ArticlePDF Available

Exploring MSMEs Cybersecurity Awareness and Risk Management : Information Security Awareness

Authors:
Yerik Afrianto Singgalen at Atma Jaya Catholic University of Indonesia
Yerik Afrianto Singgalen
Hindriyanto Dwi Purnomo
Hindriyanto Dwi Purnomo
Hindriyanto Dwi Purnomo
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Irwan Sembiring
Irwan Sembiring
Irwan Sembiring
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

The use of information technology in the management of Micro, Small, and Medium Enterprises (MSMEs) is not limited to business performance and productivity but also aspects of data security and transactions using various mobile, website, and desktop-based applications. This article offers an idea to explore cybersecurity awareness and risk management of MSME actors who adopt information technology. The research method used is qualitative with a case study approach in the Coffeeshop X business and the Y Souvenir business in Salatiga City, Central Java, Indonesia. The data collection technique used in-depth interviews, observation, and document studies. These findings indicate that Cybersecurity Awareness, especially information security awareness, can be reviewed based on knowledge, attitudes, and behavior. Risk management can be review based on supply risk, operational risk, and customer risk. Cybersecurity Awareness and Risk Management in MSMEs is holistic and cannot be generalized, so it needs to be discussed contextually based on case studies. In the context of Coffeeshop X and Souvenir Y, the level of Cybersecurity Awareness (knowledge, attitude, behavior) is not always linear. In addition, risk management is more dominant in the customer risk dimension, compared to supply risk and operational risk.
Figures - uploaded by Yerik Afrianto Singgalen
Author content
All figure content in this area was uploaded by Yerik Afrianto Singgalen
Content may be subject to copyright.
Content uploaded by Yerik Afrianto Singgalen
Author content
All content in this area was uploaded by Yerik Afrianto Singgalen on Aug 01, 2021
Content may be subject to copyright.
IJCCS (Indonesian Journal of Computing and Cybernetics Systems)
Vol.x, No.x, July xxxx, pp. 1~5
ISSN (print): 1978-1520, ISSN (online): 2460-7258
DOI: 10.22146/ijccs.xxxx 1
Received June 1st,2012; Revised June 25th, 2012; Accepted July 10th, 2012
Exploring MSMEs Cybersecurity Awareness and Risk
Management : Information Security Awareness
Yerik Afrianto Singgalen*1, Hindriyanto Dwi Purnomo2, Irwan Sembiring3
1Universitas Katolik Indonesia Atma Jaya, Jakarta, Indonesia.
2&3Universitas Kristen Satya Wacana, Jawa Tengah, Indonesia.
e-mail: *1yerik.afrianto@atmajaya.ac.id, 2hindriyanto.purnomo@uksw.edu,
3irwan@uksw.edu
Abstrak
Pemanfaatan teknologi informasi dalam manajemen Usaha Mikro Kecil Menengah
(UMKM) tidak terbatas pada performa dan produktivas usaha, melainkan juga pada aspek
keamanan data dan transaksi menggunakan pelbagai aplikasi berbasis mobile, website,
maupun dekstop. Artikel ini menawarkan gagasan untuk mengeksplorasi kesadaran
cybersecurity serta manajemen risiko dari pelaku UMKM yang mengadopsi teknologi
informasi. Metode penelitian yang digunakan ialah kualitatif dengan pendekatan studi kasus
pada bisnis Coffeeshop X dan bisnis Souvenir Y di Kota Salatiga, Jawa Tengah, Indonesia.
Teknik pengambilan data menggunakan wawancara mendalam, observasi dan studi dokumen.
Hasil penelitian ini menunjukkan bahwa Cybersecurity Awareness khususnya kesadaran
keamanan informasi dapat ditinjau berdasarkan pengetahuan, sikap dan perilaku. Sedangkan,
risiko dapat dikelola berdasarkan supply risk, operational risk, dan customer risk. Adapun,
persoalan Cybersecurity Awareness dan Risk Management pada UMKM bersifat holistik dan
tidak dapat digeneralisir, sehingga perlu ditinjau secara kontesktual berdasarkan studi kasus.
Dalam konteks Coffeeshop X dan Souvenir Y, tingkatan Cybersecurity Awareness
(pengetahuan, sikap, perilaku) tidak sama.. Selain itu, pengelolaan risiko lebih dominan pada
dimensi customer risk, dibandingkan dengan supply risk dan operational risk.
Kata kunciCybersecurity, Manajemen Risiko, UMKM, Keamanan Informasi
Abstract
The use of information technology in the management of Micro, Small, and Medium
Enterprises (MSMEs) is not limited to business performance and productivity but also aspects
of data security and transactions using various mobile, website, and desktop-based
applications. This article offers an idea to explore cybersecurity awareness and risk
management of MSME actors who adopt information technology. The research method used is
qualitative with a case study approach in the Coffeeshop X business and the Y Souvenir
business in Salatiga City, Central Java, Indonesia. The data collection technique used in-depth
interviews, observation, and document studies. These findings indicate that Cybersecurity
Awareness, especially information security awareness, can be reviewed based on knowledge,
attitudes, and behavior. Risk management can be review based on supply risk, operational risk,
and customer risk. Cybersecurity Awareness and Risk Management in MSMEs is holistic and
cannot be generalized, so it needs to be discussed contextually based on case studies. In the
context of Coffeeshop X and Souvenir Y, the level of Cybersecurity Awareness (knowledge,
attitude, behavior) is not always linear. In addition, risk management is more dominant in the
customer risk dimension, compared to supply risk and operational risk.
Keywords Cybersecurity, Risk Management, SMEs, Information Security
ISSN (print): 1978-1520, ISSN (online): 2460-7258
IJCCS Vol. x, No. x, July 201x : first_page end_page
2
1. INTRODUCTION
Cybersecurity awareness among Micro, Small, and Medium Enterprises (MSMEs) in
Indonesia is a context and a fundamental issue in analyzing the development of e-commerce
based on an entrepreneurial perspective [1]. Previous research describes the Cybersecurity
component for companies divided into several segments: analyze, defend, detect, revival,
oversight, and development, which must be interpreted and applied to adapt to the development
of cybercrime that is detrimental to system users [2]. The attacker's existence in the virtual
space becomes a smooth and a catalyst for application developers as defenders to improve
application performance and security. Cybersecurity has a holistic scope, such as operation
security, communication security, information security, physical security, and military security
[3]. This article offers an idea to explore cybersecurity awareness and risk management of
perpetrators (MSMEs) who use e-Commerce applications and digital transaction support
applications that are more specific in discussing information security.
Information security is one of the essential components of cybersecurity [4]. In the
Control Objective for Information and Related Technology (COBIT) framework, information
security is crucial in maintaining company privacy, especially data that cannot be published [5].
In addition to COBIT, the ISO/IEC 27001 framework also evaluates the information security
component of information systems used by institutions [6], [7]. Information Security is one
aspect of vulnerability that needs to be estimated using various methods or approaches [8]. In
the context of information security vulnerabilities, good governance is required to classify
multiple risks that can potentially cause harm to companies and government institutions [9].
Therefore, information security is one of the essential issues accommodated in policies to
anticipate criminal acts or misuse of data detrimental to institutions and the public [10]. The
discussion in this article explicitly describes the perspective of MSME actors to maintain
business continuity and protect confidential data or information.
Information security awareness is influenced by knowledge, attitude, and behavior
[11]. In the context of knowledge, system users can consider information security before using
digital devices as a means of business transactions or digital marketing platforms [12].
Knowledge of the capacity and capability of technology devices and the information systems
used is a form of information security awareness that prevents incidents due to negligence in
maintaining information security. Meanwhile, information security components that need to be
evaluated are trusted in application repositories, misconceptions about application testing,
security and agreement messages, pirated applications, and adoption of security control [13].
The various losses caused by the behavior of system users can be classified into three
characteristics, namely good, neutral, and bad behavior. Therefore, private and public sector
institutions need to manage information security, risks, incidents, assets and optimize system
access controllers [14]. It shows that the discussion of information security awareness can be
done by identifying system users' knowledge, attitudes, and behavior. Implicitly, matters related
to knowledge, attitudes, and behavior of system users. In this case, MSME actors in the
Coffeeshop and Souvenir business sector will be discussed with risk management strategies to
obtain an overview of anticipatory steps for MSME actors to respond to incidents due to
negligence in maintaining confidential data or information.
