The Implementation of Multiple Information Security Governance (ISG) Frameworks Strategy and Critical Success Factors in Indonesia’s Oil and Gas Industry: Case Study of PT X

Abstract

Oil and gas industry are among the largest contributor to the Indonesia’s foreign exchange. Many believe that information technology will be major driver for economic wealth in the oil and gas Industry. However, implementing information technology to support corporate business process brings vast information security risks. There is a need of comprehensive information security governance that can comply to information security standards and regulations. This research is conducted to evaluate the use of multiple ISG frameworks for implementing information security governance in a multinational oil and gas company. In detail, we evaluate the effectiveness of such framework, assess its implementation maturity level, and identify the success and inhibiting factors for implementing ISG frameworks. This study shows that framework XYZ, as a multiple ISG framework, is effective to cover the controls of ISO 17799, COSO, and IT Risk Framework at once. Meanwhile, the observed case study indicated lack of compliancy of Framework XYZ followed by the invention of gap between current ISG implementation efforts and company visions. Lastly, several success and inhibiting factors are identified in the ISG framework implementation at PT X.