{"title":"使用COBIT 5风险和NIST SP 800-30 Rev. 1的信息系统风险场景案例研究","authors":"Yose Supriyadi, Charla Wara Hardani","doi":"10.1109/ICITISEE.2018.8721034","DOIUrl":null,"url":null,"abstract":"The use of Risk Scenario is key to risk management. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in information security of an information system. Risk Scenario needs to be built as a starting point to conduct its risk assessment. Risk Assessment is an essential component of risk management to define appropriate response or security control to handle risk. Risk assessment which involves an understanding of possible risk, knowledge of likely risks and threats, measured assessments of established controls and executed plans to address identified vulnerabilities. To resume the result from risk assessment process in COBIT 5 for Risk known as risk scenario document. This paper discusses how to create a Risk Scenario on a critical application system owned by a government agency as a case study. While NIST SP 800-30 Revision 1 to fulfill risk assessment process. The result is a Risk Scenario document and can be used as a starting point for implementing comprehensive risk management COBIT 5 for Risk framework.","PeriodicalId":180051,"journal":{"name":"2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Information System Risk Scenario Using COBIT 5 for Risk And NIST SP 800-30 Rev. 1 A Case Study\",\"authors\":\"Yose Supriyadi, Charla Wara Hardani\",\"doi\":\"10.1109/ICITISEE.2018.8721034\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The use of Risk Scenario is key to risk management. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in information security of an information system. Risk Scenario needs to be built as a starting point to conduct its risk assessment. Risk Assessment is an essential component of risk management to define appropriate response or security control to handle risk. Risk assessment which involves an understanding of possible risk, knowledge of likely risks and threats, measured assessments of established controls and executed plans to address identified vulnerabilities. To resume the result from risk assessment process in COBIT 5 for Risk known as risk scenario document. This paper discusses how to create a Risk Scenario on a critical application system owned by a government agency as a case study. While NIST SP 800-30 Revision 1 to fulfill risk assessment process. The result is a Risk Scenario document and can be used as a starting point for implementing comprehensive risk management COBIT 5 for Risk framework.\",\"PeriodicalId\":180051,\"journal\":{\"name\":\"2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICITISEE.2018.8721034\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICITISEE.2018.8721034","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Information System Risk Scenario Using COBIT 5 for Risk And NIST SP 800-30 Rev. 1 A Case Study
The use of Risk Scenario is key to risk management. From the IT security perspective, risk management is the process of understanding and responding to factors that may lead to a failure in information security of an information system. Risk Scenario needs to be built as a starting point to conduct its risk assessment. Risk Assessment is an essential component of risk management to define appropriate response or security control to handle risk. Risk assessment which involves an understanding of possible risk, knowledge of likely risks and threats, measured assessments of established controls and executed plans to address identified vulnerabilities. To resume the result from risk assessment process in COBIT 5 for Risk known as risk scenario document. This paper discusses how to create a Risk Scenario on a critical application system owned by a government agency as a case study. While NIST SP 800-30 Revision 1 to fulfill risk assessment process. The result is a Risk Scenario document and can be used as a starting point for implementing comprehensive risk management COBIT 5 for Risk framework.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
