Reformulation of the Vulnerability Management Cycle for Enhancing Indonesia's Critical Information Infrastructure Protection: An International Comparative Study

Abstract

This research conducts an analysis of vulnerability management practices in three countries— the United States, Australia, and the United Kingdom— to serve as a benchmark for the National Security Operation Center (NSOC) for protecting Critical Information Infrastructure (CII) in Indonesia. The methodology employed is a document study of standards, regulations, and publications related to vulnerability management in these three countries. The analysis results are classified into Gartner’s Cycle, producing 38 vulnerability management activities. The mapping of these activities to the CII Protection Framework in Indonesia demonstrates alignment with 35 sub-categories of the framework, resulting in a vulnerability management cycle that can be proposed to NSOC for the protection of CII in Indonesia.