THE IMPLEMENTATION OF INFORMATION TECHNOLOGY PRODUCT SECURITY CERTIFICATION POLICY ON THE EFFECTIVENESS OF INFORMATION SECURITY ASSURANCE IN INDONESIA

Ratih Mumpuni Arti; Novianto Budi Kurniawan; Astrid Meilasari Sugiyana

doi:10.33758/mbi.v17i10.426

Authors

Ratih Mumpuni Arti School of Government and Public Policy, Bogor
Novianto Budi Kurniawan School of Government and Public Policy, Bogor, West Java, Indonesia
Astrid Meilasari Sugiyana School of Government and Public Policy, Bogor, West Java, Indonesia

DOI:

https://doi.org/10.33758/mbi.v17i10.426

Keywords:

BSSN, Effectiveness, It Product Security Certification Policy, Policy Implementation

Abstract

The information technology product security certification policy in Indonesia is implemented based on BSSN Regulation 15 of 2019 concerning the Indonesian Common Criteria Scheme (SCCI). The products used in data processing should be certified for its security to guarantee information security. However, almost three years since the regulation was implemented, effect on information security has not been achieved. The focus of this study is to analyse the influence of the implementation of information technology product security certification policy on the effectiveness of information security assurance in Indonesia. Policy implementation was analysed using the theory of Edward III. Edward III's policy implementation model consists of 4 variables: communication, resources, disposition, and bureaucratic structure. Effectiveness consists of 3 variables: goal achievement, adaptation, and integration. This study used the mixed-method approach. The findings showed that simultaneously communication, resources, disposition, and bureaucratic structure have a significant effect and very strong correlation on effectiveness. From these results, it can be recommended to develop a policy communication strategy that is more effective in providing information to the public, make a timeframe and concrete target for resources variable, establish communication, coordination, and consensus with the public and private sectors to achieve a willingness and commitment to implement an IT product security certification policy, and set a timeframe and concrete targets regarding the formation of an organization that has the duties, functions and authority of IT product security certification, business processes and organizational implementation procedures.

References

Arikunto, Suharsimi.(2002). Prosedur Penelitian Suatu Pendekatan Prakteik. Bandung: Rineka Cipta.

Bayuk, J. L., Healey, J., & Rohmeyer, P. (2012). Cybersecurity Policy Guidebook.

Irawan, Prasetya.(2003). Logika dan Prosedur Penelitian: Pengantar Teori dan Panduan Praktis Penelitian Sosial bagi Mahasiswa dan Peneliti Pemula. Jakarta: STIA-LAN Press

ITU. (2008). ITU-TX.1205:Overview Cybersecurity. ITU-T X.1205 Recommendation, 1205(Rec. ITU-T X.1205 (04/2008)), 2–3. https://www.itu.int/rec/T-REC-X.1205-200804-I

K. Michael, S. Kobran, R. A. (2019). Privacy, Data Rights and Cybersecurity. 2019 IEEE International Symposium on Technology and Society (ISTAS), 1–13.

Miles, M. B. and M. H. and J. S. (2014). Qualitative Data Analysis : a methods sourcebook. In Sage Publication (Vol. 3).

Nugroho, Riant. (2020). Public Policy 6 Edisi Revisi. Jakarta: PT. Elekmedia Komputindo.

Pasolong, Harbani. (2014). Teori Administrasi Publik. Bandung: CV Alfabeta

Sedarmayanti.(2009). Sumber Daya Manusia dan Produktivitas Kerja. Bandung: CV Mandar Maju

Situmorang, C. H. (2016). Kebijakan Publik (Teori Analisis, Implementasi dan Evaluasi Kebijakan). Social Security Development Institute (SSDI).

Streers, Richard M. (1985). Efektivitas Organisasi (Kaidah Perilaku). Jakarta: Erlangga

Sugiono, 2002. Metode Penelitian Administrasi. Bandung: CV. Alfabeta

Tachjan, H. (2006). Implementasi Kebijakan Publik. In Dede Mariana dan Carolone Paskarina (Ed.), Penerbit AIPI Bandung (1st ed., Vol. 1, Issue 1). Penerbit AOPI Bandung.

Sekretariat Negara Republik Indonesia. Undang-Undang Republik Indonesia Nomor 20 Tahun 2014 Tentang Standardisasi dan Penilaian Kesesuaian (2014). Indonesia.

Sekretariat Negara Republik Indonesia. Peraturan Presiden Nomor 95 Tahun 2018 Tentang Sistem Pemerintahan Berbasis Elektronik. (2018). Indonesia.

Sekretariat Negara Republik Indonesia. Peraturan Pemerintah Nomor 71 Tahun 2019 Tentang Penyelenggaraan Sistem dan Transaksi Elektronik. (2019). Indonesia.

Sekretariat Negara Republik Indonesia. Peraturan Badan Siber dan Sandi Negara Nomor 15 Tahun 2019 tentang Penyelenggaraan Skema Common Criteria Indonesia. (2019). Indonesia