Published: 2024-10-01
BPRDCo SME Digital Transformation by Designing Information Security Using ISO 27001:2022
DOI: 10.35870/jtik.v8i4.3148
Downloads
Abstract
In the digital era of the Industrial Revolution 4.0, organizations such as BPRDCo must undergo Digital Transformation (DT) to remain competitive. A significant obstacle in this process is often the inadequacy of information security controls, which can lead to DT failure. Previous research has highlighted the necessity of ambidextrous information security management—integrating both traditional and agile approaches—as a crucial mechanism for DT success in large banks, particularly in data management and information security. However, this strategy has not been proven effective for smaller banks like BPRDCo. Therefore, this study aims to develop and propose priority information security management solutions specifically tailored for SMEs, while also estimating the improvement in maturity level capabilities to boost DT success. The research follows five stages in Design Science Research (DSR): problem identification, requirements specification, design and development, demonstration, and evaluation. Data were collected through interviews and document analysis, and analyzed using the ISO 27001:2022 Information Security Management System (ISMS) framework. Six priority PDCA and Annex controls were identified for BPRDCo as the case study. Based on the identified gaps, six essential solutions were designed using ISMS controls. These recommendations were compiled into an implementation roadmap to enhance BPRDCo's readiness for full ISMS implementation and certification, ultimately supporting DT success in small banks.
Keywords
Digital Transformation ; Design Science Research ; Information Security ; ISO 27001:2022 ; BPR
Article Information
This article has been peer-reviewed and published in the Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi). The content is available under the terms of the Creative Commons Attribution 4.0 International License.
-
Issue: Vol. 8 No. 4 (2024)
-
Section: Computer & Communication Science
-
Published: %750 %e, %2024
-
License: CC BY 4.0
-
Copyright: © 2024 Authors
-
DOI: 10.35870/jtik.v8i4.3148
AI Research Hub
This article is indexed and available through various AI-powered research tools and citation platforms. Our AI Research Hub ensures that scholarly work is discoverable, accessible, and easily integrated into the global research ecosystem. By leveraging artificial intelligence for indexing, recommendation, and citation analysis, we enhance the visibility and impact of published research.
Ignatius Christ Surya
Information Systems Study Program, Universitas Telkom, Bandung City, West Java Province, Indonesia
Rahmat Mulyana
Department of Computer and Systems Science, Stockholm University, Frescativägen 54, Frescati, Stockholm, Sweden
Ryan Adhitya Nugraha
Department of Computer and Systems Science, Stockholm University, Frescativägen 54, Frescati, Stockholm, Sweden
-
Schwertner, K. (2017). Digital transformation of business. Trakia Journal of Science, 15(Suppl. 1), 388–393. https://doi.org/10.15547/tjs.2017.s.01.065
-
Hadiono, K., Candra, R., & Santi, N. (2020). Menyongsong Transformasi Digital.
-
Gong, C., & Ribiere, V. (2021). Developing a unified definition of digital transformation. Technovation, 102. https://doi.org/10.1016/j.technovation.2020.102217
-
Viamianni, A., Mulyana, R., & Dewi, F. (2023). COBIT 2019 information security focus area implementation for Reinsurco digital transformation. JIKO (Jurnal Informatika dan Komputer), 6(2). https://doi.org/10.33387/jiko.v6i2.6366
-
Vial, G. (2019). Understanding digital transformation: A review and a research agenda. Elsevier B.V. https://doi.org/10.1016/j.jsis.2019.01.003
-
Mulyana, R., Rusu, L., & Perjons, E. (2022). IT governance mechanisms that influence digital transformation: A Delphi study in Indonesian banking and insurance industry. PACIS 2022 Proceedings. https://aisel.aisnet.org/pacis2022
-
Mulyana, R., Rusu, L., & Perjons, E. (2021). IT governance mechanisms influence on digital transformation: A systematic literature review. AMCIS 2021 Proceedings. https://aisel.aisnet.org/amcis2021
-
Mulyana, R., Rusu, L., & Perjons, E. (2023). How hybrid IT governance mechanismsinfluence digital transformation and organizational performance in the banking and insurance industry of Indonesia.
-
Mulyana, R., Rusu, L., & Perjons, E. (2022). How hybrid IT governance mechanisms influence digital transformation and organizational performance in the banking and insurance industry of Indonesia.
-
Mulyana, R., Rusu, L., & Perjons, E. (2024). Key ambidextrous IT governance mechanisms for successful digital transformation: A case study of Bank Rakyat Indonesia (BRI). Digital Business, 4(2). https://doi.org/10.1016/j.digbus.2024.100083
-
Mulyana, R., Rusu, L., & Perjons, E. (2024). The influence of key ambidextrous IT governance mechanisms on digital transformation and organizational performance in the Indonesian banking and insurance industry. PACIS 2024 Proceedings. https://aisel.aisnet.org/pacis2024
-
Tarbiyatuzzahrah, B. D., Mulyana, R., & Santoso, A. F. (2023). Penggunaan COBIT 2019 GMO dalam menyusun pengelolaan layanan TI prioritas pada transformasi digital BankCo. JTIM: Jurnal Teknologi Informasi dan Multimedia, 5(3), 218–238. https://doi.org/10.35746/jtim.v5i3.400
-
Dwi, Y. W., Dewi, M., Mulyana, R., & Santoso, A. F. (2023). Penggunaan COBIT 2019 I&T risk management untuk pengelolaan risiko transformasi digital BankCo.
