{"title":"Evaluation Of IS Risk Management Using Octave Allegro In Education Division","authors":"J. Suroso, Sri Mumpuni Ngesti Rahaju, Kusnadi","doi":"10.1109/ICOT.2018.8705866","DOIUrl":null,"url":null,"abstract":"Nowadays, information systems is an important point in supporting business strategies including in education division. Critical assets related to information systems are very susceptible to threats that can exploit and damage assets until they lead to disruption of business processes and even lead to financial losses. PT. Autocomp Systems Indonesia (PASI) has implemented Information Security Management System (ISMS) based on ISO / IEC 27001 to define a set of risk management strategies. However, some threats still occur and make the organization to get losses. The organization needs to conduct an evaluation of risk management that has been implemented to determine whether the risk protection strategy is adequate. Evaluation is done by comparing the current condition with the expected ideal condition using Catalogue of Practices from OCTAVE. The gaps found and then the risk assessment of the related assets is carried out. The results of this study indicate that the level of risk management maturity obtained by the organization is 89.40 %. The biggest gap is found in the contingency plan/disaster recovery plan and vulnerability management. Then a mitigation plan is proposed from the results of the risk assessment using the OCTAVE Allegro approach so the risk can be controlled properly.","PeriodicalId":402234,"journal":{"name":"2018 International Conference on Orange Technologies (ICOT)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 International Conference on Orange Technologies (ICOT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOT.2018.8705866","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
Nowadays, information systems is an important point in supporting business strategies including in education division. Critical assets related to information systems are very susceptible to threats that can exploit and damage assets until they lead to disruption of business processes and even lead to financial losses. PT. Autocomp Systems Indonesia (PASI) has implemented Information Security Management System (ISMS) based on ISO / IEC 27001 to define a set of risk management strategies. However, some threats still occur and make the organization to get losses. The organization needs to conduct an evaluation of risk management that has been implemented to determine whether the risk protection strategy is adequate. Evaluation is done by comparing the current condition with the expected ideal condition using Catalogue of Practices from OCTAVE. The gaps found and then the risk assessment of the related assets is carried out. The results of this study indicate that the level of risk management maturity obtained by the organization is 89.40 %. The biggest gap is found in the contingency plan/disaster recovery plan and vulnerability management. Then a mitigation plan is proposed from the results of the risk assessment using the OCTAVE Allegro approach so the risk can be controlled properly.
如今,信息系统是支持包括教育部门在内的企业战略的一个重要方面。与信息系统相关的关键资产非常容易受到威胁,这些威胁可以利用和破坏资产,直到导致业务流程中断,甚至导致财务损失。PT. Autocomp Systems Indonesia (PASI)已经实施了基于ISO / IEC 27001的信息安全管理系统(ISMS),以定义一套风险管理策略。然而,一些威胁仍然发生,使组织蒙受损失。组织需要对已实施的风险管理进行评估,以确定风险保护策略是否足够。评估是通过使用OCTAVE的实践目录将当前条件与预期的理想条件进行比较来完成的。发现差距,然后对相关资产进行风险评估。研究结果表明,该组织获得的风险管理成熟度水平为89.40%。最大的差距是在应急计划/灾难恢复计划和脆弱性管理方面。在此基础上,利用OCTAVE Allegro方法,根据风险评估结果,提出了相应的缓解方案,使风险得到有效控制。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