This article offers an idea to outline cybersecurity awareness and risk management by
limiting the scope of the discussion to information security awareness. Contextually, the system
users who are the unit of observation of this research are limited to SMEs in the Coffeeshop and
Souvenir business sectors. Implicitly, information security awareness will be studied based on
knowledge, attitudes, behavior, and business risk management to maintain business continuity
and protect confidential data or information. Furthermore, the novelty of this research is the
IJCCS ISSN (print): 1978-1520, ISSN (online): 2460-7258
Title of manuscript is short and clear, implies research results (First Author)
3
reconstruction of the model that connects cybersecurity and risk management to realize
information security resilience based on the MSME business scale.
2. METHODS
The research method used is a qualitative method with a case study approach to MSME
actors in the Coffeeshop and Souvenir business sectors. As an effort to maintain the privacy of
MSME actors and the MSME brand, this study uses the initials of the Coffeeshop business
identity and the Souvenir business to become the Coffeeshop X business and the Souvenir Y
business. Meanwhile, the location of this research is in Salatiga City, Central Java Province,
Indonesia. The considerations for adopting a qualitative method and a case study approach are
as follows. First, the perspective of MSME actors in the Coffeeshop and Souvenir business
sector accumulates from various dimensions related to educational, economic, and socio-
cultural backgrounds. The knowledge, attitudes, and behavior of system users describe complex
processes or dynamics. Second, information security awareness is a private consideration for
MSME actors in the Coffeeshop and Souvenir business sector to manage risks that can cause
business losses. Third, the output of this study is the result of a description of the thoughts of
MSME actors in the Coffeeshop and Souvenir business sector, which is communicated with the
results of previous studies to present novelty and contribute to scientific developments in the
field of cybersecurity and risk management.
Figure 1. Research Stages
Figure 1 represents the stages of this research. In the first stage, the formulation of the
research problem is converted into a research question: first, how is the awareness of
Coffeeshop X and Souvenirshop Y entrepreneurs towards information security?; second, how is
information security risk management at Coffeeshop X and Souvenirshop Y? based on the
formulation of this problem, the data collection process was carried out by conducting in-depth
interviews, observations, and document studies. After obtaining the required data and
information, the triangulation process is used to analyze the relevance between in-depth
interviews, observation, and document studies results. The key informants involved in the in-
depth interview process have the following qualification standards. First, the informant is an
MSME actor in the Coffeeshop and Souvenir business sector. Second, informants use
information technology for product marketing and digital transactions. Third, MSME actors in
the Coffeeshop and Souvenir business sectors have adopted information technology for product
marketing and digital transactions for more than three years. Based on these qualification
standards, in-depth interviews were conducted with the owners and employees of the
Coffeeshop X business and the Souvenir Y business. The key informant from the Coffeeshop X
business was VN, while the key informant from the Souvenir Y business was RRK.
Observations technique were applied by observing the MP application process by owners and
employees in managing digital transaction data (Coffeeshop X business) and using IN and WA
applications for marketing and digital transactions (Souvenir Y business). Meanwhile, the study
of documents related to the Coffeeshop X business transaction data and the Souvenir Y business
is confidential.
Research Design
Data Collection Process
Data Analysis Process
Formulate research problems into research questions
In-depth interview, observation, and document study
ISSN (print): 1978-1520, ISSN (online): 2460-7258
IJCCS Vol. x, No. x, July 201x : first_page end_page
4
The triangulation technique is used to obtain valid and credible data as a factual
representation of the study on cybersecurity and risk management. Specifically, the
triangulation technique is a process of validating the results of in-depth interviews, observations,
and document studies to maintain the coherence and correspondence of the data studied in this
study. In addition, triangulation techniques consider the relevance of the content to the context
of research related to information security awareness based on aspects of knowledge, attitudes,
and behavior of system users. In this case, Coffeeshop X business owners and employees (as
key informants) use the MP application, and business owners and employees Souvenir Y (as a
key informant) uses the IN application for product marketing.
3. RESULTS AND DISCUSSION
3.1 Cybersecurity Awareness : Information Security Awareness
Cybersecurity is a popular topic among academics and practitioners to optimize system
performance to be used safely, effectively, and efficiently. The development of Cybersecurity
studies can be traced based explicitly on the dimensions of operation security [15],
communication security [16], information security [17], physical security [18], [19], and
military security [20]. In the context of this research, the study on Cybersecurity is focused on
Information Security Awareness of the owners and employees of the Coffeeshop X and
Souvenir Y businesses. The information security awareness in the context of Coffeeshop X and
Souvenir Y businesses can be seen in Table 1 below.
Table 1 Information Security Awareness of Coffeeshop X and Souvenir Y Employee
Cyber Security
Awareness
Description
Coffeshop
X
Souvenir
Y
Knowledge
Cyber Crime (Unauthorized access to computer
system and service, illegal contents, data forgery,
cyber espionge, cyber sabotage and extortion,
cracking, cybercrime against government) [21]
Medium
Low
Cyber Security (Operation, Communication,
Information, Physical, Military) [3]
Medium
Low
Attitude
Employees Attitude towards Cybersecuiry [22]
Low
Medium
Privacy Attitude [23]
Low
Medium
Behavior
Risky Online Behaviours[22]
Low
Medium
Secure Behaviour [23]
Low
Medium
Source: Empirical Data (Processed)
Table 1 results from data processing interviews with owners and employees regarding
information security awareness by owners and employees of the Coffeeshop X business and the
Y Souvenir business. In the Coffeeshop X and Souvenir Y business context, both owners and
employees have knowledge that can be categorized as a medium. However, the attitude of
system users regarding Cybersecurity and protection of private matters is still relatively low. In
addition, the behavior of system users related to Cybersecurity, risky online behavior, and
secure behavior is still relatively low. Based on the results of interviews with Coffeeshop X
business employees, the vulnerability aspect that affects the attitudes and behavior of system
users is trust in teamwork empowerment. It is following the results of interviews with OI:
"We have to admit that our understanding of cybercrime and cybersecurity is still minimal because we do not have an
educational background in information technology. However, we are aware of several things related to the rise of
cases of data loss due to being stolen by hackers, fraud through websites that are intentionally created to trap users,
and other cases. Such information makes us more alert to limit the use of hardware that has installed the MP
application, specifically to serve orders and payments. The MP application is a website-based information system
IJCCS ISSN (print): 1978-1520, ISSN (online): 2460-7258
Title of manuscript is short and clear, implies research results (First Author)
5
that can be used on Smartphone devices with low specifications and is directly connected to the business owner's
account. Each employee has created an account and password, and employee number of monitoring the work
schedule and transaction services directly by the business owner. At work, we trust each other. So, we can take turns
serving the ordering and payment processes effectively and efficiently, without having to make consumers wait any
longer."
Based on the results of interviews with OI as the owner of the Coffeeshop X business, it
can be seen that digital technology operations for transactions and marketing are part of the self-
taught learning process, the results of discussions, and participation in informal education. In the
Coffeeshop X business context, the barista has a dual role as an employee in charge of serving
digital transactions (orders and payments) and an employee who mixes drinks according to
consumer demand. Especially for food products, baristas only make reservations on the MP
application. In contrast, the provision of food according to consumer demand will be prepared
by the kitchen (chef and assistant chef). The barista's dual role in handling food and beverage
transaction services demands talent in action and knowledge of the features of a capable MP
application. Baristas who have experience operating MP applications will share knowledge with
other employees to reduce the risk of fraud and conflicts due to misunderstandings due to errors
or negligence of system users when using the MP application.
