Information technology security is crucial for a digital government system to have so that the continuity of business processes can run smoothly. However, the current best practice of information security governance in the Indonesian national government is still inadequate according to various related studies still siloed and scattered and leading to vulnerabilities in the various digital services provided. Therefore, this study aims to develop a best practice framework for managing information security that is aligned with the needs of Indonesia's digital government. This research started by looking for the main framework of information security governance. Then the main components that resulted from that were benchmarked with other Information Security Governance (ISG) best practices from different countries. Finally, it ended up complementing them with information security parameters, other related components, and recommendations, particularly in the Indonesian context, so that the main components and their respective constituent sub-components can be obtained according to the needs of the Indonesian e-government. The cause-and-effect analysis concept analyses the data linkages between the six central components and their respective sub-components. This study concludes that each of main components and sub-components supports each other so that all these things must be carried out in a balanced and continuous manner.

Best practice; Digital government; Framework; Indonesia; Information and communication technology; Security governance