Have a personal or library account? Click to login
Alignment of KAMI Index with Global Security Standards in Information Security Risk Maturity Evaluation Cover

Alignment of KAMI Index with Global Security Standards in Information Security Risk Maturity Evaluation

Cybernetics and Information Technologies
Volume 25 (2025): Issue 2 (June 2025)
By: Aji Supriyanto,  Arief Jananto,  Jeffri Alfa Razaq,  Budi Hartono and  Fitri Damaryanti  
Open Access
|Jun 2025

References

  1. Al-Suqri, M. N., M. Gillani. A Comparative Analysis of Information and Artificial Intelligence Toward National Security. – IEEE Access, Vol. 10, 2022, pp. 64420-64434.
    Search in Google ScholarBack to article
  2. Lee, G., S. Kim, I. Lee, S. Brown, Y. A. Carbajal. Adapting Cybersecurity Maturity Models for Resource‐Constrained Settings: A Case Study of Peru. – The Electronic Journal of Information Systems in Developing Countries, Vol. 91, 2025, No 1, e12350.
    Search in Google ScholarBack to article
  3. Pigola, A., P. R. da Costa. Cybersecurity Management: An Empirical Analysis of the Dynamic Capabilities Framework for Enhancing Cybersecurity Intelligence. – Information & Computer Security, 2025.
    Search in Google ScholarBack to article
  4. Aminudin, A., A. Supriyanto. Kematangan Risiko Keamanan Informasi Layanan TI Menggunakan Pendekatan NIST dan Standart ISO 27001: 2013 (Studi Kasus: Bapenda Provinsi Jawa Tengah). – AITI, Vol. 21, 2024, No 2, pp. 210-229.
    Search in Google ScholarBack to article
  5. Savitri, R., F. Firmansyah, D. Dworo, M. S. Hasibuan. Information Security Measurement Using INDEX KAMI at Metro City. – Journal of Applied Data Sciences, Vol. 5, 2024, No 1, pp. 33-45.
    Search in Google ScholarBack to article
  6. Wardhani, W. K., B. Soewito, M. Zarlis. Information Security Evaluation Using Case Study Information Security Index on Licensing Portal Applications. – Journal of Information Systems and Informatics, Vol. 5, 2023, No 4, pp. 1204-1220.
    Search in Google ScholarBack to article
  7. Nugroho, S., T. Rochmadi. Analysis of Information Security Readiness Using the Index KAMI. – Decode: Jurnal Pendidikan Teknologi Informasi, Vol. 4, 2024, No 3, pp. 881-886.
    Search in Google ScholarBack to article
  8. Sugiarto, P., Y. Suryanto. Evaluation of the Readiness Level of Information System Security at the BAKAMLA Using the KAMI Index Based on ISO 27001: 2013. – Int. J. Mech. Eng., Vol. 7, 2022, No 2, pp. 3607-3614.
    Search in Google ScholarBack to article
  9. Sofyan, H., W. Kaswidjanti, L. S. Ilmiyah. Information Security Index (ISI) 4.2 for Information Security Evaluation (Case Study: Sleman Regency Communication and Informatics Office). – In: Proc. of 1st International Conference on Advanced Informatics and Intelligent Information Systems (ICAI3S’23), 2023, Atlantis Press, 2024, pp. 188-200.
    Search in Google ScholarBack to article
  10. Waruwu, M., A. Indrati. IDN Media Information Security Management System Maturity Measurement Analysis Using ISO 27001: 2013 and KAMI Index Version 4.0. – International Research Journal of Advanced Engineering and Science, Vol. 6, 2021, No 3, pp. 36-40.
    Search in Google ScholarBack to article
  11. Suorsa, M., P. Helo. Information Security Failures Identified and Measured-ISO/IEC 27001:2013 Controls Ranked Based on GDPR Penalty Case Analysis. – Information Security Journal, Vol. 33, 2024, No 3, pp. 285-306.
    Search in Google ScholarBack to article
  12. Juma, A. H., A. A. Arman, F. Hidayat. Cybersecurity Assessment Framework: A Systematic Review. – In: Proc. of 10th International Conference on ICT for Smart Society, ICISS 2023, Institute of Electrical and Electronics Engineers Inc., 2023.
    Search in Google ScholarBack to article
  13. Apriany, A., A. Wibowo. Analysis of the Implementation of ISO 27001: 2022 and KAMI Index in Enhancing the Information Security Management System in Consulting Firms. – IJCCS (Indonesian Journal of Computing and Cybernetics Systems), Vol. 18, 2024, No 4, pp. 417-428.