In the Coffeeshop X business context, team performance is one of the benchmarks for
improving business performance. Trust between the owner and the barista as an employee who
handles the payment process for food and beverage products plays an essential role in
determining the continuity of teamwork in the Coffeeshop X business. Therefore, one form of
controlling employee performance to reduce problems arising from vulnerability is the policy of
creating employee accounts in the MP application. Thus, the owner can monitor the process of
recording purchase transactions based on employee accounts and ask for personal accountability
if there is a discrepancy in the audit results between the recorded digital transactions reported
and the attached purchase notes (printed). The obstacle identified from the barista's dual role as
an employee in charge of mixing coffee and recording digital transactions (orders and
payments) at Coffeeshop X is information security awareness that affects the effectiveness and
efficiency of digital and manual transaction services. The money storage (cash machine) and
MP application hardware (tablet) are located on the same table as the coffee maker without
strict supervision, relying only on trust. The barista account is in an operational condition, so
irresponsible people can misuse it. In addition, the MP application is a website-based
information system that employees can access from personal smartphones by entering the
username and password that the owner as the administrator has created. It indicates a high risk
of misuse of system user accounts so that it requires attitudes and behaviors that are aware of
data or information security.
In terms of quantity, the barista on duty is limited to two people by changing working
hours. Consumers who want to order or pay for food and beverage products must wait in front
of the cashier until the barista is ready to record digital transactions (orders and payments). The
barista does not provide an order confirmation question in the payment process according to the
table number but based on the characteristics of the food and beverage product ordered
previously. It can cause a technical error, namely the customer's reservation code being
swapped, so it takes 10-15 minutes to solve the problem. Meanwhile, other customers have to
stay in line or are asked to wait until the issue is resolved or one of the baristas on duty is ready
to serve the ordering process manually. Based on the business conditions of Coffeeshop X, it
can be seen that knowledge about information security is moderate, but attitudes and behavior
are still relatively low (low). Ignorance of private information can be hacked and cause harm to
employees and the workplace through various means such as hacking, phishing, and malware
[15]. The possibility of data loss is very high if the device that has installed a digital transaction
recording application is also used to access social media and other websites [24]. In addition, to
optimize business performance, the risks of various business activities related to information
security awareness of system users need to be increased [25]. Business performance relies
heavily on data to measure sales achievement based on the targeted period, so the data security
ISSN (print): 1978-1520, ISSN (online): 2460-7258
IJCCS Vol. x, No. x, July 201x : first_page end_page
6
structure is written in the Standard Operational Procedure and must be applied by every system
user [26]. Cybersecurity, especially Information Security Awareness for coffee shop business
SMEs (owners and employees), shows that business information security awareness
(knowledge, attitudes, and behavior) needs to be optimized to minimize the risk of cybercrime
that harms the business.
In the context of the MSME business Souvenir Y, digital marketing using the IN social
media application has an essential role in supporting the sustainability of the Souvenir Y
business. Business owners can do product marketing independently by documenting souvenirs
based on price and size characteristics using smartphone devices. Meanwhile, customer trust in
the Souvenir Y business is mobilized by the availability of information in reviews or
testimonials from consumers who have a history of purchasing transactions with the Souvenir Y
business before. On the other hand, Souvenir Y's knowledge of Cybersecurity and Cyber Crime
is still relatively low. Based on the results of interviews with Souvenir Y business owners, it can
be seen that the inadequate knowledge of Cybersecurity and Cyber Crime Souvenir Y is caused
by educational backgrounds that are not related to information technology. In addition, the
attention of business owners is more dominant on business opportunities and market
segmentation, compared to the vulnerability of data or business information from digital
applications. This is following the results of interviews with RRK:
"I don't know much about Cybersecurity because I'm not an IT kid, but I know a little about Cyber Crime, such as
hacking, phishing, and carding. There is currently enough information about crime in the virtual space, easy to
access, just input keywords in the search engine (google). We can know things related to cybercrime and how to
anticipate it. After knowing this information, I was careful when accessing websites with many advertisements, so I
didn't get trapped like my colleague whose WA business account was hacked because my friend was told to input a
code from a prized SMS. A friend of mine clicked on a link from an online gambling website because he thought he
would get a prize, but his social media account was actually hacked. I take the experience of my colleagues as a
lesson, so I have to be more vigilant. I marketed souvenir products using the IN social media application, regarding
product quality, packaging, and delivery processes, it can be seen from consumers' comments. Orders can be made
via WA, and we will deal when it has been fully transferred. I will send the goods if in doubt, don't order. The
souvenirs that I sell have their uniqueness, so if you're not interested, that's okay. So that the souvenirs I sell are
famous, purchases that should be manual, I asked them to provide testimonials on business social media accounts to
trust each other, no tricks. Personally, this business account means a lot because consumer reviews are non-
repeatable."
Based on the results of interviews with key informants, namely RRK as the owner of
the Souvenir Y business, it can be seen that knowledge about Cybersecurity and Cyber Crime is
still relatively low. Nevertheless, the attitude and behavior of using the system for product
marketing through IN social media can be categorized as a medium. As a social media account
owner for the Souvenir Y business, the password for account security is updated regularly.
Furthermore, all emails and passwords from business social media accounts have been recorded
manually as an anticipatory form of various risks of losing or forgetting passwords. In addition,
hardware or Smartphones used for business are different from smartphones used for personal
purposes, thus avoiding multiple potential personal omissions that harm Souvenir Y's business.
It shows that knowledge about Cybersecurity and Cyber Crime that is not deep does not always
indicate the same attitude and behavior. In the Souvenir Y business context, attitudes and
behaviors regarding information or data security awareness can be categorized as a medium
stage. Souvenir Y owners always pay attention to the security of social media accounts used to
market Souvenir Y products. In addition, the trigger for information security awareness has a
relationship with the characteristics of the business being run, where consumer confidence in
Souvenir Y's business processes lies in buyer reviews of the products sold. In online shops,
several previous studies have shown that consumer satisfaction is influenced by the quality of
services applied by online shop entrepreneurs [27]. Therefore, online shop owners must
implement quality promotional strategies through websites and social media [28]. Consumer
confidence in online business activities is influenced by service quality [29] and ease of
IJCCS ISSN (print): 1978-1520, ISSN (online): 2460-7258
Title of manuscript is short and clear, implies research results (First Author)
7
transaction [30]. In addition, consumer perceptions of previous transaction history also affect
consumer confidence [31].
3.2 Cybersecurity Awareness : Risk Management for Information Security Issues
Cybersecurity awareness has a significant relationship with risk management for
business information security [23]. [32] Shows that the risks related to Cybersecurity that need
to be managed in a business are as follows: partner trust; information theft; insufficient
protection of cargo in transit; plant malfunctioning; counterfeit products; failure of IT
equipment; product specification fraud; manipulation of data; poor cryptographic decisions;
insufficient protection of cargo in transit. It shows that the components related to Cybersecurity
awareness in the business realm are holistic and need to be studied contextually. The Sources of
risk in the Coffeeshop business can be analyzed based on supply risk, operational risk, and
customer risk. The Customer risk aspect is dominant in the Coffeeshop business because of the
business characteristics that rely on services and food or beverage products. Some factors
influence consumers to choose coffeeshop characteristics based on location, cost, atmosphere,
facilities, food, and beverages. Consumer perceptions of the services provided by coffee shop
owners and employees also affect consumer loyalty and willingness to pay [33]. Therefore, the
product marketing management applied by the Coffeeshop Business manager must be
representative of product quality, as well as consumer preferences. Meanwhile, the
authentication of food and beverage products and services that reflect the characteristics of a
coffee shop is an essential part of attracting consumers' attention. Based on the features of the
Coffeeshop business, the concept of risk management based on aspects of supply risk,
operational risk, and customer risk becomes relevant.
In addition to coffee shops, the concept of risk management based on aspects of supply
risk, operational risk, and customer risk is also relevant to the characteristics of the souvenir
business. Souvenir business can be managed individually, group, or professional business entity
[34]. Raw materials and the features of Souvenir products also vary according to consumer
preferences. Product marketing can be applied conventionally and digitally depending on the
financial capabilities of the business owner [35]. Finally, souvenir products relate to the
memories or socio-cultural identity of the people in an area or country. The Souvenir business
offers material aspects and cultural aspects, namely the value attached to the Souvenir product
[36]. Thus, the Souvenir business entrepreneur seeks to manage various risks related to supply
risk, operational risk, and customer risk, as shown in Table 2 below.
