<![CDATA[This study aims to analyze the readiness level of PT. XYZ, an information technology service provider, in adopting technology security frameworks, specifically NIST Cybersecurity Framework (CSF) and ISO 27001. A qualitative approach was applied through interviews with five informants from the executive level and technical teams. The data were analyzed using thematic analysis. Findings indicate that the company is still at an early stage of readiness and lacks a systematic approach to managing information security. The main inhibiting factors include the absence of formal policies, limited resources, and a low level of understanding of international standards. However, the management’s awareness and desire to enhance client trust serve as important driving factors. Recommended improvement strategies include conducting training, establishing formal security policies, forming dedicated security teams, and integrating security into business processes. This study provides a preliminary overview for the company in designing a standardized security strategy and serves as a reference for similar studies in the IT services sector.]]>
Copyrights © 2025
