Assessing Information Security Readiness in Indonesian Fintech Companies Using KAMI Index 5.0 Framework

Merryana Lestari; Maria Entina Puspita; Yemima Geasela; Agustinus Fritz Wijaya; Puguh Hiskiawan; Vicky Vicky

doi:10.31154/cogito.v11i2.837.271-280

Authors

Merryana Lestari Universitas Bunda Mulia
Maria Entina Puspita Accounting, STIE “AMA” Salatiga
Yemima Geasela Universitas Bunda Mulia
Agustinus Fritz Wijaya Universitas Bunda Mulia
Puguh Hiskiawan Universitas Bunda Mulia
Vicky Vicky Universitas Bunda Mulia

DOI:

https://doi.org/10.31154/cogito.v11i2.837.271-280

Keywords:

Financial Technology, KAMI index, ISO/IEC 27001, Information Security Management System (ISMS), IT Governance

Abstract

The development of Indonesian financial technology (fintech) has transformed the financial industry paradigm but has also introduced significant information security risks, particularly for technology-based companies. The fintech companies should establish IT governance through an Information Security Management System (ISMS) which adheres to international standards, ensuring the confidentiality, integrity, and availability of information. This work adopts a qualitative approach deploying observations, interviews, and literature reviews on Indonesian fintech companies, especially digital banking fields, payment gateways, and digital wallet platforms. This study is to identify information security risks and assess the readiness and feasibility of implementing ISO/IEC 27001:2022 using the KAMI Index 5.0, which evaluates domains such as policy, governance, risk management, access control, incident management, asset management, and personal data protection. The research findings indicate that the electronic system of fintech companies plays a strategic role in supporting sustainability and business growth, with an implementation score of 809 and a fairly good level of information security feasibility. In conclusion, this reflects the company’s readiness for further information security implementation. The system not only supports basic operations but also serves as a key element in achieving business objectives, both internally and externally, including regulators, banking partners, and customers.

References

A. G. Darmawan, M. Abdullah, K. Z. Firdausi, E. Anggraeni, and Y. Amrozi, “Financial Technology dan Masa Depan Model Transaksi Keuangan Global,” J. Teknol. Inf., vol. 7, no. 2, pp. 233–238, Dec. 2023, doi: 10.36294/jurti.v7i2.3810.

V. Vincent and I. N. Agustin, “Pengaruh Fintech Terhadap Kinerja Keuangan Perbankan,” Equilib. J. Penelit. Pendidik. dan Ekon., vol. 21, no. 1, pp. 22–33, 2024, doi: https://doi.org/10.25134/equi.v21i01.8865.

R. Marginingsih, “Financial Technology (Fintech) Dalam Inklusi Keuangan Nasional di Masa Pandemi Covid-19,” Monet. - J. Akunt. dan Keuang., vol. 8, no. 1, pp. 56–64, 2021, doi: 10.31294/moneter.v8i1.9903.

I. C. Santoso, A. S. Kembau, and J. Sutrisno, “‘Mengapa Pengguna Memilih Dompet Digital GoPay? Studi Tentang Pengaruh Persepsi Terhadap Kemudahan, Keamanan, Dan Manfaatnya,’” J. Digismantech, vol. 4, no. 1, pp. 72–87, 2024, [Online]. Available: https://journal.ubm.ac.id/index.php/digismantech/article/view/5937

A. Tarigan, J. Sadeli, and H. Agung, “Uang Digital Seluler Di Era Digital Studi Kasus : T-Cash Telkomsel Jabotabek Jabar,” J. Digismantech, vol. 1, no. 2, pp. 57–71, 2021, [Online]. Available: https://journal.ubm.ac.id/index.php/digismantech/article/view/3626

F. Kwarto and M. Angsito, “Pengaruh Cyber Crime Terhadap Cyber Security Compliance Di Sektor Keuangan,” J. Akunt. Bisnis, vol. 11, no. 2, pp. 99–110, 2018, doi: http://dx.doi.org/10.30813/jab.v11i2.1382.

J. F. Andry et al., “Kebijakan Keamanan Teknologi Informasi Pada Perangkat Keras Di Perusahaan Distributor Sepatu,” J. Pengabdi. dan Kewirausahaan, vol. 7, no. 2, pp. 118–133, 2023, doi: http://dx.doi.org/10.30813/jpk.v7i2.4775.

S. Meitarice, L. Febyana, A. Fitriansyah, and R. Kurniawan, “Risk Management Analysis of Information Security in an Academic Information System at a Public University in Indonesia : Implementation of ISO / IEC 27005 : 2018 and ISO / IEC 27001 : 2013 Security Controls,” vol. 2, no. July, pp. 58–75, 2024, doi: https://doi.org/10.30996/jitcs.12099.

H. Tannady, M. Fauzi Isputrawan, K. Tjandra, M. Nicholas, and J. Fernandes Andry, “Analisis Keamanan Informasi Terhadap Bencana Alam di Lab Komputer SMA XYZ Analysis of Information Security Against Natural Disasters in XYZ High School Computer Lab,” J. Bus. Audit Inf. Syst., vol. 6, no. 2, pp. 1–15, 2023, doi: http://dx.doi.org/10.30813/jbase.v6i2.4670.