Table 2 Source of Risk and Risk Management
Business
Source of Risk
Coffeeshop X
Souvenir Y
Supply Risk
Theft of Vendor Credential
Modification of the Source code through Malware
Supply of Compromised Software
Breach from the Vendor Network
Inaccessibility of Supplier
Operational
Risk
Failure to detect coding errors
Product specification fraud
Data Theft
Customer Risk
Manipulation of Data
Unauthorized access to customer’s data
Fraudulent communication
Information Sabottage
Unauthorized payment gateways
Intellectual Property Theft
Source : Modified Sources of Cyber Security Risk [32]
Table 2 is a source of risks related to Cyber Security in a business context. In
Coffeeshop X's business, risk management strategies for Cyber Security can be analyzed from
three aspects: supply risk, operational risk, and customer risk. Expressly, risk management for
ISSN (print): 1978-1520, ISSN (online): 2460-7258
IJCCS Vol. x, No. x, July 201x : first_page end_page
8
supply risk is limited to the risk management of vendor credential theft. Meanwhile, risk
management for operational risk is limited to product specification fraud and data theft risk
management. Meanwhile, risk management for customer risk is risk management for cases of
data manipulation, unauthorized access to customer data, false communications, information
sabotage, unauthorized payment gateways, and intellectual property theft. Coffeeshop X's
business has business processes that involve vendors as suppliers of raw materials. Meanwhile,
information regarding the vendor's credentials is confidential, so the risk of disseminating
vendor information needs to be anticipated. The Coffeeshop X business seeks to protect member
data as permanent consumers and transaction history by consumers. Purchase data is
confidential, which is only used by the owner of the Coffeeshop X business. In addition,
original product specifications, in this case, raw materials and seasonings for the manufacture of
specialty drinks and food products belonging to the Coffeeshop X business, are also
confidential. There are rules for baristas in recording payment transactions via cash or transfer
to a predetermined account number.
Furthermore, employees are required to print receipts to be audited by the business
owner for the bookkeeping process. In addition, access to consumer data related to purchase
history is limited by the Coffeeshop X business owner as of the MP application administrator.
Matters related to the brand logo and gastronomy of food and beverage products
commercialized by the Coffeeshop X business are intellectual property that is legal or protected
by law. Thus, the customer risk management of Coffeeshop X's business is more dominant than
supply risk and operational risk.Dalam konteks manajemen risiko untuk bisnis Souvenir Y,
pengelolaan risiko yang berhubungan dengan Cyber Security dapat terbatas pada aspek
operational risk, dan customer risk. Aspek Supply risk tidak tersedia, karena proses bisnis
Souvenir Y ditangani secara mandiri (level mikro) dimulai dari pembelian bahan baku hingga
produksi. Meskipun demikian, bisnis Souvenir Y memiliki manajemen risiko yang berhubungan
dengan operational risk khususnya manajemen risiko kasus penipuan spesifikasi produk dan
pencurian data pelanggan dari smartphone pribadi. Apabila akun media sosial dari Smartphone
diretas, pemilik bisnis Souvenir Y telah menyiapkan backup data manual (hasil screenshot
percakapan digital). Selanjutnya, manajemen risiko yang berhubungan dengan customer risk
ialah manajemen risiko terjadinya kasus manipulasi data produk atau data transaksi, akses tidak
sah ke data pelanggan atau akun yang diretas, komunikasi palsu mengatasnamakan pemilik
akun bisnis Souvenir Y, serta sabotase informasi tentang nomor rekening bisnis Souvenir Y.
Pemilik bisnis Souvenir Y selalu memberikan pernyataan atau pengumuman yang diposting
pada akun media sosial terkait dengan keabsahan akun, agar konsumen tidak dijebak oleh kasus
penipuan oleh oknum yang meniru akun media sosial busines Souvenir Y. Kendala yang
dimiliki oleh pemilik bisnis Souvenir Y ialah keterbatasan modal finansial untuk mengurus
legalitas produk menjadi hak kekayaan intelektual yang dilindungi hukum. Berdasarkan hasil
identifikasi proses bisnis Souvenir Y, dapat diketahui bahwa manajemen customer risk lebih
dominan dibandingkan dengan operational risk.
This study shows a fundamental difference between the risk management of the
Coffeeshop X business and the Souvenir Y business. The risk management of the Coffeeshop X
business is procedural and complex because it involves more than one system user. Meanwhile,
the business process for marketing is carried out by the owner, while the production of food and
beverages is explicitly handled by the kitchen (chef and assistant chef). Furthermore, the
brewing and reservation sections are operated by the barista who doubles as an admin. It is
different from the Souvenir business risk management, which is managed at the micro-level. It
emphasizes the security of consumer data and information accumulated in the Souvenir Y
business digital communication media (WA applications and IN social media). Case studies on
Coffeeshop X and Souvenir Y in risk management show that the customer risk aspect is
dominant, compared to the supplier risk and operational risk aspects. Thus it can be seen that the
study of risk management related to information security awareness in MSMEs cannot be
generalized and needs to be reviewed contextually based on business characteristics, products,
market segmentation, business processes, number of workers, and technology used.
IJCCS ISSN (print): 1978-1520, ISSN (online): 2460-7258
Title of manuscript is short and clear, implies research results (First Author)
9
3.3 Engange Cybersecurity Awareness and Risk Management for Information Security
Resilience in MSMEs
This study offers a model for realizing information security resilience by linking
cybersecurity awareness and risk management in learning information security resilience for
Micro, Small, and Medium Enterprises (MSMEs). The construction of ideas for designing
models is interpreted based on various negligence of business actors in understanding business
processes and the needs of technology tools. In addition, the dominance of socio-cultural
aspects in the economic dimension, especially in business, has led to the indecisiveness of
system access mobility based on user authority. Also, through Coffeeshop X and Souvenirshop
Y, the use of information technology tends to follow the trend or popularity of the market
without understanding the scale of the business and the business processes involved. In addition,
employees who work at Coffeeshop X and Souvenirshop Y can access the system without any
usage restrictions based on authority so that they are vulnerable to abuse.
In Micro, Small, and Medium Enterprises (MSMEs), professional teamwork tends to be
weak because the working relationship is dominated by mutual trust between business owners
and working employees. Therefore, a professional attitude in administrative matters needs to be
applied as a work culture by reminding various aspects of information security vulnerabilities
that may occur and the risk of employee negligence on business continuity. In the context of
Coffeeshop X and Souvenirshop Y, a work culture that relies on social values needs to be
balanced with the value of professionalism that adheres to the business system. It is necessary to
reduce business obstacles caused by the lack of awareness about cybersecurity without proper
risk management. This study offers a constructive idea to realize information security resilience
in MSMEs, as shown in Figure 2.
Figure 2. Information Security Resilience Model for MSMEs
Sumber : Reconstructed from Empirical Data
Figure 1 is a recommendation from this research for efforts to maintain information
security based on the results of cybersecurity and risk management analysis, namely: first,
reclassification of business security levels based on the characteristics of technology devices
used to support business processes; second, limiting the mobility of system users based on the
employee's authority which the business owner has validated; third, rebuilding the value of
professional teamwork in administrative matters; fourth, remind employees regularly about the
vulnerability aspects of business information security. These four things are reconstructed from
the results of the Coffeeshop X and Souvenirshop Y case studies. Previous studies examining
cybersecurity and risk management in the MSME sector have not presented a contextual idea
regarding maintaining business information security based on business characteristics. Through
this study, the description of the Coffeeshop and Souvenirshop business processes that are
managed independently or based on a team needs to pay attention to the resilience of
information security caused by weak knowledge, attitudes, and behavior. Moreover, running a
business by ignoring the risk of information security in supply, operational, and customer
aspects.
1. Reclassification level of the business
process and the needs of technology.
2. Restrict Mobility of user based on
confirmed authority
3. Rebuild the professional teamwork value
in administrative matters.
4. Remind the employee of information
security vulnerability
Information
Security
Resilience
Cybersecurity
Knowledge
Attitude
Behaviour
Supply Risk
Operational Risk
Customer Risk
Risk Management
ISSN (print): 1978-1520, ISSN (online): 2460-7258
IJCCS Vol. x, No. x, July 201x : first_page end_page
10
The limitation in this research is the reconstruction of ideas that rely on micro and
small-scale businesses from a holistic study of MSMEs. In addition, the adoption of qualitative
methods as an approach that prioritizes the depth of information has ignored the generalization
of the MSME business. However, this research has succeeded in capturing the characteristics of
MSME businesses in Indonesia, especially on the micro and small scale, which still shows gaps
in previous research. The recommendation for further research is to compare the results of this
study by connecting aspects of cybersecurity, risk management aspects with the business model
canvas in case studies that represent the characteristics of Micro, Small, and Medium
Enterprises in Indonesia. Thus, this kind of research can contribute to the development of
science in business system security that connects information technology, information systems,
economics, and MSMEs.
