General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance

The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.