Information Security Risk Management with Octave Method and ISO/EIC 27001: 2013 (Case Study: Airlangga University)
| Main Authors: | Sulistyowati, Indri; Magister Management Technology, Institut Teknologi Sepuluh Nopember, Ginardi, R. V. Hari; Informatic Departement Institut Teknologi Sepuluh Nopember Surabaya |
|---|---|
| Format: | Article info application/pdf eJournal |
| Bahasa: | eng |
| Terbitan: |
Institut Teknologi Sepuluh Nopember
, 2019
|
| Subjects: | |
| Online Access: |
http://iptek.its.ac.id/index.php/jps/article/view/5103 http://iptek.its.ac.id/index.php/jps/article/view/5103/3464 |
Daftar Isi:
- Airlangga University has implemented ISO 27001: 2013 in asset-based information security governance, covering information assets, software assets, hardware assets, and human resources assets. However, many vulnerabilities in university computing systems can not be mitigated properly, as evidenced by the continued hacking of university computing systems. It shows that the results of hacking tests on university computing systems are not identified in more detail and are not included in university risk management. The purpose of this research is to build a university information security risk management framework using OCTAVE method based on ISO / EIC 27001: 2013. This research uses the OCTAVE framework to build a risk management framework model. The measurement method will be done by qualitative method to measure the severity and the likelihood of each asset and quantitative method to measure the potential loss on the cost of each asset. The results of this research are expected to provide an information security risk management framework, so that the vulnerability and financial lost analysis of each asset can be a risk, and risk mitigation plans on each asset may consider vulnerability and return of investment