4. CONCLUSIONS
This research shows that team-managed businesses have a higher vulnerability than
individual-managed businesses. Based on case studies on MSME Coffeeshop X and Souvenir
Y, the use of information systems for recording transactions and product marketing involving
more than one system user has a higher level of vulnerability than information systems for
transactions processing and product marketing operated by one person. According to the aspects
of knowledge, attitude, and behavior, the classification of information security awareness shows
that the level of expertise about Cybersecurity and Cyber Crime at a low or medium level is not
always the same as the level of attitude and behavior of system users. It shows that the level of
knowledge, attitudes, and behavior about information security awareness is highly dependent on
product characteristics, business processes, and the number of system users. Furthermore, risk
management at Coffeeshop X and Souvenir Y is very dominant in customer risk compared to
supplier risk and operational risk. Thus it can be seen that the study of risk management related
to information security awareness in MSMEs cannot be generalized and needs to be reviewed
contextually based on business characteristics, products, market segmentation, business
processes, number of workers, and technology used. This study offers an idea to overcome this
problem, namely by considering the following four aspects: first, reclassification of business
security levels based on the characteristics of technology devices used to support business
processes; second, limiting the mobility of system users based on the employee's authority
which the business owner has validated; third, rebuilding the value of professional teamwork in
administrative matters; fourth, remind employees regularly about the vulnerability aspects of
business information security. Thus, information security resilience is realized for business
continuity. ACKNOWLEDGEMENTS
I want to thank all the informants who have participated in this research. I also thank the Atma
Jaya Catholic University of Indonesia and Satya Wacana Christian University.
REFERENCES
[1] G. Rahmadi and A. Raf’ie Pratama, “Analisis Kesadaran Cyber Security pada Kalangan
Pelaku e-Commerce di Indonesia,” Automata, vol. 1, no. 2, pp. 17, 2020, [Online].
Available: https://journal.uii.ac.id/AUTOMATA/article/view/15399.
[2] S. F. Aboelfotoh and N. A. Hikal, “A review of cyber-security measuring and
assessment methods for modern enterprises,” Int. J. Informatics Vis., vol. 3, no. 2, pp.
157176, 2019, doi: 10.30630/joiv.3.2.239.
[3] F. Anwar, B. U. I. Khan, R. F. Olanrewaju, B. R. Pampori, and R. N. Mir, “A
comprehensive insight into game theory in relevance to cyber security,” Indones. J.
Electr. Eng. Informatics, vol. 8, no. 1, pp. 189203, 2020, doi: 10.11591/ijeei.v8i1.1810.
[4] S. Aritonang, H. Yulieanto, and D. D. A. Rajab, “Internet Eavesdropping : Information
Security Challenge in the Cyberspace,” J. Pertahanan, vol. 4, no. 1, pp. 6175, 2018,
IJCCS ISSN (print): 1978-1520, ISSN (online): 2460-7258
Title of manuscript is short and clear, implies research results (First Author)
11
[Online]. Available:
http://jurnal.idu.ac.id/index.php/DefenseJournal/article/view/253/pdf4.
[5] F. T. Riadi, A. D. Manuputty, and A. Saputra, “Evaluasi Manajemen Risiko Keamanan
Informasi Dengan Menggunakan COBIT 5 Subdomain EDM03 (Ensure Risk
Optimisation) (Studi Kasus : Satuan Organisasi XYZ – Lembaga ABC),” JUTEI, vol. 3,
no. 1, pp. 110, 2018, doi: 10.21460/jutei.2018.12.53.
[6] A. Z. Maingak and L. D. Harsono, “Information Security Assessment Using Iso / Iec
27001 : 2013 Standard,” Trikonomika, vol. 17, no. 1, pp. 2837, 2018, [Online].
Available: http://journal.unpas.ac.id/index.php/trikonomika/article/view/1138/618.
[7] A. Fathurohman and R. W. Witjaksono, “Analysis and Design of Information Security
Management System Based on ISO 27001: 2013 Using ANNEX Control (Case Study:
District of Government of Bandung City),” Bull. Comput. Sci. Electr. Eng., vol. 1, no. 1,
pp. 111, 2020, doi: 10.25008/bcsee.v1i1.2.
[8] P. D. Ibnugraha, L. E. Nugroho, and P. I. Santosa, “An approach for risk estimation in
information security using text mining and jaccard method,” Bull. Electr. Eng.
Informatics, vol. 7, no. 3, pp. 393399, 2018, doi: 10.11591/eei.v7i3.847.
[9] I. G. N. Mantra, “The Modeling of Information Security Classification With Risk Value
Assesment Factor to Good Information Governance on The Indonesia Higher Education
Sector,” JATISI (Jurnal Tek. Inform. dan Sist. Informasi), vol. 3, no. 1, pp. 1222, 2016.
[10] W. B. W. Ismail, R. A. T. R. Ahmad, S. Widyarto, and K. A. Ghani, “A generic
framework for information security policy development,” Int. Conf. Electr. Eng.
Comput. Sci. Informatics, vol. 2017-Decem, no. September, pp. 1921, 2017, doi:
10.1109/EECSI.2017.8239132.
[11] Dafid and Dorie, “Metode MCDA Untuk Pengukuran Tingkat Kesadaran Keamanan
Informasi Pada Mahasiswa,” JATISI (Jurnal Tek. Inform. dan Sist. Informasi), vol. 7, no.
1, pp. 1120, 2020, doi: 10.35957/jatisi.v7i1.296.
[12] I. R. Munthe and I. Purnama, “Uji Tingkat Kesadaran Keamanan Informasi Pengguna
Smartphone (Studi Kasus: Amik Labuhan Batu),” J. Tek. Inf. dan Komput., vol. 2, no. 2,
pp. 156165, 2019, doi: 10.37600/tekinkom.v2i2.113.
[13] R. Akraman, C. Candiwan, and Y. Priyadi, “Pengukuran Kesadaran Keamanan
Informasi Dan Privasi Pada Pengguna Smartphone Android Di Indonesia,” J. Sist. Inf.
Bisnis, vol. 8, no. 2, pp. 115122, 2018, doi: 10.21456/vol8iss2pp1-8.
[14] D. C. Islami and K. B. I. H. Candiwan, “Kesadaran Keamanan Informasi pada Pegawai
Bank x di Bandung Indonesia,” J. INKOM, vol. 10, no. 1, pp. 18, 2016, doi:
10.14203/j.inkom.428.
[15] A. D. Smith and W. T. Rupp, “Issues in cybersecurity: Understanding the potential risks
associated with hackers/crackers,” Inf. Manag. Comput. Secur., vol. 10, no. 4, pp. 178
183, 2002, doi: 10.1108/09685220210436976.
[16] A. S. Firdaos, “Sistem Pengamanan dan Pemantau Sepeda Motor Menggunakan NFC (
Near Field Communication ) dan GPS ( Global Positioning System ) Security and
Monitoring System in Motorcycle Using NFC ( Near Field Communication ) and GPS (
Global Positioning System ),” vol. 5, no. 1, 2017.
[17] R. Z. Yousif, S. W. Kareem, and S. M. Abdalwahid, “Enhancing Approach for
Information Security in Hadoop,” Polytech. J., vol. 10, no. 1, pp. 8187, 2020, doi:
10.25156/ptj.v10n1y2020.pp81-87.
[18] D. Efstathiou, “A collaborative physical layer security scheme,” Int. J. Electr. Comput.
Eng., vol. 9, no. 3, pp. 19241934, 2019, doi: 10.11591/ijece.v9i3.pp1924-1934.
[19] P. T. Tin, D. H. Ha, M. Tran, and T. T. Trang, “Physical security layer with friendly
jammer in half-duplex relaying networks over rayleigh fading channel: Intercept
probability analysis,” Bull. Electr. Eng. Informatics, vol. 9, no. 4, pp. 16941700, 2020,
doi: 10.11591/eei.v9i4.2249.
