Claim Missing Document
Check
Articles

Found 27 Documents
Search

Cyber-Hygiene Pada Informasi Sensitif Di Sektor Pemerintah Juraida, Erni; Yazid, Setiadi
JUTIM (Jurnal Teknik Informatika Musirawas) Vol 9 No 2 (2024): JUTIM (Jurnal Teknik Informatika Musirawas) DESEMBER
Publisher : LPPM UNIVERSITAS BINA INSAN

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32767/jutim.v9i2.2368

Abstract

As reliance on digital systems increases, governments face significant challenges in protecting sensitive information from cyber threats. This research explores the effectiveness of cyber hygiene practices and regulations in maintaining the security of sensitive information in government entities. It highlights the importance of cyber hygiene practices, examines the role of regulation, evaluates its effectiveness, and identifies challenges in maintaining strong cyber security. The study was conducted using the Systematic Literature Review (SLR) method with the Kitchenham technique, reviewing 36 research publications selected from 612 papers published between 2018 and 2024. The results show that cyber hygiene practices in government have different characteristics compared to non-government organisations, given their potential impact on national security, diplomatic relations and public trust.
Comparison of Feature Selection Methods for DDoS Attacks on Software Defined Networks using Filter-Based, Wrapper-Based and Embedded-Based Kurniawan, M.T.; Yazid, Setiadi; Sucahyo, Yudho Giri
JOIV : International Journal on Informatics Visualization Vol 6, No 4 (2022)
Publisher : Society of Visual Informatics

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30630/joiv.6.4.1476

Abstract

The development of internet technology is growing very rapidly. Moreover, keeping internet users protected from cyberattacks is part of the security challenges. Distributed Denial of Service (DDoS) is a real attack that continues to grow. DDoS attacks have become one of the most difficult attacks to detect and mitigate appropriately. Software Defined Network (SDN) architecture is a novel network management and a new concept of the infrastructure network. A controller is a single point of failure in SDN, which is the most dangerous of various attacks because the attacker can take control of the controller so that it can control all network traffic. Various detection and mitigation methods have been offered, but not many consider the capacity of the SDN controller. In this research, we propose a feature selection method for DDoS attacks. This research aims to select the most important features of DDoS attacks on SDN so that the detection of DDoS on SDN can be lightweight and early. This research uses a dataset [1] generated by a Mininet emulator. The simulation runs for benign TCP, UDP, and ICMP traffic and malicious traffic, which is the collection of TCP SYN attacks, UDP Flood attacks, and ICMP attacks. A total of 23 features are available in the dataset, some are extracted from the switches, and others are calculated. By using three methods, filter-based, wrapper-based, and embedded-based, we get consistent results where the pktcount feature is the highest feature importance of DDoS attacks on SDN.
Blockchain Technology Adoption for Life Insurance: Risk, Readiness, and Relevance Susianto, Isyrofi; Yazid, Setiadi; Ermawan, Geri Yesa
International Journal of Advances in Data and Information Systems Vol. 6 No. 3 (2025): December 2025 - International Journal of Advances in Data and Information Syste
Publisher : Indonesian Scientific Journal

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.59395/ijadis.v6i3.1479

Abstract

Blockchain technology has been widely discussed as a transformative solution for operational inefficiencies in the insurance sector, particularly in automating claims processing, enhancing transparency, and ensuring data immutability. However, adoption within the life insurance industry remains limited. This paper investigates the barriers and potential of blockchain implementation in life insurance through a mapping analysis using the People–Process–Technology (PPT) framework into risk, readiness, and relevance. The research identifies strategic misalignment with existing revenue models, regulatory compliance frictions, and organizational readiness gaps as key obstacles. A five-year cost comparison indicates that while blockchain incurs higher initial investment, it delivers lower operational costs in the long run—particularly in high-volume, deterministic insurance products. Architectural comparisons further highlight the operational advantages and integration challenges of blockchain-based systems over traditional IT infrastructures. The study concludes that although blockchain holds significant promise, its adoption depends on targeted use case selection, organizational transformation, and regulatory alignment.
Measurement of Employee Information Security Awareness: A Case Study of National Civil Service Agency Fadhil, Ahmad; Yazid, Setiadi
The Indonesian Journal of Computer Science Vol. 12 No. 6 (2023): The Indonesian Journal of Computer Science
Publisher : AI Society & STMIK Indonesia

