Analysis Of Critical Success Factors In Penetration Testing Delivery Projects At Pt. Abcd Using A Fuzzy Delphi Method
Downloads
The success of penetration testing project delivery is influenced not only by technical factors but also by an organization’s ability to manage critical operational and managerial elements in an integrated manner. In the case of PT. ABCD, recurring challenges such as dynamic scope changes and suboptimal resource coordination highlight the absence of a validated Critical Success Factors (CSFs) framework. Therefore, this study aims to identify, validate, and prioritize the key determinants that contribute to successful penetration testing project delivery. The research began with a comprehensive synthesis of multidisciplinary literature from project management, information technology, agile practices, and cybersecurity domains, which was then combined with internal organizational lessons learned. This hybrid approach produced 11 preliminary CSF candidates. To ensure the robustness of the research instrument, classical statistical tests were applied, namely Pearson Product Moment validity testing and Cronbach’s Alpha reliability analysis, which confirmed the consistency and adequacy of the measurement tool. Subsequently, the CSF candidates were evaluated by 21 experts representing Project Management Office, Sales & Business, and Technical/Pentester functions. The Fuzzy Delphi Method was employed to accommodate uncertainty in expert judgment, utilizing triangular fuzzy numbers, expert agreement levels, threshold distance (d) for consensus measurement, and alpha-cut defuzzification for final selection. The results indicate that 10 of the 11 CSFs achieved strong consensus, meeting the criteria of EA ≥ 75%, d ≤ 0.2, and alpha-cut ≥ 0.75. The final prioritization shows that communication effectiveness, stakeholder coordination, technical team readiness, and adaptive management are the most influential success factors.
Agumba, J. N. (2024). A critical success factors framework for the improved delivery of social infrastructure projects in South Africa.
Alhamed, M., & Rahman, M. M. H. (2023). A systematic literature review on penetration testing in networks: Future research directions. Applied Sciences, 13(12), 6986. https://doi.org/10.3390/app13126986
Bullen, C. V., & Rockart, J. F. (1981). A primer on critical success factors (CISR Working Paper No. 69). Massachusetts Institute of Technology.
Chatzifoti, N., Chountalas, P. T., Agoraki, K. K., & Georgakellos, D. A. (2025). A DEMATEL-based approach for evaluating critical success factors for knowledge management implementation: Evidence from the tourism accommodation sector. Knowledge, 5(1), 2.
Chen, H., & Hai, Y. (2024). Exploring the critical success factors of information security management: A mixed-method approach. Information & Computer Security, 32(5), 545–572.
Cooper, V. A. (2009). A review of the critical success factor method using insights from an interpretive case study. Journal of Information Technology Case and Application Research, 11(3), 9–42.
Fayaz, A., Kamal, Y., Amin, S. U., & Khan, S. (2017). Critical success factors (CSF) in information technology projects. Management Science Letters, 7(1), 73–80.
Koops, L., Bosch-Rekveldt, M., Coman, L., Hertogh, M., & Bakker, H. (2016). Identifying perspectives of public project managers on project success: Comparing viewpoints of managers from five countries in North-West Europe. International Journal of Project Management, 34(5), 874–889.
Luckey, D., Stebbins, D., Orrie, R., Rebhan, E., Bhatt, S. D., & Beaghley, S. (2019). Assessing continuous evaluation approaches for insider threats: How can the security posture of the US departments and agencies be improved.
Magnusson, L., Iqbal, S., Elm, P., & Dalipi, F. (2025). Information security governance in the public sector: Investigations, approaches, measures, and trends. International Journal of Information Security, 24(4), 177.
Ministry of Communication and Information Technology (Kominfo). (2024). Kominfo-CSIRT annual report 2024. Kominfo.
National Cyber and Cryptography Agency (BSSN). (2024). Indonesia's cybersecurity landscape 2024. BSSN.
Nugraheni, S. N., Raharjo, T., & Trisnawaty, N. W. (2024). Optimizing development and operations from the project success perspective using the analytic hierarchy process. Computer Science and Information Technologies, 5(3), 272–282.
Okolo, F. C., Etukudoh, E. A., Ogunwole, O., Osho, G. O., & Basiru, J. O. (2021). Systematic review of cyber threats and resilience strategies across global supply chains and transportation networks. [Journal name unavailable].
Oluoha, O. M., Odeshina, A., Reis, O., Okpeke, F., Attipoe, V., & Orieno, O. H. (2022). A unified framework for risk-based access control and identity management in compliance-critical environments. Journal of Frontiers in Multidisciplinary Research, 3(1), 23–34.
Ottaviani, F. M., Zenezini, G., Saba, F., De Marco, A., & Gavinelli, L. (2025). System-level critical success factors for BIM implementation in construction management: An AHP approach. Systems, 13(2), 94.
Roldán López de Hierro, A. F., Sánchez, M., Puente-Fernández, D., Montoya-Juárez, R., & Roldán, C. (2021). A fuzzy Delphi consensus methodology based on a fuzzy ranking. Mathematics, 9(18), 2323.
Šeduikis, L. (2024). Factors of successful IT project risk management in the organization and their influence on IT project success. Vilniaus Universitetas.
Sotarjua, L. M., & Oktavia, T. (2025). Prioritizing critical success factors for IT project implementation in the Indonesian financial sector: An analytic hierarchy process (AHP) framework. In 2025 International Conference on Informatics, Multimedia, Cyber and Information System (ICIMCIS) (pp. 1109–1115).
Sumadireja, G. C., & Dachyar, M. (2024). Analysis of critical success factors for implementing project management: A case study at PT ABC Company. In Proceedings of the 2024 6th International Conference on Management Science and Industrial Engineering (pp. 57–68).
Venczel, T. B., Berényi, L., & Hriczó, K. (2021). Project management success factors. Journal of Physics: Conference Series, 1935, 012005.
Yeoh, W., & Popovič, A. (2016). Extending the understanding of critical success factors for implementing business intelligence systems. Journal of the Association for Information Science and Technology, 67(1), 134–147.
Yeoh, W., Wang, S., Popovič, A., & Chowdhury, N. H. (2022). A systematic synthesis of critical success factors for cybersecurity. Computers & Security, 118, 102724.
Copyright (c) 2026 Zulfirman Zulfirman, Ruri Agung Wahyuono

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