[20] Sumantri, “The Urgency of National Security Council (NSC) in the Context of Cyber
Security as a Sub System of National Security to Protect State and People,” J. Soc. Polit.
ISSN (print): 1978-1520, ISSN (online): 2460-7258
IJCCS Vol. x, No. x, July 201x : first_page end_page
12
Sci., vol. 1, no. 1, pp. 7175, 2020.
[21] S. S. Aulianisa and I. Indirwan, “Critical Review of the Urgency of Strengthening the
Implementation of Cyber Security and Resilience in Indonesia,” Lex Sci. Law Rev., vol.
4, no. 1, pp. 3348, 2020, doi: 10.15294/lesrev.v4i1.38197.
[22] L. Hadington, “Employees Attitude towards Cyber Security and Risky Online
Behaviours : An Empirical Assessment in the United Kingdom,” Int. J. Cyber Criminol.,
vol. 11, no. 1, pp. 262274, 2018, doi: 10.5281/zenodo.495776.
[23] T. Halevi, N. Memon, and J. Lewis, “Cultural and psychological factors in cyber-
security,” J. Mob. Multimed., vol. 13, no. 12, pp. 4356, 2017.
[24] F. Kwarto and M. Angsito, “Pengaruh Cyber Crime Terhadap Cyber Security
Compliance Di Sektor Keuangan,” J. Akunt. Bisnis, vol. 11, no. 2, pp. 99110, 2018, doi:
10.30813/jab.v11i2.1382.
[25] A. Ghadge, M. Weiß, N. D. Caldwell, and R. Wilding, “Managing cyber risk in supply
chains: a review and research agenda,” Supply Chain Manag., vol. 25, no. 2, pp. 223
240, 2020, doi: 10.1108/SCM-10-2018-0357.
[26] M. S. Ansari, “Information System Security (Cyber Security),” J. Inform., vol. 2, no. 1,
pp. 189197, 2016, doi: 10.31311/ji.v2i1.60.
[27] A. Setiyanigrum and H. Hidayat, “Service Quality dan Kepuasan Konsumen : Studi
Empiris dan Implikasinya pada Toko Online,” J. Ilm. Manaj., vol. 6, no. 2, pp. 247260,
2016.
[28] R. Rachmatullah and R. Yanto, “Sistem Penjualan Online Spare Part Mobil di Toko
Citra Abadi Motor Semarang,” Indones. J. Netw. Secur., vol. 5, no. 3, pp. 5662, 2016.
[29] R. R. Febriani and B. Sudaryanto, “Pengaruh Brand Image dan Kualitas Layanan
Terhadap Kepercayaan dan Keputusan Pembelian pada Toko Online (Studi Pada
Konsumen OLX.co.id di Kota Semarang),” Diponegoro J. Manag., vol. 7, no. 2, pp. 1
11, 2018.
[30] F. Alwafi and R. H. Magnadi, “Pengaruh Persepsi Keamanan, Kemudahan Bertransaksi,
Kepercayaan terhadap Toko dan Pengalaman Berbelanja terhadap Minat Beli Secara
Online pada Situs Jual Beli tokopedia.com,” Diponegoro J. Manag., vol. 5, no. 2, pp. 1
15, 2016.
[31] A. Mohansyah and R. Parani, “Digital Online Dan Trust Dalam Hubungan Antara
Tokopedia Dengan Penguna Layanan,” J. Lontar, vol. 6, no. 1, pp. 5868, 2018.
[32] S. Pandey, R. K. Singh, A. Gunasekaran, and A. Kaushik, “Cyber security risks in
globalized supply chains: conceptual framework,” J. Glob. Oper. Strateg. Sourc., vol.
13, no. 1, pp. 103128, 2020, doi: 10.1108/JGOSS-05-2019-0042.
[33] M. Setiawardani, “Peran Servicescape Terhadap Peningkatan Loyalitas Pelanggan (
Kajian Empiris terhadap Pelanggan Yumaju Coffee ),” J. Ris. Bisnis dan Inov., vol. 7,
no. 1, pp. 1021, 2021.
[34] E. Irawan, “Analisis Faktor – Faktor Yang Mempengaruhi Pendapatan Anggota
Kelompok Sadar Wisata Pada Usaha Industri Kecil Kerajinan Souvenir Di Kota
Mataram,” J. Ekon. dan Bisnis Indones., vol. 2, no. 1, pp. 110, 2017, doi:
10.37673/jebi.v2i1.47.
[35] A. T. Novitasari, “Pelatihan Membuat Kerajinan Souvenir Rangka Besi untuk
Meningkatkan Keterampilan Berwirausaha,” JAPI, vol. 5, no. 2, pp. 124131, 2020.
[36] D. Islamiyati and C. Chairy, “the Influence of Memorable Souvenirs Shopping
Experience and Place Identity on Revisit Intention (the Case of Yogyakarta),” J. Muara
Ilmu Ekon. dan Bisnis, vol. 5, no. 1, pp. 205213, 2021, doi: 10.24912/jmieb.v5i1.11054.
... SMEs can implement risk management in accordance with business criteria. Singgalen et al., (2021) explained that there are 3 (three) types of risk management, namely supply risk, operational risk, and customer risk. On the other hand, Ass Sajjad et al., (2020) divided the types of risk management into three, namely financial risk, product risk and market risk. ...
Risk Management Towards the Recovery and Sustainability of the SMEs Business in the Post COVID-19 Era
Article
Full-text available
  • Jan 2024
Purpose: The objective of this study was to identify risk management supporting the recovery and sustainability of SME businesses in Indonesia after the COVID-19 pandemic crisis. Theoretical Framework: Recent literature, Lima et al (2020) researched risk management in SMEs, using a literature review approach, create a concept of risk management in SMEs, which so far have not been widely studied. The result state that financial risk management and enterprise risk management, are among the most studied in the literature. Design/Methodology/Approach: This research method uses a literature review approach to systematically analyze risk management that has and has not been carried out by SMEs in Indonesia. In addition, it also provides insight and understanding related to risk management needed by SMEs in the recovery period, as well as strategies for adapting sustainable business concepts. Findings: The results of this study explain that SMEs in Indonesia experience many risks in running their business and are too vulnerable to face economic shocks. To adopt the concept of a sustainable business and business recovery after the COVID-19 pandemic, SMEs in Indonesia must carry out comprehensive risk management. Research, Practical & Social Implications: We suggest a future research agenda and highlight the contributions made to executive and management education. Originality/Value: The results indicate that the number of publications is growing, and the management and business area is the one that contributes the most, with the countries that produce in co-authorship also providing the most publications.
View
... Selain itu menurut hasil penelitian [10] bahwa bisnis yang dikelola secara tim memiliki kerentanan yang lebih tinggi dibandingkan bisnis yang dikelola secara individu. Beberapa permasalahan kerentanan yang sering menjadi permasalahan adalah kekuatan password, akses internet dan file sharing yang kurang aman, serta banyaknya serangan phishing pada email [11]. ...
Security Awareness Framework untuk Usaha Mikro, Kecil dan Menengah di Indonesia
Article
Full-text available
  • Dec 2023
Perkembangan teknologi yang semakin masif memiliki dampak positif dan negatif terhadap kegiatan bisnis. Dampak ini terjadi akibat berbagai tindakan kejahatan dunia maya yang mengikuti perkembangan teknologi yang digunakan. Serangan siber terhadap pelaku atau pemilik usaha mikro, kecil, dan menengah (UMKM) dapat mengakibatkan risiko kerugian reputasi dan keuangan. Langkah-langkah perlindungan diperlukan untuk mencegah kerugian tersebut, dimulai dengan meningkatkan pemahaman mengenai pentingnya keamanan informasi. Penelitian ini bertujuan untuk mengkaji metodologi dan hasil pedoman penilaian keamanan informasi (PAMAN KAMI) yang dikeluarkan oleh Badan Siber dan Sandi Negara (BSSN). National Institute of Standards and Technology Interagency Report 7621 Revision 1 (NISTIR 7621 Rev 1) adalah kerangka kerja keamanan siber untuk mengukur usaha kecil, namun perlu disesuaikan agar mudah dipahami dan digunakan. PAMAN KAMI mengubahnya menjadi pertanyaan yang dapat dijawab sendiri. Kesadaran dan kematangan keamanan siber diukur pada tahun 2020 - 2022 dengan total 964 UMKM berpartisipasi. Namun, hanya 844 UMKM yang mengisi PAMAN KAMI dengan hasil penilaian didominasi oleh kategori BURUK dan KURANG. Penelitian ini juga memvalidasi tingkat literasi keamanan informasi, terutama di UMKM, sehingga dapat digunakan sebagai dasar untuk langkah-langkah mitigasi siber
View
... Although digital technology enables MSMEs to stay connected to customers, reach new customers, and increase income, it also carries risks, including cyber risks such as online fraud, hacking, identity fraud, and consumer data leakage. MSMEs can suffer material and non-material losses as a result of cybercrime (Singgalen et al., 2021). External and internal issues, according to research (Kabanda et al., 2018), also affect the implementation of information security management in developing countries. ...