    Search in Google ScholarBack to article
  14. Putro, P. A. W., D. I. Sensuse, W. S. S. Wibowo. Framework for Critical Information Infrastructure Protection in Smart Government: A Case Study in Indonesia. – Information and Computer Security, Vol. 32, 2024, No 1, pp. 112-129.
    Search in Google ScholarBack to article
  15. Kurii, Y., I. Opirskyy. Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001: 2013. – NIST Spec. Publ., Vol. 800, 2022, No 3, pp. 21-32.
    Search in Google ScholarBack to article
  16. Sulistyowati, D., F. Handayani, Y. Suryanto. Comparative Analysis and Design of Cybersecurity Maturity Assessment Methodology Using NIST CSF, COBIT, ISO/IEC 27002, and PCI DSS. – JOIV: International Journal on Informatics Visualization, Vol. 4, 2020, No 4, pp. 225-230.
    Search in Google ScholarBack to article
  17. Schrödter, A., B. E. Weißenberger. The Institutionalization of Digital Compliance. – Management Decision, 2024.
    Search in Google ScholarBack to article
  18. Raditya, M., P. Dewanto, T. Oktavia, D. Sundaram. Comparative Study of Information Security Evaluation Models for the Indonesian Government. – Journal of Theoretical and Applied Information Technology, Vol. 28, 2022, pp. 895-914.
    Search in Google ScholarBack to article
  19. Supriyanto, A., K. Mustofa. E-Gov Readiness Assessment to Determine the e-Government Maturity Phase. – In: Proc. of 2nd International Conference on Science in Information Technology (ICSITech’16), 2016, Information Science for Green Society and Environment, 2017, pp. 270-275.
    Search in Google ScholarBack to article
  20. Gupta, K., V. Mishra, A. Makkar. A Global Cybersecurity Standardization Framework for Healthcare Informatics. – IEEE Journal of Biomedical and Health Informatics, 2024, pp. 1-8.
    Search in Google ScholarBack to article
  21. Vakhula, O., Y. Kurii, I. Opirskyy, V. Susukailo. Security as Code Concept for Fulfilling ISO/IEC 27001: 2022 Requirements. – In: CPITS, 2024, pp. 59-72.
    Search in Google ScholarBack to article
  22. Djebbar, F., K. Nordstrom. A Comparative Analysis of Industrial Cybersecurity Standards. – IEEE Access, Vol. 11, 2023, pp. 85315-85332.
    Search in Google ScholarBack to article
  23. Singh, A. K., B. D. K. Patro. Security of Low Computing Power Devices: A Survey of Requirements, Challenges & Possible Solutions. – Cybernetics and Information Technologies, Vol. 19, 2019, No 1, pp. 133-164.
    Search in Google ScholarBack to article
  24. Wicaksono, A. C., S. Prabowo, D. Oktaria. Risk and Security Measurement Based on ISO 27001 Using FMEA Methodology Case Study of: National Government Agency. – In: Proc. of 1st International Conference on Software Engineering and Information Technology, ICoSEIT 2022, Institute of Electrical and Electronics Engineers, Inc., 2022, pp. 6-11.
    Search in Google ScholarBack to article
  25. Dhirani, L. L., E. Armstrong, T. Newe. Industrial IoT, Cyber Threats, and Standards Landscape: Evaluation and Roadmap. – Sensors, Vol. 21, 2021, No 11, pp. 1-30.
    Search in Google ScholarBack to article
  26. Gujar, S. S., D. Thiyagarajan, S. Sudesh Sakpal, A. K. Pandey. Advanced Cybersecurity Frameworks for Protecting Sensitive Information in Academic Libraries: Innovations and Best Practices. Library of Progress – Library Science. – Information Technology & Computer, Vol. 4, 2024, No 3, pp. 198-209.
    Search in Google ScholarBack to article
  27. Djebbar, F., K. Nordstrom. A Comparative Analysis of Industrial Cybersecurity Standards. – IEEE Access, Vol. 11, 2023, pp. 85315-85332.
    Search in Google ScholarBack to article
  28. Boyes, H., M. D. Higgins. An Overview of Information and Cyber Security Standards. – Journal of ICT Standardization, Vol. 12, 2024, No 1, pp. 95-134.
    Search in Google ScholarBack to article
  29. Diamantopoulou, V., A. Tsohou, M. Karyda. From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR Compliance Controls. – Information and Computer Security, Vol. 28, 2020, No 4, pp. 645-662.
