenges & Possible Solutions. – Cybernetics and Information Technologies, Vol. 19, 2019, No 1, pp. 133-164.
Search in Google Scholar Back to article
Wicaksono, A. C., S. Prabowo, D. Oktaria. Risk and Security Measurement Based on ISO 27001 Using FMEA Methodology Case Study of: National Government Agency. – In: Proc. of 1st International Conference on Software Engineering and Information Technology, ICoSEIT 2022, Institute of Electrical and Electronics Engineers, Inc., 2022, pp. 6-11.
Search in Google Scholar Back to article
Dhirani, L. L., E. Armstrong, T. Newe. Industrial IoT, Cyber Threats, and Standards Landscape: Evaluation and Roadmap. – Sensors, Vol. 21, 2021, No 11, pp. 1-30.
Search in Google Scholar Back to article
Gujar, S. S., D. Thiyagarajan, S. Sudesh Sakpal, A. K. Pandey. Advanced Cybersecurity Frameworks for Protecting Sensitive Information in Academic Libraries: Innovations and Best Practices. Library of Progress – Library Science. – Information Technology & Computer, Vol. 4, 2024, No 3, pp. 198-209.
Search in Google Scholar Back to article
Djebbar, F., K. Nordstrom. A Comparative Analysis of Industrial Cybersecurity Standards. – IEEE Access, Vol. 11, 2023, pp. 85315-85332.
Search in Google Scholar Back to article
Boyes, H., M. D. Higgins. An Overview of Information and Cyber Security Standards. – Journal of ICT Standardization, Vol. 12, 2024, No 1, pp. 95-134.
Search in Google Scholar Back to article
Diamantopoulou, V., A. Tsohou, M. Karyda. From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR Compliance Controls. – Information and Computer Security, Vol. 28, 2020, No 4, pp. 645-662.
Search in Google Scholar Back to article
Malatji, M. Management of Enterprise Cyber Security: A Review of ISO/IEC 27001:2022. – In: Proc. of International Conference on Cyber Management and Engineering (CyMaEn’23), Institute of Electrical and Electronics Engineers, Inc., 2023, pp. 117-122.
Search in Google Scholar Back to article
Valavanis, S. Understanding Cybersecurity Maturity in Practice. – Journal of Information Systems, Vol. 38, 2024, No 3, pp. 1-5.
Search in Google Scholar Back to article
Miloslavskaya, N., S. Tolstaya. Information Security Management Maturity Models. – In: Procedia Computer Science. Vol. 213. Elsevier B. V., 2022, pp. 49-57.
Search in Google Scholar Back to article
Rajak, C., J. Bharti, A. Mateen, N. Mehndiratta, J. Chauhan, R. Marndi. A Roadmap to ISMS ISO 27001 Implementation Process. – In: Proc. of 3rd International Conference on Range Technology (ICORT’23), Institute of Electrical and Electronics Engineers, Inc., 2023.
Search in Google Scholar Back to article
Supriyanto, A., D. A. DIartono, B. Hartono, H. Februariyanti. Inclusive Security Models to Building e-Government Trust (ICICOS’19) – In: Proc. of 3rd International Conference on Informatics and Computational Sciences: Accelerating Informatics and Computational Research for Smarter Society in the Era of Industry 4.0, Proceedings, 2019.
Search in Google Scholar Back to article
Supriyanto, A., J. E. Istiyanto, K. Mustofa. Multi-Layer Framework for Security and Privacy-Based Risk Evaluation on e-Government. – Journal of Theoretical and Applied Information Technology, Vol. 97, 2019, No 5, pp. 1423-1433.
Search in Google Scholar Back to article
Azinheira, B., M. Antunes, M. Maximiano, R. Gomes. A Methodology for Mapping Cybersecurity Standards into Governance Guidelines for SME in Portugal. – In: Procedia Computer Science. Vol. 219. Elsevier B. V., 2023, pp. 121-128.
Search in Google Scholar Back to article
Guo, H., M. Wei, P. Huang, E. G. Chekole. Enhance Enterprise Security through Implementing ISO/IEC 27001 Standard. – In: Proc. of IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI’21), 2021, Institute of Electrical and Electronics Engineers, Inc., 2021.
Search in Google Scholar Back to article
Salihu, A., R. Dervishi. Evaluating the Impact of Risk Management Frameworks on IT Audits: A Comparative Analysis of COSO, COBIT, ISO/IEC 27001, and NIST CSF. – In: Proc. of International Conference on Electrical, Communication and Computer Engineering (ICECCE’24), IEEE, 2024, pp. 1-8.
Search in Google Scholar Back to article
Culot, G., G. Nassimbeni, M. Podrecca, M. Sartor. The ISO/IEC 27001 Information Security Management Standard: Literature Review and Theory-Based Research Agenda. – TQM Journal, Emerald Group Holdings, Ltd., Vol. 33, 2021, No 7, pp. 76-105.
