{"title":"Information System Risk Scenario Using COBIT 5 for Risk And NIST SP 800-30 Rev. 1 A Case Study","authors":"Yose Supriyadi, Charla Wara Hardani","doi":"10.1109/ICITISEE.2018.8721034","DOIUrl":null,"url":null,"abstract":"The use of Risk Scenario is key to risk management. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in information security of an information system. Risk Scenario needs to be built as a starting point to conduct its risk assessment. Risk Assessment is an essential component of risk management to define appropriate response or security control to handle risk. Risk assessment which involves an understanding of possible risk, knowledge of likely risks and threats, measured assessments of established controls and executed plans to address identified vulnerabilities. To resume the result from risk assessment process in COBIT 5 for Risk known as risk scenario document. This paper discusses how to create a Risk Scenario on a critical application system owned by a government agency as a case study. While NIST SP 800-30 Revision 1 to fulfill risk assessment process. The result is a Risk Scenario document and can be used as a starting point for implementing comprehensive risk management COBIT 5 for Risk framework.","PeriodicalId":180051,"journal":{"name":"2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITISEE.2018.8721034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 11
Abstract
The use of Risk Scenario is key to risk management. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in information security of an information system. Risk Scenario needs to be built as a starting point to conduct its risk assessment. Risk Assessment is an essential component of risk management to define appropriate response or security control to handle risk. Risk assessment which involves an understanding of possible risk, knowledge of likely risks and threats, measured assessments of established controls and executed plans to address identified vulnerabilities. To resume the result from risk assessment process in COBIT 5 for Risk known as risk scenario document. This paper discusses how to create a Risk Scenario on a critical application system owned by a government agency as a case study. While NIST SP 800-30 Revision 1 to fulfill risk assessment process. The result is a Risk Scenario document and can be used as a starting point for implementing comprehensive risk management COBIT 5 for Risk framework.