L. Hernandez, A. Pranolo, and A. P. Wibawa, “Implementation plan of the information security management system based on the NTC-ISO-IEC 27001:2013 standard and security risk analysis. Case study: Higher education institution,” Trans. Energy Syst. Eng. Appl., vol. 5, no. 2, 2024, doi: 10.32397/tesea.vol5.n2.635.

C. Condolo, S. Romero, and W. Ticona, “Implementation of an Information Security Management System to Improve the IT Security of an Agricultural Tool Manufacturing Company,” Proc. 14th Int. Conf. Cloud Comput. Data Sci. Eng. Conflu. 2024, no. October, pp. 177–183, 2024, doi: 10.1109/Confluence60223.2024.10463232.

L. D. A. Jelita, M. N. Al Azam, and A. Nugroho, “Evaluasi Keamanan Teknologi Informasi Menggunakan Indeks Keamanan Informasi 5.0 dan ISO/EIC 27001:2022,” J. SAINTEKOM, vol. 14, no. 1, pp. 84–94, 2024, doi: 10.33020/saintekom.v14i1.623.

I. P. Noven Hartawan, M. Sudarma, and I. M. . Widyantara, “[Previous Research 16 ISO 27001] [2021] ISMS Evaluation Using KAMI Index v4 Based on ISO/IEC 27001 2013 (Case Study Koperasi XYZ),” Int. J. Eng. Emerg. Technol., vol. 6, no. 2, pp. 113–116, 2021, [Online]. Available: http://irjaes.com/wp-content/uploads/2021/07/IRJAES-V6N3P45Y21.pdf

A. S. Anas, I. G. A. S. D. G. Utami, A. B. Maulachela, and A. Juliansyah, “KAMI index as an evaluation of academic information system security at XYZ university,” Matrix J. Manaj. Teknol. dan Inform., vol. 11, no. 2, pp. 55–62, 2021, doi: http://dx.doi.org/10.31940/matrix.v11i2.2447.

J. Jevelin and A. Faza, “Evaluation the Information Security Management System: A Path Towards ISO 27001 Certification,” J. Inf. Syst. Informatics, vol. 5, no. 4, pp. 1240–1256, 2023, doi: 10.51519/journalisi.v5i4.572.

I. O. Riandhanu, “Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi,” J. Inf. dan Teknol., vol. 4, no. 3, pp. 160–165, 2022, doi: 10.37034/jidt.v4i3.236.

R. R. Yusuf and T. N. Suharsono, “Pengujian Keamanan Dengan Metode Owasp Top 10 Pada Website Eform Helpdesk,” Pros. Semin. Sos. Polit. Bisnis, Akunt. dan Tek., vol. 5, p. 402, 2023, doi: 10.32897/sobat.2023.5.0.3132.

M. Nawir, I. AP, and F. Wajidi, “INTEGRATION OF FRAMEWORK ISO 27001 AND COBIT 2019 IN SMART TOURISM INFORMATION SECURITY PT. YoY INTERNATIONAL MANAGEMENT,” J. Komput. dan Inform., vol. 10, no. 2, pp. 122–128, 2022, doi: 10.35508/jicon.v10i2.7985.

A. I. Wijaya, D. I. Lestiani, Y. R. Damayanti, A. Ayu, P. Sugiono, and S. C. Huanggino, “Maturity Level Risk Assessment in Media Companies with ISO 27001 Framework,” vol. 3, no. 1, pp. 1–18, 2024, doi: 10.26740/jdbim.v3i1.59169.

M. Waruwu and A. Indrati, “[Previous Research 15 ISO 27001 & About Audit 5] IDN Media Information Security Management System Maturity Measurement Analysis Using ISO 27001 2013 and KAMI Index Version 4,” Int. Res. J. Adv. Eng. Sci., vol. 6, no. 3, pp. 36–40, 2021, [Online]. Available: http://irjaes.com/wp-content/uploads/2021/07/IRJAES-V6N3P45Y21.pdf

A. Rafii, A. Rafii Nugroho, and N. Legowo, “Risk Assessment at it Company by Focusing on Information Security Area Using ISO 27001:2022,” Syntax Lit. J. Ilm. Indones., vol. 7, no. 7, p. 12, 2022, [Online]. Available: https://jurnal.syntaxliterate.co.id/index.php/syntax-literate/article/view/15349

P. Sugiarto and Y. Suryanto, “Evaluation of the Readiness Level of Information System Security at the BAKAMLA Using the KAMI Index based on ISO 27001:2013,” Int. J. Mech. Eng., vol. 7, no. 2, pp. 974–5823, 2022, doi: 10.51519/journalisi.v5i4.572.

H. Setiawan and S. Supriyadi, “Perbaikan Kinerja Load Lugger dengan Menggunakan Siklus Plan-Do-Check-Action,” Ind. Inov. J. Tek. Ind., vol. 11, no. 2, pp. 71–78, 2021, doi: 10.36040/industri.v11i2.3637.

M. P. Pratik and A. D. Vivek, “Application Of Plan-Do-Check-Act Cycle For Quality And Productivity Improvement - A Review,” Int. J. Res. Appl. Sci. Eng. Technol., vol. 5, no. I, pp. 197–201, 2017, [Online]. Available: https://www.researchgate.net/publication/318743952_Application_Of_Plan-Do-Check-Act_Cycle_For_Quality_And_Productivity_Improvement-A_Review