<![CDATA[Digital transformation has become a priority for SMEs (Micro, Small and Medium Enterprises), including BPRBCo (Bank Perekonomian Rakyat), to remain competitive amidst rapid technological developments. Information security is a critical aspect in this process, which requires a systematic and standardized approach. Previous research emphasizes the importance of ambidextrous (hybrid traditional and agile) information security management for large-scale banks as one of the seven key mechanisms for successful digital transformation, namely data management and information security. However, this approach has not proven effective for small-scale banks such as BPRs. This research aims to design an information security management system (ISMS) based on ISO 27001:2022, with a focus on the readiness of BPRBCo SME in facing digital transformation. This research adopts the five stages of Design Science Research (DSR), namely problem identification, requirement specification, design and development, demonstration, and evaluation. Data was collected through semi-structured interviews and document analysis, then analyzed using the ISO 27001:2022 SMKI framework. After risk analysis and mapping against previous study references, PDCA and Annex controls were found to be prioritized for BPRBCo. The results of this study developed an IMS framework specifically designed to meet the needs of SMEs, with a focus on the SME Focus Area. The DSR method enables the creation of practical solutions, based on an iterative cycle that combines theory and practice to produce optimal results. The resulting ISMS framework is then evaluated to assess the extent to which this design affects BPRBCo's readiness to obtain ISO 27001:2022 certification, as well as its impact on improving information security during the digital transformation process. This research also provides implementation recommendations by integrating three main aspects: people, process, and technology.]]>
Copyrights © 2024
