Information Technology Security Risk Management using the OCTAVE-S Method

Lutfi Rahmawati, Kristoko Dwi Hartomo

Abstract


The Salatiga City Population and Civil Registration Office is a regional device organization that already uses information technology in its business processes. Although they have taken advantage of the information system, they have not yet conducted an assessment of risk threats and have not run a risk management. The source of the problem is a problem in implementing risk measurement and management techniques using the Octave-S method that focuses on organizations with no more than 100 members. This technique is used to identify and analyze threats to critical assets in Salatiga City Population and Civil Registration Service. The results of analysis of such threats will be useful when performing mitigation plans in accordance with existing security practices. From the research that has been conducted, there are 2 areas of security practice that produce yellow stoplight status which is a sign that the organization has implemented security practices but is not yet perfect. Both areas of security practice will be selected as mitigation areas.In

Full Text:

PDF

References


A. Nur Kurniawan and B. Trias Hanggara, “Penerapan Manajemen Risiko Teknologi Informasi menggunakan Metode OCTAVE-S pada UPT Pusat Komputer Politeknik Negeri Malang,” 2020. [Online]. Available: http://j-ptiik.ub.ac.id

R. Pratama, D. Syamsuar, and Y. N. Kunang, “Evaluasi Risiko Keamanan Informasi Menggunakan Octave-S,” 2018.

F. Nisa et al., “ANALISIS MANAJEMEN RISIKO KEAMANAN SISTEM BMKGSOFT MENGGUNAKAN METODE OCTAVE-S,” Jurnal Ilmiah Rekayasa dan Manajemen Sistem Informasi, vol. 8, no. 1, 2022.

Stephanus, “Implementation OCTAVE-S … (Stephanus) IMPLEMENTATION OCTAVE-S AND ISO 27001CONTROLS IN RISK MANAGEMENT INFORMATION SYSTEMS,” 2014.

Béatrix Barafort, Antoni-Lluís Mesquida, and Antonia Mas, “Integrating Risk Management in IT Settings from ISO Standards and Management Systems Perspectives,” Comput Stand Interfaces, vol. 54, pp. 176–185, May 2017, Accessed: Dec. 09, 2022. [Online]. Available: https://doi.org/10.1016/j.csi.2016.11.010

V. A. Prabawati, A. Rachmadi, and A. R. Perdanakusuma, “Analisis Risiko Teknologi Informasi Berbasis Risk Management Menggunakan Kerangka Kerja OCTAVE-S Pada Unit Pengelola Sistem Informasi Dan Kehumasan (PSIK) Fakultas Ilmu Komputer Universitas Brawijaya,” 2019. [Online]. Available: http://j-ptiik.ub.ac.id

I. Setiawan, M. Sutopo, and A. Azis, “Manajamen Risiko SIMRS Menggunakan Metode OCTAVE-S dan Standar Pengendalian ISO/EIC 27001,” vol. 7, no. 3, pp. 593–600, 2020, [Online]. Available: http://jurnal.mdp.ac.id

F. Ahdi Anshori and A. Reza Perdanakusuma, “Perencanaan Keamanan Informasi Berdasarkan Analisis Risiko Teknologi Informasi Menggunakan Metode OCTAVE dan ISO 27001 (Studi Kasus Bidang IT Kepolisian Daerah Banten),” 2019. [Online]. Available: http://j-ptiik.ub.ac.id

C. Alberts, A. Dorofee, and J. Stevens, “OCTAVE ®-S Implementation Guide, Version 1.0,” 2005.

D. R. Nurfadilah, W. Hayuhardhika, N. Putra, and A. Rachmadi, “Analisis Manajemen Risiko Keamanan Sistem Informasi pada BKPSDM Kota Batu menggunakan Kerangka Kerja OCTAVE-S dan ISO 27001:2013 (Studi Kasus: Aplikasi E-Kinerja),” 2020. [Online]. Available: http://j-ptiik.ub.ac.id

A. I. Awad, M. Shokry, A. A. M. Khalaf, and M. K. Abd-Ellah, “Assessment of potential security risks in advanced metering infrastructure using the OCTAVE Allegro approach,” Computers and Electrical Engineering, vol. 108, p. 108667, 2023, doi: https://doi.org/10.1016/j.compeleceng.2023.108667.

A. Gui, S. Gondodiyoto, I. Timotius, and J. K. Akuntansi, “Anderes Gui; dkk).”

R. R. Wijayanti, “PADA MANAJEMEN RISIKO SISTEM INFORMASI PERGURUAN TINGGI,” vol. 11, no. 2, 2018.

I. Sulistyowati and R. V. H. Ginardi, “Information Security Risk Management with Octave Method and ISO/EIC 27001: 2013 (Case Study: Airlangga University),” 2018.

A. F. Rohman, A. Ambarwati, and E. Setiawan, “ANALISIS MANAJEMEN RISIKO IT DAN KEAMANAN ASET MENGGUNAKAN METODE OCTAVE-S IT RISK MANAGEMENT ANALYSIS AND ASSET SECURITY USING OCTAVE-S METHOD,” Journal of Information Technology and Computer Science (INTECOMS), vol. 3, no. 2, 2020.

A. Aris Setyawan, dan Agustinus Fritz Wijaya, F. Teknologi Informasi, U. O. Kristen Satya Wacana Jl Notohamidjojo, K. Blotongan, and K. Sidorejo, “ANALISIS MANAJEMEN RISIKO TEKNOLOGI INFORMASI PADA DISKOMINFO KOTA SALATIGA MENGGUNAKAN METODE OCTAVE-S,” 2018.




DOI: https://doi.org/10.32520/stmsi.v12i3.3122

Article Metrics

Abstract view : 179 times
PDF - 73 times

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
https://learning.modernland.co.id/api/toto/http://himatikauny.org/wp-includes/mahjong-ways-3/https://www.jst.hvu.edu.vn/akun-pro-kamboja/https://section.iaesonline.com/akun-pro-kamboja/https://journals.uol.edu.pk/sugar-rush/http://mysimpeg.gowakab.go.id/mysimpeg/aset/https://jurnal.jsa.ikippgriptk.ac.id/plugins/https://ppid.cimahikota.go.id/assets/demo/https://journals.zetech.ac.ke/scatter-hitam/https://silasa.sarolangunkab.go.id/swal/https://sipirus.sukabumikab.go.id/storage/uploads/-/sthai/https://sipirus.sukabumikab.go.id/storage/uploads/-/stoto/https://alwasilahlilhasanah.ac.id/starlight-princess-1000/https://www.remap.ugto.mx/pages/slot-luar-negeri-winrate-tertinggi/https://waper.serdangbedagaikab.go.id/storage/sgacor/https://waper.serdangbedagaikab.go.id/public/images/qrcode/slot-dana/https://siipbang.katingankab.go.id/storage_old/maxwin/https://waper.serdangbedagaikab.go.id/public/img/cover/10k/