Security Audit Process Design Based on SIEM and CSPM Integration with Design Science Research Methodology Approach

The security of the current information data system in the digital era needs to be strengthened with one of the current technologies, such as SIEM (Security Information and Event Management) and CSPM (Cloud Security Posture Management), which are currently mostly implemented independently of others. The researcher in this study designed how SIEM and CSPM can issue audit reports in an integrated manner according to the adaptation requirements of GDPR and PDP law regulations, along with improving the personal data security audit process. Using a design research methodology, the study addresses the challenges posed by changes in privacy regulations and the need for efficient and rapid compliance monitoring, and is expected to run automatically. This integrated system leverages live data log analysis and continuous cloud configuration monitoring to understand an organization's data security posture comprehensively. SIEM is designed to identify compliance breaches and security threats that may arise, allowing for automated reporting and rapid responses to audit requests. The results of this study show that the combination of SIEM and CSPM significantly strengthens an organization's ability to monitor and manage compliance with data privacy regulations, reduce administrative burden, and reduce the risk of data breaches, in line with a design-based privacy approach. Future research should assess the possibility of integrating artificial intelligence and machine learning to improve the detection of compliance violations and further automate the audit process, thereby creating a more responsive and adaptive system for data privacy compliance. Organizations need to regularly evaluate the effectiveness of their existing data privacy compliance systems and invest in employee training programs to raise awareness of data privacy.