Evaluation of Information Security Management in Micro, Small, and Medium Enterprises (MSMEs) using Penilaian Mandiri Keamanan Informasi (PAMAN KAMI)
Conference Paper
Full-text available
  • Feb 2023
This study will evaluate the management of information security in Micro, Small, and Medium Enterprises (MSMEs) using Penilaian Mandiri Keamanan Informasi (PAMAN KAMI). Micro, Small, and Medium Enterprises (MSMEs) use Information Technology (IT) to run their business. MSMEs are potential targets for cybercriminals to cause economic and reputational damage. One thing that can be done to minimize the security risk is to evaluate the information security management. The evaluation process can help company to know the level of information security management implementation. In this study, an evaluation process will be applied using Penilaian Mandiri Keamanan Informasi (PAMAN KAMI) framework. The method used in this study is quantitative research based on questionnaire that collect data from digital-based MSMEs. The results indicate that 50.48% of total surveyed MSMEs have reached adequate indicators. All MSMEs that have been surveyed have implemented more than 50% of all the protection measure clauses in the PAMAN KAMI framework. There is a gap between the application of information security from all 103 MSMEs that have been surveyed with the PAMAN KAMI standards. The biggest gap is in the PR-24 clause, while the smallest gap is in the PR-01 clause.
View
Evaluation of Village Information System Maturity Using the KAMI Index: A Case Study of Indraloka Mukti Village and Its Significance in Information Security Readiness
Article
Full-text available
  • Nov 2024
Information systems are important in managing village data and information, including population data, correspondence administration, and other public services. One of the villages that implemented an information system is Indraloka Mukti village in the Way Kenanga sub-district, Tulang Bawang Barat district. With the implementation of information technology, various risks emerge that can threaten the security of information systems. Considering the importance of information systems in village operations, it is necessary to identify, evaluate, and manage risks to existing information systems. The measuring tool in this research is the KAMI Index (Information Security). The results of the assessment of information security readiness in Indraloka Mukti Village using the KAMI Index show that the electronic system received a score of 17 and is included in the "High" Category; Information security received a score of 90 out of 645, falling within the "Inadequate" Level of Readiness to meet ISO/IEC 270001 standards. All parts of the information security system must be updated, with the lowest maturity level at Level I and the highest at level I+.
View
A Review of Cyber-security Measuring and Assessment Methods for Modern Enterprises
Article
Full-text available
  • May 2019
Regarding the huge spread of technology among individuals and enterprises, technologies and electronic communications become one of the most important pillars of the operation of small and large enterprises alike, and the source of education and entertainment for individuals, this led to thinking about the risks of reliance on this technology and the impact on the economic index of enterprises market, reputation and the safety of individuals and enterprises, these fears forced the experts and decision-makers to think about information security and develop new methods to measure and assess the level of protection of information and data in enterprises and privacy of individuals. This paper introducing a review of recent cyber-security measuring and assessment methodologies and tools based on industry best practices for the measure and assesses of network security and protection of a modern enterprise data network. The analysis is based on a study the methods for the measurement and assessment of information security at the physical and technical level, penetration testing and identification of weaknesses in the cyber-security system followed and policies used in modern enterprises. A comprehensive description of the strengths, weaknesses, and licensing conditions for tools is presented. Moreover, major security requirements associated with modern enterprises is discussed and analyzed to discover vulnerability in the existing systems and explain the potential impact of this vulnerability.
View
THE INFLUENCE OF MEMORABLE SOUVENIRS SHOPPING EXPERIENCE AND PLACE IDENTITY ON REVISIT INTENTION (THE CASE OF YOGYAKARTA)
Article
Full-text available
  • Apr 2021
Yogyakarta adalah penyumbang terbesar kedua bagi Indonesia setelah Bali untuk industri pariwisata dan salah satu dari tiga wilayah emas yang disebut sebagai Joglosemar (Yogyakarta, Solo, dan Semarang). Malioboro salah satu ikon di Yogyakarta, tempat ini menjadi yang paling banyak dikunjungi oleh wisatawan domestik. Penelitian ini berupaya untuk mengetahui pengaruh pengalaman belanja souvenir berkesan pada niat mengunjungi kembali dengan variabel mediasi yaitu identitas tempat dan hubungan masing-masing variabel. Metode penelitian ini adalah kuantitatif, di mana data yang dikumpulkan melalui kuesioner online menggunakan Google Form dan menyebar ke responden target, yaitu orang-orang yang telah mengunjungi Yogyakarta. PLS 3.2.8 digunakan sebagai alat untuk menganalisis data. Hasil penelitian menunjukkan adanya dampak langsung dari pengalaman belanja souvenir berkesan pada niat mengunjungi kembali dan juga identitas tempat pada niat mengunjungi kembali. Penelitian ini juga membuktikan peran mediasi identitas tempat dalam hubungan antara pengalaman belanja souvenir berkesan dan niat mengunjungi kembali. Implikasi penelitian juga dibahas dalam penelitian ini .Penelitian lanjutan dapat menambah variabel lain yang berkaitan dengan pengalaman pariwisata. Yogyakarta is the second biggest contributor after Bali for Indonesia tourism industry. This area is also known as Joglosemar (Yogyakarta, Solo, and Semarang), a golden triangle for tourism. Malioboro is one of the icons in Yogyakarta, this place become the most visited destination by domestic tourists. This research attempted to find the impact of memorable souvenir shopping experience on revisit intention with place identity as the mediating variable. The methodology of this research was quantitative in nature, where the data collected using google form online questionnaire spreading to the target respondents who are the visitors of Yogyakarta. PLS 3.2.8 was adopted as a tool to analyze the data. The result showed that there is a direct impact of memorable souvenirs shopping experience on revisit intention and also place identity on revisit intention. This research also showed a mediating role of place identity in the relationship between memorable souvenirs shopping experience and revisit intention. The managerial implication was also discussed. The future research may add another variable related to tourist experience.
View
Peran Servicescape Terhadap Peningkatan Loyalitas Pelanggan (Kajian Empiris terhadap Pelanggan Yumaju Coffee)
Article
Full-text available
  • May 2021
The purpose of this study was to identify the servicescape that has been built by Yumaju Coffee and the level of customers’ loyalty, and also to reveal how big the role of servicescape is in increasing customers’ loyalty. The research method used is quantitative methods, the sampling technique uses non-probability sampling with a purposive sampling approach of 100 respondents. The data was collected through a questionnaire using a Likert scale. The data were processed using SPSS, and using descriptive analysis, correlation analysis, simple regression analysis, and analysis of the coefficient of determination, and hypothesis testing. The results of this study indicate that the servicescape built by Yumaju Coffee is categorized as good and the level of customers’ loyalty is also high, and servicescape has a significant role in increasing customer loyalty by 31.8%.