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.33022/ijcs.v12i6.3640

Abstract

National Civil Service Agency is a State institution tasked with the role and function of overseeing and implementing national civil servant management using information technology. There are 4.2 million civil servant data distributed throughout Indonesia that must be safeguarded by BKN. As the utilization of information systems grows, it also leads to an increase in information security risks. Based on the reports from Id-SIRTII/CC and BKN's internal report, there has been an increase in cyber attacks targeting BKN. In addition, there are other types of attacks that occur, such as online defacement, phishing, DDOS, and employee data theft, as well as the presence of employees who are still indifferent to information security. Based on this, the objective of this research is to measure the level of information security awareness among BKN employees and identify the factors that influence it. The Human Aspects of Information Security Questionnaire (HAIS-Q) using the Knowledge, Attitude, and Behavior (KAB) model was selected for measurement, with an additional focus on the Management of Information Systems/Technology Assets, consisting of a total of 75 statements. The quantitative measurements conducted yielded a result of 88.80% for the level of information security awareness among BKN employees, categorized as good. Furthermore, there is a significant influence on information security awareness from the dimensions of knowledge towards attitude, attitude towards behavior, and knowledge towards behavior.
Analysis of Government Employees’ Information Security Awareness: A Case Study of Pusinfowas BPKP Basrah Nasution; Setiadi Yazid; Yudho Giri Sucahyo
Sistemasi: Jurnal Sistem Informasi Vol 15, No 4 (2026): Sistemasi: Jurnal Sistem Informasi
Publisher : Program Studi Sistem Informasi Fakultas Teknik dan Ilmu Komputer

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.32520/stmsi.v15i4.6259

Abstract

The utilization of information technology as a tool that is widely believed to facilitate business processes within organizations is inseparable from challenges related to information security threats. According to the 2024 cyber incident report issued by the National Cyber and Crypto Agency (BSSN), data exposure threats accounted for 58.34%, with most incidents originating from the government administration sector. Humans are considered the weakest link in information security; therefore, the primary effort to improve security can begin with measuring the level of security awareness. Among the various work units within BPKP, Pusinfowas, as the central information technology management unit, is considered an appropriate sample for evaluation and is expected to contribute to improving information security awareness across other units. This study employs the Human Aspects of Information Security Questionnaire (HAIS-Q) model to measure the level of information security awareness among employees at Pusinfowas. The HAIS-Q model consists of three dimensions—knowledge, attitude, and behavior—and seven focus areas: password management, email use, internet use, social media use, mobile device use, information handling, and incident reporting. The results indicate that employees’ information security awareness is at a “Good” level, with scores ranging between 80% and 100% across all HAIS-Q dimensions and focus areas.
SECURITY ANALYSIS OF SUPERAPPS PUSAKA USING OWASP AND ISSAF Abdul Rozak Nurdiansyah; Setiadi Yazid; Yudho Giri Sucahyo
International Journal of Social Science, Educational, Economics, Agriculture Research and Technology (IJSET) Vol. 5 No. 7 (2026): JUNE
Publisher : RADJA PUBLIKA

Show Abstract | Download Original | Original Source | Check in Google Scholar

Abstract

Pusaka Super Apps is an integrated digital platform owned by the Ministry of Religious Affairs of the Republic of Indonesia (Kemenag) that provides various religious services for millions of users. Along with the increasing reliance on government digital services, threats to information system security are becoming more complex. This study conducts a security assessment of the Pusaka Super Apps web application ( https://pusaka-v3.kemenag.go.id ) using two complementary frameworks, namely OWASP Top 10 2025 and the Information Systems Security Assessment Framework (ISSAF). The research method is qualitative descriptive with black-box testing and gray-box testing approaches that include the stages of reconnaissance, scanning, enumeration, vulnerability assessment, and impact analysis. The results of the study identified several medium vulnerabilities, including Content Security Policy Header Not Set, Missing Anti-clickjacking Header, and Missing Sub Resource Integrity Attribute. This study provides structured remediation recommendations and serves as a contribution to efforts in strengthening cyber security for government applications in Indonesia.
Evaluating Cybersecurity Investment Strategies in a Medium-Sized Enterprise: A Case Study of a Growing POS Service Provider in Indonesia Ryan Adhi Nugraha; Muhammad Hafizhuddin Hilman; Setiadi Yazid; Eko Yon Handri
Equivalent: Jurnal Ilmiah Sosial Teknik Vol. 8 No. 2 (2026): Equivalent: Jurnal Ilmiah Sosial Teknik
Publisher : Politeknik Siber Cerdika Internasional

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.59261/jequi.v8i2.310

Abstract

Background: As mid-sized businesses use third-party integrations on services like SaaS-based POS systems, cybersecurity expands potential avenues of attack. Many of these organizations engage in reactive cybersecurity, or waiting until something happens instead of preventing it. In the face of increasingly complex organizational architecture, it is imperative to reevaluate whether these reactive approaches are still adequate in guaranteeing operational continuity and data safety. Objective: This research is performed to investigate whether a reactive approach of cybersecurity may still suffice for a medium sized company that expands its operation in Indonesia, which runs over the SaaS POS platform. Method: The study uses a qualitative single-case study design. The data were collected through semi-structure interviews with business and engineering stakeholders, triangulated by supporting organizational documents. Data were analyzed through rubric-based qualitative coding and mapped against a literature-derived reactive–proactive cybersecurity posture rubric in regard to incident response, budget allocation, and layered security infrastructure. Results: The results suggest daily operational readiness is limited by symptom-driven detection systems, periodic and manual monitoring practices, and response schedules dependent on unstructured coordination with follow-ups. There are baseline preventive controls, but many program-level capabilities are nascent—everything from centralized telemetry and alerting, to consistent incident workflow with remediation tracking, balanced against a systematic and periodic cadence of assurance. Conclusion: ..