    Search in Google ScholarBack to article
  30. Malatji, M. Management of Enterprise Cyber Security: A Review of ISO/IEC 27001:2022. – In: Proc. of International Conference on Cyber Management and Engineering (CyMaEn’23), Institute of Electrical and Electronics Engineers, Inc., 2023, pp. 117-122.
    Search in Google ScholarBack to article
  31. Valavanis, S. Understanding Cybersecurity Maturity in Practice. – Journal of Information Systems, Vol. 38, 2024, No 3, pp. 1-5.
    Search in Google ScholarBack to article
  32. Miloslavskaya, N., S. Tolstaya. Information Security Management Maturity Models. – In: Procedia Computer Science. Vol. 213. Elsevier B. V., 2022, pp. 49-57.
    Search in Google ScholarBack to article
  33. Rajak, C., J. Bharti, A. Mateen, N. Mehndiratta, J. Chauhan, R. Marndi. A Roadmap to ISMS ISO 27001 Implementation Process. – In: Proc. of 3rd International Conference on Range Technology (ICORT’23), Institute of Electrical and Electronics Engineers, Inc., 2023.
    Search in Google ScholarBack to article
  34. Supriyanto, A., D. A. DIartono, B. Hartono, H. Februariyanti. Inclusive Security Models to Building e-Government Trust (ICICOS’19) – In: Proc. of 3rd International Conference on Informatics and Computational Sciences: Accelerating Informatics and Computational Research for Smarter Society in the Era of Industry 4.0, Proceedings, 2019.
    Search in Google ScholarBack to article
  35. Supriyanto, A., J. E. Istiyanto, K. Mustofa. Multi-Layer Framework for Security and Privacy-Based Risk Evaluation on e-Government. – Journal of Theoretical and Applied Information Technology, Vol. 97, 2019, No 5, pp. 1423-1433.
    Search in Google ScholarBack to article
  36. Azinheira, B., M. Antunes, M. Maximiano, R. Gomes. A Methodology for Mapping Cybersecurity Standards into Governance Guidelines for SME in Portugal. – In: Procedia Computer Science. Vol. 219. Elsevier B. V., 2023, pp. 121-128.
    Search in Google ScholarBack to article
  37. Guo, H., M. Wei, P. Huang, E. G. Chekole. Enhance Enterprise Security through Implementing ISO/IEC 27001 Standard. – In: Proc. of IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI’21), 2021, Institute of Electrical and Electronics Engineers, Inc., 2021.
    Search in Google ScholarBack to article
  38. Salihu, A., R. Dervishi. Evaluating the Impact of Risk Management Frameworks on IT Audits: A Comparative Analysis of COSO, COBIT, ISO/IEC 27001, and NIST CSF. – In: Proc. of International Conference on Electrical, Communication and Computer Engineering (ICECCE’24), IEEE, 2024, pp. 1-8.
    Search in Google ScholarBack to article
  39. Culot, G., G. Nassimbeni, M. Podrecca, M. Sartor. The ISO/IEC 27001 Information Security Management Standard: Literature Review and Theory-Based Research Agenda. – TQM Journal, Emerald Group Holdings, Ltd., Vol. 33, 2021, No 7, pp. 76-105.
    Search in Google ScholarBack to article
  40. Otoom, A. A., I. Atoum, H. Al-Harahsheh, M. Aljawarneh, M. N. Al Refai, M. Baklizi. A Collaborative Cybersecurity Framework for Higher Education. – Information & Computer Security, September 2024.
    Search in Google ScholarBack to article
  41. Savitri, R., F. Firmansyah, D. Dworo, M. S. Hasibuan. Information Security Measurement Using INDEX KAMI at Metro City. – Journal of Applied Data Sciences, Vol. 5, 2024, No 1, pp. 33-45.
    Search in Google ScholarBack to article
  42. Kitsios, F., E. Chatzidimitriou, M. Kamariotou. The ISO/IEC 27001 Information Security Management Standard: How to Extract Value from Data in the IT Sector. – Sustainability (Switzerland), Vol. 15, 2023, No 7, pp. 2-17.
    Search in Google ScholarBack to article
  43. Supriyanto, A., D. A. Diartono, B. Hartono, H. Februariyanti. Inclusive Security Models for Building e-Government Trust. – In: Proc. of 3rd International Conference on Informatics and Computational Sciences (ICICoS’19), October 2019, pp. 1-6.
    Search in Google ScholarBack to article
  44. Hochstetter-Diez, J., M. Diéguez-Rebolledo, J. Fenner-López, C. Cachero. AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity. – Applied Sciences (Switzerland), Vol. 13, 2023, No 14, pp. 2-29.
