Left in the Dark: Obstacles to Studying and Performing Critical Infrastructure Protection

Grosse, Christine Über; Olausson, Pär M.; Lundåsen, Susanne Wallman

doi:10.34190/ejbrm.19.2.2509

Cited by 2 publications

(1 citation statement)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In other studies, the development of security controls refers to standard security programs or enterprise architecture (EA) with complete security functions (ISO/IEC, 2013; Suter, 2007; NIST, 2018; Center for Internet Security, 2021). CII protection for several service providers results from developing EA (Baina et al , 2020; Erastus et al , 2020; Große et al , 2021; Ramtohul and Soyjaudah, 2016). Despite the variety of approaches for developing security control, the EA approach is more necessary for CII protection at the national level because EA accounts for threats, vulnerabilities, security principles and functions (Putro and Sensuse, 2021).…”

Section: Introductionmentioning

confidence: 99%

Framework for critical information infrastructure protection in smart government: a case study in Indonesia

Putro,

Sensuse,

Wibowo

2023

ICS

View full text Add to dashboard Cite

Purpose This paper aims to develop a framework for critical information infrastructure (CII) protection in smart government, an alternative measure for common cybersecurity frameworks such as NIST Cybersecurity Framework and ISO 27001. Smart government is defined as the government administration sector of CII due to its similarity as a core of smart technology. Design/methodology/approach To ensure the validity of the data, the research methodology used in this paper follows the predicting malfunctions in socio-technical systems (PreMiSTS) approach, a variation of the socio-technical system (STS) approach specifically designed to predict potential issues in the STS. In this study, PreMiSTS was enriched with observation and systematic literature review as its main data collection method, thematic analysis and validation by experts using fuzzy Delphi method (FDM). Findings The proposed CII protection framework comprises several dimensions: objectives, interdependency, functions, risk management, resources and governance. For all those dimensions, there are 20 elements and 41 variables. Practical implications This framework can be an alternative guideline for CII protection in smart government, particularly in government administration services. Originality/value The author uses PreMiSTS, a socio-technical approach combined with thematic analysis and FDM, to design a security framework for CII protection. This combination was designed as a mixed-method approach to improve the likelihood of success in an IT project.

show abstract