The Implementation of Multiple Information Security Governance (ISG) Frameworks Strategy and Critical Success Factors in Indonesia’s Oil and Gas Industry: Case Study of PT X
Abstract
Oil and gas industry are among the largest contributor to the Indonesia’s foreign exchange. Many believe that information technology will be major driver for economic wealth in the oil and gas Industry. However, implementing information technology to support corporate business process brings vast information security risks. There is a need of comprehensive information security governance that can comply to information security standards and regulations. This research is conducted to evaluate the use of multiple ISG frameworks for implementing information security governance in a multinational oil and gas company. In detail, we evaluate the effectiveness of such framework, assess its implementation maturity level, and identify the success and inhibiting factors for implementing ISG frameworks. This study shows that framework XYZ, as a multiple ISG framework, is effective to cover the controls of ISO 17799, COSO, and IT Risk Framework at once. Meanwhile, the observed case study indicated lack of compliancy of Framework XYZ followed by the invention of gap between current ISG implementation efforts and company visions. Lastly, several success and inhibiting factors are identified in the ISG framework implementation at PT X.
Downloads
Copyright (c) 2020 Jurnal Sistem Informasi (Journal of Information System)
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).