Search in Google Scholar Back to article
Otoom, A. A., I. Atoum, H. Al-Harahsheh, M. Aljawarneh, M. N. Al Refai, M. Baklizi. A Collaborative Cybersecurity Framework for Higher Education. – Information & Computer Security, September 2024.
Search in Google Scholar Back to article
Savitri, R., F. Firmansyah, D. Dworo, M. S. Hasibuan. Information Security Measurement Using INDEX KAMI at Metro City. – Journal of Applied Data Sciences, Vol. 5, 2024, No 1, pp. 33-45.
Search in Google Scholar Back to article
Kitsios, F., E. Chatzidimitriou, M. Kamariotou. The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector. – Sustainability (Switzerland), Vol. 15, 2023, No 7, pp. 2-17.
Search in Google Scholar Back to article
Supriyanto, A., D. A. Diartono, B. Hartono, H. Februariyanti. Inclusive Security Models for Building e-Government Trust. – In: Proc. of 3rd International Conference on Informatics and Computational Sciences (ICICoS’19), October 2019, pp. 1-6.
Search in Google Scholar Back to article
Hochstetter-Diez, J., M. Diéguez-Rebolledo, J. Fenner-López, C. Cachero. AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity. – Applied Sciences (Switzerland), Vol. 13, 2023, No 14, pp. 2-29.
Search in Google Scholar Back to article
Peldszus, S., J. Bürger, T. Kehrer, J. Jürjens. Ontology-Driven Evolution of Software Security. – Data and Knowledge Engineering, Vol. 134, 2021, No May, pp. 1-25.
Search in Google Scholar Back to article
Schroeder, K., V. Y. Pillitteri, K. Schroeder, V. Y. Pillitteri. NIST Special Publication 800 Measurement Guide for Information Security. – Measurement Guide for Information Security Volume 1 – Identifying and Selecting Measures, Vol. 1, 2024.
Search in Google Scholar Back to article
Amiruddin, A., H. G. Afiansyah, H. A. Nugroho. Cyber-Risk Management Planning Using NIST CSF V1.1, NIST SP 800-53 Rev. 5, and CIS Controls v8. – In: Proc. of 3rd International Conference on Informatics, Multimedia, Cyber, and Information System, (ICIMCIS’21), Institute of Electrical and Electronics Engineers, Inc., 2021, pp. 19-24.
Search in Google Scholar Back to article
Hamdani, S. W. A., H. Abbas, A. R. Janjua, W. B. Shahid, M. F. Amjad, J. Malik, A. W. Khan. Cybersecurity Standards in the Context of Operating Systems: Practical Aspects, Analysis, and Comparisons. – ACM Computing Surveys (CSUR), Vol. 54, 2021, No 3, pp. 1-36.
Search in Google Scholar Back to article
Tintin, R., M. Hidalgo. Could an ISMS Model (ISO/IEC 27001:2013 Standard) Implementation Protect Public Data?. – In: Proc. of 9th International Conference on eDemocracy and e-Government, ICEDEG 2023, Institute of Electrical and Electronics Engineers, Inc., 2023.
Search in Google Scholar Back to article
Kielland, C. Information Security Performance Evaluation: Building a Security Metrics Library and Visualization Dashboard (Master’s Thesis). 2023.
Search in Google Scholar Back to article
Ngalim, B. Integrating NIST and ISO Cybersecurity Audit and Risk Assessment Frameworks into Cameroonian Law. – Journal of Cybersecurity Education Research and Practice, Vol. 2024, 2023, No 1, pp. 1-9.
Search in Google Scholar Back to article
Alshar’e, M. Cyber Security Framework Selection: Comparison of Nist and Iso27001. – Applied Computing Journal, Vol. 3, 2023, No 1, pp. 245-255.
Search in Google Scholar Back to article
Setiawan, H., N. A. Hana, R. R. Hanaputra. Mapping ISO 27001: 2013 and COBIT 2019 Framework to STRIDE Threat Modelling Using Qualitative Descriptive Research. – Journal of Computer Engineering, Electronics and Information Technology, Vol. 3, 2023, No 2, pp. 101-110.
Search in Google Scholar Back to article
Mussmann, A., M. Brunner, R. Breu. Mapping the State of Security Standards Mappings. – In: Proc. of 15th International Conference on Business Information Systems 2020 “Developments, Opportunities and Challenges of Digitization”. – In: Wirtschaftsinformatik (Zentrale Tracks). 2020, pp. 1309-1324.
Search in Google Scholar Back to article
Ahmad, F., M. Faisal. Assessing Similarity between Software Requirements: A Semantic Approach. – International Journal of Information Engineering and Electronic Business, Vol. 15, 2023, No 2, pp. 38-53.
Search in Google Scholar Back to article

Alignment of KAMI Index with Global Security Standards in Information Security Risk Maturity Evaluation

Abstract

Paradigm

My account