-
Rahmadana, A., Mulyana, R., & Santoso, A. F. (2023). Pemanfaatan COBIT 2019 information security dalam merancang manajemen keamanan informasi pada transformasi BankCo.
-
Riznawati, N., Mulyana, R., & Santoso, A. F. (2023). Pendayagunaan COBIT 2019 DevOps dalam merancang manajemen pengembangan TI Agile pada transformasi digital BankCo. SEIKO: Journal of Management & Business, 6(2), 2023–223.
-
Anugerah, M. R. A. W. (2023). Manajemen keamanan informasi untuk transformasi digital Insurco berbasis COBIT 2019 focus area information security.
-
Prayudi, R. A., Mulyana, R., & Fauzi, R. (2023). Pengendalian digitalisasi FintechCo melalui perancangan pengelolaan keamanan informasi berbasis COBIT 2019 information security focus area. SEIKO: Journal of Management & Business, 6(2), 388–406.
-
POJK 7. (2024). POJK 7 Tahun 2024 Bank Perekonomian Rakyat dan Bank Perekonomian Rakyat Syariah.
-
POJK 20. (2014). POJK 20. Bank Perkeditan Rakyat.
-
Shabri, H., et al. (2020). Transformasi digital industri perbankan syariah Indonesia. Jurnal Ekonomi dan Keuangan Syariah, 3(2).
-
POJK75. (2016). Peraturan Otoritas Jasa Keuangan (PP Nomor 75 Tahun 2016).
-
Haikal, H., Ananza, R. H., Darmawan, I., & Mulyana, R. (2019). Perancangan tata kelola keamanan informasi sistem pemerintahan berbasis elektronik (SPBE) menggunakan standar ISO 27001:2013 (studi kasus: Diskominfotik Kabupaten Bandung Barat).
-
Panjaitan, B., Abdurrahman, L., & Mulyana, R. (2021). Pengembangan implementasi sistem manajemen keamanan informasi berbasis ISO 27001:2013 menggunakan kontrol Annex: Studi kasus data center PT. XYZ.
-
SEOJK15. (2017). SAL SEOJK 15 - SPTI BPR BPRS_240115_203306.
-
Moeti. (2022). Information security framework adoption for South African SME.
-
Nistotskaya, M., Charron, N., & Lapuente, V. (2014). The wealth of regions: quality of government and SMEs in 172 European regions. Environment and Planning C: Government and Policy, 0(0), 0–0. https://doi.org/10.1068/c13224r
-
ISO 27001. (2022). Information security, cybersecurity, and privacy protection-Information security management systems-Requirements.
-
Obuh, D. (2023). The structure of the ISMS documentation in accordance with updates to ISO 27001:2022, 27002:2022.
-
Hevner, A. R., March, S. T., Park, J., & Ram, S. (2004). Design science in information systems research.
-
Patricia, I., Ph. D., & Ness, L. R. (2015). Are we there yet? Data saturation in qualitative research. Walden Faculty and Staff Publications. https://scholarworks.waldenu.edu/facpubs/455
-
ISO 2018. (2018). Information technology-Security techniques-Information security risk management.
-
Shenton, A. K. (2004). Strategies for ensuring trustworthiness in qualitative research projects. Education for Information, 22(2), 63–75. https://doi.org/10.3233/EFI-2004-22201.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Copyright Retention and Open Access License
Authors retain copyright of their work and grant the journal non-exclusive right of first publication under the Creative Commons Attribution 4.0 International License (CC BY 4.0).
This license allows unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
2. Rights Granted Under CC BY 4.0
Under this license, readers are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, including commercial use
- No additional restrictions — the licensor cannot revoke these freedoms as long as license terms are followed
3. Attribution Requirements
All uses must include:
- Proper citation of the original work
- Link to the Creative Commons license
- Indication if changes were made to the original work
- No suggestion that the licensor endorses the user or their use
4. Additional Distribution Rights
Authors may:
- Deposit the published version in institutional repositories
- Share through academic social networks
- Include in books, monographs, or other publications
- Post on personal or institutional websites
Requirement: All additional distributions must maintain the CC BY 4.0 license and proper attribution.
5. Self-Archiving and Pre-Print Sharing
Authors are encouraged to:
- Share pre-prints and post-prints online
- Deposit in subject-specific repositories (e.g., arXiv, bioRxiv)
- Engage in scholarly communication throughout the publication process
6. Open Access Commitment
This journal provides immediate open access to all content, supporting the global exchange of knowledge without financial, legal, or technical barriers.