Pengukuran Kematangan Keamanan Siber pada Perusahaan Teknologi Informasi dengan Framework Center for Internet Security Controls

Abstract

This research evaluates the cybersecurity maturity of a technology information company in Jakarta, using the CIS Controls framework that encompasses all controls within Implementation Group 1 (IG1). The company has not conducted formal measurements regarding cybersecurity maturity, leading to uncertainty about the effectiveness of security efforts. The aim of this study is to measure, assess, and provide recommendations to enhance cybersecurity within the company. The research methodology involves an assessment of CIS Controls implementation and maturity level measurements. The measurement results indicate a low level of maturity, with an overall score of 0.41. The company needs to make significant improvement efforts in the cybersecurity aspect. Recommendations derived from this analysis emphasize the need for policy enhancements, control improvements, and increased employee training, serving as a guide for the company to strengthen weak cybersecurity aspects. The company should adopt a sustainable approach with management commitment and active engagement of all stakeholders.