<![CDATA[Regional tax information systems such as the Sistem Informasi Manajemen Objek Pajak (SISMIOP) are vulnerable to cybersecurity threats due to the sensitivity of taxpayer data and the persistence of ad-hoc security management practices. These conditions pose risks to data confidentiality, integrity, and service availability, potentially undermining public trust and the effectiveness of local government services. This study aims to assess the information security maturity of SISMIOP operated by the Badan Pengelolaan Pendapatan, Keuangan, dan Aset Daerah (BPPKAD) through an integrated application of the NIST Cybersecurity Framework (CSF) 2.0, ISO/IEC 27002:2022, and the Cybersecurity Capability Maturity Model (C2M2) 2.1. A qualitative case study approach was employed. An organizational profile was developed using interviews, observations, and document analysis, followed by mapping 38 relevant NIST CSF subcategories to ISO/IEC 27002 controls and C2M2 capability domains. Security maturity was evaluated using questionnaires and interviews based on the C2M2 Maturity Indicator Levels (MIL0-MIL3), and a gap analysis was conducted against the target maturity level of MIL2. The results show that most cybersecurity functions, Govern, Identify, Detect, Respond, and Recover, remain at MIL1, indicating that practices are performed but not yet formalized or consistently implemented. The Protect function partially achieved MIL2. The largest gaps were identified in governance and risk management domains. Based on these findings, 38 prioritized strategic recommendations were formulated to improve policy formalization, risk management, technical controls, monitoring, and incident handling. This study contributes a practical and replicable multi-framework maturity assessment model to strengthen information security governance in public-sector tax information systems.]]>
Copyrights © 2026