    Search in Google ScholarBack to article
  45. Peldszus, S., J. Bürger, T. Kehrer, J. Jürjens. Ontology-Driven Evolution of Software Security. – Data and Knowledge Engineering, Vol. 134, 2021, No May, pp. 1-25.
    Search in Google ScholarBack to article
  46. Schroeder, K., V. Y. Pillitteri, K. Schroeder, V. Y. Pillitteri. NIST Special Publication 800 Measurement Guide for Information Security. – Measurement Guide for Information Security Volume 1 – Identifying and Selecting Measures, Vol. 1, 2024.
    Search in Google ScholarBack to article
  47. Amiruddin, A., H. G. Afiansyah, H. A. Nugroho. Cyber-Risk Management Planning Using NIST CSF V1.1, NIST SP 800-53 Rev. 5, and CIS Controls v8. – In: Proc. of 3rd International Conference on Informatics, Multimedia, Cyber, and Information System, (ICIMCIS’21), Institute of Electrical and Electronics Engineers, Inc., 2021, pp. 19-24.
    Search in Google ScholarBack to article
  48. Hamdani, S. W. A., H. Abbas, A. R. Janjua, W. B. Shahid, M. F. Amjad, J. Malik, A. W. Khan. Cybersecurity Standards in the Context of Operating Systems: Practical Aspects, Analysis, and Comparisons. – ACM Computing Surveys (CSUR), Vol. 54, 2021, No 3, pp. 1-36.
    Search in Google ScholarBack to article
  49. Tintin, R., M. Hidalgo. Could an ISMS Model (ISO/IEC 27001:2013 Standard) Implementation Protect Public Data?. – In: Proc. of 9th International Conference on eDemocracy and e-Government, ICEDEG 2023, Institute of Electrical and Electronics Engineers, Inc., 2023.
    Search in Google ScholarBack to article
  50. Kielland, C. Information Security Performance Evaluation: Building a Security Metrics Library and Visualization Dashboard (Master’s Thesis). 2023.
    Search in Google ScholarBack to article
  51. Ngalim, B. Integrating NIST and ISO Cybersecurity Audit and Risk Assessment Frameworks into Cameroonian Law. – Journal of Cybersecurity Education Research and Practice, Vol. 2024, 2023, No 1, pp. 1-9.
    Search in Google ScholarBack to article
  52. Alshar’e, M. Cyber Security Framework Selection: Comparison of Nist and Iso27001. – Applied Computing Journal, Vol. 3, 2023, No 1, pp. 245-255.
    Search in Google ScholarBack to article
  53. Setiawan, H., N. A. Hana, R. R. Hanaputra. Mapping ISO 27001: 2013 and COBIT 2019 Framework to STRIDE Threat Modelling Using Qualitative Descriptive Research. – Journal of Computer Engineering, Electronics and Information Technology, Vol. 3, 2023, No 2, pp. 101-110.
    Search in Google ScholarBack to article
  54. Mussmann, A., M. Brunner, R. Breu. Mapping the State of Security Standards Mappings. – In: Proc. of 15th International Conference on Business Information Systems 2020 “Developments, Opportunities and Challenges of Digitization”. – In: Wirtschaftsinformatik (Zentrale Tracks). 2020, pp. 1309-1324.
    Search in Google ScholarBack to article
  55. Ahmad, F., M. Faisal. Assessing Similarity between Software Requirements: A Semantic Approach. – International Journal of Information Engineering and Electronic Business, Vol. 15, 2023, No 2, pp. 38-53.
    Search in Google ScholarBack to article
DOI: https://doi.org/10.2478/cait-2025-0018 | Journal eISSN: 1314-4081 | Journal ISSN: 1311-9702
Journal RSS Feed
Language: English
Page range: 173 - 192
Submitted on: Feb 12, 2025
Accepted on: Apr 16, 2025
Published on: Jun 25, 2025
Published by: Bulgarian Academy of Sciences, Institute of Information and Communication Technologies
In partnership with: Paradigm Publishing Services
Publication frequency: 4 issues per year
Keywords:
Alignment mapping,
Information security,
KAMI Index,
ISO 27001,
NIST
Related subjects:
Computer sciences,
Information technology

© 2025 Aji Supriyanto, Arief Jananto, Jeffri Alfa Razaq, Budi Hartono, Fitri Damaryanti, published by Bulgarian Academy of Sciences, Institute of Information and Communication Technologies
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.

Previous articleVolume 25 (2025): Issue 2 (June 2025)