View
Enhancing Approach for Information Security in Hadoop
Article
Full-text available
  • Sep 2020
Developing a confident Hadoop essentially a cloud computing is an essential challenge as the cloud. The protection policy can be utilized during various cloud services such as Platform as a Service (PaaS), Infrastructure as a Service (IaaS), and Software as a Service (SaaS) and also can support most requirements in cloud computing. This event motivates the need of a policy which will control these challenges. Hadoop may be a used policy recommended to beat this big data problem which usually utilizes MapReduce design to arrange huge amounts of information of the cloud system. Hadoop has no policy to ensure the privacy and protection of the files saved within the Hadoop Distributed File System (HDFS). Within the cloud, the safety of sensitive data may be a significant problem within which encryption schemes play an avital rule. This paper proposes a hybrid method between pair well-known asymmetric key cryptosystems (RSA and Rabin) to cipher the files saved in HDFS. Therefore, before storing data in HDFS, the proposed cryptosystem is employed to cipher the information. In the proposed system, the user of the cloud might upload files in two ways, secure or non-secure. The hybrid method presents more powerful computational complexity and smaller latency as compared to the RSA cryptosystem alone.
View
Physical security layer with friendly jammer in half-duplex relaying networks over rayleigh fading channel: Intercept probability analysis
Article
Full-text available
  • Aug 2020
In this research, thephysical security layer with a friendly jammerin half-duplex (HD) relaying networksover the Rayleigh fading channel is proposed and investigated. Firstly, we proposed the system model and the time switching,power splitting protocolsfor the system model. Then we conductedthe mathematical analysisfor deriving theexact analysis and asymptotic analysisintegral forms for intercept probability (IP). Finally, the analytical formulationis verified by the Monte Carlo Simulation with all main system parameters. From the results, we can show that the simulation and analytical values are the same values.
View
Critical Review of the Urgency of Strengthening the Implementation of Cyber Security and Resilience in Indonesia
Article
Full-text available
  • May 2020
The development of information technology in cyberspace is unavoidable. which followed by the vulnerability of threats and attacks on data and information traffic that can threaten the country's sovereignty. One of the ways that can be done is to strengthen Indonesia's cyber infrastructure and institutions. The purpose of this legal research is to find out the urgency of regulating cyber security and resilience in Indonesia and its challenges and obstacles, also to conduct a comparative study in several countries. This research is a normative legal research with qualitative descriptive analysis. The results of the study indicate that arrangements regarding cyber security and resilience are very important and must be enacted immediately. The inability of the current regulations has the potential to threaten the country's sovereignty. Thus, it is necessary to establish a law as lex specialist in dealing with threats and cyberspace attacks in order to create certainty and legal justice.
View
A Comprehensive Insight into Game Theory in relevance to Cyber Security
Article
Full-text available
  • Mar 2020
The progressively ubiquitous connectivity in the present information systems poses newer challenges to security. The conventional security mechanisms have come a long way in securing the well-defined objectives of confidentiality, integrity, authenticity and availability. Nevertheless, with the growth in the system complexities and attack sophistication, providing security via traditional means are increasingly becoming unachievable. A novel theoretical perspective and an innovative approach are thus required for understanding security from a decision-making and strategic viewpoint. One of the analytical tools which may assist the researchers in designing security protocols for computer networks is game theory. The game-theoretic concept finds extensive applications in security at different levels, including the cyberspace and is generally categorized under security games. It can be utilized as a robust mathematical tool for modelling and analyzing contemporary security issues. Game theory offers a natural framework for capturing the defensive as well as adversarial interactions between the defenders and the attackers. Furthermore, defenders can attain a deep understanding of the potential attack threats and the strategies of attackers by equilibrium evaluation of the security games. In this paper, the concept of game theory has been presented, followed by game-theoretic applications in cybersecurity, including cryptography. Different types of games, particularly those focused on securing the cyberspace, have been analysed and varied game-theoretic methodologies including mechanism design theories have been outlined for offering a modern foundation of the science of cybersecurity.
View
ANALISIS FAKTOR – FAKTOR YANG MEMPENGARUHI PENDAPATAN ANGGOTA KELOMPOK SADAR WISATA PADA USAHA INDUSTRI KECIL KERAJINAN SOUVENIR DI KOTA MATARAM
Article
Full-text available
  • Jul 2017
Tujuan penelitian ini adalah untuk menganalisis faktor – faktor yang mempengaruhi pendapatan anggota kelompok sadar wisata pada usaha industri kecil kerajinan souvenir di Kota Mataram. Variabel yang digunakan variabel terikat yaitu pendapatan anggota kelompok sadar wisata dan variabel bebas yaitu modal sendiri, modal diluar modal sendiri dan lama berusaha . Penelitian ini menggunakan data primer serta data skunder sebagai pendukung. Untuk data primer, sampel yang digunakan berjumlah 59 orang. Data dianalisis menggunkan analisis regresi liner berganda. Hasil penelitian(pengolahan data pada taraf α=5%) menunjukkan bahwa hasil pengujian secara serentak tingkat modal sendiri,modal diluar modal sendiri dan lama berusaha berpengaruh signifikan terhadap pendapatan anggota kelompok sadar wisata pada usaha industri kerajinan kecil souvenir di Kota Mataram. Secara parsial variabel modal sendiri mempunyai pengaruh positif dan signifikan terhadap pendapatan anggota kelompok sadar wisata,variabel modal diluar modal sendiri mempunyai pengaruh tidak signifikan terhadap pendapatan anggota kelompok sadar wisata dan variabel lama berusaha mempunyai pengaruh yang positif dan signifikan terhadap pendapatan anggota kelompok sadar wisata.
View
Cyber security risks in globalized supply chains: conceptual framework
Article
Full-text available
  • Jan 2020
Purpose The purpose of this study is to examine cyber security risks in globalized supply chains (SCs). It has been seen to have a greater impact on the performance of SCs. The information and communication technology of a firm, which enhances the efficiency and effectiveness in the SC, could simultaneously be the cause of vulnerabilities and exposure to security threats. Researchers have primarily focussed on the cyber-physical system (CPS) vulnerabilities impacting SC. This paper tries to categorize the cyber security risks occurring because of the SCs operating in CPS. Design/methodology/approach Based on the flow of information along the upstream and downstream SC, this paper tries to identify cyber security risks in the global SCs. It has further tried to categorize these cyber security risks from a strategic point of view. Findings This paper tries to identify the various cyber security risk and cyber-attacks in globalized SC for improving the performance. The 16 cyber security risks have been categorized into three categories, namely, supply risk, operational risk and demand risk. The paper proposes a framework consisting of different cyber-attacks across the information that flows in global SCs along-with suitable mitigation strategies. Research limitations/implications The paper presents the conceptual model of cyber security risks and cyber-attacks in globalized SCs based on literature review and industry experts. Further validation and scale development of these risks can be done through empirical study. Practical implications This paper provides significant managerial insights by developing a framework for understanding the cyber security risks in terms of the drivers of these risks and how to deal with them. From a managerial perspective, this framework can be used as a decision-making process while considering different cyber security risks across the stages of globalized SCs. Originality/value The major contribution of this study is the identification and categorization of cyber security risks across the global SCs in the digital age. Thus, this paper introduces a new phenomenon to the field of management that has the potential to investigate new areas of future research. Based on the categorization, the paper provides insights on how cyber security risks impact the continuity of SC operations.
View
UJI TINGKAT KESADARAN KEAMANAN INFORMASI PENGGUNA SMARTPHONE (STUDI KASUS: AMIK LABUHAN BATU)
Article
  • Dec 2019
Based on statistical data, it is known that Android is the most popular smartphone with the largest number of users in the world, which is around 1.8 billion users. The high number of users also invites many cases of information security and privacy caused by a lack of awareness from users such as spam, spoofing / phishing, network incidents, malware, uploading something of a personal nature such as photos, telephone numbers, addresses or not having antivirus. This study aims to find out about information security and privacy of Android smartphone users by measuring the problem of the dimension of awareness (attitude, knowledge and behavior) with seven focus areas of information security namely trust in app repositories, misconception about app testing, security and agreement messages, pirated application, adoption of security control, spam sms and report of security incidents and three focus areas on privacy namely perceived surveillance, perceived intrusion, secondary use of information. This research uses analytical hierarchy process (AHP) method to measure the level of information security awareness and privacy of smartphone users. Overall, the results of the study indicate that information security has an average level of awareness (71%). But in the focus area the report for security incidents has a poor level of awareness (37%) this is because users prefer to solve their own information security problems experienced and privacy has an average level of awareness (76%). While the secondary use of information in the attitude dimension has a low level of awareness (66%). Based on these findings, it can be concluded that smartphone users at AMIK Labuhan Batu have a poor level of awareness in maintaining information security and privacy..
View