Implementing NIST Framework and the People, Process, Technology approach in Indonesian Financial Services

Abstract

A financial services company in Indonesia was implementing digital transformation with various strategies. Regulators such as the Financial Services Authority have stipulated that financial services companies must ensure effective data security and smooth internal operations to counter evolving cybersecurity threats. The Gap Analysis results show that the Roadmap and Solution development will be focused starting from the Identify dimension of the NIST Framework, specifically in the asset management category. This research also uses a post-positivist paradigm with a mixed methods approach, which combines qualitative and quantitative research methods.  This research will adopt two Digital Maturity Models. by considering the complementary elements of the two models, to create a Framework that is more holistic and in accordance with the specific needs of the organization. The benefit of this research is the development of a framework based on the NIST Cybersecurity Framework and Profile for Ransomware Risk Management, which will be integrated with the PPT Framework (People, Process & Technology) which is expected to improve cybersecurity maturity, especially in dealing with ransomware risks.