Adoption of Cyber Security Maturity Framework for Data Protection in Higher Education

Abstract

Information security has become a top priority in higher education environments due to the increasing risks of cyber threats. The National Cyber and Crypto Agency (BSSN) developed Cyber Security Maturity (CSM) version 1.10 as an instrument for assessing cybersecurity maturity, covering five main domains: Governance, Identification, Protection, Detection, and Response. This study aims to explore the implementation of CSM BSSN in Indonesian higher education institutions and identify implementation challenges due to limited IT human resources and funding support. The research employs a qualitative descriptive methodology with a thematic analysis approach. Data collection techniques include in-depth interviews with key informants at one of the Private Universites in Indonesia (disguised as Alpha University) and literature studies from scholarly articles on the implementation of various information security frameworks such as Indeks KAMI, ISO 27001:2013, NIST, and COBIT in higher education. The findings indicate that limitations in IT human resources and funding are the main challenges in implementing CSM BSSN, particularly in the Governance, Protection, and Response domains. This study provides practical recommendations for higher education institutions to adopt CSM BSSN, including strategies for optimizing IT human resources and funding management.